Raspberry Pi OpenVPN

Now that the IIgs has an Uthernet II card, I no longer needed to have the DIN8-DB9 (“Apple IIgs, IIc+, LC III”) null modem cable / Blinken Lights GM-FTDI2-LED USB Serial Adapter / Raspberry Pi / Slirp setup I’d been using to connect it to the network. So, time to repurpose it as an OpenVPN server. (We’ve been running one at the office successfully for about 5 years now.)

It was already setup with Raspberry Pi OS (aka Raspbian GNU/Linux 9 (stretch)), so I kept in in place and assigned fixed IP addresses for the Ethernet and WiFi network interfaces in my DHCP server. I had to cycle both to pick up the new addresses (and I ran the command in screen so it would survive the forced disconnect, since I was doing this remotely via ssh):

# ip link set eth0 down &&  ip link set eth0 up

I then updated the installed software to the latest version (10, buster); this will take a while (for my install, it was over 800 packages and almost 600MB):

# vi /etc/apt/sources.list  # change 'stretch' to 'buster':

deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi 

# apt update

# apt full-upgrade   # dist-upgrade to update the current distribution without going up a full version

813 upgraded, 196 newly installed, 10 to remove and 0 not upgraded.

Need to get 546 MB of archives.

After this operation, 586 MB of additional disk space will be used.

# apt clean

# reboot

Rebooting takes a few seconds on my Raspberry Pi 3 B+ with a Samsung EDO MicroSD card, and voila:

root@raspberrypi:~# uname -a

Linux raspberrypi 4.19.66-v7+ #1253 SMP Thu Aug 15 11:49:46 BST 2019 armv7l GNU/Linux

root@raspberrypi:~# cat /etc/os-release 

PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"

NAME="Raspbian GNU/Linux"

VERSION_ID="10"

VERSION="10 (buster)"

VERSION_CODENAME=buster

ID=raspbian

ID_LIKE=debian

HOME_URL="http://www.raspbian.org/"

SUPPORT_URL="http://www.raspbian.org/RaspbianForums"

BUG_REPORT_URL="http://www.raspbian.org/RaspbianBugs"

# cat /etc/debian_version 

10.10

# lsb_release -a

No LSB modules are available.

Distributor ID: Raspbian

Description: Raspbian GNU/Linux 10 (buster)

Release: 10

Codename: buster

Now, to install OpenVPN (informing it, when asked, that I’m using DHCP Reservation):

# curl -L https://install.pivpn.io | bash

I selected OpenVPN (I know it works with Viscosity and with the iOS app; not sure about WireGuard), and set it up to use a public DNS entry (I have a CNAME under my main domain, that points to a Dynamic DNS entry), unattended automatic updates ... And rebooted when done, as recommended by the installer. (I had to switch to TCP, as UDP wasn’t working from anywhere, sigh.) I see it running:

# lsof -i -P | grep openvpn

openvpn   506     openvpn    6u  IPv4  13203      0t0  TCP *:11443 (LISTEN)

So let’s configure an OVPN file for a device:

$ pivpn add

$ cat ovpns/iPhone12.ovpn

Viscosity was able to import the .ovpn file and connect. Huzzah!

For some reason, port forwarding a single port on my old Linksys router (which is a bit long in the tooth, frankly) wasn’t working, but if I forward a “range” of ports (11443-11443), that worked. (Maybe UDP would have worked the same way? I’ll play around another day. Eventually I should really deploy the EdgeRouter I got a while ago...)

Edit: Adding a port forwarding range (1194-1194) for UDP traffic was the ticket. Everything’s working now, through the DD-WRT router, via UDP. (And yeah, DD-WRT nominally has an OpenVPN server built in, but it’s ancient and my client software complained about key length before refusing to connect...)

openvpn   513     openvpn    6u  IPv4  12031      0t0  UDP *:1194