Raspberry Pi: How to configure a Raspberry Pi as a web proxy with OpenVPN

Please note the following requirements: 

• Raspberry Pi with sticky IP address
• Raspbian OS
  
• Up to date software packages
• A CyberGhost account
  Info: Here's how to create a CyberGhost account online
  Info: How to manage your CyberGhost account
• A CyberGhost subscription
  Info: How to purchase or upgrade a subscription
  Info (only prepaid subscribers): Enter activation key

Disclaimer: Please keep in mind that, although the technical process is as thoroughly documented as possible, you need to have at least some technical understanding. There's always a chance for an overseen mistake and/or things have changed and the article is not updated yet. 

Step 1

Open your router's web interface and assign a sticky IP address to your Raspberry. Depending on your router model and/or manufacturer the respective option(s) can be found in different places, so make sure you have a proper documentation of your router at hand, which you can consult to find the right spot.

Step 2

Visit your CyberGhost VPN online account and login with your Username and Password

1. Click on the "VPN" section from the left-side menu
2. Scroll down and then click on "Configure Device"
   
3. In the new window, choose your desired protocol, in our example: OpenVPN and your preferred country and server group, as described below.

Also type in a Device name to assign to your device, then configure the parameters for the new device.

• For the purpose of setting OpenVPN for your Router, choose OpenVPN from the Protocol drop down menu. Your desired Country and Server Group, as described below, need to be defined too:

  • Protocol : For Raspberry Pi configurations, please choose Open VPN
  • Country : Since native protocol connections may only be used with exactly one server you now have to choose the country you want to surf from; the server to be used in this country will be chosen by CyberGhost automatically.
  • Server group : Choose the server group accordingly

Note : Please note that the above step depends on the OpenVPN client used : version 2.4 or 2.3.

• UDP allows higher speed than the TCP version, but can result in broken downloads in some cases. This is the default setting.
• TCP allows more stable connections than the UDP version, but is a bit slower. Choose this version, if you have recurrent connection issues such as sudden disconnections.

After setting up your preferred settings, save them with "Save Configuration"

To view the OpenVPN credentials that are generated for you on the configuration dashboard, press 'View' : 

Once the new page is opened, your connection credentials are generated for you but make note of the following information:

• Server group: This is the address of the country (server) you want to be connected with, e.g. '12345-1-ca.cg-dialup.net'. Note: This address changes with every country you have chosen in the step before. The actual single server to be used will be chosen automatically by CyberGhost.
• User name: A solely for this protocol generated user name. This is NOT your regular CyberGhost account user name, it's used only to authenticate with our servers via Manual Configurations.
• Password (you need to check the "Show Password" option in order to see it): A solely for protocol usage generated password. This is NOT your regular CyberGhost account Password, it's used only to authenticate with our servers via Manual Configurations.
• Pre-Shared Key

Please download the configuration file. For that please click on 'Download configuration' and download the config file to your computer (it's recommended that you create a special folder for the config, somewhere accessible like your Desktop and Extract/Copy the contents of the .zip file there). 

Now, the saved config is a ZIP file, which contains the following single files:

• ca.crt: This is the certificate of the certification authority
  
• client.crt: This is the user certification file 
• client.key: This is your private key file
• openvpn.ovpn: This is your OpenVPN configuration file

If you need to change the country you connect to, you must re-configure the location to use in your account management and download the new zipped config file.

Step 3

Make sure you have the right packages: Before you can begin configuring your network settings make sure you already installed the needed packages and have an up to date system:

Download the package information by opening a console and typing :

sudo apt-get update && sudo apt-get upgrade

Once done download the needed OpenVPN package with :

sudo apt-get install openvpn openssl openresolv

Now install your wanted webproxy, e. g. 'Privoxy':

sudo apt-get install privoxy

Privoxy listens to connections ariving the Raspberry through the assigned IP (for example 192.168.178.24) and port 8118. To check open the Privoxy configuration file ('/etc/privoxy/config') and look out for the line 'localhost:8118'.

Step 4

To adjust the IP address for Privoxy, type in this command:

sudo nano /etc/privoxy/config

Confirm and scroll down to section 4.1. There you change the 'listen-address' entry to the address you assigned for your Raspi in your Router configuration, in this example it is '192.168.178.24':

listen-address 192.168.178.24:8118

Restart the Raspberry.

To check your web proxy connection, you need a different computer in the same local network like your Raspi. There you open a browser window and then the browser's settings to add the address of the web proxy, e. g. in Firefox 'Preferences -> Advanced -> Connection -> Settings'. There you activate 'Manual Proxy Configuration' and add address and port of the Privoxy web server, in this example it's '192.168.178.24' and '8118'. Now you should be able to surf the Internet as if you were connected directly.

Step 5

Unzip all files of the downloaded CyberGhost configuration ZIP file, rename the file 'openvpn.ovpn' to e. g. ‘CG_RO.conf’ (depends on the location you have chosen before) and copy all files into your OpenVPN directory on your Raspi. For that first move to the folder in which you unzipped all files by typing:

cd [path to configuration folder]

Now copy them:

sudo cp CG_XX.conf /etc/openvpn/
sudo cp ca.crt /etc/openvpn/
sudo cp client.crt /etc/openvpn/
sudo cp client.key /etc/openvpn/

If you want to surf from more than one country, download after the selection of a different country in your account management the next zipped configuration file and rename the new 'openvpn.ovpn' to 'CG_AnotherCountry.conf'.

For two different countries you need for example do the following steps:

1. Specify device, protocol and operating system
2. Choose a country, e.g. USA
3. Download the zipped configuration file with certificates, key and OpenVPN configuration file
4. Unzip the downloaded file and copy all files in your OpenVPN configuration folder
5. Rename the OpenVPN configuration file from ‘openvpn.ovpn’ to ‘CG_USA.conf’.
6. Choose the next country, e.g. Romania
7. Download the next zipped configuration file
8. Unzip the downloaded file and copy just the file 'openvpn.ovpn' into the configuration folder 
9. Rename it to ‘CG_RO.ovpn’.
10. etc. ...

Step 6

Move to the OpenVPN directory:

cd /etc/openvpn 

To be able to log in automatically, save your user name and password in a file called ‘user.txt’ and store it in your OpenVPN folder. For that, first move to the respective folder:

cd /etc/openvpn

Enter the following command to create and open a text file called 'user':

sudo nano user.txt

Type in your credentials (one in each line). In the first line type in the user name created in step 1, in the second line the password, also created in step 1, both as displayed in your account management when setting up a connection:

Username
Password

#First line is a generated username and the second line is a generated password.

DO NOT use your regular CyberGhost user name and password, which you use to login in the client and your account management!

Save your changes with ‘CTRL+O’ and leave the editor via ‘CTRL+X’

Next open the configuration file ‘CG_XX.conf’ by typing

sudo nano CG_XX.conf

Extend the line ‘auth-user-pass’ …

[...]
auth-user-pass
[...]

… with the path to your credential file:

[...]
auth-user-pass /etc/openvpn/user.txt
[...]

At the bottom of the configuration passage (after 'verb 4') add the following two lines:

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Save via ‘CTRL+O’ and leave the editor with ‘CTRL+X’.

Then get the file auto loaded by typing

sudo nano /etc/default/openvpn

and adding the following line:

AUTOSTART="CG_XX"  (the name of the file WITHOUT the file extension ‘.conf’)

Again, save with ‘CTRL+O’ and leave the editor with ‘CTRL+X’.

At last type in your console:

sudo update-rc.d openvpn enable
sudo service openvpn start

Step 4

Again, open a browser window on a different PC in the same local network like your Raspi. Move to the browser's settings to add the address of the web proxy (like described above for Firefox) and activate the 'Manual Proxy Configuration'. Add address and port of the Privoxy web server, in this example it's '192.168.178.24' and '8118'.

To test your IP use a site like https://whoer.net/. Furthermore you might want to open the website https://dnsleaktest.com/ and test on leaks. For that choose ‘Standard Test’ or ‘Extended Test’.