raspberrypi

Install OpenVPN on Raspberry Pi Using PiVPN

Want a private, secure VPN server running at home?
Your Raspberry Pi can be the perfect solution.
Follow this step-by-step guide to install OpenVPN using PiVPN:

🛠️ Prerequisites:
  • Raspberry Pi 3 or newer (Raspberry Pi 4 recommended)
  • Raspberry Pi OS installed
  • Internet connection
  • Static IP address or Dynamic DNS set up
🔧 Step 1: Update your Raspberry Pi

sudo apt update && sudo apt upgrade -y
📥 Step 2: Install PiVPN

curl -L https://install.pivpn.io | bash

Follow the guided installation process. Choose OpenVPN when asked, and allow unattended upgrades.

🔐 Step 3: Add a VPN user

pivpn add

Give your client a name (e.g., tiago). This creates a .ovpn file.

📁 Step 4: Transfer the OVPN file

scp tiago@raspberrypi:/home/pi/ovpns/tiago.ovpn ./destination

Or use a USB stick to move it to your client device.

🌍 Step 5: Port forwarding

Forward the selected UDP port on your router to your Raspberry Pi's local IP address. Default Port:1194

✅ Step 6: Connect

Install the OpenVPN client on your PC or phone and import the .ovpn file to connect!

Security Tips

⏰ Session Timeout & Key Rotation
  • Set keepalive 10 60: This keeps the tunnel active and detects dropped connections quickly.
  • Use reneg-sec 3600: Forces a rekey every hour to prevent long-term key reuse.
  • Persist tun and key: Helps maintain tunnel stability across reconnects or network blips.
🧱 Firewall & IP Forwarding
  • Enable IPv4 forwarding: Set net.ipv4.ip_forward=1 in /etc/sysctl.conf.
  • Use iptables MASQUERADE: Ensures your Raspberry Pi can NAT traffic from VPN clients.
    • sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
  • Restrict access: Only allow necessary ports like 1194/UDP for OpenVPN.
🔎 DNS Leak Protection
  • Use your VPN provider's DNS: Prevents your ISP from seeing DNS queries.
  • Edit resolv.conf: Point it to secure DNS like 10.8.0.1 or your VPN provider's IP.
  • Add block-outside-dns (Windows): Stops DNS from leaking outside the VPN tunnel.
🧰 Troubleshooting

  • Can't connect? Double-check your port forwarding and IP address.
  • Client gets no internet? Enable IP forwarding and NAT with PiVPN’s default settings.
  • VPN server not responding? Check your firewall or router for blocked UDP connections.

Enjoy your own secure VPN with full control and privacy. 🎉

    • © Copyrights. All rights reserved.