Please note the following requirements:
- Raspberry Pi with sticky IP address
- Raspbian OS
- Up to date software packages
- A CyberGhost account
Info: Here's how to create a CyberGhost account online
Info: How to manage your CyberGhost account
- A CyberGhost subscription
Info: How to purchase or upgrade a subscription
Info (only prepaid subscribers): Enter activation key
When using a Raspberry with a native VPN protocol please make sure that your VPN protocol software supports the Internet protocol IPv6 along with IPv4 or run an IPv4 Internet connection only. Many Internet Service Providers connect with the IPv6 protocol or offer both Internet protocols, IPv4 and IPv6, at the same time and as long as a native VPN protocol doesn't support IPv6 you risk data leaks (since an IPv6 connection can bypass the tunneled IPv4 connection). While the CyberGhost client does support IPv6 and therefor prevents IPv6 leaks, users of native VPN protocols need to deactivate IPv6 manually. Please consult the manual of the Linux distribution you are using to find out, how this task can be accomplished. Here you find some examples.
Disclaimer: Please keep in mind that, although the technical process is as thoroughly documented as possible, you need to have at least some technical understanding. There's always a chance for an overseen mistake and/or things have changed and the article is not updated yet.
Open your router's web interface and assign a sticky IP address to your Raspberry. Depending on your router model and/or manufacturer the respective option(s) can be found in different places, so make sure you have a proper documentation of your router at hand, which you can consult to find the right spot.
Visit your CyberGhost VPN online account.
Click on the menu entry 'My Devices' and then on button 'Add Device'.
In the list of Operating Systems you can CyberGhost use with, please click on 'Other' to be able to setup all necessary options for the OpenVPN protocol. When done the screen extends and gives way to 'Create new credentials'. Do it by clicking on the respective button.
Scroll up the page. As you see, the placeholder for a new device is now replaced by 'Linux, Router, etc.'. Click on that button:
Type a name for your new device and activate the wanted extra features, provided with each regular subscription:
Scroll down and generate the login and configuration data for the OpenVPN protocol:
- Protocol: Choose the OpenVPN protocol you want to use:
OpenVPN (UDP): UDP allows higher speed than the TCP version, but can result in broken downloads in some cases. This is the default setting.
OpenVPN (TCP): TCP allows more stable connections than the UDP version, but is a bit slower. Choose this version, if you have recurrent connection issues such as sudden disconnections.
- Country: Since native protocol connections may only be used with exactly one server you now have to choose the country you want to surf from; the server to be used in this country will be chosen by CyberGhost automatically. (If you want or need different PPTP, L2TP or OpenVPN connections in different countries, repeat all steps for every country.)
- Server group: Depending on the chosen country as well as the availability of different server types as an attribute of your current plan you can also define a server group to use:
Standard and Premium Server: This is the group of all paid service servers of the country chosen. Subscribers of a Special Edition with limited access can't use regular Premium servers.
NoSpy Server: This is the group of all exclusive NoSpy servers of the country chosen. These servers can only be accessed by those subscribers, who opt for them as an additional feature.
After setting up your connection wishes please note down the following data sets. You will need them to configure your device:
- Server: This is the address of the country (server) you want to be connected with, e.g. '1-ro.cg-dialup.net'. Note: This address changes with every country you have chosen in the step before. The actual single server to be used will be chosen automatically by CyberGhost.
- User name: A solely for protocol usage generated user name. This is NOT your regular CyberGhost account user name.
- Password: A solely for protocol usage generated password. This is NOT your regular CyberGhost account password.
Once done, please download the configuration file. For that please click on 'Download Configuration' and save the file on your computer. It's a ZIP file, which contains the following single configuration files:
- ca.crt: This is the certificate of the certification authority
- client.crt: This is the user certification file
- client.key: This is your private key file
- openvpn.ovpn: This is your OpenVPN configuration file
Make sure you have the right packages: Before you can begin configuring your network settings make sure you already installed the needed packages and have an up to date system:
Download the package information by opening a console and typing
sudo apt-get update && sudo apt-get upgrade
Once done download the needed OpenVPN package with
sudo apt-get install openvpn openssl openresolv
Now install your wanted webproxy, e. g. 'Privoxy':
sudo apt-get install privoxy
Privoxy listens to connections ariving the Raspberry through the assigned IP (for example 192.168.178.24) and port 8118. To check open the Privoxy configuration file ('/etc/privoxy/config') and look out for the line 'localhost:8118'.
To avoid problems rising up from the network protocol IPv6 you need to deactivate it. For that open and edit the configuration file 'sysctl' with the Nano editor:
sudo nano /etc/sysctl.conf
Scroll down until you reach the end of the file and add the following line:
net.ipv6.conf.all.disable_ipv6 = 1
Press 'CTRL + X', then 'Y' and confirm all questions until you can save your changes. Close the Nano editor.
To adjust the IP address for Privoxy, type in this command:
sudo nano /etc/privoxy/config
Confirm and scroll down to section 4.1. There you change the 'listen-address' entry to the address you assigned for your Raspi in your Router configuration, in this example it is '192.168.178.24':
Restart the Raspberry.
To check your web proxy connection, you need a different computer in the same local network like your Raspi. There you open a browser window and then the browser's settings to add the address of the web proxy, e. g. in Firefox 'Preferences -> Advanced -> Connection -> Settings'. There you activate 'Manual Proxy Configuration' and add address and port of the Privoxy web server, in this example it's '192.168.178.24' and '8118'. Now you should be able to surf the Internet as if you were connected directly.
Unzip all files of the downloaded CyberGhost configuration ZIP file, rename the file 'openvpn.ovpn' to e. g. ‘CG_RO.conf’ (depends on the location you have chosen before) and copy all files into your OpenVPN directory on your Raspi. For that first move to the folder in which you unzipped all files by typing:
cd [path to configuration folder]
Now copy them:
sudo cp CG_XX.conf /etc/openvpn/
sudo cp ca.crt /etc/openvpn/
sudo cp client.crt /etc/openvpn/
sudo cp client.key /etc/openvpn/
If you want to surf from more than one country, download after the selection of a different country in your account management the next zipped configuration file and rename the new 'openvpn.ovpn' to 'CG_AnotherCountry.conf'.
For two different countries you need for example do the following steps:
- Specify device, protocol and operating system
- Choose a country, e.g. USA
- Download the zipped configuration file with certificates, key and OpenVPN configuration file
- Unzip the downloaded file and copy all files in your OpenVPN configuration folder
- Rename the OpenVPN configuration file from ‘openvpn.ovpn’ to ‘CG_USA.conf’.
- Choose the next country, e.g. Romania
- Download the next zipped configuration file
- Unzip the downloaded file and copy just the file 'openvpn.ovpn' into the configuration folder
- Rename it to ‘CG_RO.ovpn’.
- etc. ...
Move to the OpenVPN directory:
To be able to log in automatically, save your user name and password in a file called ‘user.txt’ and store it in your OpenVPN folder. For that, first move to the respective folder:
Enter the following command to create and open a text file called 'user':
sudo nano user.txt
Type in your credentials (one in each line). In the first line type in the user name created in step 1, in the second line the password, also created in step 1, both as displayed in your account management when setting up a connection:
DO NOT use your regular CyberGhost user name and password, which you use to login in the client and your account management!
Save your changes with ‘CTRL+O’ and leave the editor via ‘CTRL+X’
Next open the configuration file ‘CG_XX.conf’ by typing
sudo nano CG_XX.conf
Extend the line ‘auth-user-pass’ …
… with the path to your credential file:
At the bottom of the configuration passage (after 'comp-lzo') add the following two lines:
Save via ‘CTRL+O’ and leave the editor with ‘CTRL+X’.
Then get the file auto loaded by typing
sudo nano /etc/default/openvpn
and adding the following line:
AUTOSTART="CG_XX" (the name of the file WITHOUT the file extension ‘.conf’)
Again, save with ‘CTRL+O’ and leave the editor with ‘CTRL+X’.
At last type in your console:
sudo update-rc.d openvpn enable
sudo service openvpn start
Again, open a browser window on a different PC in the same local network like your Raspi. Move to the browser's settings to add the address of the web proxy (like described above for Firefox) and activate the 'Manual Proxy Configuration'. Add address and port of the Privoxy web server, in this example it's '192.168.178.24' and '8118'.