Home‎ > ‎Dabbles‎ > ‎RaspberryPi‎ > ‎

Connecting Remotely - Building a VPN Server with OpenLDAP Authentication

posted Dec 19, 2014, 6:55 PM by Joshua S   [ updated Jan 1, 2015, 10:11 AM ]

Try using the config from here but using the VPN I've already set up....


This post demonstrates how to build a Virtual Private Network (VPN) server that authenticates using OpenLDAP credentials.  This will allow remote devices (PCs, Phones, Tablets, etc.) to connect to the RaspberryPi from anywhere on the Internet.  Through this connection, you will be able to use that device as if it were connected locally on your home network.  You may use this so you can access your home printer, other computers or storage devices, or so you can access an unfiltered internet if you are at work or somewhere else that filters your connection.

Note:  An earlier post allowed users to connect using PKI but did not leverage OpenLDAP.  If you would prefer that approach, please use that tutorial.

This is the fifth project in the series and assumes the elements performed in several earlier ones are in place and integrated into the template (see the template projects) in order to work.  Additionally, this project assumes you have a static IP set for the RaspberryPi.  No instructions speak to this, because they will vary based upon your environment and where you perform DHCP.  Generally speaking, this is something you will configure at your router by supplying the MAC address of the Pi.  Additionally, the router will need to be configured to port forward TCP port 1194 to the RaspberryPi.  Note, OpenVPN is often configured to use UDP, but this protocol is also often blocked thus TCP will work much more consistently.

Most of these projects can be performed in any order, but if you follow the order outlined here it will all definitely work.  I've found a number of guides to help me, but many have partial documentation, skip key steps, etc.  The goal is to build out a guide with everything you need to complete each step, but let me know if I miss something or it isn't clear.

For each template and initial setup, I used an 8GB memory card.  With the B+, the image you back up will be the full size of the card whether you expand the file system or not.  For the actual projects, I use a mix of card sizes -- generally 32GB, but I like my templates and initial setup configs to be 8GB to reduce the storage size of my backups.

Supply List:
  • MicroSD Card  A digital memory card, initially designed for media (think a camera) but which will serve as the hard drive for the RaspberryPi.  All tutorials will focus on the 8GB size, but you can easily use this process for a larger format also.  This should be pre-loaded with the template image created in the previous project (template step 01).
  • PuTTY  A free SSH client which is excellent for working at the command line.  I know, I know, no one loves the Command Line any more, but the more you use the RaspberryPi the more you will quickly learn that CommandLine > GUI.
  • RaspberryPi B+  The actual RaspberryPi hardware this will all be built around.
  • Win32 Disk Imager  A Free Open Source Software (FOSS) utility to write of image (.IMG) files to various flash card media (SD, MicroSD, etc.).  Download the software from the website.

  • Write the image you plan to enhance to the SD Card and load it into the RaspberryPi.  In this example, we'll use the template file, created in a previous tutorial.  
  • Using PuTTY (or whatever SSH client you prefer) connect to the IP address of the RaspberryPi.  You should know this from the previous step ( in this example), but if you do not, follow the steps at the beginning of the first lesson which show how to use AngryIP scanner to locate the IP address.
  • Once connected, log onto the Pi using:
    • UserID:  pi 
    • Password:  raspberry

  • Raspbian uses Advanced Package Tool (APT) to manage and install software.  First, we need to update the tool using:
    • sudo apt-get -y update
  • Now let's update the software currently loaded.  There are several ways to do this, but if we issue the dist-upgrade command it will intelligently add software, update packages, and remove unneeded packages.
    • sudo apt-get -y dist-upgrade
  • Finally, let's upgrade the Pi Kernel:
    • sudo rpi-update
  • Let's reboot now that the upgrades are complete:
    • sudo reboot

  • OK, good!  Now that everything is updated, let's install our VPN server.  Use the following commands:
    • sudo apt-get -y install openvpn openvpn-auth-ldap dnsmasq
      • openvpn  The base package for OpenVPN clients and servers.
      • openvpn-auth-ldap  OpenVPN LDAP authentication module.
      • dnsmasq – asdf.

  • First, we need to perform these actions as root, so let's use Sudo to switch to the root user.
    • sudo su
  • Now, to set up the key infrastructure we need to use the OpenRSA software included with OpenVPN.