The installation process of OpenVPN server with PiVPN is quite simple. However, there are some prerequisites and recommendations that should be considered before proceeding with the installation.
For this installation I was running Raspberry Pi OS with the latest updates already installed.
You should make an IP reservation for your Raspberry Pi in your DHCP server. Your PI must have the same IP address always in order to access the VPN server properly. Optionally, you can set an static IP address directly in your Pi but this could lead to IP conflicts. The way to do this configuration might vary depending on your set up. In a domestic environment the DHCP server is typically allocated in the router provided by your ISP. You should refer to the manufacturer's manual about how to configure the DHCP server.
You should enable port-forwarding in your router. This is to enable accessing the VPN server from outside of your LAN. Typically, OpenVPN servers listen on port 1194 UDP (but you can configure this port during the installation process). That is why you should open the port in your router, and forward it to the Raspberry Pi. Again, this configuration can vary depending on your router and you should check the manufacturer's manual in order to do this.
Optional - Install No-IP DUC on your Raspberry Pi. On a typical domestic LAN, your public IP is subject to change, which makes connecting to the VPN server quite inconvenient. To solve this, you can use a Dynamic DNS service like No-IP, that allows you registering a free domain an use it to access the services you install on your Raspberry Pi, no matter if it is VPN, SSH... You just have to install a DUC (Dynamic Update Client) that periodically updates the DNS entry with the current public IP address and problem solved. You can find more about No-IP on their website and you can also find a guide on how to properly install the DUC on the Raspberry Pi in this Gist.
As I said at the beginning, the installation is really simple. It's as easy as running a command on the terminal and follow the steps in the wizard. This is the command you should run:
curl -L https://install.pivpn.io | bashDuring the installation you will be prompted with some options. Here are some notes about them:
-
Choose OpenVPN as VPN protocol.
-
Choose to customize the settings.
-
Choose UDP as protocol.
-
OpenVPN listens on port 1194 by default, but you can choose a different one if you want.
-
You can choose the DNS provider as you like, and even use a local DNS server if have one running. I choose Google because its high availability.
-
Public IP or DNS:
-
Choose the public IP you are displayed if you want to connect to the VPN with this public IP. Note that if you don't have a static public IP purchased to your ISP, you will likely loose access to your VPN server the next time your router renews its IP.
-
Choose DNS entry if you want to connect to the VPN with a domain name (like the one you register in No-IP). After that, you should enter the domain name you will use.
-
-
Enable automatic unattended-upgrades.
After the installation is done, you should reboot your Pi.
Now that you have installed PiVPN on your Raspberry, it's time to review the most useful commands you might need in order to use the
-
pivpn add: creates a VPN profile for connecting a client to the VPN. The resulting configuration file will be located in~/ovpns/. The idea is to create a profile for each client you'd like to connect to the VPN. Then you copy this file into the client device and open it with OpenVPN Connect, which is the official client software for connecting to OpenVPN servers. It's available for the most typical OS, including mobile. -
pivpn clients: lists the clients that are connected to the VPN currently. -
pivpn revoke: revokes a profile permanently. -
pivpn list: shows a list of valid and revoked profiles created for connecting the VPN server. -
pivpn helpor justpivpn: shows a list of available commands and description that are used to manage the VPN server.
The above article is based on the following documentation:
PiVPN:The simplest way to setup and manage a VPN, designed for Raspberry Pi