The tiny, inexpensive Raspberry Pi has a very low power consumption, which makes it a great always-on VPN (Virtual Private Network) server. With a VPN, you'll get secure access to your home network when you're on the go and can use it for secure web browsing when you're on public networks. Here's how to roll your own VPN with the Raspberry Pi.
It's Raspberry Pi week at Lifehacker, and all week we'll be showing you some cool DIY projects you can put together with this little miracle of a device. If you haven't bought one yet, check out our introduction to the Pi to learn more about what it is, what you'll need, and the cool stuff you can do with one (such as turning it into an XBMC media center). For a basic introduction to VPNs, check out our guide to why you should start using a VPN (then come back here).
What You'll Need
Setting up your Pi as a VPN and web proxy server doesn't require any new or special hardware beyond the basics. You'll need:
A free LogMeIn account since we're using LogMeIn Hamachi to create our VPN. Create your free account, if you don't have one already, before you get started. Hamachi will create a VPN for you, so you don't have to mess with port forwarding on your router, getting a static IP address, or trying to bypass firewalls.
Privoxy: We're pairing this application with Hamachi to enable the secure web browsing from either inside or outside the network. You'll download it in Step 5 below.
A Raspberry Pi, naturally: See our intro guide for suggestions on where to buy one if you don't already have it.
HDMI or composite cable: To connect the Pi to a television or monitor. Once you've completed this project, you can disconnect the Pi from your display and use it as a "headless" server, since you can connect to the Pi over VPN.
An 8GB Class 10 SD card or better and a card reader: Your computer may have a built-into SD card reader; if not, you'll need an external one to set up the Pi.
USB keyboard and mouse: I used old wired ones lying about the house, but Whitson was able to use wireless (non-Bluetooth) versions.
An ethernet cable: For the best network performance, you'll want a wired connection to your router/modem (rather than looking at Wi-Fi solutions for the Pi). Having a broadband internet connection at home will make the proxy server as fast as possible as well.
Micro USB power supply: Look for a good quality charger that can provide at least 700mA at 5V. Most modern smartphone chargers will work, but check out the specs on the bottom of the charger brick to make sure. Besides the SD card, the power supply is one of the main troubleshooting elements if you have problems.
Note, however, that there's one additional step you should take when following that guide, at the end in the configuration section (before step 3, finishing configuration). Change the default keyboard layout if you're not in the UK. The reason is some of our commands require special characters (e.g., #), which the UK layout changes.
If you're following the setup guide above, you can change the keyboard layout in the configuration screen. Or, after you've set up the Pi, type in:
sudo dpkg-reconfigure keyboard-configuration
Then follow the prompts to switch to your country's layout and then either restart (using the sudo reboot command) or reload the keymap without restarting by entering:
invoke-rc.d keyboard-setup start
Step Two: Update the Raspberry Pi and Install Hamachi
Hamachi depends on a couple of packages that may not be present in your image, so we're going to first update the packages and hopefully save you time troubleshooting common errors.
First, grab the latest update:
sudo apt-get update
Then, install LSB (a requirement for Hamachi):
sudo apt-get install --fix-missing lsb lsb-core
Be patient while it updates, and then you can download the latest Hamachi build for Linux:
sudo hamachi set-nick [INSERT A NICKNAME FOR YOUR RASPBERRY PI]
Now, on another machine, head over to LogMeIn and go to your "My Networks" section under networks. You'll see that the Pi (whatever you nicknamed it) is trying to connect and create a new network. Grant the Pi permissions and write down the network ID (a 9-digit number) for that network.
Go back to the Raspberry Pi and enter:
sudo hamachi do-join [THE NETWORK ID YOU WROTE DOWN]
Then enter your LogMeIn password (if requested). You might need to approve the join request on LogMeIn from the other machine. Once you do so, the Pi will be part of the new VPN served by Hamachi. At LogMeIn.com, look for the virtual IP address assigned to the Pi and write that down, because you'll need it later.
To be able to SSH into it and remotely control the Raspberry Pi, start the SSH server:
sudo /etc/init.d/ssh start
Step Four: Install Hamachi on Your Computers
Almost done! For the Windows, Mac, or Linux computers you also want to connect to the VPN, you'll need to install the Hamachi client from the download page.
After you do so, you can join the new VPN (Network > Join) and SSH into the Raspberry Pi or access network files, etc. (In Windows, use a tool like Putty or in Mac/Linux use Terminal to SSH, using the Raspberry Pi's IP address assigned by Hamachi in the server field).
(Optional) Step Five: Install Privoxy on the Pi and Use It as Your Computer's Web Proxy
Besides issuing remote commands to the Pi and accessing network files, you can use your Pi as a proxy server. By connecting Privoxy and Hamachi, you can secure and encrypt your browser sessions when you're using the public Wi-Fi at your local coffeeshop—keeping your data safe from prying eyes or malicious users.
Here are the steps to set up Privoxy on the Pi:
sudo apt-get install privoxy
Open the configuration file in your text editor:
sudo nano /etc/privoxy/config
Find the following line (easy in Nano if you do a search by hitting Ctrl+W): listen-address localhost:8118
Comment out that line by adding a # before it
Then add a new line below it with: listen-address [IP address of your Pi assigned by Hamachi]:8118 (e.g., 184.108.40.206:8118)
Save the configuration file (Ctrl+X) and restart Privoxy:
sudo service privoxy restart
Now you have your Privoxy server set up on the Pi, running over the secure VPN via Hamachi. All that's left to do is set Privoxy as your proxy server on your other computers.
To do that:
In Google Chrome: Go to Settings > Show advanced settings... > Change proxy settings... (under Network)
In Firefox: Go to Preferences > Advanced tab > Network tab > Settings button (next to "Configure how Firefox connects to the Internet")
Then enter the IP address of the Raspberry Pi, as assigned by Hamachi, in the proxy adress. The port is 8118.
To test that the proxy is working, go to http://config.privoxy.org/ and you should see a message like "This is Privoxy on Windows [IP address], port 8118, enabled." If it's not working, you'll see a message that "Privoxy is not being used." Also, when you're using a public Wi-Fi connection, visiting WhatIsMyIP.com will show a different IP address when your proxy is turned on than when it's off (the IP address should be your home's public IP address).