alanbchristie · April 18, 2025 12:10
diff --git a/openvpn.txt b/openvpn.txt
 # Starting with a Pi flashed with 'Raspberry Pi OS Lite (32-bit)'
 #
 # I used the following:
 #
 # - Raspberry Pi 4 Model B Rev 1.1 (4Gi) [cat /proc/cpuinfo]
 # - Debian 11.1 [cat /etc/debian_version]
 # - Raspbian GNU/Linux 11 (bullseye) [cat /etc/os-release]
 #
 # And the instructions (pivpn) installs: -
 #
 # - OpenVPN 2.5.1 [openvpn --version]
 #
 # Follow the instructions in the PCMag article...
 # https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi
 # That's very simple and needs no further explanation.
 #
 # In my setup I'd already set a static IP for the RPi on the network,
 # changed the default password and installed an SSH key for the 'pi' user.
 #
 # - So I say 'Yes' to keep the DHCP reservation (192.168.0.20)
 # - Keep user 'pi' as the user for VPN
 # - Select OpenVPN as the installtion mode (rather than WireGuard)
 # - Say 'No' to customisation of settings
 # - Then leave the OpenVPN port alone at '1194'
 # - Left the DNS provider at the default, i.e. 'Quad9'
 # - As I have a no-ip account I select DNS entry rather than a Public IP
 #   and then enter the public DNS I've registered
 # - I then enable the 'unattended upgrades' feature
 #
 # That's it.
 #
 # You then run 'pivpn add' to create a client profile
 # and 'pivpn help' for help.
 #
 # Any new OpenVPN configuration files you generate will be written to:-
 #   /home/pi/ovpns
 # Any new WireGuard configuration files you generate will be written to:-
 #   /home/pi/configs
 # Rememberm you can also generate a text-based QR code for WireGaurd
 # configurations with 'pivpn -qr'
 #
 # Certificates you create can be checked for expiry using openssl.
 # For example, the get the expiry of Yellowhammer2027.ovpn you could run: -
 #
 #   openssl x509 -enddate -noout -in Yellowhammer2027.ovpn
 #
 # To list all the generated certificate and their expiry dates run: -
 #
 #   pivpn list
 #
 # Once installed and running you should find basic logging in '/var/log/openvpn.log'.
 # The logfiles should be about 1MiB long but you may also want to setup a cron-based
 # log file pruner as described in...
 # https://openvpn.net/vpn-server-resources/logging-and-debug-flag-options-for-access-server/
 #
 # Run 'crontab -e'
 # And add a line suitable for your files,
 # This was good for me...
 # '0 4 * * * rm /var/log/openvpn.log.{15..1000} >/dev/null 2>&1'
 #
 # You can create a QR code in the terminal with the following.
 # It will present you with all the clients and you select one
 # to get its QR code rendered in the terminal: -
 #
 # pivpn -qr
	# Starting with a Pi flashed with 'Raspberry Pi OS Lite (32-bit)'
	#
	# I used the following:
	#
	# - Raspberry Pi 4 Model B Rev 1.1 (4Gi) [cat /proc/cpuinfo]
	# - Debian 11.1 [cat /etc/debian_version]
	# - Raspbian GNU/Linux 11 (bullseye) [cat /etc/os-release]
	#
	# And the instructions (pivpn) installs: -
	#
	# - OpenVPN 2.5.1 [openvpn --version]
	#
	# Follow the instructions in the PCMag article...
	# https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi
	# That's very simple and needs no further explanation.
	#
	# In my setup I'd already set a static IP for the RPi on the network,
	# changed the default password and installed an SSH key for the 'pi' user.
	#
	# - So I say 'Yes' to keep the DHCP reservation (192.168.0.20)
	# - Keep user 'pi' as the user for VPN
	# - Select OpenVPN as the installtion mode (rather than WireGuard)
	# - Say 'No' to customisation of settings
	# - Then leave the OpenVPN port alone at '1194'
	# - Left the DNS provider at the default, i.e. 'Quad9'
	# - As I have a no-ip account I select DNS entry rather than a Public IP
	# and then enter the public DNS I've registered
	# - I then enable the 'unattended upgrades' feature
	#
	# That's it.
	#
	# You then run 'pivpn add' to create a client profile
	# and 'pivpn help' for help.
	#
	# Any new OpenVPN configuration files you generate will be written to:-
	# /home/pi/ovpns
	# Any new WireGuard configuration files you generate will be written to:-
	# /home/pi/configs
	# Rememberm you can also generate a text-based QR code for WireGaurd
	# configurations with 'pivpn -qr'
	#
	# Certificates you create can be checked for expiry using openssl.
	# For example, the get the expiry of Yellowhammer2027.ovpn you could run: -
	#
	# openssl x509 -enddate -noout -in Yellowhammer2027.ovpn
	#
	# To list all the generated certificate and their expiry dates run: -
	#
	# pivpn list
	#
	# Once installed and running you should find basic logging in '/var/log/openvpn.log'.
	# The logfiles should be about 1MiB long but you may also want to setup a cron-based
	# log file pruner as described in...
	# https://openvpn.net/vpn-server-resources/logging-and-debug-flag-options-for-access-server/
	#
	# Run 'crontab -e'
	# And add a line suitable for your files,
	# This was good for me...
	# '0 4 * * * rm /var/log/openvpn.log.{15..1000} >/dev/null 2>&1'
	#
	# You can create a QR code in the terminal with the following.
	# It will present you with all the clients and you select one
	# to get its QR code rendered in the terminal: -
	#
	# pivpn -qr