Raspberry Pi OpenVPN
It was already setup with Raspberry Pi OS (aka Raspbian GNU/Linux 9 (stretch)), so I kept in in place and assigned fixed IP addresses for the Ethernet and WiFi network interfaces in my DHCP server. I had to cycle both to pick up the new addresses (and I ran the command in screen so it would survive the forced disconnect, since I was doing this remotely via ssh):
# ip link set eth0 down && ip link set eth0 up
# vi /etc/apt/sources.list # change 'stretch' to 'buster':
deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi
# apt update
# apt full-upgrade # dist-upgrade to update the current distribution without going up a full version
813 upgraded, 196 newly installed, 10 to remove and 0 not upgraded.
Need to get 546 MB of archives.
After this operation, 586 MB of additional disk space will be used.
# apt clean
# reboot
Rebooting takes a few seconds on my Raspberry Pi 3 B+ with a Samsung EDO MicroSD card, and voila:
root@raspberrypi:~# uname -a
Linux raspberrypi 4.19.66-v7+ #1253 SMP Thu Aug 15 11:49:46 BST 2019 armv7l GNU/Linux
root@raspberrypi:~# cat /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
HOME_URL="http://www.raspbian.org/"
SUPPORT_URL="http://www.raspbian.org/RaspbianForums"
BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"
# cat /etc/debian_version
10.10
# lsb_release -a
No LSB modules are available.
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Now, to install OpenVPN (informing it, when asked, that I’m using DHCP Reservation):
# curl -L https://install.pivpn.io | bash
I selected OpenVPN (I know it works with Viscosity and with the iOS app; not sure about WireGuard), and set it up to use a public DNS entry (I have a CNAME under my main domain, that points to a Dynamic DNS entry), unattended automatic updates ... And rebooted when done, as recommended by the installer. (I had to switch to TCP, as UDP wasn’t working from anywhere, sigh.) I see it running:
# lsof -i -P | grep openvpn
openvpn 506 openvpn 6u IPv4 13203 0t0 TCP *:11443 (LISTEN)
So let’s configure an OVPN file for a device:
$ pivpn add
$ cat ovpns/iPhone12.ovpn
Viscosity was able to import the .ovpn file and connect. Huzzah!
Edit: Adding a port forwarding range (1194-1194) for UDP traffic was the ticket. Everything’s working now, through the DD-WRT router, via UDP. (And yeah, DD-WRT nominally has an OpenVPN server built in, but it’s ancient and my client software complained about key length before refusing to connect...)
openvpn 513 openvpn 6u IPv4 12031 0t0 UDP *:1194
Comments
Post a Comment