Skip to content

Embed URL

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
OpenVPN configuration for /etc/openvpn/server.conf
local 192.168.2.0 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.2.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.2.1" # This should already match your router address and not need to be changed.
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1
@47GH87

Hi, I tried out your tutorial on readwrite.com and it was very well detailed and easy to follow. I just have a few questions about this configuration file because I think it is the reason why the VPN server fails to start upon booting. Do I need to include the "#" in the file or is that just marking the separation between what you need to type and your comment. Also what do the 10th, 12th, 14th, 16th, 18th, 19th, 21st, 22nd, and 23rd lines mean in relation to them having a # in front of them because I'm confused whether they are directions of what to type in place of the comment or if they are just explaining what the text above or below the comment does. Or possibly a little of both. I really appreciate the help and would really like to get my Raspberry Pi VPN server finally running.

@arner

everything after # in a line is a comment, so it doesn't do anything

@johanstuhrnasser

Hi,
I'm using this for a project at school, and I was wondering... The IP 10.8.0.0 is that supposed to be changed to the public IP of my router or? It seems that my raspberry pi is getting another interface holding this IP.

@Aikasse

Johanstuhrnasser:

"10.8.0.0 is the default address for Raspberry Pi for clients that are connected to the VPN."

source: http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing

@leaded71

Sorry for the noob question. I have been following the readwrite tutorial http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing. It was all going well until I got to creating the server conf file. I have a few questions:

A) When putting in the crt and key names, is there a special syntax for listing the values for additional clients?

B) what does the red text signify? are the quotes meant to be typed as well?

@LordMortus

Just wanted to point out, that in order for this to work now the verbose level has to be 2 or more. (New version of ssl)

@prairiewolf11

It works.I thought I configed a wrong server.conf.but I tried "iptables -t nat -L" found the problem.

@Andrewjeska

what did that tell you prairie wolf? Mine isn't working for me either

@popipav

Hello! After connecting, i recieve a message:

Wed Mar 11 22:58:56 2015 Successful ARP Flush on interface [57] {AF13632B-87D1-40D1-9533-4FB5FFC42FAC}
Wed Mar 11 22:59:01 2015 ROUTE: route addition failed using CreateIpForwardEntry: The object already exists.   [status=5010 if_index=57]
Wed Mar 11 22:59:01 2015 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Wed Mar 11 22:59:01 2015 Initialization Sequence Completed

I'm connected to server (ping to 10.8.0.1 is OK), but i cannot open a sites. And that's my server.conf:


local 192.168.1.140 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun 
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194 
ca /etc/openvpn/easy-rsa/keys/ca.crt 
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0 
# server and remote endpoints 
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server 
push "route 10.8.0.1 255.255.255.255" 
# Add route to Client routing table for the OpenVPN Subnet 
push "route 10.8.0.0 255.255.255.0" 
# your local subnet
push "route 192.168.1.0 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router 
# If your router does not do DNS, you can use Google DNS 8.8.8.8 
push "dhcp-option DNS 192.168.1.1" # This should already match your router address and not need to be changed.
# Override the Client default gateway by using 0.0.0.0/1 and 
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of 
# overriding but not wiping out the original default gateway. 
push "redirect-gateway def1" 
client-to-client 
duplicate-cn 
keepalive 10 120 
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 
cipher AES-128-CBC
comp-lzo 
user nobody 
group nogroup 
persist-key 
persist-tun 
status /var/log/openvpn-status.log 20 
log /var/log/openvpn.log 
verb 1
@Jespor

@popipav on line 17, you need to put in your local IP for you rpi. looks like a typo

@popipav

The problem was in the UDP-protocoll - i changed it to TCP and Voilà! But thank you anyway!

@anders-wal

The OpenVPN server will not work on my Pi. I have gone back and checked the files (and there were some errors, which are now fixed), but it just will not start. There is no error output either, so I can't do a proper debugging job.
What to do?

@NunoOliveira

I was having some issues with my Windows clients but strangely with my Andorid everything was working fine, and I found out what was causing the problem.

On line 17 you say # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
Actually it's not the Raspberry pi ip address "host address" but the Network address to which the Raspberry pi is connected that should be used on that line.
For example if it's a 192.168.1.0/24 network the raspberry pi has a host address from 192.168.1.1 to 192.168.1.254 and the line should be : push "route 192.168.1.0 255.255.255.0"

@wastedw3sty

Where do we add the static IP of our connection?? Sorry pretty new to rpi and have not made a VPN server before.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.