OpenVPN client on Raspberry Pi


This article is writen in spite of lots of blog posts on this topic, but most of them don’t take in account some best practices and have redundant and sometimes wrong information.

So if you wish to use your Raspberry Pi as OpenVPN client and make configure your Raspberry Pi the RightWay(tm) then you have come to the right place :)

First you need to have certificate files, if you are admin on the OpenVPN server also then you need to know how to create these files (not covered in this article) and if you are not then you should ask admin of OpenVPN server to send these files to you.

First file you need is Certificate Authority Certificate file usually named ca.crt, and two are client specific and unique for each client, for this example I’ll use raspberry.keyand raspberry.crt

First install openvpn package:
Código:
sudo apt-get update
sudo apt-get install openvpn
Now create config file for OpenVPN:
Código:
sudo nano /etc/openvpn/client.conf
and use these settings:

Código:
client
dev tun
port 1194
proto udp
remote CHANGE-ME-SERVER 1194 # VPN server IP : PORT
nobind
ca /etc/openvpn/ca.crt
cert /etc/openvpn/raspberry.crt
key /etc/openvpn/raspberry.key
comp-lzo
persist-key
persist-tun
verb 3
Copy certificates and key to / etc/openvpn/ directory on your Raspberry Pi

Start OpenVPN service
Código:
sudo /etc/init.d/openvpn start
Trubleshooting
If OpenVPN service is not starting take a peek into your log file:
Código:
tail /var/log/daemon.log