So I really applaud the efforts and progress by the EFF for the Let’s Encrypt initiative. In this post-Snowden era I believe it is very important for users to take their privacy and security into their own hands whenever possible. Let’s Encrypt allows anyone that is running a website to easily be able to serve that site over an encrypted channel. If you aren’t a technical person you should be able to get a free cert from Let’s Encrypt using any integrations they provide. This is a great boon for those who have their own sites and blogs but what about the people at home who don’t run their own site? They use the internet and rely on the various sites to determine whether they are secure. A frequent piece of the solution for this is to leverage a VPN (Virtual Private Network). It will encrypt and tunnel your traffic from your client side through to the VPN Server side. Correct, from the VPN server out to the internet, you will again be unencrypted if the site doesn’t offer HTTPS connections, however from your local location to the VPN server you have great security. This is important because frequently people use the internet in locations they can’t and don’t control the security of. Any wifi hotspot, public place, friends house, etc., you have no clue what could be on that network intercepting your data or worse. If you setup a VPN Server at home, where you trust your local network, then no matter where you are, you can VPN into your home network and it is as if you were using the internet from your house. In other words if you are sitting in a Starbucks, you can VPN into your home VPN server and now you have complete encrypted traffic from the unknown and unsecured Starbucks wifi, direct to your home, where it then goes to the site you visited. Sadly, for most, configuring and managing your own VPN server is a task not easily accomplished.
This loops us back to a Let’s Encrypt parallel. Where Let’s Encrypt took a task that was challenging for many and made it greatly more accessible, PiVPN does the same for installing and managing an OpenVPN server. What is this PiVPN? If you’ve searched for how to install openvpn then you may have found it is non-trivial. PiVPN makes installing openvpn easy, quick and fun. If you are technical enough to get a Jessie Lite image up and running on a Raspberry Pi, you are now technical enough to run your own VPN Server thanks to PiVPN. Once you have successfully logged into your Raspberry Pi, to have a fully working and manageable OpenVPN server your install process is a one line command:
curl -L https://install.pivpn.io | bash
Yes that is it. You can literally hit ‘Enter’ through the install, but even if you are more technical the install will let you choose many different customization options along the way. Once it is install you can manage the configuration (OVPN files) you install on your clients with simple commands on your server:
‘pivpn add’ – This will add clients and takes one optional parameter,
‘pivpn add nopass’ – This will add a client certificate without a password. Only recommended if you really need it.
‘pivpn list’ – This will list the clients
‘pivpn revoke’ – This will remove clients
All the code for this installer is available on Github where questions and contributions are welcome!
As a final note, before you go run off and play with PiVPN on your own, I understand that some people may want to encrypt traffic leaving their home. It is one thing to be in a public, untrusted place and encrypt the traffic to your home, where it then goes out normally to the internet. But what if you don’t trust your own ISP? Now you want to encrypt the traffic even leaving your home, maybe to a VPN endpoint out on the internet. Time to pay for a service? NO. I’ve made sure PiVPN will also work if you boot up a free-tier Amazon server running the latest Ubuntu 14.04 server image. So simply go create an account on Amazon’s AWS infrastructure, boot up a free tier ubuntu server and run the PiVPN install command. Now you have your own VPN server out on the internet just like a paid service.