As long as you trust the people that made the certificate to only give it to the company that paid for it, and as long as you trust the bank to only install the certificate on their own servers, then you have a way to prove that the server you’re talking to belongs to the company you think it does, or at least a company that the authority vouched for.Īlthough I’m sure you trust your own word that the Raspberry Pi Home Server that you’ve been building is your own, your other computers are still going to want proof that the thing on the other side of the internet is, in fact, your server, and not someone else pretending to be your server. ![]() When you visit your bank’s website, and something in your address bar turns green, or grows a little lock, it means that someone at the bank went to some authority that we’ve all agreed to trust, and got a certificate that says “Yup these guys are the bank alright”, and installed it on the web server you’re talking to. I am not a security or cryptography expert, but this is, in layman’s terms, how internet security works. Warning: The explanation that follows is super-non-technical™, and probably wildly inaccurate in many important ways. Other tutorials exist out there to handle this part. In order to connect to your home network’s VPN when you are away from home, you are going to need either a static IP address, or a dynamic IP resolution service like My home router updates no-ip automatically, so I have not set up a program on the Raspberry Pi to do this. I’m just putting it into the same format as the other posts in the series, and organizing them in a logical progression, building on top of the previous posts in this series. Both are excellent reading, and go into far more depth about how all this stuff works than I plan to. That whitepaper was later paraphrased and simplified in a pair of posts by Lauren Orsini. Most of the information about how to set up OpenVPN comes from a whitepaper by Eric Jodoin of the SANS institute. You don’t need to worry about fellow patrons at the coffee shop listening in on your network traffic because the traffic between you and your VPN is highly encrypted. Running your own VPN means that no matter where you get an internet connection from, you are effectively “at home”. You can add these same abilities to your home network so that you can get to your stuff from work, or a hotel, or anywhere else with internet access. ![]() Developers sometimes use them to simulate traffic coming into their network from outside for testing. You may have used one in order to securely access resources on the network at your office when you’re on the road. VPNs let you route internet traffic through a secure, encrypted channel, back to a network that you trust and/or control. OpenVPN is an open-source, cross-platform, virtual private networking (VPN) application. In this article, we’ll set up the Raspberry Pi to act as an OpenVPN server, allowing you to securely access your home network from anywhere. Now that the whole house is humming along, sharing files, downloading things, and backing everyone up, you might be wondering if there’s anything left that the Raspberry can do for you. It makes me wish there were similar scripts for the other aspects of running a Raspberry Pi Home Server. Ten minutes later, most of which was eaten up by generating Diffie-Hellman keys, I had new ovpn files for my various devices, and everything just worked. Rather than go through all the steps of my own post, I thought I’d give PiVPN a shot at it. curl -L | bashĪfter recently having my cable modem upgraded (and finding that it out-performed my own wireless router), I was having some trouble getting my VPN working again. That means that everything you’re about to read can be condensed down to a single command. It’s basically everything in this article, completely automated. If, however, you’re just looking for the fastest way to set up a home VPN on a Raspberry Pi, then you should check out PiVPN. I encourage you to do so just to gain an understanding of what’s going on. Update: If you want to know what’s going on under the covers, or want tighter control over your exact configuration, then by all means, read this post in its entirety. Reading the instructions is one thing, but watching it done demystifies the whole process. If you have a Pluralsight subscription, please consider watching it. Self-Promotion: I have recorded this series as a screencast for Pluralsight: ![]() ![]() Please refer to the series Introduction for a list of all the different posts in the series. If you’ve started from something other than a non-NOOBS Raspbian image, then you’ll probably need to adjust for that. If you are just trying to add one thing to an existing system that was not built following this series, then I cannot promise that these instructions will work for you, although they probably will.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |