Raspberry Pi Zero W OpenVPN Server with NoIP Dynamic DNS

This is a quick, cheap and somehow easy way to set up a VPN at home.

I used a Raspberry Pi Zero W and a 16GB Sandisk microsdxc.

Install Raspbian

I installed raspbian stretch lite (put the OS with dd on the memory card).

Enable SSH

Then I enabled ssh access by mounting the memory card on my PC and touch /my/mount/point/boot/ssh.

I also put my ssh key into /my/mount/point/rootfs/home/pi/.ssh/authorized_keys and /my/mount/point/root/.ssh/authorized_keys.

Setup WiFi

Then I set up WiFi (you need to edit the values according to your WiFi setup).

Contents of /my/mount/point/rootfs/etc/wpa_supplicant/wpa_supplicant.conf

(Easymode with wpa_passphrase YOUR_ROUTER_SSID YOUR_ROUTER_PSK)

country=DE
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
        ssid="ROUTER66"
        psk=7777777777777777777777777777777777777777777777777777777777777777
}

Contents of /my/mount/point/rootfs/etc/network/interfaces.d/10-wlan0.conf

auto wlan0
allow-hotplug wlan0
iface wlan0 inet static
        address 192.168.2.10
        netmask 255.255.255.0
        gateway 192.168.2.1
        wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Force WiFi Reconnect

I put a script in /opt/wifi-tools/reconnect.bash which queries the wifi interface and if it ain't connected, it'll force a reconnect (in case our flaky router has restarted again). I also set it up to run every minute (via crontab).

Contents of reconnect.bash

#!/bin/bash

if ifconfig wlan0 | grep -q "inet 192" ; then
        echo "wlan0 is up" > /dev/null 2>&1
else
        ifup --force wlan0
fi

NoIP.com Dynamic Update Client

To start with, login to your Raspberry PI box and download the DDNS client

cd /usr/local/src/
sudo wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
sudo tar xf noip-duc-linux.tar.gz
cd noip-2.1.9-1/
sudo make install

The above will install the noip2 executable in /usr/local/bin/

Then you need to create the configuration file. Note that the config file is not plain text file. and the values there is encrypted.

sudo /usr/local/bin/noip2 -C

This will create a file under /usr/local/etc/no-ip2.conf

Now start the client by:

sudo /usr/local/bin/noip2

Create a startup script

sudo touch /etc/init.d/noip2 && sudo chmod +x $_

Contents of /etc/init.d/noip2:

#! /bin/sh
# /etc/init.d/noip2

# Supplied by no-ip.com
# Modified for Debian GNU/Linux by Eivind L. Rygge <eivind@rygge.org>
# Updated by David Courtney to not use pidfile 130130 for Debian 6.
# Updated again by David Courtney to "LSBize" the script for Debian 7.

### BEGIN INIT INFO
# Provides:     noip2
# Required-Start: networking
# Required-Stop:
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start noip2 at boot time
# Description: Start noip2 at boot time
### END INIT INFO

# . /etc/rc.d/init.d/functions  # uncomment/modify for your killproc

DAEMON=/usr/local/bin/noip2
NAME=noip2

test -x $DAEMON || exit 0

case "$1" in
    start)
    echo -n "Starting dynamic address update: "
    start-stop-daemon --start --exec $DAEMON
    echo "noip2."
    ;;
    stop)
    echo -n "Shutting down dynamic address update:"
    start-stop-daemon --stop --oknodo --retry 30 --exec $DAEMON
    echo "noip2."
    ;;

    restart)
    echo -n "Restarting dynamic address update: "
    start-stop-daemon --stop --oknodo --retry 30 --exec $DAEMON
    start-stop-daemon --start --exec $DAEMON
    echo "noip2."
    ;;

    *)
    echo "Usage: $0 {start|stop|restart}"
    exit 1
esac
exit 0

Put the script to auto-start with:

sudo update-rc.d noip2 defaults

Install OpenVPN

curl -L https://install.pivpn.io | bash

Port forwarding

Set up your router to forward port 1194 to your pi.