Security
Brought to you by

Turn A Raspberry Pi Into A Personal VPN

The Raspberry Pi has very low power consumption, which makes it a great always-on virtual private network (VPN) server. With a VPN, you’ll get secure access to your home network when you’re on the go and can use it for secure web browsing when you’re on public networks. Here’s how to roll your own VPN with the Raspberry Pi.

Photo by Denise Kappa (Shutterstock), maymak (Shutterstock), Pakhnyushcha (Shutterstock), Anan Kaewkhammul (Shutterstock), A1Stock (Shutterstock), and Neyro (Shutterstock)

It’s Raspberry Pi Week at Lifehacker, and we’ll be showing you some awesome DIY projects you can put together with this miraculous device. If you haven’t acquired one yet, check out our introduction to the Pi to learn more about what it is, what you’ll need, and the cool stuff you can do with one (such as turning it into an XBMC media centre). For a basic introduction to VPNs, check out our guide to why you should start using a VPN.

What You’ll Need

Setting up your Pi as a VPN and web proxy server doesn’t require any new or special hardware beyond the basics. You’ll need:

  • A free LogMeIn account, since we’re using LogMeIn Hamachi to create our VPN. Create your free account, if you don’t have one already, before you get started. Hamachi will create a VPN for you, so you don’t have to mess around with port forwarding on your router, getting a static IP address, or trying to bypass firewalls.
  • Privoxy: We’re pairing this application with Hamachi to enable the secure web browsing from either inside or outside the network. You’ll download it in Step 5 below.
  • A Raspberry Pi, naturally: See our beginner’s guide for suggestions on where to buy one if you don’t already have it.
  • HDMI or composite cable: To connect the Pi to a television or monitor. Once you’ve completed this project, you can disconnect the Pi from your display and use it as a “headless” server, since you can connect to the Pi over VPN.
  • An 8GB Class 10 SD card or better and a card reader: Your computer may have a built-into SD card reader; if not, you’ll need an external one to set up the Pi.
  • USB keyboard and mouse: I used old wired ones lying about the house, but Whitson was able to use wireless (non-Bluetooth) versions.
  • An Ethernet cable: For the best network performance, you’ll want a wired connection to your router/modem (rather than looking at Wi-Fi solutions for the Pi).
  • Micro-USB power supply: Look for a good quality charger that can provide at least 700mA at 5V. Most modern smartphone chargers will work, but check out the specs on the bottom of the charger brick to make sure. Besides the SD card, the power supply is one of the main troubleshooting elements if you have problems.

We’ve walked you through the steps of setting up a personal VPN with Hamachi and using it with Privoxy for secure browsing before, but the steps below are updated for Linux and the Pi in particular. We’ll be entering some commands in the command line and changing configuration files, but really this project is very easy to do. (Hat tip to the Raspberry Pi community for the tips and troubleshooting used in this article.)

Step One: Hook Up And Configure Your Raspberry Pi

If you haven’t already, follow the steps in our beginner’s guide to the Raspberry Pi to create the base system running Raspbian, the standard operating system for the Pi.

There is one additional step you should take when following that guide, at the end in the configuration section (before step 3, finishing configuration). Change the default keyboard layout if you’re not in the UK. The reason is some of our commands require special characters (such as the #) which the UK layout changes.

If you’re following the setup guide above, you can change the keyboard layout in the configuration screen. Or, after you’ve set up the Pi, type in:

sudo dpkg-reconfigure keyboard-configuration

Then follow the prompts to switch to your country’s layout and then either restart (using the sudo reboot command) or reload the keymap without restarting by entering:

invoke-rc.d keyboard-setup start

Step Two: Update And Install Hamachi

Hamachi depends on a couple of packages that may not be present in your image, so updating is in order.

First, grab the latest update:

sudo apt-get update

Then, install LSB (a requirement for Hamachi):

sudo apt-get install --fix-missing lsb lsb-core

Be patient while it updates, and then you can download the latest Hamachi build for Linux:

sudo wget https://secure.logmein.com/labs/logmein-hamachi_2.1.0.86-1_armel.deb

If you encounter errors grabbing the Hamachi for Linux download, check the download page on LogMeIn to verify the version number (such as 2.1.0.86-1) and change it in the filename if necessary.

Next, install Hamachi by entering:

sudo dpkg -1 logmein-hamachi_2.1.0.86-1_armel.deb

Step Three: Configure Hamachi

The last step for our VPN setup is to get Hamachi running on the Pi and on our client PCs.

On the Raspberry Pi, run the following to get the Pi connected to your LogMeIn account and create a new Hamachi network:

sudo hamachi login
sudo hamachi attach [INSERT LOGMEIN.COM EMAIL HERE]
sudo hamachi set-nick [INSERT A NICKNAME FOR YOUR RASPBERRY PI]

On another machine, go to LogMeIn and head to your “My Networks” section under networks. You’ll see that the Pi (whatever you nicknamed it) is trying to connect and create a new network. Grant the Pi permissions and write down the network ID (a 9-digit number) for that network.

Go back to the Raspberry Pi and enter:

sudo hamachi do-join [THE NETWORK ID YOU WROTE DOWN]
Then enter your LogMeIn password (if requested). You might need to approve the join request on LogMeIn from the other machine. Once you do this, the Pi will be part of the new VPN served by Hamachi. At LogMeIn.com, look for the virtual IP address assigned to the Pi and write that down, because you’ll need it later.

To be able to SSH into it and remotely control the Raspberry Pi, start the SSH server:

sudo /etc/init.d/ssh start

Step Four: Install Hamachi On Your Computers

Almost done! For the Windows, Mac or Linux computers you also want to connect to the VPN, you’ll need to install the Hamachi client from the download page.

After you do this, you can join the new VPN (Network > Join) and SSH into the Raspberry Pi or access network files. (In Windows, use a tool like Putty; in Mac/Linux use Terminal to SSH, using the Raspberry Pi’s IP address assigned by Hamachi in the server field).

Step Five: Install Privoxy On The Pi

Besides issuing remote commands to the Pi and accessing network files, you can use your Pi as a proxy server. By connecting Privoxy and Hamachi, you can secure and encrypt your browser sessions when you’re using the public Wi-Fi at your local coffeeshop, keeping your data safe from prying eyes or malicious users.

Here are the steps to set up Privoxy on the Pi:

  1. Install Privoxy:

    sudo apt-get install privoxy

  2. Start Privoxy:

    etc/init.d/privoxy start

  3. Open the configuration file in your text editor:

    sudo nano /etc/privoxy/config

  4. Find the following line (easy in Nano if you do a search by hitting Ctrl+W): listen-address localhost:8118
  5. Comment out that line by adding a # before it
  6. Then add a new line below it with: listen-address [IP address of your Pi assigned by Hamachi]:8118 (e.g., 25.1.1.1:8118)
  7. Save the configuration file (Ctrl+X) and restart Privoxy:

    sudo service privoxy restart

Now you have your Privoxy server set up on the Pi, running over the secure VPN via Hamachi. All that’s left to do is set Privoxy as your proxy server on your other computers.

To do that:

  • In Google Chrome: Go to Settings > Show advanced settings… > Change proxy settings… (under Network)
  • In Firefox: Go to Preferences > Advanced tab > Network tab > Settings button (next to “Configure how Firefox connects to the Internet”)

Then enter the IP address of the Raspberry Pi, as assigned by Hamachi, in the proxy adress. The port is 8118.

To test that the proxy is working, go to http://config.privoxy.org/ and you should see a message like “This is Privoxy on Windows [IP address], port 8118, enabled.” If it’s not working, you’ll see a message that “Privoxy is not being used”. Also, when you’re using a public Wi-Fi connection, visiting WhatIsMyIP.com will show a different IP address when your proxy is turned on than when it’s off (the IP address should be your home’s public IP address).

That’s it!

Other Raspberry Pi VPN Solutions

There are other ways to skin this cat. Our favourite VPN tool Open VPN is a good alternative, but may require a bit more tweaking (as well as a static IP or Dynamic DNS service provider). You can also set up a PPTD VPN (instructions via Brad Wells), which has the advantage of being supported by more devices, but again it’s a little more involved. But for a quick and effective secure networking solution, this approach does the job.