You can’t connect to a VPN on your Pi if your firewall blocks access. Your Pi came with a built-in firewall. We need to open the necessary ports on your Pi.

  • Create a script named /etc/openvpn/ Make it contain this:

      iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
      iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
      echo " executed" > /tmp/
  • You don’t really need that echo statement, but if your VPN doesn’t work, you’ll want to check the timestamp on /tmp/ to see if the script got executed.

  • Set proper permissions:

      sudo chmod 744 /etc/openvpn/
      sudo chown root /etc/openvpn/
  • As root, edit /etc/network/interfaces and put this line BEFORE “iface eth0…”. Do not indent it.

    auto eth0

  • As root, edit /etc/network/interfaces, and append this line after the “iface eth0…” line, indented 4 spaces:

      pre-up /etc/openvpn/
  • Allow packet forwarding by editing /etc/sysctl.conf and un-commenting this line:

  • Commit the packet forwarding changes by running:

      sudo sysctl -p
  • Start your server with the command below. I think this also causes it to auto-start at boot. Note that “server1” must match up with the “server1.conf” file in /etc/openvpn:

      sudo systemctl start openvpn@server1.service
  • Reboot your Pi.

Return to Surf Safe at Starbucks