PiZero USB VPN SideCar

Thanks to PoisonTap I have finally had a reason to pull my PiZero out of the ever growing “Stuff to Hack” pile and start  working on it.   I have a couple of neat ideas that are coming down the pipeline but this weekend I built a VPN sidecar using a USB OTG Gadget. I wanted to be able to use the PiZero to offload some slow processes (big nmap scans) and as a place to verify findings through an always on VPN connection (I like and use Private Internet Access).

Configuration  is fairly simple and only takes about 30 minutes: 

Install your pizero as an ethernet gadget.

Share Your Internet Connection With Your PI:

You can now login into your PiZero at:
pi@raspberrypi.local

Update Your Pi and install OpenVPN:
sudo apt-get update && sudo apt-get -y dist-upgrade
sudo apt-get -y install openvpn
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
unzip openvpn.zip -d openvpn
sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/
sudo cp "openvpn/US Texas.ovpn" "/etc/openvpn/Texas.conf"
#You can use a diffrent VPN endpoint if you like. Note the extension change from ovpn to conf.
sudo reboot


Create /etc/openvpn/login containing only your username and password, one per line, for example:
username
password123

Change the permissions on this file so only the root user can read it:
sudo chmod 600 /etc/openvpn/login

Setup OpenVPN to use your stored username and password by editing the the config file for the VPN endpoint:
sudo nano /etc/openvpn/Texas.conf

Change the following lines so they go from this:
auth-user-pass > auth-user-pass /etc/openvpn/login
crl-verify crl.rsa.2048.pem > crl-verify /etc/openvpn/crl.rsa.2048.pem
ca ca.rsa.2048.crt > ca /etc/openvpn/ca.rsa.2048.crt

Test VPN:
sudo openvpn --config /etc/openvpn/Texas.conf

If the VPN is working you will see:

Next step is to enable VPN at boot:
sudo systemctl enable openvpn@Texas
sudo reboot

After reboot verify VPN connection:

You now have an always on PiZero USB VPN SideCar! Have fun.   🙂

Site Footer