How To: Pi-Star with OpenVPN

In this guide, I will show you how I successfully installed and configured Pi-star with OpenVPN.

Before you begin, you will need to have a subscription to a VPN provider. For the purpose of this tutorial, I can only vouch for the VPN provider I use. Other providers may or may not work with this setup.

The VPN service I use is provided by PrivatVPN.com.
At the time of writing, they were doing some good offers and all plans also come with a 30 Day Money Back Guarantee!

Setting up OpenVPN to work with Pi-Star

STAGE #1: Readying for Setup

The first thing we need to do is make sure we are running the latest version of Pi-Star and ensure it is fully updated / upgraded. But before we do that, it’s a real good idea to back up the Pi-Star disc image from the SD Card.

During my first attempt at setting up OpenVPN on my Pi-Star Hotspot, things went badly wrong which in turn forced me to start again with a brand new Pi-Star image. This turned out to be a blessing in disguise because things went a lot smoother with a brand new up to date Pi-Star image.

On my first attempt at setting up OpenVPN I was running an old version of Pi-Star (circa 2017 or thereabouts) and I hadn’t updated since. Whenever I tried to install OpenVPN with sudo apt-get update, I would get a LOT of repository errors about Jesse Backport not found and so nothing would update or install properly.

If you find you get any of these Jesse Backport errors, it may be an idea just to back up / make a note of your Pi-Star settings and configs and then start with a fresh copy of the latest Pi-Star image. I spent hours trying to fix the repository errors to no avail.

Backing Up Your Pi-Star SD Card Image

To backup your Pi-Star SD Image, I recommend following this guide and using Win32 Disc Imager.

Once you have backed up your Pi-Star SD Image, we can move on to the next step of updating / upgrading your Pi-Star distribution.

Updating Pi-Star via SSH Access

To begin updating and upgrading Pi-Star, you will need to gain access to the SSH terminal. You can do this via your Pi-Star control panel.

Simply login to your Pi-Star hotspot control panel and then select configuration. From there, select Expert and then SSH Access.

A SSH shell window will open and from now on, we will be doing everything via command line in this window.

The SSH window will ask you to login and to do this, you first enter your username which is usually pi-star followed by pressing the ENTER key.

Next you need to enter the password you use to log in to the control panel followed by pressing the ENTER key.

Once logged in, you should see the terminal filled with text and a command prompt.

Now we need to start issuing some commands………

First we type in rpi-rw followed by pressing the ENTER key.
This puts the Pi-Star disc into Read/Write mode so that it can write data to the SD card image.

Next we type in sudo apt-get update followed by pressing the ENTER key.

This is where I started to get errors about missing files / repositories from Jesse Backport. If you find you are getting similar messages, I would highly recommend starting out with a fresh and up to date copy of Pi-Star. At the time of writing, the latest Pi-Star image download is dated 20 Jan 2019.

If the update command runs without any problems, we can move on.

Stage #2: Installing OpenVPN

From this point, Installing OpenVPN should be a simple case of typing the following into the SSH shell window and pressing the ENTER key.

sudo apt-get install openvpn

At this point, the process of downloading and installing OpenVPN and any/all dependencies should begin. You will be asked to confirm the install and maybe asked to installed dependencies that cannot be authenticated so just say yes to both.

If you start seeing any errors such as 404 or missing or errors relating to Jesse Backport then as previously stated, it might be an idea to start with a fresh and up to date Pi-Star image.

Assuming OpenVPN installed correctly, we need to configure it to work with PrivatVPN. To do this, we need to download and run their setup script. This can be found on their OpenVPN Install Guide page.

Installing and Running the PrivatVPN Setup Script

To begin installing and running the PrivatVPN OpenVPN setup type the following in to the SSH Command window followed by pressing the ENTER key.

sudo wget “https://privatevpn.com/client/install.sh”

To run the Setup Script type the following in to the SSH Command window followed by pressing the ENTER key.

sudo bash install.sh

When the install script runs, it will ask you for your PrivatVPN login details in the form of Username (the email you signed up with) and Password (the password you signed up with).

It will then ask you if you want to save the config to the OpenVPN directory.

Simply type in the word YES followed by pressing the ENTER key.

Stage #3: Final Configuring & Tweaking

At this point, it’s a good idea to setup a static IP and Port Forwarding for your Pi-Star Hotspot in your router.

Since each router is different, I cannot guide you through the specific steps to do this. But you are going to want to set up a static IP / DHCP reservation so that your hotspot is always assigned the same IP from your router everytime.

Similarly, when you have a static IP assigned to your hotspot, you are going to want to set up port forwarding for UDP port 1194 to the hotspot’s static IP address.

Selecting a PrivatVPN Server to Use

Now we need to tell OpenVPN what PrivatVPN server to use and to do this, we need to edit the privatvpn config file.

Editing the PrivatVPN.Conf File

To do this, in the SSH command window we type

cd /etc/openvpn/ followd by pressing the ENTER key

Next we type sudo nano privatvpn.conf followed by pressing the ENTER key.

This should open the config file ready for editing.

We are going to be editing ONLY the top line of the config file where it says remote

After the word remote is the name of a server which we are going to change to one from this list of PrivatVPN servers.

All we do is pick a server from the country we’re in and replace the server name in the privatvpn.conf file with the new server name and then save it.

To save the changes, press CTRL+O followed by CTRL+X

That’s it. Now OpenVPN will use that PrivatVPN server.

Pi-Star Firewall / Iptables

Once I had OpenVPN installed and configured, this step gave me the most headaches.

To verify OpenVPN is working, type ifconfig in to the SSH Command window and press ENTER.

You should see a list of network interfaces appear. In particular you are looking for an interface called tun0

If you don’t see tun0 in the list of available interfaces then OpenVPN isn’t working properly.

Pi-Star Running OpenVPN Via PrivatVPN using tun0

To find the problem, I typed in cd /var/log followed by ENTER to naviate to the log directory. From there I typed nano syslog followed by ENTER to open up the system log to see what was going on.

At the end of the log, I saw an error relating to OpenVPN complaining about TLS Handshake Timed Out and stuff about IPV4 and forbidden.

As it turns out, this issue was related to the IPTables and took some figuring out. This probably isn’t the best or correct method to get round this error but I decided to edit the IPTables to ALLOW ALL.

When I did this, tun0 appeared in the list of network interfaces UNTIL I rebooted the hotspot and then tun0 disappeared again. For some reason, the IPTables reset themselves on reboot so I needed to find a way of altering the IPTables and saving them so that they stayed after a reboot. So here’s what I did.

Each Command is typed in separately followed by pressing ENTER!

sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F

I then typed in ifconfig followed by ENTER and I could see tun0 meaning OpenVPN was working.

To save the IPTables I did the following:

sudo iptables-save | sudo tee /etc/iptables.conf followed by pressing the ENTER key.

Then I went and edited the RC.LOCAL file by doing the following:

sudo nano /etc/rc.local followed by pressing the ENTER key

At the end of the file but BEFORE Exit 0 I added these two lines

# Load iptables rules from this file
iptables-restore < /etc/iptables.conf

To save the file press CTRL+O then CTRL+X

AND THAT SHOULD DO IT!
In some cases a reboot of Pi-Star may be required.

On the OLED screen on my Jumbospot, I can see the Hotspot is using tun0 instead of Wlan0 and it is using the VPN Local IP address allocated it – starting with 10.0.X.X.

I also did one final thing to check that my OpenVPN was working and that was running a what’s my IP command from the SSH Shell window using this command followed by pressing the ENTER key:

wget -qO- https://ipecho.net/plain ; echo

This returned the IP of the VPN server being used and not the IP allocated by my ISP showing that OpenVPN and PrivatVPN were both working as they should be.

In using PrivatVPN, I have no noticeable connection issues and the speeds provided by PrivatVPN are more than adequate.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.