I’ve noodled around with Raspberry Pi devices for a few years now. I gave my son one for his birthday a few years back and he learned Scratch programming on it along with some basic Python. He’s since discovered soccer/fútbol/fußball. I’m hoping for fame in the Bundesliga. (Oh hai Bayern fam. Oh you’re Dortmund? Get out.)
Then I turned one into an Octoprint server for my 3d printer. That actually has been very utilitarian so that I didn’t need to keep my 3d printer (which is kinda loud, if I’m honest) constantly hooked up to a computer and in a place where it annoys everyone. Now it sits down in the spare office in the basement printing away with a little headless server driving it. Highly recommended.
I recently took the spare one (you know, because soccer) and thought, “It’s nice to have a VPN for work. Networks are hostile, it’s a nice way to make it less hostile. Maybe I should have a personal VPN.”
My goal for a VPN is simple: make the network I’m on less hostile. I’m not trying to get around geo restrictions on Netflix or anything like that. If I’m out in a coffee shop, traveling on hotel wifi etc and feel like I may be on a dodgy network, VPN would be nice. And, because I inherently don’t trust anything I don’t control, I’d want to run it myself.
Ah ha! New use for that Raspberry Pi. Some brief DuckDuckGo-ing and I came upon PiVPN. PiVPN is basically an installation script for OpenVPN on the Raspberry Pi. I had a look at the installation script for any hardcoded IPs and other red-flag things and the few things that there are seem to check out.
OpenVPN is an open source VPN solution. It’s also had a security audit which makes me trust it even more. I got PiVPN setup and then used this hardening guide to make it more secure. The part you’ll want to pay attention to is ensuring you’re using the stronger encryption ciphers. Out of the box PiVPN’s ciphers are a hair weak. You’ll also need to set up a Diffie-Hellman parameter file with openssl:
openssl dhparam -outform PEM -out dhparams.pem 2048
With that done you can set up a port forward on your router. Honestly, that was the hardest part of the process for me since I’d never done it on my Aerohive setup. They bury those settings.
So, with a little safe harbor set up for when I’m off my home network, what about when I’m on my home network?
PiHole is awesome. If you wish internet ads, trackers, drive-by malware etc would go die in a hole, PiHole is that hole for you.
Look at these guys who can fuck right off: