Awasu » Banana Pi gateway: Setting up OpenVPN
Tuesday 1st March 2016 9:24 PM []

A virtual private network gives you better security and privacy as you work online. An encrypted connection to a VPN server is created, and all your internet traffic is sent over that connection, where it is forwarded on to the real destination by the VPN server. Anyone snooping on your internet traffic will be able to see that you are using a VPN, but will not be able to decipher any of it, due to the encryption.

Installing and configuring OpenVPN

By far, the most popular open-source VPN software is OpenVPN, and to install it:

sudo apt-get install openvpn

Your VPN provider will supply you with configuration files (usually with a .ovpn extension) for connecting to their servers. Save these in /etc/openvpn/.

You will also be given a username and password - put these in a password file (e.g. /etc/openvpn/auth) with the username on the first line, and password on the second line.

We also need to change NAT so that internet requests are forwarded on to the VPN tunnel, instead of the normal network interface:

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Now we can run OpenVPN[1]Where XXX is the config file you want to use.:

sudo openvpn \
    --cd /etc/openvpn/ \
    --config XXX.ovpn \
    --auth-user-pass /etc/openvpn/auth \
    --auth-nocache \
    -keepalive 10 60

You can check your external IP address like this:

wget -qO -

Or just fire up a browser and go to

Configuring OpenVPN to run at startup

To get OpenVPN to run at startup, you need to change[2]You should have a rule for IP masquerading in /etc/rc.local already, for NAT. the iptables command to forward internet requests to the tun0 interface instead of wlan0 (as described above).

Then, add the openvpn comand you used above, but with an extra --daemon parameter, so that it will run in the background.

« Setting up DNS-based ad-blocking

Tutorial index

Setting up an email relay »

   [ + ]

1. Where XXX is the config file you want to use.
2. You should have a rule for IP masquerading in /etc/rc.local already, for NAT.
Have your say