Raspberry Pi as VPN Server

 

Purpose

The goal of this project is to build a VPN using a Raspberry Pi 3+ as the VPN server to securely and remotely establish a tunnel to access a device on the other network. Specifically to access Octopi (3d printer controller which can only be accessed locally) and control temperatures, move axes, and watch a live video feed of the nozzle or tool.

Materials

All materials were items I already owned or was given. I had purchased most of the following on amazon or ebay at some point in the years leading up to this. Links to parts I have purchased are below.

·       2x Raspberry Pi 3 (B +)

·       2x >= 8gb micro SD cards for raspberry pi

·       1m Endoscope camera

·       HDMI capable monitor

·       Ethernet Cable

·       USB A to USB mini (or compatible to printer) cable.

·       Keyboard & Mouse

·       Ender 3 Pro 3D Printer (or other FDM printer compatible with Octopi)

·       Internet router access

·       Computer

Instructions

Setting up the VPN

1.     From the computer, download and then install the Raspberry Pi Imager from the Official Raspberry Pi Website. https://www.raspberrypi.org/software/

2.     Insert the SD card into the computer and format it. Repeat on the second SD card. If you have troubles formatting it you may need to set the file size allocation to 4096 bytes and uncheck the quick format box. Do not move on until the drive is formatted. (You’ll have to do this for both SD cards).

3.     Open the Raspberry Pi Imager. Select “Raspberry Pi OS” under the OS button then select the SD card for the storage device then click “WRITE”. The Imager will run and then prompt when it is safe to remove the card.

**NOTE: while the imager is up, it will be easy to image the other SD card with Octoprint. You can skip to the next section and then return here.**

4.     Remove the SD card when prompted and plug it into the Raspberry Pi. Plug in the monitor, keyboard, mouse, and the last the power cable. Let the sequence run.

5.     Login to the Raspberry Pi if required. Default login is below.

a.      Username: Pi

b.     Password: raspberry

6.     Open a command window and run the following commands to update.

sudo apt update

 

sudo apt upgrade

7.     Setup the IP reservation on your Router. Since all routers are different, I cannot walk you through this section. Typically it will be under advanced settings once you are logged into the wifi user interface. Mesh wifi systems are typically done though the app instead of a computer.

8.     Set the IP as static in Linux. Right Click on the Network in the top right of the desktop > “Wireless  & Wired Network Settings” > eth0, then type the ip that was setup in the router IP reservation. This step will help secure that the router does not assign the Pi a new IP address and ruin the VPN connection. I recommend using a wired connection and not wifi.

9.     Install the VPN package

curl -L https://install.pivpn.io | bash

10.  Navigate through the start screen.

11.  The next screen will prompt that you have setup a static IP address and confirm the IP address is the same that you assigned though the router and the Linux UI. Select Yes.

12.  Navigate through the next information screens to select user. For most users this will be Pi.

13.  Select OpenVPN on the VPN service. Use the arrow keys to move and then the space bar to select the OpenVPN. Then hit enter.

14.  No on editing settings, the defaults will do.

15.  Setup the OpenVPN port. We will leave it to 1194.

16.  On the next screen you’ll be prompted for the DNS server. I selected Google which is the 8.8.8.8 DNS server.

17.  Public IP or DNS. On the next screen select DNS Entry. We will pause this setup and go register that.

18.  The next screen will show a domain to use for the DNS server.

 

19.  Navigate to duckdns.org (because it’s a free DNS service). Enter a name and the IP given.

20.  In the Raspberry Pi enter the URL to pair them together.

21.  Continue forward through the rest of the screens in the PiVPN setup. Enable unattended upgrades and then reboot.

22.  If you didn’t use the setup to reboot, do it now.

23.  Open a new command window and enter

sudo service openvpn status

24.  Add the User(s) that will be using the VPN

pivpn -a

You’re ALMOST done.

25.  Log into the router again and forward the port you setup for the VPN. In our case this was 1194. Again, since this is different for every router, you may need to lookup specific settings for your router. It is typically under advanced settings > Port Forwarding. Start port is 1194, and end port is 1194. This is the only port we need to forward for the VPN.

26.  The keys will be stored at /home/user/ovpns

27.  Move that key to the device you will be accessing the VPN from.

 

28.  Install the OpenVPN client on the device you intend to use.

https://openvpn.net/download-open-vpn/

29.  Launch the client, and import your VPN key.

That’s it. It should connect. From a remote internet, you’ll be able to navigate to Octopi.

 

Setting up Octoprint

1.     Repeat steps 1-4 from above for the second SD card, but for Raspberry Pi OS, Select Octopi from the “Other Specific purpose OS” section.

2.     Insert the SD card back into the computer and open the “octopi-wpa-supplicant.txt” file. It would be best to not use Notepad for this. If you use a Mac, you’ll have to change the format in preferences to plain text.

3.     Uncomment (circled) the WPA/WPA2 section, add your SSID and password (psk) with quotes into the the WPA/WPA2 section. (You may also just do a wired connection as well).

4.     Change the commented country from UK to US.

5.     Plug in the card, monitor, and keyboard to the other raspberry pi.

6.     Login to the Octopi.

a.      Username: pi

b.     Password : raspberry

*Change the password because this is very insecure to leave the default password*

7.     Make sure the internet is connected. This interface is the same as a command window and you can run “ifconfig” and “ping” to make sure the internet is working. Any typos or mis-commented sections can cause it to not connect. This IP does not have to be static as it will generate an IP for you.

8.     Write down the IP that was generated after login.

9.     Power down the pi. (type shutdown, hit enter and wait)

10.  Plug in the endoscope camera into the Octopi raspberry pi, and the usb mini cable to pi and the printer. They should both be turned on at the same time so the raspberry pi does not attempt to power the printer.

11.  Using PuTTy type in the octopi.local or the IP and connect. You may need to change the ssh port. You can also use the internet browser, navigate to the IP or http://octopi.local in the browser.

The next time you login from a remote network, just connect to the VPN through OpenVPN, and use the same method to connect to octoprint.

All Done!

 

Results

This lab was successful when following the steps I wrote.

Screenshot of the trace route from remote internet through the vpn (10.8.0.1) to the raspberry pi running octoprint (192.168.1.149)

Conclusion

The reason I decided to do this project was because I had all of the materials already sitting around. There was nothing for this project that I used that I had to purchase. Additionally I have always wanted to setup a VPN on my home network so that I can remote access devices such as this.

I learned a lot of things in the process of building this VPN. First of all, my home wifi runs through a comcast modem, then to a netgear router, a powerline modem, and then my apartment router. There were 3 different ports to port forward though. Once I forwarded port 1194 through all of them, I was able to connect to the VPN, however the connection was fragile due to IP conflicts and collisions, I set this up on another internet network that was only port forwarded though 1 router.

The next big thing I learned is how important syntax is in the code. When I was editing the text document, I had to try about 6 times before it finally connected because I commented or uncommented the wrong parts.

The last big things I learned were about ports, secure shell, port forwarding, static IP reservations, and overall setting up a VPN client. I would like to repeat again and use the GUI to build something to control a system on a Koyo Click PLC.

Useful Links

Purchases

Raspberry Pi 3 B+ (Sept 26, 2018) https://www.amazon.com/CanaKit-Raspberry-Premium-Clear-Supply/dp/B07BC7BMHY/ref=sr_1_3?crid=18LUIW0HT9A5C&dchild=1&keywords=raspberry+pi+3&qid=1620328276&sprefix=raspverr%2Caps%2C251&sr=8-3

Endoscope (Jan 15, 2021) https://www.ebay.com/itm/383907762165?var=652242271277

All other items were untraceable or links were out of date.

References

Ender_3_OctoPi_3B+_case.zip

DNS Provider Setting : pivpn

How to Get an Open Port on Netgear Routers

Create VPN on Your Raspberry Pi Device : 6 Steps (with Pictures) - Instructables

How to turn your Raspberry Pi into a VPN server using Pi VPN

OpenVPN Raspberry Pi Setup using PiVPN! (Easy Tutorial) - YouTube

Setting up PiVPN. Public or dynamic ip? : pihole

Various Classes from Dr. Hakala’s Mech 3300 Class and Lab at Utah Valley University.