Connecting to Your Pi VPN Server (Part 2/2 Updated!)

Setting up your server is only half the battle, connecting is a whole other story.

At this point we’re going to assume you have a VPN server setup and working, either on a Raspberry Pi or another Linux server, like at DigitalOcean (aff. link). Configuration and screenshots will be specifically tuned for our aforementioned Raspberry Pi server, but this should theoretically work on any OpenVPN server installation.

Update (5/21/2016): This post has been updated to use the latest version of Raspbian available at the moment, the May 2016 version which can be downloaded here. Commands and files have been updated for the latest compatibility.

Initial Setup

You will need to follow these instructions no matter what operating system you use, so pay attention. This is the hardest part of this whole post, but it shouldn’t take too long. If you remember from our previous tutorial, we created certificates for all our devices, and named them User1, User2, etc. What we didn’t do is create configuration files for each one, as that would take way too long. Luckily a fellow named Eric Jodoin (of SANS Institute) has created a script to do this for us. If you haven’t already, connect to your Pi via SSH:

ssh [email protected]

Replacing that last part with the IP address of your server. You may need to change the pi part as well if you’re not using an RPi. Now run this command to create a default file for all the client configuration:

sudo nano /etc/openvpn/easy-rsa/keys/Default.txt

And fill it in with the following information:

Obviously, replace the part where it tells you with your public IP address. This is not your server’s internal IP if you’re running it on a router. If you are running your server somewhere like DigitalOcean, you can use the IP provided. If you are running the server on your home network, connect to the same network and go to a site like www.whatismyip.com to find your IP. Press Ctrl+X to exit nano when you finish. Now we can make Eric Jodoin’s actual script. Simply run

sudo nano /etc/openvpn/easy-rsa/keys/MakeOVPN.sh

And paste in the following:

(Thanks to @coolaj86 on GitHub for posting this updated version.) Now make this script executable:

sudo -s
cd /etc/openvpn/easy-rsa/keys
chmod 700 MakeOVPN.sh

And start the script!

./MakeOVPN.sh

When this script is running it’ll ask for the names of clients you generated when making your server. Input the names of your clients, we used User1, User2, etc. in our process. Only enter names of clients you have already generated. If it works, you should see this line:

Done! User1.ovpn Successfully Created.

Repeat this for the rest of your clients. UserX.ovpn will be stored in /etc/openvpn/easy-rsa/keys, so you can download this file via scp with a client like Fugu for Mac or WinSCP for Windows. That should be it! Just import this .ovpn file you generated on your Pi into the OpenVPN client of your choice and it should connect just like that!

Troubleshooting

(Update 5/25/16) If your VPN client can connect to the VPN server, but you can’t access the outside internet, try running this iptables rule on the server:

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

Conclusion

Was this tutorial helpful? Then please consider sending me some cash to support this blog, servers aren’t cheap you know 🙂 BTC: 1E2SSJCVp5zsp2PcayM6tdFFTSNcj89fCm I hope you enjoyed this tutorial, check out some of our other ones as well to find out more ways you can keep your online life secure.

Leave a Reply

Your email address will not be published. Required fields are marked *

To create code blocks or other preformatted text, indent by four spaces:

    This will be displayed in a monospaced font. The first four 
    spaces will be stripped off, but all other whitespace
    will be preserved.
    
    Markdown is turned off in code blocks:
     [This is not a link](http://example.com)

To create not a block, but an inline code span, use backticks:

Here is some inline `code`.

For more help see http://daringfireball.net/projects/markdown/syntax