Protect Your Identity with the VPiN
YOU’LL NEED THIS RASPBERRY PI This credit-card sized computer costs around $35.
VPN SUBSCRIPTION We’re using the Nord VPN service in this tutorial.
CARING ABOUT YOUR ONLINE PRIVACY and actually following best practices to protect it are two different things. As a MaximumPC reader, it’s likely that you know the principles of what you should do to avoid the great data collectors and geo-locators in the sky, but maintaining constant vigilance is an effort that soon gets tiresome, if not downright impossible.
For example, you know that you should be using a VPN to avoid any ISP-level filters. Setting up and using a log-free VPN service from your desktop is straightforward enough, but what about all the other devices you have in your home? For example, if you use a games console to watch Netflix or YouTube on your TV, how do you route traffic from there effectively? No consoles have built-in VPN software. There’s no app in the PlayStation store.
One solution, of course, would be to buy a router that can connect directly to a VPN service, protecting all the traffic that travels around your home network at a single stroke. Or, if you have an older router, you could modify it with OpenWRT firmware, and add controls such as these in. Or, if you want a cheaper and more straightforward solution, you could always use a Raspberry Pi….
1 PI RIGHT THERE
With just a few fairly simple scripts, you can configure any Raspberry Pi to be a headless VPN gateway. This means that when it’s connected to your router, you can send traffic to it from other devices before they connect to the outside world— essentially putting them behind a VPN [ Image A]. Here, we’re using a first-generation Pi—it’s a nifty repurposing of a piece of gear that’s past its sell-by date for most other common Pirelated projects.
>> To get started, you need four things: a Raspberry Pi, an SD card preloaded with the Raspbian operating system, and a subscription to a VPN service of your choice. We’re going to use Nord VPN, which assures us that it doesn’t log user behavior or filter for particular activities, such as P2P protocols. There are services that promise even more anonymity, or are more affordable, but Nord is a good place to start investigating options.
>> The fourth thing you need is a copy of your provider’s OpenVPN configuration files and encryption certificates. There are usually a lot of these—one for each server you can connect to—so pick a handful that you want to be able to quickly access. We opted for two US and two UK servers, choosing one that supports the UDP protocol and one that supports TCP/IP.
>> You should find these configuration files on your VPN provider’s website. Download them, then unzip them into a folder on your desktop.
2 INSTALL PACKAGES
We want our Pi to run headless; in other words, without a keyboard and monitor attached, which means that once it’s up and running, we’ll need to access it using a remote shell and SSH. For the first run, it can be easier to access the Pi directly by plugging in peripherals, at least until you’ve made sure it has a fixed IP address on your network—essential for this project.
>> To do that, open a terminal on the Pi desktop, and type sudo nano /etc/network/interfaces . Edit this file to look like this (you can choose any free IP address for the line that ends in “12”; bear in mind that the “1” in the third part of the address could be another number): auto lo iface lo inet loopback
auto eth0 allow-hot-plug eth0 iface eth0 inet static address 192.168.1.12 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 1.1.1.1 1.0.0.1
>> Press Ctrl-O to write out the file, and then press Ctrl-X to quit Nano.
>> Now turn the Pi off, and remove all peripherals, leaving just the networking cable in place. Then reconnect the power supply to get it started again.
>> Once the Pi has booted up, you should be able to access it from another PC using SSH. In our case, the command to connect is ssh pi@192.168.112 and the password is the default, “raspberry.” You’ll probably want to change the password.
>> The next thing you need to do is install the OpenVPN packages with the following command: sudo install openvpn.
>> Next, navigate to the folder where you need to keep your OpenVPN configuration files by typing cd /etc/openvpn . You need to download the configuration files from your VPN provider. In our case, we can do this using wget —don’t forget to use
sudo because the “etc/” folder isn’t writable by ordinary users. In our case, the command is sudo wget https://downloads. nordcdn.com/configs/archives/servers/ovpn.zip followed by sudo unzip ovpn.zip to decompress it. >> A quick ls command shows if you have been successful. There should be a list of files ending in “.ovpn.” Note that some VPN providers may have packaged these files with subdirectories, as an example for connections encrypted with optional 128 or 256-bit protection. You need to move the files to the “etc/openvpn” directory using the mv command.
>> You can now open a connection to any of these servers using the command sudo openvpn example.ovpn –daemon , where example is the filename of the configuration file.
>> If you try this now, you’ll notice that the script asks for your username and password to authenticate the connection. Do test to see if the connection is working by typing ifconfig . You should see a connection marked “TUN,” which is your VPN tunnel.
3 YOU SHALL NOT PASSWORD!
So far, we have a slightly cumbersome way of connecting our Pi to a VPN via a terminal that requires you to enter your username and password when you want to connect. Good, but it could be better—we’re going to create a few scripts to automatically create your credentials.
>> Take a look at the VPN files you downloaded to your desktop and open one of them. You should see that it starts the client and that there’s a list of commands. These include a line that contains auth-user-pass . We can alter this line to automatically feed a username and password to our config file when it is called.
>> Back in your SSH connection to the Pi, navigate back to “/etc/openvpn,” and type sudo nano vpnlogin . This should open up the Nano text editor. Create a text document that has nothing except your username for the VPN provider on the first line, and your password on the second. Hit Ctrl-O to write the contents to disk, then Ctrl-X to quit Nano.
>> Once you’ve done that, pick the VPN connection you think you’ll use the most, and edit the config file using sudo nano example.ovpn . Change the line that says auth-user-pass to auth-user-pass vpnlogin .
>> Now when you start that connection using the openvpn command, it should connect directly without the password prompt. (See boxout below to change all the config files at once.)
>> So far so good, but we don’t want to have to type a long command every time we need to connect to a VPN. Remember taking a note of your most likely used servers right back at the start? Good, because we’re going to create a quick script that will enable you to start and switch between those with a simple command.
>> It begins with an instruction to close any open VPN connections, then starts the OpenVPN daemon, filling in the credentials from the text file we just created.
>> Back in your home folder, type nano vpn1.sh :
#!/ bin/ bash sudo killall openvpn sudo -b openvpn /etc/openvpn/example.ovpn
>> Repeat this step for the three or four VPN connections you think you’ll use the most, adding one to the number in the filename. Now you can start or switch your connection by SSHing into the Pi from any computer on the network, and typing sudo ./vpn1.sh .
>> Finally, to route traffic via the Pi, you need to go back to your PlayStation (or other device), and change the Internet settings [ Image B]. Leave everything in its default setting apart from the Gateway and DNS servers.
>> Change Gateway to the IP address of your Pi, and set the DNS server to 1.1.1.1, 8.1.1.8.
>> And that’s it. Now you can make your PS4 appear in another country without leaving your living room.