My parents and I, who come from the Netherlands, have recently bought a cabin in Norway. We have a lot of wishes and ideas for this cabin, but one of the first projects I started on right after we signed the contract was the setup of a VPN server on a Raspberry Pi. The goal is to have any device connecting to the WiFi in the cabin appearing to be in the Netherlands, so that my parents can ‘work from home’ from the cabin and can stream Dutch TV and Dutch Netflix. For this to work, we need a router that can act as a VPN Client and a VPN Server to connect to.

By having the router connecting to the VPN Server, any device that connects to the router will also be connected via the same tunnel to the internet. By installing the VPN server on a Raspberry Pi, I can just ship a readily installed unit to the Netherlands with minimal setup steps for my parents while they remain 100% in control of their VPN endpoint. This is important to ensure that for example Netflix will not block their stream, as any data appears to come from their own home instead of a (known) VPN provider.

For this project we use the following components:

• Raspberry Pi model 3B
• 3D printed case
• Asus 4G-AC68U 4G modem/router

I recently bought an Asus RT-AC66U B1 router, which I know can act as a VPN Client. The Asus 4G-AC68U is a model from the same product line, which also includes a 4G simcard slot.

Software-wise, we only need only a handful of services/programs:

• The latest Raspbian Lite
• PiVPN
• A Dynamic DNS provider, I’m using Google Domains
• ddclient

Setup

The first step is obviously to flash Raspbian on an SD-card and shuf it into the Raspberry. I’m using Raspbian Lite since we know exactly which software packages we are going to use, and any dependencies will be installed with them. This will keep the overall system performance as high as possible.

After setting up Raspbian, we use SSH to log in as root and install PiVPN. PiVPN will install either OpenVPN or WireGuard, in our case OpenVPN as this is also supported in the Asus router. I have set up the IP configuration to be dynamic, so it can adapt to the setup in my parent’s house once it arrives in the post. Other than that I’ve used the standard settings, obviously choosing the right DNS Provider (Google Domains). I had also set up a Dynamic DNS entry in Google Domains prior to the Raspberry Pi installation, which will be used for this VPN setup.

Dynamic IP lookup

Since I don’t know the public IP address of my parents house (and they might have a dynamic IP address that changes every once in a while), one can use Dynamic DNS. Basically, Dynamic DNS checks the current public IP address of the host and sends this to a pre-configured DNS provider. The provider matches the IP address, for example 185.176.244.205, to a subdomain name, for example cloud.jessendelft.org. This way, anytime a device tries to find cloud.jessendelft.org they only have to ask the DNS provider, which will then provide them with the correct public IP address. To achieve this on the Raspberry Pi we can use ddclient. ddclient only needs to know a few basic parameters such as the login credentials of the DNS provider and does the rest by itself. It runs as a deamon in the background, automatically checking and updating the current public IP address in the DNS register.

I generated two OpenVPN configuration files which can be uploaded to VPN Clients and allows them to connect to the server, one for the Asus router and one for my private PC so I can test & debug the entire setup. These configuration files include instructions to use one of my subdomains to find the current public IP address of the OpenVPN Server in the Netherlands. This keeps the setup easy and flexible.

Lastly, I entered the Wi-Fi credentials of my parents house in a file called ‘wpa-supplicant.conf’ and placed this in the /boot/ folder of the Raspberry Pi, so they can use it both in wired and wireless mode. After running a few tests it was then ready to send it in the post, and hope that all works! I also included a guide for my father to set up the required port forwarding in his router in the Netherlands, so the VPN Server can be found from the internet.

Testing the setup

When the Raspberry Pi had arrived in the Netherlands it was time to put it to the test. We forwarded the required port in the router, gave it a static local IP address and attempted to connect from Norway.

Connecting was successful!
However, the test-pc did not have internet access.

Some debugging later revealed that the ethernet port did not have the default eth0 name, but something more tropical. Changing the name of the ethernet port in the configuration (iptables) fixed the problem and allowed internet access through the VPN tunnel. Hooray!

Lastly we installed Log2Ram, which limits the logging done to the SD-card to extend the lifetime of the system. SD-cards can get corrupted when written too often to, so in order to limit the amount of write cycles Log2Ram will save all logs in RAM memory and only once a day write the entire logfiles to the SD-card.

A reboot to make sure everything works and it was finally time to check the speed of the connection!

Honestly, this is 10x as high as expected when we started on this project so we’re certainly very happy about this! This will allow my parents to comfortably travel to their cabin and use the internet, while they appear to be in the Netherlands.