I Made a VPN
While learning about networking it became clear how easy it is to snoop on someone's Internet activity out in public. If you're connected to a WiFi network that isn't yours, all of your traffic can be captured and read. Does the coffee shop you're sitting at bother to look at all that data? Probably not. But they could — and so could that creepy guy staring at his laptop across the room.
This raised the question: what can I do about it?
The easiest solution is to not use WiFi and tether to my phone as a hotspot. But that's no fun! I decided to take a Raspberry Pi and turn it into a personal VPN.
A VPN works by creating an encrypted tunnel between your device (the client) and a server at the other end. In this case, the client is my Pixel phone, and the server is a Raspberry Pi connected to my home network. At the end of this project, I can securely send data from my phone over the open Internet without worrying about someone snooping — and I can access my home network from anywhere on Earth, which is pretty cool.
Steps to Follow
- Install Raspbian
- Install OpenVPN
- Configure the router
- Configure the phone
1. Install Raspbian
Raspbian is the Raspberry Pi's official Linux-based operating system. I'm using a Pi Zero, so I installed Raspbian Jessie Lite — a smaller, headless version with no GUI. There are many ways to install Raspbian; the official Raspberry Pi Foundation instructions are a good place to start.
2. Install OpenVPN
OpenVPN is a free, open-source VPN that is well-supported and quite secure. It also has an Android app, which I'll use in step 4.
The best installation method I found was PiVPN. It only takes one command:
curl -L https://install.pivpn.io | bashPiVPN installs the VPN server, walks you through generating security keys, and creates your OpenVPN profile — saved as a .ovpn file. Hold onto that file, you'll need it in step 4.
3. Configure the Router
To reach the VPN from the outside Internet, I needed to set up port forwarding. On my Linksys WRT1900ACS, I forwarded port 1194 to my Pi's local IP address. This tells the router to send any incoming VPN traffic directly to the Pi.
4. Configure the Phone
OpenVPN has an Android app for connecting to the server. To get the .ovpn profile from the Pi onto my phone, I installed an FTP server on the Pi and used AndFTP on my phone to transfer the file over my home network.
Once the profile was imported into the OpenVPN app, I entered my password, hit connect — and voilà! Secure connection to my home network. Time to pay bills in absolute privacy.
Takeaways and Future Thoughts
Unexpected problems: Getting the .ovpn profile onto my phone. I didn't initially know how to transfer it, but an FTP server turned out to be the easiest solution. Once AndFTP was set up, navigating to the OVPN folder and downloading the file was simple. I liked the tool enough that I installed it on my other Pis too.
Future concerns: I don't have a static IP address, so at some point my ISP will probably change it and I'll need to reconfigure the server. I should look into Dynamic DNS to solve this — and I did.
Future enhancements: I want to add a Pi-hole to this Pi for ad blocking. Because why not?