In my previous blog http://priyabgeek.blogspot.in/2016/08/raspberry-pi-experiment-ssh-reverse.html I talked about opening a reverse proxy to access Raspberry Pi using a AWS EC2 instance. While the above solution was only good for exposing some web services or even ssh but I wanted a more robust solution where I wanted to experiment using a VPN solution where a Virtual Private network will from between Raspberry Pi's that I have and any other computers that I would want to connect from anywhere and will work just as the LAN that we operate in our house.
As a solution I wanted to use OpenVPN and used partly instructions from https://dotslashnotes.wordpress.com/2013/08/05/how-to-set-up-a-vpn-private-internet-access-in-raspberry-pi/ & http://www.pivpn.io/ to setup my VPN server.
I also referred the below blogs to get some more info about OpenVPN.
http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing/
http://www.bbc.com/news/technology-33548728
http://www.instructables.com/id/Host-Your-Own-Virtual-Private-Network-VPN-with-O/
At a high level the below diagram explains the concept of a VPN:
As a solution I wanted to use OpenVPN and used partly instructions from https://dotslashnotes.wordpress.com/2013/08/05/how-to-set-up-a-vpn-private-internet-access-in-raspberry-pi/ & http://www.pivpn.io/ to setup my VPN server.
I also referred the below blogs to get some more info about OpenVPN.
http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing/
http://www.bbc.com/news/technology-33548728
http://www.instructables.com/id/Host-Your-Own-Virtual-Private-Network-VPN-with-O/
At a high level the below diagram explains the concept of a VPN:
Now in OpenVPN there is a VPN server that help to generate the necessary keys and the necessary VPN configuration files and runs the VPN daemon creating a VPN network gateway to which all the other computers connect via a VPN gateway using a VPN client.
In my case I have configured my Raspberry PI as a VPN Gateway server and let other computers in my home and laptops connect to it. But the biggest issues were the bandwidth and also the necessary setup that I need to do in my router which DHCP setup for incoming connections to discover my Raspberry PI server. But many ISP providers do not support reverse connections to our home network and as it needs a static IP I was not sure if I can get such a setup. So I chose to setup my VPN on my AWS EC2 instance. With this setup I was able to connect to my Rapsberry PI with a secure VPN network same as I may connect from my home network.
I followed the below steps to get the setup completed.
1. First I connected to my AWS instance via SSH:
ssh -i <AWS PEM File>.pem ubuntu@ec2<Server>.compute.amazonaws.com
2. Then I installed PiVPN which makes the setup of OpenVPN server a breeze. To run the setup please run:
sudo curl -L https://install.pivpn.io | bashPlease make sure just to followup with the default setup and once done you will get a message like
Raspberry1.ovpn has been copied to /home/ubuntu/ovpns
(Note: While doing the above setup it will ask you to give a private pass phrase. Please remember that as you will be using it to log into your VPN server from the client)
3. After that please restart the server and once you re-login you can check the openvpn server as given below:
ps -ef | grep openvpnOutput will be something like this:
nobody 1033 1 0 Jan02 ? 00:00:01 /usr/sbin/openvpn --writepid /run/openvpn/server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf --script-security 24. Now to connect to your VPN server from Raspberry Pi log into your Raspberry Pi via SSH
ssh pi@<Your Raspberry PI IP Address>5. Next install OpenVPN
sudo apt-get install openvpn6. Next copy the .ovpn from the VPN Server
scp -r -i <AWS Security Key>.pem ubuntu@<EC2 Server Name>.compute.amazonaws.com:/home/ubuntu/ov* .7. Next create a pass.txt and add the following value which we put in step 2 as secret passphrase.
password8. Add the following line at the end of Raspberry1.ovpn or the .ovpn file that you download:
askpass /home/pi/ovpns/pass.txtSo the output of the file should look like:
-----END OpenVPN Static key V1-----
</tls-auth>
askpass /home/pi/ovpns/pass.txt
9. Call the following command:
sudo openvpn /home/pi/openvpn/Raspberry1_wrk.ovpn10. Finally you should be able to establish VPN connectivity and check it.
ifconfig
You should see like below:
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
-00
inet addr:10.8.0.3 P-t-P:10.8.0.3 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:218 errors:0 dropped:0 overruns:0 frame:0
TX packets:271 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:21911 (21.3 KiB) TX bytes:30389 (29.6 KiB)
11. Finally you can test if the ssh is working over VPN by giving ssh command live below:
ssh -i <AWS Server Key>.pem ubuntu@10.8.0.1And you should be able to connect to it as in step 1.
Hope this post was helpful hope to share more such posts.
(Note: You can skip step 1 and 2 and can use other VPN service providers who provide OpenVPN service please refer the below links for more details:
https://www.bestvpn.com/best-vpn-openvpn/
https://securitygladiators.com/2014/09/27/5-best-free-openvpn-service-providers-2014/
https://securethoughts.com/3-best-vpns-for-open-vpn/
http://in.pcmag.com/software/38911/guide/the-best-vpn-services-of-2017
)
I am thankful for this blog to gave me much knowledge regarding my area of work. I also want to make some addition on this platform which must be in knowledge of people who really in need. Thanks.
ReplyDeleteHPE Aruba AP ANT
Enthusiastic beginning is very common in every sector when anyone enters into a new world. But it is very hard to keep such enthusiasm for a long time after huddles come out from invited sources. Read this blog and know more about this topic.
ReplyDeleteExhausting Gap คือ
Your blog is very informative. Eating mindfully has been very hard for people these days. It's all because of their busy schedules, work or lack of focus on themselves. As a student I must admit that I have not been eating mindfully but because of this I will start now. It could help me enjoy my food and time alone. Eating mindfully may help me be aware of healthy food and appreciating food.
ReplyDeleteLeverage คือ
our enthusiasm leads you beyond the limits. When you feel yourself enthusiastic that’s the time you can cross any limit. You seek to get perfection by using the ability of work. Read such motivational article and definitely it will help you to know new facts.
ReplyDeleteHPE ProLiant DL80 Gen9
Now day, everything is going to find a new but well settled and successful stream for their career. When I came to this blog, I really impressed by all the knowledge points mentioned here. Thank you for this assistance.
ReplyDeleteMakha Bucha Day
I welcome all the suggestion mentioned in this blog related to new learning skills. It is definitely going to help me to adopt new exited way of learning. I think, others will also feel helpful this blog for their needs.
ReplyDeleteโปร เว็บ บอล
I am grateful for this blog to distribute knowledge about this significant topic. Here I found different segments and now I am going to use these new instructions with new enthusiasm.
ReplyDeleteราคา โคม ไฟ ถนน
Never use sequential numbers or letters. www.passhack.net Produce distinctive accounts that perhaps do not include any personal info such as, for instance, your title or day of birth.
ReplyDeleteلوله بازکنی گیشا برچسب ارائه دهنده خدمات لوله بازکنی در منطقه گیشا تهران می باشد که با کمترین هزینه میتوانید از این خدمات استفاده کنید.
ReplyDelete