Dynamic DNS and Openvpn server
################################################
#### Dynamic DNS from website http://www.no-ip.com/
################################################
# First, create an account over at http://www.no-ip.com/ then goto
# https://www.no-ip.com/members/dns/ and click “add a host”.
# Then use this lazy command list for pi.
sudo bash
cd /usr/local/src/
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar xf noip-duc-linux.tar.gz
cd noip-2.1.9-1/
make install
# Add a new text line /usr/local/bin/noip2 into file /etc/rc.local
# just before its last line “exit 0″ so no-ip starts automatically after reboot
nano /etc/rc.local
/usr/local/bin/noip2
#CTRL+o ENTER # write output, save in other words
#CTRL+x # exit nano editor
# start it with
sudo /usr/local/bin/noip2
# check status with
sudo /usr/local/bin/noip2 -S
# kill it
sudo /usr/local/bin/noip2 -K ‘pid’ (get pid from -S)
# If you need to recreate the default config file
sudo /usr/local/bin/noip2 -C
################################################
#### Openvpn server and client from website http://openvpn.net
################################################
# Openvpn Based upon these blogs
http://wingloon.com/2012/05/25/how-to-i … ntication/
http://www.serverubuntu.it/openvpn-bridge-configuration
# Using SD card with “2012-08-08-wheezy-armel”
# Remember you gotta do port forwarding, not covered in this post
# Lets get started, start with an updated installation
sudo apt-get update
# Now install openvpn
sudo apt-get install openvpn -y
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
sudo chown -R $USER /etc/openvpn/easy-rsa/
# You can put whatever you like in the vars file, just don’t leave these data fields blank
# I left everything as it was default, even “changeme” data
nano /etc/openvpn/easy-rsa/vars
# Now build certs and keys for server and client
# TIP: answer yes to sign and commit, leave everything else default
cd /etc/openvpn/easy-rsa/
source vars
./clean-all
./build-ca
./build-key-server server
./build-dh
./build-key clientpi
cd /etc/openvpn/easy-rsa/keys
sudo cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
sudo mkdir $HOME/openvpn-client-files
sudo cp ca.crt clientpi.crt clientpi.key $HOME/openvpn-client-files
sudo mv $HOME/openvpn-client-files/ca.crt $HOME/openvpn-client-files/capi.crt
sudo chmod +r $HOME/openvpn-client-files/clientpi.key
# Now, copy the $HOME/openvpn-client-files directory using WinSCP to client Windows system:
# tip, I had to copy directory to C:\
# then directory contents clientpi.key, capi.crt clientpi.crt to
# C:\Program Files (x86)\OpenVPN\config
# windows 32bit will have a different OpenVPN directory
# C:\Program Files\OpenVPN\config
# in Windows, create a new text file called
# C:\Program Files (x86)\OpenVPN\config\raspberry.ovpn
# this is the OpenVPN client configuration
- CODE: SELECT ALL
client
dev tun
proto tcp
remote change_this_to_your_to_own_address_from_no-ip.com 34567
resolv-retry infinite
nobind
persist-key
persist-tun
ca capi.crt
cert clientpi.crt
key clientpi.key
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3
# Back to the Raspberry Pi, create new file for server config
# Below is my OpenVPN server configuration saved as /etc/openvpn/server.conf
sudo nano /etc/openvpn/server.conf
- CODE: SELECT ALL
port 34567
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 5 30
# Nano editor TIP: CTRL+o writeout, in other words save the file
# CTRL+x exit
# uncomment to allow data redirect
sudo nano /etc/sysctl.conf
net.ipv4.ip_forward=1
# Make file for firewall setting
sudo nano /usr/local/bin/firewall.sh
- CODE: SELECT ALL
#!/bin/bash
iptables -t filter -F
iptables -t nat -F
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s "10.8.0.0/24" -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s "10.8.0.0/24" -j MASQUERADE
sudo chmod +x /usr/local/bin/firewall.sh
# run firewall
sudo /usr/local/bin/firewall.sh
# TIP: I got an error here
# /bin/bash^M: bad interpreter: No such file or directory
# seems to copy from wordpress adds hidden DOS CTRL characters
# I had to do
sudo apt-get install dos2unix
# then
sudo dos2unix /usr/local/bin/firewall.sh
sudo /usr/local/bin/firewall.sh
# check firewall
- CODE: SELECT ALL
sudo iptables --list
# put a line /usr/local/bin/firewall.sh into /etc/rc.local
# before ‘exit 0′ to ensure the iptables rules is created every reboot or power up.
sudo nano /etc/rc.local
/usr/local/bin/firewall.sh
# reboot the pi
sudo reboot
# connect VPN client from remote location
# did not work for me when client and server where connected
# to same router
# check VPN is working by checking your IP address
# changes after you connect http://ipchicken.com/