How to use PiVPN to create your own VPN.

Check out my podcast, “Talking Cryptocurrency” where I interview with the people making the cryptocurrency and blockchain revolution happen. Guests have ranged from solo devs to CEOs. These are quick 15–20 minutes episodes. Read my Podcast Manifesto or listen to the show now.

This is the absolute easiest way to install and run your own VPN.

You may be wondering, “Why do I need a VPN?” or even “What is a VPN?”

Well first of all, VPN is an acronym for “Virtual Private Network”. In computer networking we have this concept of wide area networks (WAN) and local area networks (LAN). Wide area networks are large. Often the Internet itself is considered a WAN. Local area networks are smaller. In your home you probably have an internet router. Your laptop, cell phone, Roku, Alexa, etc. are all connected to this router. This is an example of a local area network. A VPN allows you to connect a device to a LAN through the internet. It does this by creating an encrypted connection to a VPN server within the LAN.

Why is this useful?

It means that you can communicate with devices on the local network as if you were at home. For example, you could access your printer, a local file server, or IoT device. It also means that you can use your home internet from the internet. This might sound confusing but it will make sense soon. Imagine that you are at your favorite local coffee shop. Imagine further that you are using their unsecured Wi-Fi to browse the internet and check your email. Using this unsecured internet can leave you vulnerable to attack. A bad guy can do packet sniffing, man in the middle attacks, log your DNS requests, and a bunch of other nasty stuff to you. Using a VPN for would encrypt your internet traffic and send it though your home network. This makes things much tougher for the bad guy. So even though you are using the internet at that café, all your communications will be encrypted and routed to your home network. In fact your public IP address would be the public address of your home router.

Sounds awesome, how do I do that?

There are many ways to set up a home VPN. In this post we are going to choose the easiest method. We will be using a program called PiVPN to install and configure an OpenVPN server. Sound fun, right? PiVPN was originally made for the wonderful Raspberry Pi but you could use any computer running Ubuntu or Debian. You could even install PiVPN in the cloud. I highly recommend using the Raspberry PI though. You will also need sudo or root access.

Install

PiVPN is insanely easy to install. As root run in the terminal:

curl -L https://install.pivpn.io | bash

A bunch of stuff will happen. Your screen will be filled with command line magic. Breath it in. This is a thing of beauty. Who says you can’t have a transcendental experience installing software?

During the install there will be a screen that you will just click ok. Until you get to the following:

You will then need to select a user that will hold the .ovpn files.

I would recommend saying yes to automatic updates. Then select the default option of UDP for the protocol screen.

Accept the default port of 1194.

Accept the defaults of the “Encryption strength” screen. Right now 2048-bit is kinda the Goldilocks level. 1024 is too weak and 4096 is too slow.

Then we generate the Diffie-Hellman key and HMAC.

Accept the “Version 2.4 improvements”.

Then select you public IP.

Select the DNS provider for your clients. I recommend Google.

And then reboot.

Port Forwarding

This will be the hardest part of the setup. Your router routes internet traffic for your home network. You request a webpage from your laptop and your router directs that traffic to your laptop. But we want to do something a little different here. We want our router to direct all UDP traffic it receives for port 1194 to our server running OpenVPN. Unfortunately, I can’t help you with this. I don’t know what router you have. But you can find out how yourself. Just google the manufacture and model number with “how to port forward”. Just follow the directions. Good luck.

Managing PiVPN

Take a look at what PiVPN can do. Run:

pivpn — help

That will retrun:

::: Control all PiVPN specific functions!
:::
::: Usage: pivpn <command> [option]
:::
::: Commands:
::: -a, add [nopass] Create a client ovpn profile, optional nopass
::: -c, clients List any connected clients to the server
::: -d, debug Start a debugging session if having trouble
::: -l, list List all valid and revoked certificates
::: -r, revoke Revoke a client ovpn profile
::: -h, help Show this help dialog
::: -u, uninstall Uninstall PiVPN from your system!

This is a good time to talk about ovpn profiles. These .ovpn files have all the settings and keys for clients to connect to the server. You should create a new profile for each device that will connect. For example, I want to connect my cell phone. I run:

pivpn add nopass

It will ask for a name:

Enter a Name for the Client:

I am goint to call it jasonphone

This will create a new .ovpn file that we need to transfer to our device.

We can also create a profile that requires password with

pivpn add

We can list the profiles with:

pivpn list

And we delete profiles with:

pivpn revoke jasonphone

Connecting Clients

So now you have yourself a .ovpn file for a device. You will need software on that device that will use that file. I recommend the OpenVPN Connect app for both iOS and Android. On Linux you can use the OpenVPN software. For Windows use the OpenVPN Desktop Clients. More details can be found on the OpenVPN site.

Conclusion

In this tutorial we learned how to use PiVPN to install and configure a VPN with OpenVPN. You have now made yourself just a little bit harder to attack.