Enhance your Pi-vacy
A man who likes to keep himself to himself, Christian Cawley explains how to keep online activity private when using a Raspberry Pi.
It’s fair to say that there is never enough tinkering to be done with a Raspberry Pi. You can upgrade the SD card, add external storage, buy a case, and with the latest models, add a cooling solution. You also have the option of a multitude of operating systems, from Raspberry Pi OS to media centres, cloud storage solutions, home servers, retrogaming platforms and pretty much anything else you can think of.
A few of these uses might lend themselves to employing a VPN. Encrypted connections via a secure server hosted by a reputable name are increasingly popular since the lockdown years initiated a workfrom-home revolution (for which, we imagine, this author must be some sort of pioneer, having started in 2011) and necessitated secure connections to work computers (and revealed just how unprepared corporate IT departments were).
Indeed, given how more capable the Raspberry
Pi 4 and 5 are as desktop systems, it’s fair to wonder whether they can handle a VPN. Well, yes they can – either using the OpenVPN standard, or setting up a dedicated (closed source) Linux app on the ARMbased computer.
Setting up an OpenVPN connection to your VPN on a Raspberry Pi is straightforward. It can be done either with the computer connected to a keyboard and monitor, or via SSH.
Ensure a reliable network connection is established first; older Raspberry Pis with slower Wi-Fi benefit from relying on Ethernet instead. For demonstration purposes, we’ve used a Raspberry Pi 4 with 8GB RAM, running Raspberry Pi OS Bookworm.
Private Pi
OpenVPN was launched in 2001 and has become an integral part of VPN. It has been implemented both in local servers and as a component of popular VPN services; it is this particular use that we can take advantage of as Raspberry Pi owners interested in using a commercial VPN. Need to access Netflix’s US library from Leamington Spa on your Raspberry Pi?
That’s something that OpenVPN can facilitate, and while you need a VPN subscription, you don’t need to rely on an app. This is useful, because while some VPNs offer Raspberry Pi-compatible software, most don’t. If you’ve ever set up a router with OpenVPN (perhaps after flashing DD-WRT), the process for connecting to a VPN on Raspberry Pi is similar.
A word of warning before proceeding: not all commercial VPN providers support offering OpenVPN access to customers. Two that do, happily, are two of the most popular: ExpressVPN and NordVPN.
ExpressVPN offers individual OVPN configuration files for each server; NordVPN offers the entire collection of servers as a ZIP file. These can then be used with the OpenVPN tool to connect to a specific server.
Other VPNs with support for users to access OpenVPN will have their own system of offering configuration files. Check the corresponding help pages for your own VPN.
Before proceeding, ensure you have a free account, or subscription/ trial access, to a VPN with accessible OVPN configuration files.
Set up OpenVPN
To get started, you may need to disable IPv6. This depends on your VPN provider, so check their requirements or help pages.
If this is the case, either in a local or SSH command line, enter:
$ sudo nano /etc/sysctl.conf
At the bottom of the conf file, add these lines:
net.ipv6.conf.all.disable_ipv6=1 net.ipv6.conf.default.disable_ipv6=1 net.ipv6.conf.lo.disable_ipv6=1 net.ipv6.conf.tuno.disable_ipv6=1
Exit the file with Ctrl+X to save, then Y to confirm the choice. Now that IPv6 is disabled, you’re free to install OpenVPN:
$ sudo apt install openvpn
Use sudo reboot to restart the Pi when this has completed, then switch to the /openvpn directory:
$ cd /etc/openvpn
If you haven’t done so already, download the OpenVPN files. As noted, they should be accessible via your VPN provider’s help pages. They can be manually downloaded via the browser, using wget,
or even downloaded to another PC and then copied across to your Raspberry Pi.
As our personal favourite, we use NordVPN. To grab its OVPN configuration files, we used:
$ sudo wget https://downloads.nordcdn.com/configs/
archives/servers/ovpn.zip
The next step is to unzip the files and identify the ones you want to use:
$ sudo unzip ovpn.zip /
Take a moment to review the contents of the unzipped ovpn_udp directory with the ls -al command. Server files are listed here, prefixed with the familiar two-letter national identifiers: UK, FR, US and so on. Once you have identified the VPN server you wish to connect to via OpenVPN, input:
$ sudo openvpn your_ovpn_configuration_file.ovpn
Enter your username and password when prompted, and the VPN connection should be established. Note that other VPN services may require the credentials to be entered at a different stage; for example, in a file. (With NordVPN, manual setup credentials from your account page need to be entered; these differ from the account login details.)
Use a VPN client
An number of VPN providers offer a Pi desktop client. While it is interesting to get an idea of how VPN software works at the terminal level with OpenVPN, a dedicated app can save time. In most cases, these are the standard build for Linux Debian-based OSes.
For example, NordVPN offers a terminal app that avoids having to mess around with OPVN files. It also features very simple commands, such as nordvpn c to connect to the nearest server. Connecting to a specific server is also possible, either by city – nordvpn c Paris – or by use.
NordVPN has dedicated servers for BitTorrent, Onion, and even double VPN use, for extra-secure connections. Displaying what server groups are available reveals options here:
$ nordvpn groups
To connect to a server for encrypted P2P, for example, use:
$ nordvpn c P2P
Note that GUI clients (ProtonVPN offers one, as does Private Internet Access) run better on a Raspberry Pi 3 or later. They’re unsuitable for the original Pi and Pi 2 models, where you should rely on terminal apps and the OpenVPN tool.
Finally, note that OpenVPN is also a VPN service. With a subscription, you can use its servers, located across the developed world.