How to setup OpenVPN on a RaspberryPi

Just last week I was setting up IP cameras at home and connecting the irrigation controller to the network and I was opening my network up to the internet WAY to much. (I was port forwarding all kinds of ports.) So to mitigate opening up to the internet so much I decided to setup a VPN tunnel that I could easily connect to which would allow me access into my local network. In a nutshell, instead of opening numerous ports on my router for every device I wanted remote access from, I opened the 1 port for the VPN and used openVPN software on my phone to connect back. Once connected it behaves as if I was at home and connected locally.

This post will go through the basics of setting up a simple VPN server on a cheap raspberry pi. This examples uses the older RPi2, which is more then sufficient for accessing a few IP cameras and other devices remotely.


The Hardware you will need to gather

  • RPi 2 or 3.
  • Ethernet cable
  • HDMI Cable

  • Keyboard/Mouse
  • 8Gb SD Card


The Software titles you may want to download


PREREQUISITE SETUP - Because we need to get ourselves ready!

The first step is to prepare the SD card for the PI. A 4 or 8Gb SD card will be suitable for the PiVPN installation.

You will first need to download the latest Raspian Lite image (We do not require the GUI for PiVPN) and a copy of Etcher. Etcher will allow you to install and prepare your SD card. It is super easy to use.

Select Image > Select SD card (Make sure you select Correct Drive) > Click Flash.

  1. Select your copy of Raspbian Lite

2. Select the correct drive you want to install the image on. Be sure it is the correct drive as all data will be formatted first.

3. Select Flash – You may get a windows prompt to elevate permissions to administrator.

4. Assuming no errors were found, you can now take the SD card and insert it into the Pi.

How to setup SSH for remote access from our PC

We have chosen to run the Lite version of Raspbian because we do not require the additional overheads of the GUI. The VPN server will sit hidden away and we will connect to is via SSH if we need to. The problem is that SSH is not enabled by default. Thus we require the HDMI cable, a monitor and keyboard to change this first.

Insert the SD card we just made into the Pi and connect the HDMI cable to your monitor. We now need to power up the Pi. You should see the Pi initialize and on first run it may reboot once. The first thing you will have to do is log into the Pi. The default login is:

  • Username: pi
  • Password: raspberry

Viewing the Pi via the HDMI cable and using the connected keyboard and mouse in a PITA, This is why we are setting up SSH, so we can go back to our computer and do all the configuration from the comfort of our home PC.

At this stage we need to enable SSH. To do this type:

Sudo raspi-config

  1. Select “P2 SSH”

2. Select “YES” to enable SSH

3. You will get a confirmation saying SSH is enabled. From this point. All our configuration will be done via Putty. Putty is a SSH/Telnet Client that allows us to connect to the Pi via the SSH protocol. This is common for accessing linux machines. You can get Putty here: http://www.putty.org/

How to find the IP address of our Pi so that we can SSH to it

You should still be logged into the Pi, go back to the command line and type:

ifconfig

We need this IP address so that we can log into the Pi via SSH. Look for eth0 and browse across until you see ‘inet’ This is the IP address we require. In this case the Pi IP address is: 192.168.1.154 – Write this down or remember it.

Open Putty and SSH into the Pi

Enter the IP address of the Pi from the ‘ifconfig’ command. Then Click OPEN. You may be asked to accept some authentication keys. You only need to do this once. You will now be greeted with a similar login screen to previous.

Login as per usual.

Username: pi

Password: raspberry

If you find that some of your keyboard strokes are not the same as mine, you may need to go back into Raspi-Config and change the localization settings or Keyboard options. It also can not hurt to Extend the size of the file system. This will allow the Raspbian build to utilize the full size of the SD card.


PiVPN INSTALL - Now that we are setup, it's time to install and setup!

Now to installing PiVPN. If you are looking at installing PiVPN, then you have probably already been to the website. I just want to make mention that installing software like this could be dangerous if it is not from a trusted source. Basically we are telling the pi to run a heap of commands that are located on the internet. Be sure to check the source first to ensure it is reputable.

The command we are going to run is:

curl -L https://install.pivpn.io | bash

If you have not run an “apt-get” update today the first thing that the software will do is run this for you. This ensures all packages are up to date before installing. After the install process you will see the following configuration screens:

  1. This will install OpenVPN

2. At this stage you should be thinking about making the address the Pi was given static. Or logging into your router and “binding” the DCHP address it was given to the MAC address of the Pi. This will allow the Pi to hold the lease and never change.

3. This will change the address. Remembering when it commits the change, your SSH session will drop and you will have to re-establish the session on the new IP address. For now I am going to leave it as 192.168.1.154 as I have bound that IP to the MAC of the Pi on my router.

4. Indicating that you could get IP conflicts if you dont either bind your IP to MAC or exclude that IP from DHCP.

5. This screen is asking you to choose a user to hold your ovpn configs.

6. If you had other users setup then you would be able to select them here. It is generally good practice to Change the users away from the default username and password. For now we will stick with the default.

7. Because this is our only open facing port, we really should keep all software up to date including security patches. Why not do this automatically? Unless you have some configs that you don’t want messed with. Automatic patches can have a tendency to mess with the compatibility of software at times.

8. As per the last screen. Do it! or make sure you keep on top of it manually.

9. UDP will suffice unless you have any additional configs that require TCP.

10. If you don’t want anyone sniffing your VPN out on the default port, feel free to change this default port. However be sure to port forward the new one on your router so that the VPN can be accessed from outside your network. Also remember this port for any config changes that may need to be made.

11. A second confirmation.

12. Choose the encryption type for your server. 2048bit encryption will suffice in most instances.

13. The This screen if indicating the types of keys that will now be generated.

14. Because the Pi has very little processing power it can take 30-45 minutes for it to create the 2048 bit certificate/key. Go get a coffee! If you had of chose 4096 encryption then you would get the option to download some assistance files from the internet. Otherwise generating a 4096bit key on a Pi would take a VERY long time.

15. This screen allows you to set your WAN IP address or set a DDNS account. These can be changed after the fact via the config files however because we have a static address at home, I can leave it as the WAN IP. (I have blanked out some of the IP on purpose.)

16. Here we can set the DNS for our VPN, if you are unsure, just set it to the Google DNS address. (8.8.8.8 Primary, 8.8.4.4 Alternate)

18. Everyone loves a good reboot! No time like the present.

19. Just in case you were not sure from the previous screen. Remembering that your SSH session will drop during the reboot. Simply Re-connect to the same IP address after a few minutes.

At this stage it can’t hurt to upgrade the Raspbian image. Run this command:

Sudo apt-get upgrade

This is one of those administration tasks that should be done regularly to keep the Pi image in good working order. Unless obviously you are against keeping software up to date, or you have something specific happening in which you cannot afford for it to be affected by updates.


CREATE A USER - This is how we add clients/ Users to OpenVPN

We now need to configure the server to accept connections from the client devices or computers. To do this we setup a client openvpn configuration file. (.opvn file to be exact) This client file is loaded onto the device that wants to connect to the VPN tunnel. It stores the config and encryption keys to access the VPN.

  1. If you run the command:

pivpn help

You will be greeted with the list of commands that we can now run on the Pi to configure the clients and do other administration tasks.

2. Run the command:

pivpn add

This will start the process of creating a client configuration file. You will need to set a password at this point. Ensure you do not forget it, as you will be required to add it on the Client VPN software when we try to connect.

3. That is it for creating the .opvn client config file. It can now be found as indicated at: /home/pi/ovpns


MOVING THE CLIENT CONFIG - we need to move this config file to our device

In this example we are going to move the configuration file to a windows PC that we want to be able to access the VPN and the local network. We must now use some of the additional software to move or grab this config we just created. In this case we decided to use Filezilla as the Pi image already has SFTP enabled by default.

  1. Open Filezilla FTP client. The configuration details that you need to enter in the top for “Quickconnect” are:

Host: 192.168.1.154 (or put sftp:// it will do this automatically when we select port 22 later)

Username: Pi

Password: raspberry

Port: 22 (SFTP default port)

2. When you hit “Quickconnect” you should see a successful directory listing in the right hand navigation pane. Navigate your way to the ovpns folder (Located in the Home directory, if for some reason it did not default to that) Then identify the client1.ovpn config file that was created earlier. Download this file to your desktop by clicking on it and dragging it to the left pane. Ensure you identify the area you are dragging it to as that is your local computer.


CLIENT CONFIG - We need to setup our client now using that file!

We now have a copy of the OpenVPN config file transferred to our client computer. We will need to go ahead and install the OpenVPN client software located here: https://openvpn.net/index.php/open-source/downloads.html

Step through the standard hoops for installing a windows application.

  1. After the OpenVPN software has been installed the Client1.opvn config file needs to be copied to the OpenVPN config folder located here: C:\Program Files\OpenVPN\config (For Windows)

2. Run the OpenVPN software. Most likely is will open to your taskbar.

3. Right-Click the icon in the task bar and select “Connect”

Enter your password that we set when we added the client to the Pi VPN server.

4. Once connected you should see the OpenVPN client taskbar icon turn green and the status screen should look like the above.

The VPN server should have setup your routing tables now so that you can access anything inside your local network automatically.

Give it a shot, shoot a ping through to your local router.

What you may also notice is that the VPN tunnel has been assigned a 10.0.8.# address. The VPN server runs its own network for the tunnel with its own DHCP. When another client connects they are allocated another address on this same range. The server looks after the bridging of this network to your own local network.


PiFrame - Surfboard

The idea behind this was to create an aesthetically pleasing frame for an old screen that I had lying around. No chance was I going to create a standard boring square frame and hang this on the wall. It has been done before…. A few weeks prior to making the surfboard frame I had seen a really nice piece of static wall art with a massive photo framed into a board. It looked unreal and was the inspiration for this surfboard PiFrame.


Parts List

  • Suitable wooden panel approx 18-20mm thick. (I used 1800x600 Panel, 18mm thick)
  • An old LCD monitor (Preferably with buttons including power on the bottom or back. not on the front.)
  • A Solid wall mount (I used a small VESA mount extendable arm - yes it holds the weight fine....)
  • RPI2 with Raspbian installed.
  • 5v PSU - (I used good quality Meanwell enclosed PSU)
  • HDMI cable
  • USB wifi module
  • 240v IEC cable - Y cable with two inputs.


The Frame

For the Initial board I decided to use the workshop CNC router to speed up the process. The first thing we did was decide upon the shape for the board. The classic thruster shape seemed like the best choice as we could scale it down to fit the 1800×600 wooden panel easily. After drawing up the basic board shape in solid works I moved the drawing over to Aspire. We use Aspire to create our tool paths for the CNC. We then measured the outer edges of the monitor without compensation. The LCD monitor needed to press fit nicely into the wooden panel.

Cutting out the basic template is pretty quick and easy with the CNC router. After we have the basic frame, a quick sand all over using 80grit and 120 grit sandpaper…..then some wet and dry. A base coat of blue paint was applied and a light wash of white. Another quick sand to give it the ‘weathered’ look and a coat of clear varnish has the frame ready to seat the LCD monitor and electronics.


The Hardware

The cut-out for the LCD into the frame was just about perfect and the monitor pressed in nicely, at this stage we didn’t really even need to secure it to the screen as it was a very nice fit. (You may want to affix the frame to the monitor!) Mounting of the hobby enclosure was through 4 x self tapping screws. Just make sure you do not punch through the front of the frame. The electronics hobby box was a bit of a mash together as you can tell, but if you spend a bit more time on it, im sure you can mount everything a bit nicer than what I have.

For the wall mount we decided that the most flexible option was the LCD monitor swing arm. You need to be careful with the weight on these things, however after a bit of experimenting we found that the short arm was perfect and stable enough to hold the weight of the LCD, the frame and the electronics.


The Software

  • Raspbian OS on RPi
  • Sign Up for an account at DAKboard.com (This is a BETA web configuration I used to display items in the frame)
  • Install Chromium web browser on the PI. (A perfect browser for Kiosk mode - see Dakboard.com for install)

I stumbled accross a little web site that specialises in turning a monitor into a useful device that is actually asthetically pleasing. It involves setting up an account and setting the Pi’s web browser to kiosk mode and loading the page in full screen. Once loaded it can show data such as, Date, Time, Weather, iCal calendar entries and link to dropbox or flikr to display HD background photos. Not a bad setup, but i stress that it is in BETA and has a few bugs. I believe there are other project floating about that can do similar. (Post them in the comments, I’m keen to explore other possibilities.)


What Next?

Let me know if you want a detailed article on all the installation steps including step-by-step install of the software. Please comment below.


Raspberry Pi HAT design files

I have embarked on a journey to create a Raspberry Pi HAT for a little project of mine and I wanted to share a couple of things that I think may help you speed up your development time in the future. As of 11/5/16 I have tested out the DXF importing it into KiCad and using as the edge cut profile. The blank PCB’s test HATS we had made up fit nicely on the RPi2. As I push further on this journey I’ll continue to post any design files that I feel could help you with future iterations.

I can confirm that this fits onto the rPi3 also.


RPi HAT Files



How to find your Raspberry Pi IP Address

Finding the IP address of a freshly imaged Raspberry Pi can sometimes be a PITA. Especially if you do not have access to a spare HDMI cable, monitor, mouse and keyboard. In this article we will cover off on a few methods to identify your Raspberry Pi IP address on your network. As with all things there are many ways to achieve this however I have listed a few of the non complex methods here.


Assumptions

  • DHCP is enabled on your router
  • Your Raspberry Pi is plugged in via Ethernet
  • Your Pi is powered up.


Finding your RPi IP address

Sometimes finding your Raspberry Pi IP address can be a pain in the bum depending on how your network is setup and the resources you have available. Finding the IP can be achieved in a few different ways.

The first method may be to connect a monitor/keyboard/mouse to the Pi and get it to boot into the GUI. However we do not always have a HDMI cable, keyboard and mouse handy. The second method could be to connect to the Pi in its “headless” state using a third party application. Failing the above methods, you could also log into your router and check your ARP table. However each router is different and results can sometimes be confusing. I would have to say that using the third party apps is the easiest method.


Third Party App: AngryIP (My personal Favourite!)

Navigate your way to: http://angryip.org/download/ and download the AngryIP software applicable for your operating system. Install the software as per every other application you have and run.

This piece of software is super simple, input the IP range you wish to scan. eg 192.168.0.0 – 192.168.1.255 (You could probably shorten this if you know what your DHCP range is set to – Will save time sifting through 255 results)

Then click “Start”. The app will search through the whole range and display hostnames in the third column. You will be looking for something similar to the image below.


Third Party App: Adafruit Pi Finder

Download the Adafruit Pi Finder application via the github page: https://github.com/adafruit/Adafruit-Pi-Finder (Remember to select the correct version for your Windows operating system.)

Download, and unzip the directory to a familiar location on your PC. Look for the Pi Finder.exe file and run it.

Once Pi Finder is running, simply click “Find My Pi” and it will carry out a search for any Raspberry Pi’s on your network. Once complete, you will be able to see the IP address of your Pi and even access an SSH terminal direct from the app. However if like me you are not yet familiar with all the commands you can use this IP in Notepad++ to create a visual link into your Pi.


What Next?

  • Configure Network configuration files
  • Enable/Setup WiFi connection


Edit files on your Raspberry Pi the easy way

For us linux “late-adopters” it can be a daunting task of carrying out a routine file transfer to our Raspberry Pi from our Windows PC. However the learning curve is not so great. There are plenty of easy tools for achieving this feat. If you have not been introduced to Notepad++ then we will give you a quick introduction. We will also educate you on a small plugin inside of Notepad++ that allows you to run a lightweight FTP client. This client is really only suitable for your scripting files or editing configuration files but you will learn the basics of how FTP works and then have the skills to upgrade to a more robust FTP client for moving other files onto the Raspberry Pi.


Prerequisites

  • Install Notepad++ on your windows PC. https://notepad-plus-plus.org/
  • Download Putty. Link Below
  • Ensure your Raspberry Pi is plugged into your network via Ethernet (cat5)
  • Power up your Pi
  • Ensure your LAN has DHCP enabled...most routers will have this set as default.


Finding your RPi IP address

If you already have your raspberry pi on the network and you know its IP address then that is half the battle. Alternatively if you have just finished installing Raspbian and you are not sure what to do from here then do not panic!! Check this article to find your IP address. http://dirtyoptics.com/find-raspberry-pi-ip-address/


Method 1: Notepad++ (My Favourite!)

Navigate your way to: https://notepad-plus-plus.org/ and download the latest release for Notepad++. Install as per any other windows application and run it up. You will notice it looks very similar to the generic windows text editor however it does allow for some syntax highlighting. A handy little editor also if you are just starting to dive into Python and other coding languages.

Once Notepad++ is open, navigate to: Plugins / NppFTP / Show NppFTP Window. (If you do not see NppFTP you may need to go into the plugin manager and install it)

Once you have the NppFTP window open you will need to create an SFTP profile for your RPI. Please note that when SSH is enabled on your Pi it also opens up port 22 for you to utilise SFTP over the SSH connection. (Well thats my understanding anyhow!).

  • Insert Pi IP
  • Port 22
  • Select SFTP
  • Username: pi (If left as default)
  • Password: raspberry (If left as default)

After you have set it up, click close/save. Find and click the connect button in the NppFTP window and connect to the profile you just setup. After a few seconds you should be able to view a “windows like” file tree of your Pi. You can also double click on any text file and edit directly in the Notepad ++ editor. When you click “save” it will automatically upload that file back to the Pi. Particularly useful when editing Python code and you want to run directly on the Pi. This can be dangerous at times, if updating important configuration docs ensure you back them up first.


Method 2: Using SSH/Terminal and 'Nano' Editor

If you are feeling adventurous, and want to use SSH to edit configuration files then strap yourself in. For the ‘un-intiated’, Linux commands differ heavily from the standard Win DOS commands. You will notice some similarities, but for the most part its a bit of a learning curve. We are not going to cover absolutley everything here but the basics for editing files whilst you are in a terminal session. (Accessing you Pi directly)

The first thing you will want to ensure is that your RPI is powered up, Plugged into your network and you know the IP address . Assuming you have installed Raspbian onto your Micro SD and inserted the SD card prior to powering up we can then begin to access the Pi via SSH. (SSH = Secure SHell). This is pretty much a standard way of accessing your Raspberry Pi if you do not have a monitor available. SSH is enabled by default as part of the Raspbian build.

You will now be required to download and open a small terminal program called ‘Putty’ (There are other, but this is the most popular) http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html run the putty.exe from your PC and input the following information.

  • Hostname/IP Addres - Insert your RPI IP
  • Port 22
  • Select SSH

Now that you have logged into your Raspberry Pi via SSH its time to start Nano. Nano is a Linux command line text editor. It is pretty simple to get running and use. It can be run in two different ways.

sudo nano

This will create a blank text entry. The correct syntax to follow is:

sudo nano /path/to/filename

If you use a path that is not valid or it cannot find the file you want to edit, then a blank entry will be created.

If you wanted to edit the Raspberry Pi config file, then the command would look like:

Now that you have accessed the config file with nano, you can go through and make your changes. Use the arrow keys to navigate through the text file, and the usual backspace/enter to move things around.

It would be wise to make a backup file of this configuration first

Once complete, hit CTRL-X to exit, then Y to save. It will overwrite the old file with your new one.



What Next?

  • Download and try winSCP to transfer images and larger files.
  • Setup an FTP server on the Raspberry Pi.
  • Utilise a standalone FTP client to connect to the Raspberry Pi. (Filezilla/cuteFTp etc etc)


32 x 32 LED Matrix setup on RPI2

After building a few LED matrices from LED strip lighting and soldering a ton of connections, I decided to give these pre-fabricated LED matrix modules a shot. After a bit of research it turns out that using only a Raspberry Pi and a fully functional Library from the Legend Henner Zeller, you can accomplish just about anything. The cheap Chinese panels that we sourced are fitted with a HUB75 connector which is easily interfaced with a breadboard and some jumper wires or using the opensource Active-3 board, again designed by Henner. His library can be found here: Rpi-RGB-LED-Matrix Library – https://github.com/hzeller/rpi-rgb-led-matrix


Bill of Materials (BOM)

  • LED Matrix: http://www.aliexpress.com/store/1239156 (P5 32x32 modules with Hub75 are a good starting point.)
  • A Raspberry Pi 2 or 3
  • A breadboard and T-Cobbler RPI 40 pin Breakout (Just to make life easier! You can grab these from Adafruit.)
  • Alternatively build an Active-3 adapter for easier chaining of Matrix Panels. (See hzeller github page for more details.)
  • Some Jumper Wires
  • A sense of adventure.....


Code

Assuming you are semi-proficient with Linux and have installed Raspbian than you can follow along here. Otherwise you first need to setup your RPI and access the terminal/SSH interface. The guide here will get you up and with the “NOOBS” installation for your pi.

Install Henner Zeller’s LED Matrix library onto your Pi:

sudo wget https://github.com/hzeller/rpi-rgb-led-matrix/archive/master.zip

Unzip the Archive:

sudo unzip master.zip

Once unzip completes you should then be able to view the directory and it’s contents:

cd rpi-rgb-led-matrix-master/

You then need to compile the library by running the command:

sudo make

Once compiled, you can run the following command, this will give you an output of all the available switches:

sudo ./led-matrix

This command will output the following for your reference:

$ sudo ./led-matrix
Expected required option -D <demo>
usage: ./led-matrix <options> -D <demo-nr> [optional parameter]
Options:
        -r <rows>     : Panel rows. '16' for 16x32 (1:8 multiplexing),
                        '32' for 32x32 (1:16), '8' for 1:4 multiplexing; Default: 32
        -P <parallel> : For Plus-models or RPi2: parallel chains. 1..3. Default: 1
        -c <chained>  : Daisy-chained boards. Default: 1.
        -L            : 'Large' display, composed out of 4 times 32x32
        -p <pwm-bits> : Bits used for PWM. Something between 1..11
        -l            : Don't do luminance correction (CIE1931)
        -D <demo-nr>  : Always needs to be set
        -d            : run as daemon. Use this when starting in
                        /etc/init.d, but also when running without
                        terminal (e.g. cron).
        -t <seconds>  : Run for these number of seconds, then exit.
                        (if neither -d nor -t are supplied, waits for <RETURN>)
        -b <brightnes>: Sets brightness percent. Default: 100.
        -R <rotation> : Sets the rotation of matrix. Allowed: 0, 90, 180, 270. Default: 0.
Demos, choosen with -D
        0  - some rotating square
        1  - forward scrolling an image (-m <scroll-ms>)
        2  - backward scrolling an image (-m <scroll-ms>)
        3  - test image: a square
        4  - Pulsing color
        5  - Grayscale Block
        6  - Abelian sandpile model (-m <time-step-ms>)
        7  - Conway's game of life (-m <time-step-ms>)
        8  - Langton's ant (-m <time-step-ms>)
        9  - Volume bars (-m <time-step-ms>)
        10 - Evolution of color (-m <time-step-ms>)
        11 - Brightness pulse generator
Example:
        ./led-matrix -t 10 -D 1 runtext.ppm
Scrolls the runtext for 10 seconds

Now its time to get some output onto the panel. If you are running a singular 32×32 panel, you should be able to run the example without issue.

sudo ./led-matrix -t 10 -D 1 runtext.ppm

If your panel is connected correctly and powered up you should see a scrolling image pass through the panel. With the example above it will only last 10 seconds. You can now begin to experiment with the above switches to see what output you can achieve.


Advanced

  • Output RPI GUI to Matrix Panels (Coming Soon!)
  • Output Twitter msg to Matrix Panels (Coming Soon!)
  • Use Pixelpusher Protocol on Matrix (Coming Soon!)


Media