A Virtual Private Network (VPN) is a secure private network that runs over the public Internet. It works by creating a secure encrypted tunnel over the Internet between devices. VPNs have become increasingly popular in recent years, largely because they offer increased security and privacy without the need for setting up expensive and complex new hardware. VPNs can even run on Raspberry Pis allowing you have your private VPN at any time at a reduced cost.

The VPN software selected is Tinc because

  • of its relatively lightweight nature.
  • allows communication with any of the other nodes directly without needing a central node.
  • multiple different VPNs simultaneously.
  • allowing you to separate your gaming buddies, work and personal into different VPNs.

Below is the proposed diagram for securely connecting both the nodes securely.

Proposed VPN diagram

The following instructions allows the creation of a VPN between a remote Ubuntu server and a Raspberry Pi at home. You can add as many nodes as you want but for the purpose of this document, we will just be using the above 2 nodes. I wrote a script to help with the setup of the VPN nodes using Tinc to make sure I don’t miss a step in the process. Feel free to adapt the script for your own use as you see fit.

Step 1: Setup Tinc on Ubuntu Server

  1. This Ubuntu Server is running Zesty (17.04).
  2. Install Tinc
    • apt install tinc
  3. Create the necessary configuration files & folders using this helper script. It’s been tested on both Ubuntu & Raspbian Stretch.
  4. Before running the script, export the following variables to customize it to your preference. Below is an example for this node.

Step 2: Setup Tinc on Home Raspberry Pi

  1. This Raspberry Pi is running Raspbian Stretch.
  2. Install Tinc
    • apt install tinc
  3. Create the necessary configuration files & folders using this helper script. It’s been tested on both Ubuntu & Raspbian Stretch. Use the same script as above to generate the necessary information.
  4. Before running the script, export the following variables to customize it to your preference. Below is an example for this node.

Step 3: Exchange the necessary information

The following uses the example provided in the above example. Replace the names of the nodes as needed.

  1. On Ubuntu Server.
    • You need the file stored on the Raspberry Pi at /etc/tinc/{my_private_vpn}/hosts/raspi.
    • Copy the file raspi to the Ubuntu server and move it to the following location /etc/tinc/{my_private_vpn}/hosts/raspi.
    • The Raspberry Pi is behind a NAT and I didn’t want to add any port forwarding on my router so I don’t need to make any other changes here.
    • Set Tinc service to start on server start-up
      • systemctl enable tinc
    • Start the Tinc service for this VPN
      • systemctl start tinc@my_private_vpn
    • Set this Tinc VPN service to start on server start-up
      • systemctl enable tinc@my_private_vpn
  2. On Home Raspberry Pi.
    • You need the file stored on the Uubntu Server at /etc/tinc/{my_private_vpn}/hosts/ubuntu.
    • Copy the file ubuntu to the Raspberry Pi and move it to the following location /etc/tinc/{my_private_vpn}/hosts/ubuntu.
    • The Ubuntu server is publicly accessible so I make the following changes to /etc/tinc/{my_private_vpn}/tinc.conf
      • Add ConnectTo = ubuntu at the end of the file to set this node to establish a connection to our Ubuntu Server. Save and quit this file.
    • Set Tinc service to start on server start-up
      • systemctl enable tinc
    • Start the Tinc service for this VPN
      • systemctl start tinc@my_private_vpn
    • Set this Tinc VPN service to start on server start-up
      • systemctl enable tinc@my_private_vpn