Connecting to Your Pi VPN Server (Part 2/2 Updated!)

Setting up your server is only half the battle, connecting is a whole other story.

At this point we’re going to assume you have a VPN server setup and working, either on a Raspberry Pi or another Linux server, like at DigitalOcean (aff. link). Configuration and screenshots will be specifically tuned for our aforementioned Raspberry Pi server, but this should theoretically work on any OpenVPN server installation.

A brief note: This post was originally written by myself on OffTheGrid.io. Some portions may have been updated.

Update (5/21/2016): This post has been updated to use the latest version of Raspbian available at the moment, the May 2016 version which can be downloaded here. Commands and files have been updated for the latest compatibility.

Initial Setup

You will need to follow these instructions no matter what operating system you use, so pay attention. This is the hardest part of this whole post, but it shouldn’t take too long. If you remember from our previous tutorial, we created certificates for all our devices, and named them User1, User2, etc. What we didn’t do is create configuration files for each one, as that would take way too long. Luckily a fellow named Eric Jodoin (of SANS Institute) has created a script to do this for us.

If you haven’t already, connect to your Pi via SSH:

ssh [email protected]

Replacing that last part with the IP address of your server. You may need to change the pi part as well if you’re not using an RPi.

Now run this command to create a default file for all the client configuration:

sudo nano /etc/openvpn/easy-rsa/keys/Default.txt

And fill it in with the following information:

Obviously, replace the part where it tells you with your public IP address. This isΒ not your server’s internal IP if you’re running it on a router. If you are running your server somewhere like DigitalOcean, you can use the IP provided. If you are running the server on your home network, connect to the same network and go to a site like www.whatismyip.com to find your IP. Press Ctrl+X to exit nano when you finish.

Now we can make Eric Jodoin’s actual script. Simply run

sudo nano /etc/openvpn/easy-rsa/keys/MakeOVPN.sh

And paste in the following:

(Thanks to @coolaj86Β on GitHub for posting this updated version.)

Now make this script executable:

sudo -s
cd /etc/openvpn/easy-rsa/keys
chmod 700 MakeOVPN.sh

And start the script!

./MakeOVPN.sh

When this script is running it’ll ask for the names of clients you generated when making your server. Input the names of your clients, we used User1, User2, etc. in our process. Only enter names of clients you have already generated. If it works, you should see this line:

Done! User1.ovpn Successfully Created.

Repeat this for the rest of your clients. UserX.ovpn will be stored in /etc/openvpn/easy-rsa/keys, so you can download this file via scp with a client like Fugu for Mac or WinSCP for Windows.

That should be it! Just import this .ovpn file you generated on your Pi into the OpenVPN client of your choice and it should connect just like that!

Troubleshooting

(Update 5/25/16) If your VPN client can connect to the VPN server, but you can’t access the outside internet, try running this iptables rule on the server:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Conclusion

Was this tutorial helpful? Then please consider sending me some cash to support this blog, servers aren’t cheap you know πŸ™‚

BTC: 1E2SSJCVp5zsp2PcayM6tdFFTSNcj89fCm

I hope you enjoyed this tutorial, check out some of our other ones as well to find out more ways you can keep your online life secure.

(Did I make a mistake? Let me know on Twitter and I’ll fix it right away!)

49 thoughts on “Connecting to Your Pi VPN Server (Part 2/2 Updated!)”

  1. Hi fellow Jonah,
    I’m just wondering what’s supposed to go in here:
    ‘And paste in the following:

    (Thanks to Lauren Orsini from ReadWrite for posting this)’

    I’ve looked on your Gist account and can’t find the code.

    Great guide by the way, very straight-forward. I’ll be looking at your other material after this.

  2. Hello.

    I believe something is missing here:
    “And fill it in with the following information:

    Obviously, replace the part where it tells you with your public IP address.”

    Thank you for the perfect guide!
    Apostolos

  3. hmm. it looks like that the ‘keys’ folder is not accessible through WinSCP with the PI account. Is it wise to give PI these rights?

    1. No, I’d log in as root user probably and copy the file to your home directory you do control.
      sudo -s
      cp /etc/openvpn/easy-rsa/keys/UserX.ovpn ~/UserX.ovpn

        1. I’m running into the same permission denied issue, I tried the file copy command but don’t know where to find it.

      1. Hi Jonah. Would you be able to do a part 3 ?
        I have the key file but I have no idea what to do with it. It doesn’t seem to be recognised on the windows PC or accepted by Open VPN as an import file.
        Could you perhaps show us where to put this file in Open VPN on the windows machine? I’m sure there are a lot of additional steps and configurations which are not detailed anywhere on the web.

  4. After finishing this tutorial (only change that I used 4096bit keys and applied the -dsaparam option stated at the first reply here: http://goo.gl/2RIkYg ) I keep having my android phone saying “Waiting for server”.
    I found some instructions on installing and configuring ufw firewall, but that didn’t helped also.
    I suspect that something is blocking the communication with the raspberry. Of course I have forwarded port 1194 on my router.

    Does anyone have any idea/hint on what should I check?
    Thanks in advance.

      1. Good morning.
        I restored the microSD to a state before installing openvpn and I followed again the updated instructions.
        At first it didn’t work, so I gave up, I stopped openvpn service and blocked openvpn traffic using ufw. I planned to check it again later this month.
        But today I gave it a try. I restarted openvpn service and allowed traffic .

        Now my android phone connects and has access to Internet. Everything is working fine.

        So, I suggest you undo everything you have done, follow the updated instructions and at the end, reboot your raspberry!

  5. I can connect just fine from my PC using Windows Explorer, however when I use OpenVPN Connecter and Asus File Manager on my Android phone, I can’t access the same files I can on my PC without a password, and every username and password I have tried as not worked.

  6. I have been looking for something exactly like this for awhile now so thank you for taking the time to set it up! I have followed along on my RPi 2 and everything seems to have gone smoothly except that when I go to connect to it, all I get is the error “read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)” so I double checked all my Pi and router settings and I can’t seem to figure out what is causing it. Anyone have any idea? Thanks.

    1. Had the same problem. I removed the “local X.X.X.X” from the server.conf file, restarted the Pi and then it worked!

  7. Hi,

    I’m using a Rasp as OpenVPN server on a static internet address and static lan ip.
    I’ve followed the instructions.

    When attempting to connect another remote rasp, with internet access via a dongle, I get this:

    Socket bind failed on local address [AF_INET]192.168.0.15:1194: Cannot assign requested address

    This is the static IP address of the Rasp Server. port 1194 is forwarded on router. I can ssh to it.

      1. I had the same problem as Tb. And the restart of openvpn does work. But does anyone know of a fix so that the restart wouldn’t be necessary. At my age, the likelihood that I will remember to restart openvpn whenever I reboot my pi is kind of low!

  8. What will i write in my server.conf if my router is connected to other router/modem

    192.168.0.1(router.2)
    Connected to
    192.168.1.1(router.1modem)=public ip

  9. This gets me further than any other tutorial – my phone actually connects!

    But it just times out trying to access any websites πŸ™

    Any suggestion on what to trace on the Pi? Thx

    1. Did you try the command in the Troubleshooting section at the end of the post? That’s what fixed it for me after I had a similar issue.

      1. Ah, I’m an idiot.

        My router obviously doesn’t support DNS directly – plugging in the Google IP 8.8.8.8 fixed it.

        Many thanks!

        1. Ah yes that’d be it! Although usually routers have a DNS setting so they can handle stuff like that. Ah well, glad it worked for you!

      2. I also installed persistent iptables, otherwise you have to run the command at each reboot:

        apt-get install iptables-persistent

        It helpfully asks you if you want to save the current config when it is installed, or you can save them any time with:

        service iptables save

  10. Hello,
    Thank you for the procedure, unfortunately I can not get it working.
    I try to connect to my raspberry with my tablet, in the tablet Openvpn log file I get:
    event resolve
    contacting x.x.x.x:1194 via UDPv4
    event: wait
    connecting to x.x.x.x:1194 (x.x.x.x) via UDPv4
    server timeout, trying next remote entry
    event reconnecting
    event: resolve
    The VPN server on the raspberry seems to run (after restarting) and its log file seems to be normal in my opinion.
    Can you give me some tips to troubleshoot?
    Thank you

  11. If some of you are more non-technical I’d like to invite you to try pivpn.io
    Aimed at making it the absolute easiest way to get an openvpn server up and running. You literally just run one command and it prompts you through the rest.

    1. Totally agree, I tried the BBC article on raspberry pi vpn and it didn’t work, tried pivpn.io and 5 minutes later I had a working raspberry pi VPN! Thank you for the tip.

  12. Hello,
    It seems no UserX.ovpn file is being created to the keys folder despite the program confirming the creation of the key. Do you have any clue as to what may be causing this error?

  13. I followed the tutorial verbatim, but when i check the status of the application (service openvpn status)
    the output shows

    ● openvpn.service – OpenVPN service
    Loaded: loaded (/lib/systemd/system/openvpn.service; enabled)
    Active: active (exited) since Sat 2016-07-23 16:27:21 UTC; 12min ago
    Process: 452 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
    Main PID: 452 (code=exited, status=0/SUCCESS)
    CGroup: /system.slice/openvpn.service

    The active (exited), makes my VPN not working, but I do not know how to fix it. Any help would be great.

  14. Thank you for taking the time to make tutorial. I was able to get nearly everything working, except that the client (iphone) connected via VPN can only access the default router address (192.168.1.1). No access to anything else on LAN or Internet. I’ve tried the “iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j MASQUERADE” command to no avail.

  15. Tried everything and I keep getting this message no matter what I do.

    Thu Sep 15 11:30:42 2016 read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054)

  16. Just got everything working..sort of. I generated four keys with passwords but when I go to use them and I enter the password it says password is incorrect?

    I know I didn’t forget the password I used. So what did I do wrong?

  17. If you need to change your public ip in the future, would you just edit your Default.txt and then use the OVPN script again to create those ovpn files?

  18. Hello, followed your instructions and imported the .ovpn file into tunnelbicks, when I try and run it, I get the following message “Tunnelblick could not find a ‘tun’ or ‘tap’ option in the OpenVPN configuration file”

    Is there a better OpenVPN software to use or is this a mistake somewhere in the commands?

    Thanks

  19. this guide works great for me. i had to install persistent iptables on my raspberry pi and masquerade as my router doesn’t support static route manipulation. no issue accessing the network from android phone running openvpn client.

  20. I have a pivpn server running and remote to it a lot from my iPhone and android tablets. Are there instructions on how to setup the dd-wrt router’s openvpn client section? In order to have the dd-wrt router tunnel through it.

    1. Hi All,

      I have the Server up and running fine by copying .ovpn file to my windows openvpn/config folder.

      Now the question is where do I copy the .ovpn file in my RasPI Jessy so that I can access my VPN server through my RasPI.

      Please advise.

      Siamak

Leave a Reply

Your email address will not be published. Required fields are marked *