This setup was used with Raspbian, the image provided with the NOOBS install will work fine. For the VPN Service, I'm using AirVPN for the VPN Service. Once Raspbian is installed just follow the following steps:
- sudo apt-get install openvpn
- Add/Uncomment net.ipv4.ip_forward=1 to /etc/sysctl.conf this allows forwarding of network traffic on boot.
- Create startup scripts for iptables, first file needs to be /etc/iptables.up.rules
- Create a file /etc/network/if-pre-up.d/iptables with the line /sbin/iptables-restore < /etc/iptables.up.rules this will ensure that each time the system boots, the firewall settings are applied.
- Create a directory under /var/opt/ called AirVPN the full path should be /var/opt/AirVPN/
- Login to your AirVPN Account and go to the Config Generator, Select Linux for your OS, Select the server you would like to connect to, Now select the Advanced Mode tick box, Click the port you would like to connect to the server on (I use Direct, protocol UDP, port 443) then tick Separate keys/certs from .ovpn file. Then click Generate once you've agreed to the Terms of service.
- Download the resulting zip or tar file and extract it's contents into /var/opt/AirVPN/, there should be 4 files. Rename the .ovpn file to AirVPN.ovpn (this is so the service script in the next step can find it).
- Create service script in /etc/init.d/airvpn and chmod it 0755
- Test the script works by running sudo service airvpn start then run ifconfig to see if there's a new adaptor called tun0 with an ip address of 10.x.x.x this means you are connect to the VPN service. You can also try running curl http://checkip.dyndns.org and see if it returns the VPN Server's IP Address.
- If the previous step was successful, run update-rc.d airvpn defaults this ensures the VPN connects and starts up at boot. If the previous step didn't work look in /var/log/syslog, there should OpenVPN messages in there listed as the airvpn daemon. You can see my sample connection log under examplesyslog
Now you'll probably want to route certain traffic or all traffic via your RPi, there are two levels you can do this at and different ways to do it. Now as a test we should try to access the AirVPN Speedtest page available at http://10.4.0.1/ but to do this we either need to update the routing table on your computer or we can do it at router level, so every device on the network can access it. Lets do it on the computer to start. First get the local network IP of your RPi in this example we'll use 192.168.1.7
If you're using Windows you do the following:
- Open a Command Prompt as Administrator.
- Type route add 10.0.0.0 mask 255.0.0.0 192.168.1.7 then press enter
- Now open your browser and visit http://10.4.0.1/ and run the speedtest, just seeing this page confims that routing is setup correctly.
- Repeat step 2 for any websites which you can't access on your ISP except for single addresses, it'll be route add 192.30.252.129 mask 255.255.255.254 192.168.1.7
The 10.4.0.1 address is also the DNS Server which AirVPN make available, so once the above route is setup, feel free to change your network adaptor's DNS server to this IP.
If you want to go a step further and ensure that every device on your network gets routed via the VPN when a blocked website is encountered, check to see if your router supports static routing. Every routers interface will be different but here's what mine looks like with a few entries configured.
In addition to the above setup I also decided to make the filesystem read-only to reduce the chance of corruption in the case of power-loss. It also means I can just unplug the RPi without worrying about a fsck running on startup. You can find a guide here on this topic on the RaspberryPi Forums. Whenever I want to edit a file on the filesystem I just run sudo mount -o remount,rw /