The Raspberry Pi series: PiVPN

The Raspberry Pi series: PiVPN

 

 

안녕하세요, 바베입니다 :) 

오늘은 라즈베리파이 시리즈: PiVPN 파이 브이피엔에 대해서 적어볼게요!

그럼 시작합니다 

 

Hello, this is babae!

 

The software I want to introduce this week is PiVPN. There are a few reasons why you would want to always be on a virtual private network (VPN), but this is not the commercial VPN that you see ads for.  

 

 The simple explanation of what a VPN does is that it allows for you to access a private network from the Internet. The difference between a commercial VPN, and your own private VPN is the private network you are accessing. Most people subscribe to a commercial VPN to access a private network in a different geographical location.  

 

 The data we send to and receive from Internet contains internet protocol (IP) addresses. If you remember from the very first post in the series where I talked about the Pi-hole, computers need IP addresses to know where to send data to. My computer needs to know where the computer/server that is hosting google.com to send my search query. The server hosting google.com will process my search query and will need to know my computer's IP address to send the results back to me.  

 

 When you connect to a VPN, you are essentially part of that private network, and the IP address in the header of your Internet traffic will belong to that private network. Web services, such as Netflix, will check the IP making the requests to see where you are, and provide you with content that they are legally able to in your region. This is called geo-blocking, and it makes commercial and legal sense for them. As the end-user, however, I understand why many people would use VPN to access more content that they are not entitled to.  

 

 Aside from circumventing geo-blocking, commercial VPN companies also advertise privacy and anonymity. So, let's go back to the google example. When you send a search query to google.com through a VPN, google.com will see the IP address of the VPN server and send back the results to the VPN server. The VPN server will then forward the results to your computer. Do you see the problem? Google thinks that the VPN is making the request, and does not know it is you but the VPN has to know that it is you, or else they won't be able to forward the results from google back to you. 

 

Now, I am not going to evaluate the validity of these VPN companies' claims on privacy and anonymity, and to be fair, some of these companies run their servers on violatile memory (basically RAM), and upon power down or reboot, all data will be lost. Many of these companies also promise a no-logging policy, which means that they do not keep track of user's activity when connected. However, I have heard of cases in the US where authorizes were able to track down criminals who do use a VPN with such no-logging policies. 

 

 

Going back to what I said in the beginning though, this is not a post about commercial VPN. The above is just to introduce what VPN's are through what people commonly known/use them for. 

 

 

Many others will know VPN at their workplace. You have a hard drive on a server that is connected to a network. When you are at work, you can access that drive on your computer. You may even have applications that only work when you are at work. Then the boss asks you to bring some work home, which is increasingly common as more and more people work from home during COVID. The IT team (sometimes a one-man-team) will set up your home computer or supply you with a company laptop to connect to your work server via a VPN. Now, you can work from home as if you were at work. That is also an illustration of what a VPN is and what it can do. 

 

 

PiVPN works closer to the latter example. When you use PiVPN, you can connect your phone, laptop, or tablet back to your home network. The traffic will appear to originate from your home. If you are traveling aboard, your VPN will let you watch Netflix as if you were at home - similar to what a commercial VPN does for you, but they offer hundreds of locations. If you have a network attached storage (NAS), you can access all of your files from anywhere without sending those files to a cloud. Essentially, you have a private cloud. The biggest selling point for having your own VPN is that your traffic on cellular or public Wi-Fi connections is secure. 

 

Without being a hacker, I can sniff any and all data that is passed through my network at home with a program called Wireshark. On a public Wi-Fi or even private Wi-Fi at your friend's place, anything you send and receive can be intercepted by someone else on the network. Now, a lot of things are encrypted these days. For example, when you go to pay on Amazon, your connection is secured through HTTPS. The same is true for most websites so you don't have to worry too much about your username and passwords being exposed. However, your DNS lookups and traffic on non-encrypted protocols are still vulnerable. 

 

If you are interested in setting up your own VPN, the installation is quite simple. SSH into your Pi and enter the following command: 

curl -L https://install.pivpn.io | bash 

 

There will be prompts during the install to select a protocol. I would highly recommend Wireguard, as this is the future. It is quite new but I think it will eventually replace OpenVPN as the faster and more secure VPN standard. 

 

Another prompt will be for a port number. Any unused port should be fine, but just change the default one by a few digits at the end. I don't like keeping defaults for security reasons. If you have installed UFW from a few posts back, don't forget to allow the port on UFW. Secondly, you will need to forward all communications from that port to that port on your Pi on your router. Look up port-forwarding on your router's manual. 

 

The most difficult part for some is establishing a static IP address. Some Internet service providers (ISP) may grant you one but most will not. I haven't seen my IP changing in the last three months, but I know it happens. I happen to have a Google domain, which also updates my IP every hour. If you don't have a domain and don't want one, you can get one from noip.com for free. And sorry, this post is more of an introduction than a guide so you will have to go through that process yourself. 

 

If you have Pi-hole installed, PiVPN will detect it and ask to use your Pi-hole as your DNS. 

 

Please let me know if you are stuck in any of the steps and I'll try to help you out. 

 

Whether you want a VPN for access to resources on your network, such as a network drive, or security, you pay a small price - which is speed. My home connection is 300 mbps, and my cellular connection is about 75 mbps. When I use my VPN, my connection speed drops to 15 to 25 mbps, which has been more than sufficient for what I use my phone for. 

 

The choice is yours, and I am just introducing you to more things to think about, and more projects for you to try on your Pi. 

 

Stay tuned next week for setting up a LAMP server. 

 

라즈베리파이를 이용해서 VPN 설치를 알아봤습니다! 다음주는 파이로 LAMP 서버 세팅하는 것을 알아보겠습니다! 

 

라즈베리파이에 대해서 궁금한 점이나 따라하시다 막히는 게 있으면 댓글 달아주세요

 

읽어주셔서 감사합니다 :)