The tiny, inexpensive Raspberry Pi has a very low power consumption, which makes it a great always-on VPN (Virtual Private Network) server. With a VPN, you'll get secure access to your home network when you're on the go and can use it for secure web browsing when you're on public networks. Here's how to roll your own VPN with the Raspberry Pi.
It's Raspberry Pi week at Lifehacker, and all week we'll be showing you some cool DIY projects you can put together with this little miracle of a device. If you haven't bought one yet, check out our introduction to the Pi to learn more about what it is, what you'll need, and the cool stuff you can do with it. For a basic introduction to VPNs, check out our guide to why you should start using a VPN (then come back here).
Update: Raspberry Pi week is over! Check out these Raspberry Pi guides to see all the fun stuff we did, and check out our Raspberry Pi tag for more cool projects.
This past week, we walked you through some of the common projects people tackle with their Raspberry Pi, like:
- Install Raspbian and get started with Raspberry Pi DIY
- Build an XBMC-powered media center
- Set up a personal VPN for secure browsing anywhere you go
- Create an AirPlay receiver and stereo companion
- Ten more awesome projects for your Raspberry Pi, and further resources
What You'll Need
Setting up your Pi as a VPN and web proxy server doesn't require any new or special hardware beyond the basics. You'll need:
- A free LogMeIn account since we're using LogMeIn Hamachi to create our VPN. Create your free account, if you don't have one already, before you get started. Hamachi will create a VPN for you, so you don't have to mess with port forwarding on your router, getting a static IP address, or trying to bypass firewalls.
- Privoxy: We're pairing this application with Hamachi to enable the secure web browsing from either inside or outside the network. You'll download it in Step 5 below.
- HDMI or composite cable: To connect the Pi to a television or monitor. Once you've completed this project, you can disconnect the Pi from your display and use it as a "headless" server, since you can connect to the Pi over VPN.
- An 8GB Class 10 SD card or better and a card reader: Your computer may have a built-into SD card reader; if not, you'll need an external one to set up the Pi.
- USB keyboard and mouse: I used old wired ones lying about the house, but Whitson was able to use wireless (non-Bluetooth) versions.
- An ethernet cable: For the best network performance, you'll want a wired connection to your router/modem (rather than looking at Wi-Fi solutions for the Pi). Having a broadband internet connection at home will make the proxy server as fast as possible as well.
- Micro USB power supply: Look for a good quality charger that can provide at least 700mA at 5V. Most modern smartphone chargers will work, but check out the specs on the bottom of the charger brick to make sure. Besides the SD card, the power supply is one of the main troubleshooting elements if you have problems.
Step One: Hook Up and Configure Your Raspberry Pi
SEXPANDIf you haven't already, follow the steps in our Beginner's Guide to DIYing with the Raspberry Pi to create the base system running Raspbian, the standard operating system for the Pi.Note, however, that there's one additional step you should take when following that guide, at the end in the configuration section (before step 3, finishing configuration). Change the default keyboard layout if you're not in the UK. The reason is some of our commands require special characters (e.g., #), which the UK layout changes.If you're following the setup guide above, you can change the keyboard layout in the configuration screen. Or, after you've set up the Pi, type in:sudo dpkg-reconfigure keyboard-configurationThen follow the prompts to switch to your country's layout and then either restart (using thesudo reboot
command) or reload the keymap without restarting by entering:invoke-rc.d keyboard-setup startStep Two: Update the Raspberry Pi and Install Hamachi
SEXPANDHamachi depends on a couple of packages that may not be present in your image, so we're going to first update the packages and hopefully save you time troubleshooting common errors.First, grab the latest update:sudo apt-get updateThen, install LSB (a requirement for Hamachi):sudo apt-get install —fix-missing lsb lsb-coreBe patient while it updates, and then you can download the latest Hamachi build for Linux:sudo wget https://secure.logmein.com/labs/logmein-hamachi_2.1.0.86-1_armel.debIf you get errors grabbing the Hamachi for Linux download, check the download page on LogMeIn to verify the version number (e.g., 2.1.0.86-1) and change it in the filename if necessary.Next, install Hamachi by entering:sudo dpkg -1 logmein-hamachi_2.1.0.86-1_armel.debStep Three: Configure Hamachi on the Raspberry Pi
The last step for our VPN setup is to get Hamachi running on the Pi and on our client PCs.On the Raspberry Pi, run the following to get the Pi connected to your LogMeIn account and create a new Hamachi network:sudo hamachi loginsudo hamachi attach [INSERT LOGMEIN.COM EMAIL HERE]sudo hamachi set-nick [INSERT A NICKNAME FOR YOUR RASPBERRY PI]Now, on another machine, head over to LogMeIn and go to your "My Networks" section under networks. You'll see that the Pi (whatever you nicknamed it) is trying to connect and create a new network. Grant the Pi permissions and write down the network ID (a 9-digit number) for that network.Go back to the Raspberry Pi and enter:sudo hamachi do-join [THE NETWORK ID YOU WROTE DOWN]Then enter your LogMeIn password (if requested). You might need to approve the join request on LogMeIn from the other machine. Once you do so, the Pi will be part of the new VPN served by Hamachi. At LogMeIn.com, look for the virtual IP address assigned to the Pi and write that down, because you'll need it later.To be able to SSH into it and remotely control the Raspberry Pi, start the SSH server:sudo /etc/init.d/ssh startStep Four: Install Hamachi on Your Computers
Almost done! For the Windows, Mac, or Linux computers you also want to connect to the VPN, you'll need to install the Hamachi client from the download page.After you do so, you can join the new VPN (Network > Join) and SSH into the Raspberry Pi or access network files, etc. (In Windows, use a tool like Putty or in Mac/Linux use Terminal to SSH, using the Raspberry Pi's IP address assigned by Hamachi in the server field).(Optional) Step Five: Install Privoxy on the Pi and Use It as Your Computer's Web Proxy
SEXPANDBesides issuing remote commands to the Pi and accessing network files, you can use your Pi as a proxy server. By connecting Privoxy and Hamachi, you can secure and encrypt your browser sessions when you're using the public Wi-Fi at your local coffeeshop—keeping your data safe from prying eyes or malicious users.Here are the steps to set up Privoxy on the Pi:- Install Privoxy:
sudo apt-get install privoxy
- Start Privoxy:etc/init.d/privoxy start
- Open the configuration file in your text editor:sudo nano /etc/privoxy/config
- Find the following line (easy in Nano if you do a search by hitting Ctrl+W): listen-address localhost:8118
- Comment out that line by adding a # before it
- Then add a new line below it with: listen-address [IP address of your Pi assigned by Hamachi]:8118 (e.g., 25.1.1.1:8118)
- Save the configuration file (Ctrl+X) and restart Privoxy:sudo service privoxy restart
Now you have your Privoxy server set up on the Pi, running over the secure VPN via Hamachi. All that's left to do is set Privoxy as your proxy server on your other computers.To do that:- In Google Chrome: Go to Settings > Show advanced settings... > Change proxy settings... (under Network)
- In Firefox: Go to Preferences > Advanced tab > Network tab > Settings button (next to "Configure how Firefox connects to the Internet")
Then enter the IP address of the Raspberry Pi, as assigned by Hamachi, in the proxy adress. The port is 8118.To test that the proxy is working, go to http://config.privoxy.org/ and you should see a message like "This is Privoxy on Windows [IP address], port 8118, enabled." If it's not working, you'll see a message that "Privoxy is not being used." Also, when you're using a public Wi-Fi connection, visiting WhatIsMyIP.com will show a different IP address when your proxy is turned on than when it's off (the IP address should be your home's public IP address).That's it!Other Raspberry Pi VPN Solutions
There are other ways to skin this cat, of course. Our favorite VPN tool (by a close margin over Hamachi), Open VPN is a good alternative, but may require a bit more tweaking (as well as a static IP or Dynamic DNS service provider). You can also set up a PPTD VPN (instructions via Brad Wells), which has the advantage of being supported by more devices, but again it's a little more involved.For a quick-and-dirty VPN and proxy server, though, the steps above should get you up and running in no time securely networking with your Raspberry Pi.- Install Privoxy:
No comments:
Post a Comment