Hey guys, what is going on? It's Don here from NovaSpiritTech and today
I got a really cool episode for you guys
We are going to be making a Raspberry Pi VPN router so let's get started
Alright, so for those of you
who don't know what a VPN is I'm going to give you the reader's digest version so basically
It's
Encrypted traffic between your computer and somebody else's computer
So
Your ISP or internet service providers can't see what's going on in your traffic in most cases if you don't have a VPN the ISP
could kind of read what you're doing on one end to another end
they could figure out your IP and the destination IP and if it's not an encrypted traffic like HTTPS and stuff like that
they could actually read what's going on in between?
So having a VPN kind of protects against that so like I said earlier what we're going to be doing is making a VPN router
with the Raspberry Pi
Now I use PIA or private internet access, and I'm a big believer of them
I've been using for years
and I've used multiple accounts before, but
PIA I always go back to PIA now the only downside to PIA
or most other accounts
It only allows a limited account connections for PIA you basically only have five devices that you connect to it
so if you got a household like mine a computer laptop a tablet
Cell phone your TV. You know kodi boxes or fire sticks and stuff like that. You know what I mean
Then you have a lot of other devices in the house your wives are you know your son's tablet all these devices?
but it already surpasses five accounts. So what can you do to solve that problem? So basically
Actually really just draw this out
So
Basically you have more than five devices okay, so I'm just going to say six devices over here on the bottom okay?
Normally
You would have to connect to each one one at a time, okay?
So basically you're using about five accounts already now if we
Go back
Okay, and we set up a VPN router
Using our Raspberry Pi
All you have to do is have the five or six devices connect to that one
And then shoot over to the VPN that means you only using one account which saves you for other accounts for yourself and stuff
so if you're on the road
So this installation is actually pretty simple
It's a lot of copy and pasting from my website itself because I already wrote out a script write all this stuff very
minimal configurations you basically have to configure what the username and password is and you're
somewhat of a network setup on your house because I don't use a standard IP address if you guys have a different IP scheme
You might want to change certain parameters for this setup, but other than that
It's pretty much straightforward for this tutorial
we're going to be using a PI you can actually use a tinker board or you could use anything linux related a virtual machine everything
works, but we're going to be targeting a Raspberry Pi because it's low powered
And you could place it basically anywhere near your router and it work in this tutorial. I'm also going to be using PIA
I don't know
This could probably apply to other VPN services if you already have it that supports OpenVPN, but I'm going to be using
PIA so if you guys are interested in signing up for PIA
I do have an affiliate link, link below in the description
That will help the channel out a little bit if you're going to use that link
And let's get into it
Alright guys
So we are on our desktop right now, and I am connected to a Raspberry Pi there's a freshly formatted raspbian Jessie
which I just downloaded from the Raspberry Jessie site
and you can use either version either the light or the full but
The only thing I set up on this was the host name and it jumps right into console and I also
Lowered up GPU memory to 16 instead of 64 whatever was default so the first thing we're going to do
Always, is to update so sudo apt-get update
And make sure you have internet connection and everything before we get into everything you want to update your
repositories you want to update your system. Just make sure everything is updated to
sudo apt-get upgrade
We're just going to go through this and hit yes, or everything is upgraded, so
While this is going on I actually just wanted to mention that
If you guys missed last week's episode. I'm so super excited to show you what I have in store
I've been playing around with those little devices that I got from Micro Center. A lot of fun, lots of fun
I can't wait to show you guys I apologize for the blurriness of that video
Got no excuse for it
It's just I apologize for it
Now if you guys want to see some of the stuff that I've been playing around with I will be uploading them on Instagram
I kind of use it like a snapchat type thing
I use a stories a lot so after 24 hours it goes away, but if you guys follow me
you'll be able to see what I'm playing around with basically and I play around with a lot of stuff throughout the day
Alright another thing I want to mention about this project is that this is a VPN router
Alongside with your main router so you basically have your I'm going to call it clean net so you're clean internet where
Everything goes through there
and it could kind of be viewed in all that stuff then you have your VPN router where all your stuff gets
encrypted the reason why I kept like this is if you do streaming or you're youtuber or
stuff like that they want to know the location where you're uploading from so you want to use your regular internet for a lot of
That stuff, but if you are you know either
Using some streaming sites or you're using some you know questionable websites that you don't want anybody to go
and look at or if you just want that
Privacy then you could adjust your Gateway to the Raspberry Pi and then have everything filtered through the VPN
So I find this is the best way
so you have the best of both worlds and again
Keep in mind that when you are doing this with the Raspberry Pi it is a little bit underpowered
I could hook up up to like five devices on this end
I still get decent speed, but your mileage may vary if you need more
horsepower because you are doing an encryption on the Raspberry Pi so it is going to be using a lot of the CPU
There's
You know you might only be able to get like five computers
Or you might only be able to get four if they're constant being used it all depends
The way we're going to be doing this is using OpenVPN and
I've read that PVTP. I advise against using
PVTP as far as this service
But it uses less CPU power as far as trying to process everything so you might be able to connect more
Clients
We might be able to connect the more computers on to your resident probably by using PVTP another thing is
Keep in mind that you're on a 10 by 100 megabit connection, so if your internet is
Slower than 10 by 100
You're pretty much good
But if it's faster than that you might want to go for a different route where
You're using a gigabit lan like the tinker board or something like that
Or you might want to upgrade using a USB gigabit lan port and that might help a little bit
But you're not so you're still not going to get the full 10 and 100 by 1000 gigabit you know, megabits, so
There's many direction depends on how you're going to use it
Definitely on this device on the Raspberry Pi 3 be able to connect at least
simultaneously 2 to 3 device using the connection at the same time anything more
I connect up to 5 but they're not simultaneously being used and it works perfectly fine, and I'm going to show you an example later
But yes
Keep that in mind if you're struggling with
Hey, why is it so slow?
I thought I'd get more speed on that it might be your CPU on the Raspberry Pi so keep that in mind
all right, we are finally done with the upgrade so let's get moving to doing the next look the rest of stock case
So the first thing you want to do is set up a static ip so that way your IP does not change
And you know where to target your Gateways, all right so to do that we're going to go to "sudo nano /etc/network/interfaces"
And in here this is where you going to set up your static Ip if you're planning to do this using
Wlan you can, there's actually a lot of tutorials on how to set up your Wlans
So you could automatically sign in to your WPA or whatever security you have instead of an IP, but in our case
We're going to use etho because this is going to be set up right next to my router and you want to get the maximum
amount of speed you can instead of having to use Wi-Fi and deal with you know all that stuff, so
To get started we are add "auto eth0"
If you have another device
connected to it like a USB ethernet or
stuff like that it might be echo one so you might want to change it to according to what you have set up
But "auto eth0" "allow-hotplug eth0"
And then underneath that "iface eth0 inet static" this is where you start setting up your
Own stuff
Underneath that you want to change manual to static
And then we want to tab in address and here you want to set your address, so
For you it might be
192.168.1.2 that might be something you want to set up in my case. I have a different Ip range, so I'm going to do
105.2 the next thing is Net mask
Which would be 255.255.255.0
Gateway we are still using the original Gateway for this so it's going to be 192.168.1.1
for your case or in my case will be 105.1
Last would be the DNS name servers
so you don't want to use the whatever your internet service provider's DNS is so you want to point it to something else?
In my case, I'm going to be pointing it to Google
8.8.8.8 and
8.8.4.4
And save it CTRl x and then y to save and that's it
you got that all set up, if you want to
reboot right now you can and then just log into the 102 IP series Walleye stuff internet might as well just grab everything I need
I'm going to do "sudo apt-get install openvpn"
because that is the connection we're going to be using
So we're going to let that install
All right now that's in we're going to need to download the open VPN
Certificates and everything from PIA, so we're going to do "wget https://www.privateinternetaccess.com/openvpn/openvpn.zip"
Alright, so now we're going to want to extract the file that we just downloaded so it's going to be "unzip openvpn.zip -d openvpn"
That's going to extract everything into OpenVPN directory
So we could Cd into it and take a look
Everything is here, and there's some files that we need to transfer over to another folder so now that we
Downloaded, extracted everything we need to move
This file, which is a pem and the crt, which is a certificate and then coding and I don't remember what it's called, but yeah
We're going to do "sudo cp openvpn/crl.rsa.2048.pem /etc/openvpn/"
Then we're going to also going to move "sudo cp openvpn/ca.rsa.2048.crt /etc/openvpn/"
The next thing we need to copy over is
The location that we're going to be using our VPN in from, so I'm from, New York
Us and stuff like that, so that's the file
I'm going to be copying over
For you if you're in UK or anywhere
else you might want to copy the location that's closest to you, so I'm going to do "sudo cp openvpn/US New York.ovpn /etc/openvpn/US.conf"
Alright now that we copy all the files that we need over to open VPN folder when you're going down and create a login
So we're going to do "sudo nano /etc/openvpn/login"
And it's gonna be a blank file and over here. You just need to type in your username and your password
In that line space, so it's all one on top of each other then save it
Ctrl X and Y to save as the name now that we've transferred everything over when we created login
we just have to change one more file to make sure it points to the correct
Crt certificate than all that stuff for us, so we're going to do "sudo nano /etc/openvpn/US.conf"
That's what we need to change now now if you head down to the bottom you're going to notice
Crl-verify we're going to just add
/etc/openvpn to that. So now just go into that folder and we're going to add the CA which is  /etc/openvpn/ca.rsa.2048.crt
Now the user off password we want to add
/etc/openvpn/login
Now it knows where all the files are
And Ctrl X to save, Y and now that everything is all saved let's test it out so to test this out. We do sudo openvpn --config /etc/openvpn/US.conf
As a matter of fact the reason why didn't work is because I didn't reboot after installing open VPN
so I'm going to reboot this right now
Okay, now after the reboot let's try that command again, so it's going to be sudo openvpn --config /etc/openvpn/US.conf
And now it should work
And as you can see it
It hasn't kicked me out within any any errors or anything so that it is actually working right now running this VPN it and so
Now that we know the connection is established the password I put in and the username I put in is good
we are now going to pull out of this by using Ctrl-C
And we're going to set everything else up first thing
we need to do is enable this while it boots, so we're going to do sudo systemctl enable openvpn@US
Or whatever you named it, so I just named it at us now
it's going to create a service every time it boots up the Raspberry Pi it's going to
establish a connection through the tunnel the next thing we have to do is enable
forwarding because we're going to
allow traffic or land traffic into our Raspberry Pi and then you know use the beacon so we need to allow forwarding
So we're going to do sudo nano /etc/sysctl.conf
In here just kind of roll down at the bottom. It's more towards the bottom but what you could do is
Search for a word using CTRL W now
Right here
IPV4 IP forwarding = 1. That's what you want. We save it CTRl X save
And now let's restart that service which will be
sudo sysctl -p
All right so now enabled folding the rest now is all up to
setting up all the IP tables and all that stuff what I'm going to do is drop into sudo and it's much easier for me
To type everything now. I have everything on my website if you are looking for everything
It's just a matter of copy and paste on my website
I'm gonna have all the links in the description below, so let's go "sudo su"
Okay, now when super user mode and I'm going to kind of go through what I'm trying to do and I hope you guys might
Be able to explain now the first thing. I'm going to allow is
Loopback so you know 127.0.0.1
Or stuff like that if you got some services that requires look back now enabled. Okay, the next thing is to allow
Traffic from your land
In from your land and allow traffic from your device out to the VPN, so that's this ip table right here
Now the next one is this one will allow open VPN sockets
Another important thing is you have to allow
NTP because you have to make sure that your clock is synced with the VPN clock that's how it works, and yeah
Just allow this this will allow the NDP which is port one two three
The next thing is
DhCp okay to allow if it's
The DHCp services and stuff like that that's going to be allowed now
You don't have to do this like I said, I'm going to have this whole thing just copy and paste okay two seconds
But I'm just trying to go through a real quick now the next thing is to bring the output
through the Tunnel
Okay
Here is I would like to call a kill switch and
What I mean by a kill switch is it will allow forwarding only a VPN is alive
So basically if your VPN is down it won't allow the traffic to go out to the internet
Which is a good thing because if you're doing some torrenting or some stuff you know this service
It doesn't detect the tunnel. It will just basically drop the connection. So you won't get in trouble or anything and
Then all set and done
Basically make post routing and then allow the traffic display enables the whole thing to work, now
There's a lot more on the
Website that I'm going to put which is like sim packets and do not allow bad syn packets and stuff like that
I'll have all that in the website. I'm just not going to include this right now. It's going to make this video
Super Super Long
Now that everything is all set we want to be able to save it so it's persisting
That way when we reboot the system. It's still going to remember all the IP tables, so to do that
We're going to do sudo apt-get install iptables-persistent
This will install a little script or
Software that will basically say every time you boot up
This is how I want my IP tables to be
The first time you install it the timeline is called it earlier
You will ask you if you want to save the rules and I would say yes to save the rules and save the rules for
IPV6 also
And now we want to enable that service on boot up
sudo systemctl enable netfilter-persistent
All right now that it's going to enable every time you boot up
So it's going to restore all the IP tables that we put in now if you missed it and you actually installed it earlier you
could always do sudo netfilter-persistent save
And that will save all the rules. We are basically done with this
We all have to do is just reboot and make sure everything comes back online
So I'm going to "sudo reboot" and in the meantime
I am going to head over to my other operating system right over here. Which is a windows 10 fresh install
It's on my virtual machine and we are going to be able to test everything out
now heading over to
Mozilla Firefox, I'm going to do an IP chicken, which will give you your IP address and here we have it my IP address and
If I connect it to my Raspberry Pi now, it should be a different IP address, so let's give that a try
Minimize this
And
We're going to go over to Network open networks services for every Windows is different for if you got a Mac or Linux
You know it's different to set this up
But what you first want to do is figure out what the IP address because we're going to be using the same IP address
For this machine just a different Gateway
So I'm going to go into details and you're going to see this IP address is 102 all right
So I'm going to go into properties now head over to IPV4 hit properties use filter address
192.168.105.102 because that was the IP Address before 255.255.255.0 that's normal now
Here's where we change it one 92168
105.2 you know in my instance. I actually have that 73 but you get the idea
8.8.8.8 8.8.4.4, and those are for the DNS servers hit ok
Close that out. It's going to take over with the new settings
And now if I head over to my Mozilla Firefox and do an IP chicken
We now have a new IP address everything is switched over to the VPN
And I all I did was just reboot the Pi and I haven't had to go back in and as I was saying earlier some
Of the things we want to check out is a speed test
Again depending on your internet service provider I use PIA and they are great the speed is amazing
I don't have any issues with them at all
My Raspberry Pi is able to handle traffic and stuff like that
And as you can see it's it's doing really good in speeds
It's like five megabytes per second or 50 megabits per second if you want to put it that way
for a download and upload I get about 24, so
All in all running it through the Pi you're getting good speed and now your connect multiple devices
Onto this Raspberry Pi that means I'm only using one account for this
So thanks for watching this video if you guys enjoyed it please hit that like button smash it a couple of times
So if you guys got any questions about this or want me to work on another video ideas similar to this or something like that
Hit it up in the comments below to be honest the easiest way to reach me these days is through Twitter
I find it a little bit hard to navigate through
YouTube it's I just get hit with a lot of notifications sometimes sometimes
I don't even get notified the easiest way to communicate is hitting me up on Twitter
I'm going to have all the links in the description below you're going to see I always put the first comment cuz either my Twitter
On my instagram and again if you want to behind the scenes of stuff that I can't fit into these videos
It's on Instagram. I actually used it for the story
It's much like Snapchat, but I'm not good with Snapchat, so I stayed with Instagram anyway
That's a whole another story if you're new to this channel
consider subscribing and if you hit that little bell notification
I'll let you know when the next video is going to be out and as I say in my nerd cave. Hack till it hertz
