How to setup Raspberry Pi as a VPN Server.

First of all, some background. Why would you want to do this?

This is mainly for the people helping out friends and family and need more IP addresses as using the
same IP address (e.g. your own home broadband connection) for more than one set of accounts can
lead to account gubbings and confiscations as you will be suspected of bonus abuse.

Another use would be for people that often find themselves abroad and need a UK based IP address
to continue PMing with (personally I’d say just enjoy your holiday and wind down) and are happy to
connect back into their own home broadband IP. Or if you live abroad, can install this in a friends
house so they have a UK based IP on a home broadband connection.

It’s also a potential way of saving some coin if you’re currently buying Mifi units and sim cards.
Combined with virtual machines if your computer is powerful enough this can save you a
considerable amount of money and reduce the amount of hardware lying around in your house.

What is a VPN Server and how does this differ from me using a VPN provider I can subscribe too?

A VPN Server is a piece of software running on a piece of hardware that allows you to connect
directly to the network that the server is connected too and make your end device, no matter where
you are in the world, appear that it is in that location. You may already use a VPN at work when
you’re remote working in order to access resources on your company network. The principle is the
same.

For example if you set this up in your own home and connected it up to your home router. You could
install some VPN client software on your phone or laptop, connect to the profile you’ve set up on
your device, and once connected, it would appear that your device was connected to your home
broadband, even thou you were using public wifi in a coffee shop or Hotel. Which is the main reason
people do this, for security so that when using those public wifi hotspots you can create a private
tunnel to your home network and securely use that as your internet exit point and safely enter
passwords into other sites and what not without a potential cybercriminal trying to sniff out your
network packets and intercept precious information. You’d also have access to all the files you have
shared on your home network easily, if you were into such things.

A VPN subscription service you subscribe too will do the same job in providing you a different IP
address and also providing unfiltered internet access (if your ISP blocks certain sites, then you’ll still
be blocked from those sites using a Private VPN server) but there’s been more and more reports of
people getting blocked by the bookies, gubbed, or even having withdrawals confiscated because the
bookie discovered you were on a VPN. The VPNs you subscribe too will have a finite number of IPs
they allocate to be based in the UK, and like an ISP, these IPs are registered to the VPN provider, if
the bookie has already had a number of customers using the IP address, or know the IP belongs to a
VPN provider they will potentially suspect foul play.

So why won’t you have these problems on a home VPN, well because the IP address you’ll be
showing from is your (or your friends) home broadband IP, be it Virgin Media, BT, PlusNet, Sky etc.
NOT a VPN provider, and if the IP address at the location of your VPN server hardly ever changes,
then even better, assign that set of accounts to always use that VPN connection, and whenever you
log into bookies the account will show logins all coming from the same IP address for that account,
so no chance of being done for bonus abuse by IP address.
If you want to do some further reading on VPNs first, this Wikipedia article may help:
https://en.wikipedia.org/wiki/Virtual_private_network

Hopefully that all makes sense, so what do you need to get this going.

1. A friend or family member that is happy for you to set this up in their home. If it’s someone
you’re already helping place bets, then that should make life easier. You will need to attach
this direct to their router via an Ethernet cable, and you’ll also need a plug socket nearby.
You’ll also need to login to their router during the setup process to set up a ‘DHCP
reservation’ & ‘Port Forward’ so that all requests to connect to the VPN are allowed through
the routers firewall, and also so the router knows what device to forward those requests
too. If they’ve already been happy enough to give you a load of personal information then
this is actually far less risky than what they have already done, but it can be difficult
explaining that. Ultimately the goal is to use their gambling accounts, from their own home
broadband connection, and not yours! If you’re entering their private information into
numerous sites repeatedly this is actually safer for them at the end of the day as you’re not
constantly entering their information over different service providers. You may wish to offer
them a financial incentive, if the one they have isn’t already enough. For the record the
Raspberry Pi is very low powered and they won’t it even notice the difference in their
electricity bill.
2. A Raspberry Pi, I recommend the following kit, it comes with everything you need for £50:
https://thepihut.com/collections/raspberry-pi-kits-and-bundles/products/raspberry-pi-3-
starter-kit
3. I think the Pi kit only comes with a MicroSD card. So if you’re computer does not read
microSD cards, you’ll need a MicroSD card adapter if your computer has a SD card slot, such
as: https://www.amazon.co.uk/MICRO-SD-CARD-ADAPTOR/dp/B0019AJJRK if it doesn’t have
an SD card reader, then you need a USB adapter, something like
https://www.amazon.co.uk/Memwah-Micro-SD-Card-Reader/dp/B004WFT762
4. A monitor or TV that supports HDMI, you’ll actually only need this for about 5 minutes as
we’ll set up a way of connecting to the Pi from your computer to make life easier.
5. A USB Keyboard and mouse for the first 5 minutes of setup.
6. Putty – or any program that allows you to to SSH into the Pi from your main computer to
make setting up easier: http://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html?
7. WinSCP or any other file transfer program that allows file transfers over an SSH connection if
you already have one installed: https://winscp.net/eng/download.php
8. OpenVPN client software for the device you’ll be using to connect to the VPN Server with:
Windows/Linux: https://openvpn.net/index.php/open-source/downloads.html
Mac: https://openvpn.net/index.php/access-server/docs/admin-guides/183-how-to-
connect-to-access-server-from-a-mac.html
Android/iOS: Download from the app stores on your device.
9. To set up a Dynamic DNS name for where your Pi will be kept. We’ll go through this during
the setup below.
 Let’s get on with the installation. Ideally this needs to be done at the location of where
you’re going to install the Raspberry Pi, and also to take a device with you to test it all works
ok. A laptop will work best, if you don’t have one but your friend does. Use theirs.

If it’s the first time you’re doing this, by all means have a dry run or two at your own home
address and get confident with the process, just start over again at step 1 when you’re at
your friends or if you want to do another trial run. It’s best to go in having a good idea of
what it is you’re doing and make it look like you understand what you’re doing, otherwise
your friend may be wondering what the hell they are allowing you to do if you’re looking
clueless as you do it.

The rest of this guide is going to assume you are using a Windows laptop. If you’re on a Mac
or a Linux based system, I am going to assume you’re clever enough to work out how to do
the below with alternative methods where required. After all, it just works, right?

1. First things first we need to download an operating system for our Raspberry Pi. We want
the Lite version of Raspbian, which at time of writing is called Raspbian Jessie Lite, download
the zip file from this page: https://www.raspberrypi.org/downloads/raspbian/ (It’s possible
the name Jessie will have changed with a newer version, either way, just download
whatever is the lite version.
2. Open the zip file and you should see something like the below:

3. Copy the .img file from within the zip file to the desktop of your computer so it’s easy to
find.
4. Download a piece of software called Win32 Disk Imager from here and install it onto your
computer: https://sourceforge.net/projects/win32diskimager/
5. Insert the MicroSD card into your laptop either via an available microSD card slot, or an
adapter
6. Run Win2DiskImager (It installs into a folder called Image Writer if you can’t find it) Make
sure the device selected is your SD card on the right, Click the blue folder to locate the img
file you copied to the desktop in steps 2/3 and it should look something like the below (I’ve
blanked out my username)

7. Click on Write, click yes to confirm and wait for the Write Successful Message

8. At this point I’m going to assume you’ve put the Pi in the provided case! Insert the MicroSD
into the slot on the front. Connect the provided Ethernet cable to the Pi and the router,
connect a HDMI cable to the Pi and a monitor/TV, connect keyboard and mouse to the Pi
and connect the power cable to a plug socket and the Pi, and should automatically start up.

9. A whole bunch of text will whizz across the screen, eventually you’ll be asked to enter a
username, enter pi as the username and raspberry as the password.

10. Once logged in, type sudo raspi-config

11. On these screens use the cursor keys (arrow keys) to move up and down, press enter to
select. Select 2 to change the User Password. Press OK and enter a new password followed
by enter and then confirm it and press enter. You’ll receive a confirmation message saying
the password has been changed. DON’T FORGET IT! Press OK

(If you are majorly security conscious, you can also change the username from the default pi,
but it’s a bit of a long winded process, if you want to do it, here’s how:
https://www.modmypi.com/blog/how-to-change-the-default-account-username-and-
password )

12. Press down to Advanced Options and press Enter. Scroll down to select SSH and press Enter.
Press left arrow to select Yes to enable the SSH server. This will allow us to continue the
setup from a laptop or another device and to easily transfer a file off the Pi later. Once
enabled press on OK.
13. Scroll down and choose Finish

14. At the terminal prompt type

ifconfig

The 2nd line down should give you the local IP address that the router has assigned to the
RaspBerry Pi. It will be something along the lines of 192.168.0.12
Make a note of this.

15. Disconnect the monitor/TV and the keyboard/mouse, we no longer need them.

16. Back on your Windows laptop type cmd in the search box and press enter, type in

ipconfig

You’re looking for a local IP that’s pretty similar to the one you’re Pi has, so 192.168.0.X in
this instance, under that the third line will be the default gateway. In my case. 192.168.0.1

17. Type the address of the default gateway into your web browser, and login to the router, if
your friend hasn’t changed the default username and password to log into the router it’s
usually found on the side or the bottom of the router.

18. We now need to do two things. Now every router is different so I can only guide you in the
right direction. You may need to go into the advanced settings area of the router to find
them. First we need to find the DHCP options on the router and set a DHCP reservation. On
the DHCP reservation screen it should already tell you what devices are connected to the
network. Select the Raspberry Pi, which in my example above had the IP of 192.168.0.12
from step 14, and then select Add reservation then apply or save. This will ensure that
whenever the router gets rebooted, the Raspberry Pi will always be assigned the same local
IP address. We need it to always have the same local IP address so the router knows where
to forward the VPN packets to. Speaking of which…..

19. Find the options on the router for Port Forwarding

You’ll likely need to give the rule a name, call it VPN Server
For the start port and end port enter 11948
For the Protocol select UDP
For the IP address we need the local IP of the Pi, which we have just reserved to always be in
 my example, 192.168.0.12, obviously enter the correct IP address for your Pi as per steps 14
and 18. Click to apply or save.

20. We’ve now got all the router configuration done and initial configuration of the Pi.

21. Now launch Putty, if you haven’t downloaded it yet the link is in item 6 of what you need

22. Enter the IP address of the PI and press Open

23. On first connection you’ll get something like the below

Click yes

24. Login as pi and the password you changed it too in step 11.
25. Copy the below text:

curl -L https://install.pivpn.io | bash

Then right click anywhere in putty for it to automatically paste in, press Enter. The VPN
Server software will begin installation.

26. Just a quick side-note, running a command like this is dangerous. Basically what
the command being run is doing is going to http://install.pivpn.io and parsing the
data then running it in the command line. If you run a similar command from an
untrusted source you can do some damage and it is very dangerous to do so.
You can type https://install.pivpn.io in your browser to see the exact commands
being run.

27. Once its finished downloading, press ok

28. It will tell you, you need a static IP address, we’ve already sorted this by assigning a DHCP
reservation in step 18. Press OK.

If it asks what connection to use, use eth0 (If you have a Raspberry Pi 1 or 2, it will not ask
you this question, as only the Raperry Pi 3+ has wired and wireless on board)

29. When it asks if you want to use current network settings for a static IP select Yes, then select
OK as it warns us again about router config, we already did it. Step 18.

30. Press ok to choose a local user

31. Select Pi and then OK

32. It now tells us about automatic updates press ok

33. Select Yes to enable automatic updates and wait for the process to finish.

34. Next it will ask about protocol. Select UDP and press OK

35. Change the port number to 11948 (as that’s the port number we forwarded too in Step 19)
We changed it from the default port to enhance security. Changing your port won’t turn
your server into Fort Knox but it will not show up in default port scans of your external IP
Address assuming the attacker is scanning default ports only. Press OK once you’ve added
the 8 to the end.

36. Press Yes to confirm the setting is correct.

37. Press OK to set the encryption level to 2048, and then OK again to generate the security key.
This will take a minute or so.

38. On the next screen we have a choice to make, if your friend knows for sure that his external
IP NEVER changes even after rebooting his router, you can choose to use the Public IP
 address. If it does change, or he/she is not sure. Then press down to highlight DNS entry,
then press space to select it, and then press enter.

39. At this point it asks us for the name of the public DNS. So we better go set one up…..

40. I recommend signing up to http://freedns.afraid.org/ it’s free and pretty simple to use. The
only problem is it will not auto update should the external IP of your friends router change,
but we can solve that easy enough by just asking them to google ‘what is my ip’.
Anyway…Click to setup an account and fill in all the required fields. You’ll need to login to
the site at least once every 90 days to keep your account active.

41. Once you’ve setup your account and logged in, on the left menu click subdomains
Click Add
Leave the type as A
In subdomain type something easy to remember such as MyFriendCharlie or something so
you know whose IP your pointing at.
Choose a domain
Enter the destination IP. This is the external internet facing IP address of your friends
internet connection, if you are on their wifi connection on the laptop, just simply type ‘what
is my ip’ into google and it will tell you. Type in that address as the destination IP
Enter the captcha code requested and click Save!

So we’ve now created a free DNS entry called something like

Myfriendcharlie.chickenkiller.com

42. Go back to your Raspberry Pi VPN Server setup screen and enter whatever you choose as the
DNS entry in step 41. In the example above you would type
myfrendcharlie.chickenkiller.com then press enter

43. Confirm it is correct and there are no typos. Press Enter

44. For the DNS provider (this is a different type of DNS, don’t worry about understanding) just
leave it at google and press enter

45. It will now advise us we need to run pivpn add from the command line to set up our
OpenVPN certificate. Press Enter

46. We are advised to reboot however first. Press left arrow to Yes, and press Enter, and enter
again to reboot the Pi.

47. Our Putty connection will drop off. Close Putty.

48. Wait about 30 seconds, and relaunch Putty and connect again as you did in step 22.

49. Login to the Pi again with the username (pi) and password you entered in step 11.
50. Copy the below code:

sudo apt-get upgrade

and then right click anywhere in Putty to paste it in, and press Enter

51. Press Y to confirm installation of updates and press Enter.

52. Updates to the Raspberry Pi OS will begin downloading and may take a minute or two. At
some point the screen will stop and notify you of certificates that will be updated, it’s not
clear here, but you need to press enter a few times to scroll down, and then eventually q to
quit.

53. The downloaded updates will then install, again this will take a few minutes.

54. Once you’re back at a pi@raspberrypi prompt, copy the below text:

pivpn add

And right click anywhere in Putty to paste it and press Enter

55. You’ll be asked for a name for the client, ideally you’d create seperate certificates per device
you’re going to use to connect to the VPN, but there’s nothing stopping you just using the
one certificate, and since you’ll be the only person using it then we’re just going to create
the one. Call it something that’s easy to identify, such as MyfriendCharlie

56. Enter the password for the client, now this password you’ll be asked for every time you
connect to the VPN, so make it something secure and something you’ll remember.

57. Confirm the password by entering it again.

58. The key will get created.

59. Now we need to get the key off the Raspberry Pi so we can use it on our devices. Open
WinSCP, if you haven’t downloaded and installed it, the link is in item 4 of what you need at
the top of the doc.
60. In the hostname, type in the IP of the raspberry pi and click login.

61. If asked about the security key, press OK to accept/save

62. Enter username and password as you have been doing for Putty.

63. It should auto log you into the pi users home folder. Go into the ovpns folder and you should
see the ovpn key file you created in step 57/58. Right click it and choose download. Choose
where to save it too such as my documents or the desktop.

64. Install the OpenVPN client software on your device, I’m going to use Windows as an
example. The link for the installer is in item 8 in the items you need at the top of this doc.

65. Once its installed you should have an item in your system tray that looks like this:

you may need to click on the up arrow in the system tray if a number of items start up with
the system.

66. Right click the icon, and choose import file

67. Browse to where you saved the key file from step 63.

68. You should now have the option to connect when you right click the icon.

69. Now before we test, whilst connected to your friends wifi again google ‘what is my ip’ and
make a note of the IP address, it should still be the same external IP that we pointed our free
DNS service too in step 41.

The best way to test is to disconnect now from your friends wifi, if you or your friend has a
phone or mifi unit that allow data sharing, fire that up and connect to the hotspot the mifi or
phone creates.
 Again, google what is my IP, and you should now be on an IP address provided by the
phones network.

Right click the openVPN icon in the taskbar and click connect.

When prompted enter the password you choose in step 56.

All being well you should connect to the VPN network.

Google what is my IP again and you should find you are back on the IP address of your
friends home broadband.

So there you have it, whilst connected to the wifi of a separate network (in this case the
phone network) by connecting to the VPN software you now have the IP address of your
friends home broadband and it’s as if you are connected to that network. In essence what’s
happened is you’ve created a private tunnel from the phone network into your friends home
broadband and you’re internet traffic is now going via that tunnel.

Once you get home, connect to your home wifi, and follow the steps in this step 69 again
and connect to the VPN network, and you’ll find your device will again be showing as if it
was connected in your friends house.

Stick to just running one set of accounts of this VPN network. If you have several sets of accounts,
repeat the process and install a separate raspberry pi VPN server into each friends house where
possible and connect each device or VM you have allocated to that friend, to that VPN network.

Troubleshooting:

Now should you be unable to connect to the VPN, it’s possible your friends external IP as changed,
this may happen if the router has rebooted, sometimes they will do this by themselves when the
supplier applies a firmware update to the router. To resolve the issue simply ask your friend to
google ‘what is my ip’ when they are connected to their home network. Find out the new external
facing IP, log into http://freedns.afraid.org/ or whatever service you used, and update the IP address
for that specific entry. Once it’s updated, it should work again. If you think the Pi needs a reboot, just
get them to unplug it, leave it a few seconds and power it back on.

Every so often the Pi may need a reboot to apply security updates, do this by either using Putty
when connected to the VPN and log into the pi and issue the command

sudo reboot

Obviously the VPN connection will drop at this point and you’ll have to wait a minute or so for it to
come back up.
References:

Majority of this guide has been lifted from http://kamilslab.com/2017/01/22/how-to-turn-your-

raspberry-pi-into-a-home-vpn-server-using-pivpn/ and modified to include initial setup of the Pi and
more detail about SSH and setting up the client. Above guide has more screenshots which you might
find useful.