Setup your Personal, Private VPN Server

Raspberry Pi as Personal VPN Server

Exposing my online behavior, habits and and patterns has always been a great concern for me. A single idea about my identity becoming a product someone can market and profit on is quite nasty, but it is so much more than that, it is also about personal security and privacy.

HTTPS, while it is great for protection of your passwords transfer on a particular website, doesn’t protect from greater exposure of all traffic and all your activity on your device (there is a lot more going on behind the scenes).

For example with your phones, when you have a choice between using a public WiFi network (lets say at work or just at a large office like WeWork) and using your your mobile data (which is not unlimited in my case, thanks Verizon!), it’s basically a choice between whether or not to keep your mobile traffic data between you and your cell carrier or keep this sensitive data between you, your carrier and a bunch of unknown actors and traffic monitors.

Considering my trust issues, for me the choice is obvious, no way in hell whoever owns that public network shall be aware of my activity, lets say, on Grindr, and so there they go, my precious Gigabytes off my monthly data plan.

What if I told you that there is a way of using public WiFi without compromising your privacy and security. That’s right, as you have probably guessed from the title, the answer is Virtual Private Network.

A regular user (ha, mortals!) can easily purchase a monthly plan from a VPN provider with the fanciest, juiciest marketing department. Unfortunately this approach still adds a 3rd party actor who you can’t really trust, who will still be aware of all your online activity. I would strongly prefer a lesser evil, to keep my activity only between me and my ISP.

Thankfully we are a Software Engineers and can build our own VPN server from scratch, which is a lot simpler than you think.

Lets dive into it.

My setup:

1. Raspberry Pi 3 Model B Motherboard
2. Samsung 32GB 95MB/s (U1) MicroSD EVO
3. Smraza Case for Raspberry Pi 3 with Fan Cooling and Heatsinks, 5V/2.5A Power Supply, Micro USB with On/Off Switch Case

The total comes to about $75 (look up prices for each online, advertisement is not the purpose of my opuses). Also if you need peripheral equipment, get that too: wired mouse, keyboard, HDMI cable for the monitor with HDMI input.

We got the hardware, now here are the steps to convert you Raspberry Pi into personal VPN Server, (hope this article saves you a lot of Googling):

First, we need to burn Raspberry Pi OS (based on Debian, so you know, apt-get is there) on that MicroSD, in order to boot our cute, little, green Raspberry Pi thing.

1. Download it from here: https://www.raspberrypi.org/downloads/raspbian/ (if this is your first Raspberry Pi project, download the one with Desktop,
   RASPBIAN STRETCH desktop is just adorable!)
2. Get the Etcher burner from here: https://etcher.io/
3. Burn that MicroSD.

When Raspberry Pi is up, set it up.

SSH is disabled by default, you need to enable it (quite simple, on desktop go to settings and and click on the SSH checkmark, in command line do sudo raspi-config).

1. Change default password for the pi user (Security point!), which is raspberry.
2. Add users as necessary.
3. Make sure your Raspberry Pi gets a static IP from your router.
4. In your router settings configure the port forwarding of all UDP traffic to you Raspberry Pi device and use some port other than 1194 (Security point!)

Now it’s time to convert your Raspberry Pi into VPN Server

Sounds fancy and scary complicated but its not (Thanks to PiVPN project!).

Take a look at the documentation here: https://github.com/pivpn/pivpn

Glance over the scripting here: https://install.pivpn.io

When you satisfied all your concerns and are sure that it’s cool, run this command on your Raspberry Pi:

curl -L https://install.pivpn.io | bash

From this moment on, it’s as simple as the good old Windows installation in the late 90s: just sit back, relax and answer all questions that pop up.

Notes:

1. Make sure you use the port from the earlier router UDP forwarding configuration.
2. There will be a question about DNS Provider, be careful here (Security point!) as I said earlier, I prefer the lesser evil, to keep my traffic only between me and my ISP, so look up your ISP’s DNS servers, choose custom, and enter your ISP’s DNS ips.
3. I think it’s safe to leave all other options on default with preselected values (please, call me on this one! I’d love to know if I have missed something!)

Bam. Almost done.

Now you need to add PiVPN profiles (it is recommended that you add separate profile for each device for more granular control) use this command:

pivpn add

And follow the instructions.

It will generate *.ovpn file (oh, by the way PiVPN is based on OpenVPN) in ~/ovpns/ for the user you have chosen, then:

1. On your iPhone (I’m a fan of Apple, of course) download OpenVPN app from the store.
2. Get this *.ovpn file online privately (Security point!, make sure there are no traces of this file anywhere afterwards, try local web-server), get to it with your mobile Safari and choose Open with OpenVPN option.

Done. Everything else from this moment is pretty straightforward. And automagically it will just work, now you have your Personal VPN Sever.

Same spiel for the MacBooks: import that *.ovpn into VPN clients on your books.

VPN is on on Rinat’s iPhone

A great thing besides privacy

As a Software Engineers we have some side projects and a lot of stuff going on at home with apps and POCs running on the servers on our local home network (I sure have a bunch), and guess what, all those are accessible to you over this VPN connection.

iOS OpenVPN connected to your Private VPN Server

Connect to it from anywhere and it’s like you have never left your home. Isn’t it awesome?

You’re welcome.