Something super useful in a Raspberry to be able to connect from anywhere will be to set up a VPN server, In a previous document we already saw how to assemble it, but it was with PPTP, something not very sure let's say, in this document we will see how to install OpenVPN on a Raspberry, Here are some notes so that you can set up a secure VPN and connect from anywhere!

OpenVPN offers us a combination of enterprise-level security, safety, Ease of use and richness of features. Security is achieved by encrypting traffic using SSL/TLS mechanisms, so in this document we will deploy in addition to OpenVPN itself, our own CA, We will generate the certificates for the users and give their keys for them to connect! If we don't have a fixed public IP, it would be ideal to combine it with the NO-IP client on our Raspberry!!!

We start with the installation of OpenSSL:

[SourceCode]Sudo apt-get install OpenVPN OpenSSL
cd /etc/openvpn
sudo su
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn/easy-rsa[/SourceCode]

We'll edit with 'vim easy-rsa/vars’ and we'll correct the next path with the correct path: 'export EASY_RSA=”/etc/openvpn/easy-rsa”‘.

We create the server and client certificates in addition to the key, when filling in the certificate information with which we indicate the 'Common name'’ That would be enough, Started:

[SourceCode]./Easy-RSA/clean-all
Easy CD
ln -s openssl-1.0.0.cnf openssl.cnf
CD ..
./easy-rsa/build-ca OpenVPN
./easy-rsa/build-key-server server (And everything)
./easy-rsa/build-key client1
./easy-rsa/build-dh[/SourceCode]

We create our configuration file with 'vim /etc/openvpn.conf’ and this configuration would be enough:

[SourceCode]Dev tun
Proto udp
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
User nobody
Group NoGroup
Server 10.8.0.0 255.255.255.0
persist-key
persist-tun
status /var/log/openvpn-status.log
Verb 3
client-to-client
push "redirect-gateway def1"
#Set the DNS Servers
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
log-append /var/log/openvpn
Completion[/SourceCode]

We execute the following to enable routing to our network, in this example I use the Wifi wlan0 interface, If you use ethernet you should put eth0; watch out for the IP range in case your network is not the 192.168.1.0/24 to change it and finally the 192.168.1.197 is the address of my Raspberry Pi:

[SourceCode]ECHO 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o wlan0 -j SNAT –To 192.168.1.197[/SourceCode]

We edit 'vim /etc/sysctl.conf’ and we discomment’ net.ipv4.ip_forward=1′
We will now be able to start OpenVPN with: '/etc/init.d/openvpn start'.

We will create our OpenVPN configuration file for clients, We run 'vim conexion_vpn.ovpn and put:

[SourceCode]Dev tun
client
Proto udp
Remote NOMBRE_O_DIRECCIÓN_IP_(PUBLISHES)_DE_LA_RASPBERRY 1194
resolv-retry infinite
noob
persist-key
persist-tun
CA.crt
cert client1.crt
Key client1.key
Completion
Verb 3[/SourceCode]

We edit 'vim /etc/rc.local’ and we put at the end before the last exit (watch out for the IP range of the example, Raspberry Pi interface and address:

[SourceCode]iptables -t nat -A INPUT -i wlan0 -p udp -m udp –Shadow Shade 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o wlan0 -j SNAT –to-source 192.168.1.197[/SourceCode]

We copy certificates and clients to keep them close, We will become owners of the files that we will deliver to customers:

[SourceCode]cp -rf /etc/openvpn/easy-rsa/keys /home/pi
Chown pi:pi /home/pi/keys to be able to copy them with SCP to our PCs
sudo chmod 777 /home/pi/keys/client1.key[/SourceCode]

We will copy the following files to the PCs that want to connect: CA.CRT, client1.crt and client1.key

And finally, we will have to take into account opening the following ports in our firewalls/routers to allow access from the Internet to our networks: TCP 443, TCP 943 & UDP 1194.