Set up PHproxy server on Raspberry PI

# PHproxy on raspberry pi
# tested on Soft-float Debian “wheezy” and standard Hard-float Raspbian “wheezy”
# NOTE youtube videos don’t play via this PHproxy
# Based upon these blogs

sudo apt-get update
sudo apt-get install apache2 -y
sudo apt-get install php5 -y
sudo apt-get install php5-mysql php5-curl -y
sudo a2enmod php5
sudo /etc/init.d/apache2 start

# for info see

cd /var/www
sudo mv /var/www/index.html /var/www/index_old.html
sudo wget
sudo unzip

# open web page
# if your connected to the same router as the Raspberry PI
# put in local IP address of PI e.g.
# As you know, to get to your PHproxy from the outside world
# you gotta do port forwarding and get a domain name or use
# IP address etc etc

# You can password protect the website if you want


Wrapping openVPN with stunnel

# Some countries like China, Syria, North Korea etc, are using deep packet inspection
# to detect and block openvpn connections.
# To get around this, VPN connections can be hidden inside another SSL envelope
# using a program called stunnel making the VPN look like something else

# This blog is based upon these
# Using Rasperry PI as Openvpn server, we wrap the openvpn signalling inside
# another SSL envelope using stunnel

# On Raspberry PI, after you have installed openvpn
# Install stunnel and openssl

sudo apt-get install stunnel4 openssl -y

# Generate your own  Private Key (server.pem)
cd /etc/stunnel/
sudo openssl genrsa -out server.key 4096
sudo openssl req -new -key server.key -out server.csr
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo bash
cat server.key > server.pem && cat server.crt >> server.pem
chmod 400 /etc/stunnel/server.pem

# enable stunnel
sudo nano /etc/default/stunnel4


# Server stunnel.conf   on Raspberry PI

sudo nano /etc/stunnel/stunnel.conf

sslVersion = all
options = NO_SSLv2
cert = /etc/stunnel/server.pem
pid = /var/run/
output = /var/log/stunnel

client = no

# Add Firewall setting  on Raspberry PI
# Edit the same firewall file we used for openvpn
# and add a new line

sudo nano /usr/local/bin/

iptables -A INPUT -p tcp --dport 993 -j ACCEPT

# Restart stunnel or reboot Raspberry PI and we are done

sudo /etc/init.d/stunnel4 restart

# check status
ps aux | grep 'stunnel*'

# Installing & configuring stunnel on windows client:

# You can download stunnel installer from the official website
# or check here
# Installation shouldn’t be a problem… it’s a few clicks

# On windows, you should see an stunnel icon on your desktop, run it as administrator.  
# Now you should see the stunnel icon also on the taskbar.
# Do a right click on it, and choose “Edit stunnel.conf”

# Notepad will opened automatically, to edit the stunnel.conf file…

# add the following lines:

client = yes
accept =
connect =

# Save & exit
# right click on stunnel icon, and click reload stunnel.conf

# in Windows, create a new text file called
# C:\Program Files (x86)\OpenVPN\config\raspberry_via_stunnel.ovpn
# this is the OpenVPN client configuration

dev tun
proto tcp
remote  localhost 1194
resolv-retry infinite
ca capi.crt
cert clientpi.crt
key clientpi.key
tls-auth tapi.key 1
ns-cert-type server
cipher AES-256-CBC
verb 3


Install Hamachi on Raspberry PI

# The benefit of Hamachi, is you don't need to do port forwarding on the router
# you can just connect it and then ssh to it
# using the Hamachi IP address.
# You need to create an account at
# its free to make a network upto 5 machines

# My post based upon this blog
# Check latest hamachi at

sudo dpkg -i logmein-hamachi_2.1.0.174-1_armhf.deb

sudo hamachi login
sudo hamachi attach [your hamachi email address]
sudo hamachi set-nick [whatever nickname you make]

# check status
sudo hamachi

# uninstall hamachi
sudo dpkg -r logmein-hamachi
sudo dpkg -P logmein-hamachi

# Backup

# TIP: I got error
# hamachi login
# Logging in .. failed, busy
# workaround
# /etc/init.d/logmein-hamachi stop
# /etc/init.d/logmein-hamachi start

Lazy command list to install openvpn server on raspberry pi

# Based upon these blogs

# Using SD card with "2012-08-08-wheezy-armel"
# Remember you gotta do port forwarding, not covered in this post
# Lets get started, start with an updated installation
sudo apt-get update

# Now install openvpn
sudo apt-get install openvpn -y
sudo mkdir /etc/openvpn/easy-rsa/
sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
sudo chown -R $USER /etc/openvpn/easy-rsa/

# You can put whatever you like in the vars file, it does not need to be accurate data
# just don't leave anything blank
# It will work, even if you leave everything as it is, even fields that says "changeme"
nano /etc/openvpn/easy-rsa/vars

# Now build certs and keys for server and client
# TIP: answer yes to Sign the certificate? [y/n]:y
# TIP: 1 out of 1 certificate requests certified, commit? [y/n]y
# leave everything else default, just keep pressing return

cd /etc/openvpn/easy-rsa/
source vars
./build-key-server server
./build-key clientpi

cd /etc/openvpn/easy-rsa/keys
sudo cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn
sudo mkdir $HOME/openvpn-client-files
sudo cp ca.crt clientpi.crt clientpi.key $HOME/openvpn-client-files
sudo mv $HOME/openvpn-client-files/ca.crt $HOME/openvpn-client-files/capi.crt
sudo chmod +r $HOME/openvpn-client-files/clientpi.key
sudo openvpn --genkey --secret /etc/openvpn/tapi.key
sudo cp /etc/openvpn/tapi.key $HOME/openvpn-client-files
sudo chmod +r $HOME/openvpn-client-files/tapi.key

# Now we create the OpenVPN client configuration on the Raspberry PI
# You could create this file in windows client PC if you want, which might be better
# remember files created in linux and transferred to windows will be missing CRLF
# if you want to edit it later on windows, it will appear as one long line
# we just do it on raspberry pi to group the 5 client files together

cd $HOME/openvpn-client-files/
sudo chown -R $USER $HOME/openvpn-client-files/
sudo nano $HOME/openvpn-client-files/raspberry.ovpn

dev tun
proto tcp
remote change_this_to_your_server_IP_address 34567
resolv-retry infinite
ca capi.crt
cert clientpi.crt
key clientpi.key
tls-auth tapi.key 1
ns-cert-type server
cipher AES-256-CBC
verb 3

# Nano editor TIP: CTRL+o writeout, in other words save the file
# CTRL+x exit

# Now, copy the 5 client files in $HOME/openvpn-client-files directory to client PC
# tip, For windows 7 client, using WinSCP, due to write permissions
# I had to copy whole directory to C:\openvpn-client-files
# then in windows, copy the files
# clientpi.key
# capi.crt
# clientpi.crt
# tapi.key
# raspberry.ovpn
# to C:\Program Files (x86)\OpenVPN\config
# windows 32bit will have a different OpenVPN directory
# C:\Program Files\OpenVPN\config

# Back to Raspberry PI, Now we create file for server config
# Below is my OpenVPN server configuration saved as /etc/openvpn/server.conf
sudo nano /etc/openvpn/server.conf

port 34567
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key
tls-auth tapi.key 0
dh dh1024.pem
cipher AES-256-CBC
user nobody
group nogroup
status openvpn-status.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS"
push "dhcp-option DNS"
keepalive 5 30

# uncomment to allow data redirect
sudo nano /etc/sysctl.conf


# Make file for firewall setting
sudo nano /usr/local/bin/

iptables -t filter -F
iptables -t nat -F
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s "" -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s "" -j MASQUERADE

# Make firewall script file executable
sudo chmod +x /usr/local/bin/

# run firewall
sudo /usr/local/bin/

# check firewall
sudo iptables --list

# add a new text line /usr/local/bin/ into file /etc/rc.local
# before ‘exit 0' to ensure the iptables rules is created every reboot or power up.
sudo nano /etc/rc.local


# reboot the pi
sudo reboot

# When Finished, for security reasons, make directory $HOME/openvpn-client-files/
# only readable by root
sudo chmod 600 $HOME/openvpn-client-files/
# Later, if you want to copy client files again
sudo chmod +rx $HOME/openvpn-client-files/

# Connect VPN client from remote location
# does not work when client and server are connected
# to same router and you try external IP address.
# If you want to do a local test at home
# connect to local IP address of server e.g.
# when you go to your remote location, connect to no-ip address or external static IP

# check VPN is working by checking your IP address
# changes after you connect

# Extra: If you want to put the certs and keys inline, within the client script
# see

no-ip and Raspberry PI running wheezy raspbian.

# First, create an account over at then goto
# and click “add a host”.
# Then use this lazy command list for pi.  

sudo bash
cd /usr/local/src/
tar xf noip-duc-linux.tar.gz
cd noip-2.1.9-1/
make install

# Add a new text line /usr/local/bin/noip2 into file /etc/rc.local
# just before its last line “exit 0” so no-ip starts automatically after reboot
nano /etc/rc.local


CTRL+o ENTER # write output, save in other words
CTRL+x # exit nano editor

# start it with
sudo /usr/local/bin/noip2

# check status with
sudo /usr/local/bin/noip2 -S

# kill it
sudo /usr/local/bin/noip2 -K ‘pid’ (get pid from -S)

# If you need to recreate the default config file
sudo /usr/local/bin/noip2 -C