Securing Raspberry Pi Connection with OpenVPN

11 February 2021

When you are making IoT project using Raspi, you may found yourself ended up using public WiFi for Raspi's internet connection. While this may grant you internet for your raspi, this connection may not be as secure as you think, amateur hackers can see everything you do online with simple tools like Packet Sniffers. Luckily we can mitigate these threats by setting up a VPN connection on the Raspi.

What a VPN does basically, is creating a safe tunnel to the VPN server. This will make your transferred data harder to sniff, and also grant your PC/Laptop connected to the VPN, a local network connection with the raspi, thus enabling SSH connection to the raspi. I will show you how to give your raspi access to OpenVPN, the entire process would only take 5-15 minutes.

Installation

For this tutorial, you only need to install OpenVPN on Raspi. Before you begin it would be wise to ensure your software is up to date.

sudo apt-get update

sudo apt-get upgrade

You can install openvpn by writing this line of code.

sudo apt-get install openvpn

Usage

For connecting your raspi (as client) to the VPN server, what you need is the .ovpn files generated from the server itself. For this experiment I was using a private VPN server so I can't share the file for this tutorial, but you can find some public VPN server from this website or here.

After you got your .ovpn files (on your pc / laptop), you need to transfer the file either by using FTP over FileZilla or you can download it directly using your raspi. After that you need to move the .ovpn files to the address :

sudo openvpn example.ovpn

After you got the file, all you need to do is run the openvpn program, also change the file name to the matching file's name :

If all works well, you should see the line of “Initialization Sequence Complete” which indicates the program has finished. You can check the connection and your new IP address to the VPN server by writing this command on a new command window:

> ifconfig

> route

The results would show a tun0 parameter that indicates your new IP address on the VPN network, you can compare it by stopping the VPN program and check the `ifconfig` command again. You can see the example result on the image below, my new IP address on the VPN network would be 10.70.132.2 and the route command will show you the IP address of the VPN server.

Since our raspi is connected, now you can do a SSH connection to your raspi from a different network, through the VPN, how great is that right ? You can see the example below of how I monitored the Raspi using the it's IP address on the VPN Network (the IP on tun0 parameter, 10.70.132.2)

Raspberry Pi Terminal showing new IP Address connected to the VPN

Conclusion

Tadaa!!! Your Raspberry Pi is successfully connected through the VPN and can be accessed by SSH or FTP from device with same VPN network. Your next things to do is making sure the OpenVPN will run on boot up, but that's gonna be on another story.

Published by Nico Renaldo at Widya Imersif on February 11, 2021.