In a recent post, I discussed setting up an OpenVPN server on a Raspberry Pi. I relied on a nice tutorial from readwrite that you can find here. However, I found a discrepancy with the guide pertaining to its discussion of firewalls. The tutorial states that Raspbian has a firewall enabled by default. While iptables is certainly present by default (it’s part of the kernel), and it is often the basis for a very powerful firewall, it is not configured to be a firewall by default. Read on to learn how to enable a firewall on your Internet-facing Pi (including OpenVPN servers)!
I’ve been wanting to set up a virtual private network (VPN) on my Raspberry Pi (Pi) for for awhile, and I finally took the time (be prepared to set aside an afternoon) to do it last weekend. For those who are unaware, the Pi is a small, credit card-sized computer that is roughly as powerful as a smart phone. You can learn more about them here. The particular model I used for this project is the Raspberry Pi Zero, which is not much larger than a USB flash drive. The Raspberry Pi Zero plus a power supply, case, micro USB hub, a microSD card and wireless dongle will set you back less than fifty dollars. Not bad for such a useful device.
So now you know what the Pi is, but what about OpenVPN? OpenVPN is open source software that encrypts your Internet traffic (i.e., makes it look like gibberish) between the device you are using (e.g., PC, phone, laptop) and the device that is running the OpenVPN server (e.g., a Pi). That’s nice Chris, but why do I care? If you have ever been at a coffee shop or the airport and have connected to a Wi-Fi network that didn’t require a password, you may care. Without encryption, it is trivial for an eavesdropper to see everything you are doing over the Internet (unless the website you are visiting or the app you are using have their own encryption enabled). Note that Internet traffic that does NOT have its own encryption will only be encrypted until it reaches the OpenVPN server. At that point your information goes out over the Internet, just as it would if you were surfing from the network where the VPN server resides. Any information being returned to you will travel to the VPN server first, be encrypted and then forwarded back to you, thereby thwarting the eavesdropper!