1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. We recommend you enable 2FA on your OcUK forum account. Please see the thread here
    Dismiss Notice

Raspberry Pi as VPN

Discussion in 'Linux & Open Source' started by DampCat, 2 Jun 2015.

  1. DampCat

    Capodecina

    Joined: 26 Feb 2007

    Posts: 13,876

    Location: Manchestah

    Edit: I'm hitting a wall with this. I feel like it's so close to working but I just cannot get the clients to connect. I'm desperate for help and I just cant find a place to get it.. the OpenVPN forums are really... toxic. If anyone could alk me through this, it's worth a case of beer.

    Here's where i'm at. I've linked the images to save space.

    Server.conf
    Pi Firewall Rules
    Interfaces
    Plus info from my Virgin Superhub
    port forward
    Static Pi IP

    When trying to connect i get a TLS Key Negotiation Failed to Occur error, which is a broad error message relating to any of the following: https://openvpn.net/index.php/open-...-seconds-check-your-network-connectivity.html

    I've check all of the above, and everything is fine.

    The only thing i can think of is that maybe Virgin block use of port 1194? But googling that suggests they do not, as people have asked before.

    Help :(
     
    Last edited: 4 Jun 2015
  2. DampCat

    Capodecina

    Joined: 26 Feb 2007

    Posts: 13,876

    Location: Manchestah

    I've updated this in the hope that someone can help me solve this, as i might explode. It's worth beer.
     
  3. Uhtred

    Soldato

    Joined: 18 Oct 2002

    Posts: 6,006

    Location: Bedfordshire

    I'll admit, the thought of a beer makes me salivate.

    Can you post a client config? Although most problems I had with openvpn were certificate related and I didn't find any of the error messages very good at pointing me to that fact.
     
  4. Frozennova

    Man of Honour

    Joined: 13 Nov 2009

    Posts: 11,454

    Location: Northampton

  5. mod1fied

    Hitman

    Joined: 11 Dec 2007

    Posts: 639

    Location: Borstal, Kent

    Im using OpenVPN from a pfSense firewall with Virgin Media - so definately nothing there that would cause an issue.

    If you can post the client config that would be helpful with diagnosing the issue.
    Have you tried without TLS enabled?
     
  6. BruceLee

    Mobster

    Joined: 22 May 2003

    Posts: 4,055

    I got my Pi today for the purpose of setting up a VPN.

    I followed this:

    https://github.com/StarshipEngineer/OpenVPN-Setup

    The only thing I had to do at the end was this to get Internet access via the VPN:

    Code:
    sudo /sbin/iptables -P FORWARD ACCEPT
    sudo /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE
    
    Set up forwarding on my router.

    Imported the client file on to my phone and used OpenVPN Connect to test, works OK so far.
     
  7. Megahackerd

    Gangster

    Joined: 5 Jun 2013

    Posts: 310

    hey, i successfully crated a vpn using the following tutorial from readwrite
    i can confirm it works (after a few updates & following the tutorial again) with Virgin Media
    Link
     
  8. anything I don't mind

    PermaBanned

    Joined: 28 Dec 2009

    Posts: 13,052

    Location: london

    Can i ask what purpose would a vpn on a raspherry pi. As in what scenario would that be useful? Not what you will actually be using it for.
     
  9. BruceLee

    Mobster

    Joined: 22 May 2003

    Posts: 4,055

    For connecting to your home network from outside home, or accessing UK content when abroad. Also useful for securing your connection when on public wifi.

    I configured mine for my Dad who lives abroad so he can access iPlayer etc.

    BTW noticed that after a reboot mine wasn't working, seems that iptables doesn't update each restart, followed this guide to get it working automatically after a reboot.

    http://blog.mxard.com/persistent-iptables-on-raspberry-pi-raspbian
     
  10. freshdeniability

    Gangster

    Joined: 18 Sep 2012

    Posts: 130

    Location: Not in the UK

    Check the readwriteweb link above - basically most people use it on an untrusted connetion (e.g. public wifi) to encrypt traffic. Keeps you safe(r) from the nasties out there.

    *edit* see above, also handy for geo-blocking.
     
  11. Biz.Kid09

    Sgarrista

    Joined: 14 Oct 2009

    Posts: 9,340

    Location: UK

    Thread revival!

    Running into the same issue, I have installed PiVPN and port forwarded 1194 but I cannot connect using the OpenVPN app. I just get "There was an error attempting to connect to the selected server"

    Any help would be fantastic.

    Trying. https://www.yougetsignal.com/tools/open-ports/ doesnt even seem the port is open which is weird as I have set the rule on the router.

    With Virgin Media and I have actually recently moved house so brand new line and router with a fresh rPi setup, what am I doing wrong!! :(
     
  12. droyden

    Hitman

    Joined: 4 Oct 2009

    Posts: 988

    Have you forwarded udp?
    Have you setup a local certificate ca?

    Sorry I haven't used PiVPN but I do use openvpn which I have setup on my microserver in a similar configuration
     
  13. Biz.Kid09

    Sgarrista

    Joined: 14 Oct 2009

    Posts: 9,340

    Location: UK

    I have forwarded UDP.

    I haven't done anything with regards to certificates, I just created the .ovpn via the client and put it on my iPhone and then tried to connect.
     
  14. droyden

    Hitman

    Joined: 4 Oct 2009

    Posts: 988

    Not sure what access you have to the PI but if you can get a root prompt, you can run tcpdump to prove that the traffic is getting past the router to the Pi . If you see nothing then it's a forwarding / router issue.

    It certainly sounds more of a router issue, have you tried connecting when on Wi-Fi? IE already on the network.
     
  15. Feek

    Commissario

    Joined: 16 Oct 2002

    Posts: 233,170

    Location: In the radio shack

    Have you guys looked at this thread? It's a bit disjointed but we got there in the end. Mine is still running and because there's a Pihole there as well, I don't get adverts while using the VPN.
     
  16. Frozennova

    Man of Honour

    Joined: 13 Nov 2009

    Posts: 11,454

    Location: Northampton

    The whole install for OpenVPN becomes so much easier when you use OpenVPN Access server.

    It's limited to two concurrent connections but that's enough for most people
     
  17. [email protected]

    Capodecina

    Joined: 30 Nov 2005

    Posts: 11,674

    I had pptp vpn working st one time, never had much succcess with the openvpn one.
     
  18. Biz.Kid09

    Sgarrista

    Joined: 14 Oct 2009

    Posts: 9,340

    Location: UK

    Yeah I can ssh on with no problems, Pi-Hole is running a dream also. I will give that 'tcpdump' a go.

    I setup my network at the weekend to bypass the SuperHub router, I had it in modem mode and using a EdgeRouter and again the same issue. This was the first time ive used the EdgeRouter but im sure I set the forwarding rule up properly.

    I have tried on Wi-Fi and via 4g.
    I did find that one, cheers. I have unfortunately already gone through pretty much all the same troubleshooting.

    I am going to give this a go tonight, https://docs.pi-hole.net/guides/vpn/setup-openvpn-server/

    PiVPN is no longer maintained anyway so I will give this method a go, not that much should be different apart from PiVPN being a GUI!