I'm a tech professional (ex-Amazon) with experience including software engineering, and management. Currently living in NYC. Open VPN on Raspberry Pi: Installation & Debugging Instructions
Install OpenVPN
This will allow you to connect to your vpn server
sudo apt install openvpn resolvconf
Get your VPN services’ config files
Your VPN service will need to provide you with credentials to connect to their servers. Search from your VPNs name followed by “openvpn”.
Example, Express VPN
After you download your config files, SCP them to the Pi (if they are on your local machine) then move them into /etc/openvpn and rename to a .conf file so it can be started via sysctl
local:
scp expressvpn_config.ovpn pi@pi1.local:~/
pi:
sudo mv expressvpn_config.ovpn /etc/openvpn/
sudo cp /etc/openvpn/expressvpn_config.ovpn /etc/openvpn/expressvpn.conf
Run the VPN client
manually:
sudo openvpn --config expressvpn_config.ovpn --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf
via system service (recommended):
systemctl start openvpn@CONF_NAME.service
where CONF_NAME is the name of your .conf file in /etc/openvpn directory. In this example the command would be systemctl start openvpn@expressvpn.service. You could have multiple openvpn services running if you have more than one .conf file.
Verify your OpenVPN connection
Ensure that traffic is indeed being routed through your VPN service providers endpoint.
Verify via the command line
Check your public IP address
curl ifconfig.co
Check your ip address geolocation
curl ifconfig.co/city
Check that OpenVPN successfully created a tunnel interface
ifconfig tun0 &> /dev/null && echo -e "\033[1;32m" "-- VPN is active --" "\033[0m"
Verify in your browser
Check your public IP addresses on your local browser using:
- HTTP - http://api.ipify.org/?format=text
- HTTPS - ifconfig.co
Autostart OpenVPN on load
If everything works enable your OpenVPN service to run at startup
systemctl enable openvpn@CONF_NAME.service
more notes: https://www.ivpn.net/knowledgebase/linux/linux-autostart-openvpn-in-systemd-ubuntu/
Open VPN Troubleshooting
These steps may help if you’re finding Open VPN is not connecting, slow, or can’t access the internet.
Check that the OpenVPN service is running
Lists all the openvpn services currently running
systemctl list-units | grep openvpn
You should see something like this.
openvpn@expressvpn.service loaded active running OpenVPN connection to client
system-openvpn.slice loaded active active system-openvpn.slice
If you see an openvpn.service active exited kill the openvpn.service and restart systemctl start openvpn@expressvpn.service because openvpn.service is just a template service. Unload the openvpn.service from autostarting at load sudo systemctl status openvpn.service
To get more in depth details on any of those services run:
systemctl status openvpn@expressvpn.service
“active (exited)” error
If you see “active (exited)” as the status code when you ran the above command, see this ServerFault post
Check the OpenVPN logs
OpenVPN outputs logs to the syslog since it’s normally a system service.
tail -f syslog
grep 'ovpn' syslog
Reload the system manager config
sudo systemctl daemon-reload
TUN/TAP dev error: “Cannot open TUN/TAP”
If you see this error Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
It could mean your kernal modules are out of sync. Check by running these two commands:
rpdom@raspi5 ~ $ uname -r
3.18.11-v7+
rpdom@raspi5 ~ $ ls /lib/modules
3.18.11+ 3.18.11-v7+
They should produce the same numbers, if not it means you probably did an upgrade recently without rebooting. In that case (if they are different), run sudo reboot and the kernal should upgrade itself to match the modules and you should be good to go.
