PiVPN

VPN stands for Virtual Private Network.

Background

Traditional method to connect LAN
flowchart TD; A[Laptop WAN] -->|"ddns+ports(80,443,22,3389)"| B(Router); B -->|port forwarding 22,3389| C[Laptop LAN]; B -->|port forwarding| D[Phone LAN]; B -->|port forwarding 80,443| E[Pi LAN]; subgraph "DHCP" B;C;D;E; end
VPN method to connect LAN
flowchart TD; subgraph "VPN" A[Laptop WAN] -->|"ddns+ports(1194)"| B(Router); subgraph "DHCP" B -->|port forwarding 1194| C[VPN Server LAN]; end end C -->|LAN Access| D[Laptop LAN]; C -->|LAN Access| E[Phone LAN]; C -->|LAN Access| F[Pi LAN]

Advantages are that, you no longer need to have many opened ports. The key file of VPN is safer than a typical password.

Installations


curl -L https://install.pivpn.io | bash
Are you Using DHCP Reservation on your Router? Yes
Choose a User: pi
Choose a VPN: OpenVPN
Customization: Yes
Choose a Protocol: UDP
Modify a port for OpenVPN: 1194
Select the DNS Provider for your VPN Clients: OpenDNS
Add a Custom Domain: Yes
Enter Custom Domain: random.ddns.net
Will clients use a Public IP or DNS Name to connect to your server? DNS Entry
What is the public DNS name of this Server? random.ddns.net
Choose the desired size of your certificate: 256
Do you want to enable unattended upgrades of security patches to this server? Yes 
Reboot now? Yes

User Configuration


pivpn add
###
Enter a Name for the Client: Name
How many days should the certificate last? 1080
Password and Reconfirm: ....
### /home/pi/ovpns

Noip installation


cd /usr/local/src/
wget http://www.noip.com/client/linux/noip-duc-linux.tar.gz
tar xf noip-duc-linux.tar.gz
cd noip-2.1.9-1/
sudo make install
###
- etho0
- email: noip email
- password: noip pwd
- update interval: 60 (mins)
- run sth at successful update: n

Run noip and enable


ps ax | grep noip2 # noip2 not running
sudo noip2 # running but not enable
sudo vim /etc/systemd/system/noip2.service # edit systemd file
###
[Unit]
Description=No-ip.com dynamic IP address updater
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target
Alias=noip.service

[Service]
ExecStart=/usr/local/bin/noip2
Restart=always
Type=forking
###
sudo systemctl enable noip2
sudo systemctl start noip2
sudo ufw allow 1194
# Then port forwarding and firewall 1194 on router #############
sudo reboot

Install PiHole


curl -sSL https://install.pi-hole.net | bash
Choose an Interface: eth0
Select Upstream DNS Provider: OpenDNS
Suggested list: StevenBlack yes
Select Protocols: IPv4 IPv6 OK
Do you want to use your current network settings as a static ip address? Yes
Do you wish to install the web admin interface? On
lighttpd? On
log queries? On
Select a privacy mode of FTL. : 0 Show Everything

Other configurations


sudo vim /etc/openvpn/server.conf
###
delete all push "dhcp-options"
add 'push "dhcp-option DNS 10.8.0.1"'
    

sudo vim /etc/pihole/setupVars.conf
Add "PIHOLE_INTERFACE=tun0" below the eth0 line
    

sudo vim /etc/dnsmasq.d/02-ovpn.conf
add "interface=tun0"

Ubuntu Client

  1. cannot import saved openVPN configuration file. Then you need
    2. 
sudo nmcli connection import type openvpn file Leo.ovpn
  2. cannot toggle to ON, click configure → Identity tab → Type in User key password → Store the password for all users → click Advanced → User custom gateway port 1194 → OK Apply

Windows 10 Client

  1. Download OpenVPN Client GUI.
  2. Import .ovpn file.
  3. Turn on ovpn.
  4. SSH server: ssh pi@192.168.0.x
  5. RDP server: 192.168.0.x, leave empty username. Then use xorg to get in.

References

  1. PiVPN PiHole NOIP DDNS Installation Raspberry Pi
  2. Ubuntu – cannot import saved openVPN configuration file in Ubuntu 16.04 LTS
  3. Can't Toggle VPN to β€œOn” Position