Main menu

Using DDclient on a Raspberry Pi (Debian)

DDclient is used to update your IP-address when you use a DDNS-provider.

Step 1. Setting up the Raspberry

If you havent yet set up your Raspberry Pi  my step 1-3 in my earlier article can help you:

LAMP with Raspberry Pi

Step 2. Installing DDclient (if using for example dyndns, noip)

 sudo apt-get install ddclient

You will be guided through a installation. Use your dynamic DNS-information from your provider.

Step 2. Installing DDclient (if using other providers added after DDclient 3.8.0)

Browse wget http://plugwash.raspbian.org/jessietest/private/pool/main/d/ddclient/ to check for lastest ddclient.

sudo wget http://plugwash.raspbian.org/jessietest/private/pool/main/d/ddclient/ddclient_3.8.2-4_all.deb
sudo dpkg -i ddclient_3.8.2-4_all.deb

You will be guided through a installation. Use your dynamic DNS-information from your provider. Leave blank when network interface is asked or else your local address instead of your global adress will be used. In my case dtdns wasn´t a choice so I had to edit the ddclient.conf file with the below (use your favorite editor, in my case nano):

nano /etc/ddclient.conf

Change the protocol line to:

protocol=dtdns

Add the following after the comments in top of file:

daemon=300
syslog=yes
use=web, web=checkip.dyndns.org/, web-skip='IP Address'

Restart ddclient:

service ddclient restart

You can check that ddclient is working by:

ddclient -daemon=0 -noquiet -debug

All done!

 

Nginx redirect from public URL to internal IP

Welcome to this turorial on how to config Nginx redirects from a public URL to an internal IP.

First follow step 1-3 on my tutorial LAMP with Raspberry Pi and step 1-7 om my tutorial Install Owncloud 7.01 on Raspberry Pi (Debian).

Login in as root (su) so you don't have to use sudo.

Step 1 - Edit nginx site-config

cd /etc/nginx/sites-enabled

Here you find your config for your site, could be named default or something else (owncloud if you followed my tutorial)

nano owncloud

In this case I will add a camera which is on the internal IP 192.168.0.210.

Add the following in the used server-directive (starts with server { )(Don't forget all the slashes below)

location ^~ /camera1/ {
        proxy_pass http://192.168.0.210/ ;
}

Save and exit nano.

Restart Nginx by

service nginx restart

All done.

Remotestick-server on a Raspberry Pi (Debian)

Welcome to this turorial on how to install Remotestick-server on a Raspberry Pi.

First follow step 1-3 on my tutorial LAMP with Raspberry Pi.

Login in as root so you don't have to use sudo.

 

Background

I have used a very good source in Raspberry Pi + Tellstick Duo + Nexa = Awsome! How to set it up!

I will use the IP-address 192.168.0.200. Change the below IP-address if you are using another.

 

Step 1 - Install  telldus-core

Add the source-list /etc/apt/sources.list.d/telldus.list

sudo nano /etc/apt/sources.list.d/telldus.list
deb-src http://download.telldus.com/debian/ stable main

Download key

wget http://download.telldus.se/debian/telldus-public.key

Add key

sudo apt-key add telldus-public.key

Update packetlist

apt-get update

Check that build-essentials is installed

apt-get install build-essential

Install dependencies

apt-get build-dep telldus-core

Install more dependencies

sudo apt-get install cmake libconfuse-dev libftdi-dev help2man

Create temporary folder

mkdir -p ~/telldus-temp
cd ~/telldus-temp

Download and compile sourcecode

sudo apt-get --compile source telldus-core

Install package

sudo dpkg --install *.deb

Remove temporary folder

cd 
rm ~/telldus-temp

You should have telldus-core installed and a deamon that aoutostarts in /etc/init.d/telldusd

 

Step 2 - Connect your tellstick duo

Connect your tellstick to the raspberry Pi. You probably have to use a USB-hub to provide sufficient power.

 

Step 3 - Configure /etc/tellstick.conf

Below you have my config-file with a few Kjell&Co-switches combined with Nexa-switches. You can read more on the config file here.

sudo nano /etc/tellstick.conf
## Start tellstick.conf
user = "nobody"
group = "plugdev"
deviceNode = "/dev/tellstick"
ignoreControllerConfirmation = "false"

device {
  id = 1
  name = "Huset"
  controller = 0
  protocol = "fuhaote"
  model = "codeswitch"
  parameters {
    # devices = ""
    # house = ""
    # unit = ""
    code = "0001010000"
    # system = ""
    # units = ""
    # fade = ""
  }

device {
 id = 2
 name = "Fontän"
 protocol = "arctech"
 model = "selflearning-switch"
 parameters {
  house = "1" # You can use a random number here
  unit = "1"
 }
}

device {
 id = 3
 name = "Motorvärmare"
 protocol = "arctech"
 model = "selflearning-switch"
 parameters {
  house = "1" # You can use a random number here
  unit = "2"
 }
}

controller {
  id = 1
  # name = ""
  type = 1
  serial = "A900I885"
}
}
## EOF

When you are done editing you have to restart the deamon.

sudo /etc/init.d/telldusd restart

 

Step 4 - Syncronize your assessories to tellstick

How to learn tellstick about assessories, example unit 1 in tellstick.conf file:

tdtool -e 1

Do the above for all your assessories

How to list all configured units. Example text below:

tdtool -l
Number of devices: 3
1 Huset ON
2 Fontän OFF
3 Motorvärmare OFF

 

Step 5 - Install prerequisites for remotestick-server

Install python-bottle

apt-get install python-bottle

 

Step 6 - Download and configure remotestick-server

Go to the remote-stick server-webpage here. I downloaded remotestick-server-v0.4.1-with-webgui-v0.2.zip to get the web-GUI.

Create a folder in your home-director. Transfer and unpack the files.

mkdir ~/remotestick-server
cd ~/remotestick-server
wget https://github.com/downloads/pakerfeldt/remotestick-server/remotestick-server-v0.4.1-with-webgui-v0.2.zip -O remotestick-server.zip
unzip /etc/remotestick-server/remotestick-server.zip

Start server

python remotestick-server.py ––host=192.168.0.200 ––port=8422 ––user=tellstick ––pass=tellstick

Output

     Bottle server starting up (using WSGIRefServer())…
Listening on http://192.168.0.200:8422/
Use Ctrl-C to quit.

You can now access the web-GUI with your RasPi IP-address, for example:

http://192.168.0.200:8422/s/ 

(You have to add the last / for the page to work)

bild.PNG

With this GUI you can turn individual assessories on and off and also on/off on all assessories.

Now abort the python script with CTRL+C.

 

Step 7 - Run remotestick-server in background

Make a new file

nano start-remotestick.sh

And add the following

#!/bin/bash
cd ~/remotestick-server/
./remotestick-server.py ––host=192.168.0.200 > /dev/null 2>&1 &
##EOF##

 Save and exit and make it executable

chmod +x start-remotestick.sh 

Run script

./start-remotestick.sh

There are apps on Google Market, for example Remotestick Lite, to control the tellstick.

 

Step 8 - Start remotestick-server at boot

Make a new file

nano /etc/init.d/start-remotestick.sh

And add the following

#!/bin/bash
### BEGIN INIT INFO
# Provides: remotestick-server
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 2 3 4 5
# Short-Description: Remotestick-server services
### END INIT INFO
cd ~/remotestick-server/ &&
./remotestick-server.py ––host=192.168.0.200 > /dev/null 2>&1 &

Save. Make executable and add to bootsequence.

sudo chmod +x /etc/init.d/start-remotestick.sh
sudo update-rc.d start-remotestick.sh defaults

Test service

ps aux | grep python

Probable output

pi 737 0.0 0.1 3540 800 pts/0 S+ 20:09 0:00 grep python
pi 2007 0.0 1.6 12744 8456 pts/0 S Nov30 6:56 python remotestick-server.py –h=192.168.0.200

 

Optional Step 9 - Cronjob

crontab -e

Add the following (example)

# m h dom mon dow command
## Hallen
# Power on 12:00
00 12 * * * tdtool -n 1 > /dev/null 2>&1
# Power off 21:59
59 21 * * * tdtool -f 1 > /dev/null 2>&1
## Vrum
# Power on 18:33
33 18 * * * tdtool -n 2 > /dev/null 2>&1
# Power off 23:32
32 23 * * * tdtool -f 2 > /dev/null 2>&1
## Kok
# Power on 17:19
19 17 * * * tdtool -n 3 > /dev/null 2>&1
# Power off 21:55
55 21 * * * tdtool -f 3 > /dev/null 2>&1

Example when turning on/off at the same minute (you have to use sleep):

# Power on 18:33
33 18 * * * sleep 1; tdtool -n 2 > /dev/null 2>&1
# Power on 18:33
33 18 * * * sleep 3; tdtool -n 3 > /dev/null 2>&1

 

Optional Step 10 - Make the Web-GUI more fancy

Henrik Löwenhamn has made some improvements on the web-GUI.

Download the web-GUI here.

Transfer the files to the Raspberry and replace the static map in ~/remotestick-server with the new one.

Edit the index.html-file

Search for "welcome" and change the text as appropriate.

 

Sources

Raspberry Pi
http://www.raspberrypi.org/

Telldus forum / site
http://www.telldus.com/forum/viewtopic.php?f=8&t=1998
http://www.telldus.com/forum/viewtopic.php?p=13857#p13857
http://developer.telldus.com/wiki/TellStick_conf

Remotestick-Server
https://github.com/pakerfeldt/remotestick-server

Install Windows 10 on a Raspberry Pi 2

Step 0

Get  an account for Microsoft connect.

Step 1 .

Get your hands on a windows 10 install (so an iso for PC), i used en_windows_10_pro_technical_preview_10074_x64_dvd.iso (download it from http://windows.microsoft.com/en-us/windows/preview-iso )

Step 2

Open the iso with 7zip (or any other program that can look into ISO's)

Step 3

From the folder "sources" copy everything except the subfolders and the 2 biggest files (you can copy them ofcourse, but it will take less time if you skip them) to a folder on your PC. I put everything in C:\w10install . I am not sure which files are actually needed but just copying dism.exe and some dll's didnt work. So thats why I copy the whole directory.

I had to install Windows 10 ADK to get the file ffuprovider.dll which is not supplied in the latest Windows 10 ISO. Just install the ADK and then seach for ffuprovider.dll and copy this to the same location.

Step 4

Copy the file Flash.ffu that you downloaded from the Microsoft site to this same folder. (this file is within Windows_IoT_Core_RPI2_BUILD.zip, that can be downloaded from https://connect.microsoft.com/windowsembeddedIoT/Downloads )

Step 5

Start a command prompt (run as administrator)
Type the following commands:
diskpart
list disk
exit

And note the number of your SD card

Step 6

Type:
dism.exe /Apply-Image /ImageFile:flash.ffu /ApplyDrive:\\.\PhysicalDriveN /SkipPlatformCheck
Where the N in PhysicalDriveN is the drive number from the previous step.
The image will now be written to the SD card

Step 7

Thats it, now put the SD card in the Pi 2 and wait a while, it will boot up to Windows 10 IoT. The first boot will take quite some time, so have a bit of patience

Install a VPN Server and Client on Raspberry Pi (Debian)

Welcome to this turorial on how to install VPN Server and client software on a Raspberry Pi.

First follow step 1-3 on my tutorial LAMP with Raspberry Pi.

Login in as root so you don't have to use sudo.

Background

Free, unencrypted wireless is everywhere, but you shouldn't be checking your bank account on it unless you don’t mind somebody else snooping. The solution? A virtual private network, or VPN.

A VPN extends your own private network into public places, so even if you’re using a public Wi-Fi connection, your Internet browsing stays encrypted and secure.

There are plenty of ways to set up a VPN, both with free and paid services, but each solution has its own pros and cons, determined by the way the VPN provider operates and charges and the kinds of VPN options it provides.

Step 1 – Network configuration

Either you config a static address on your Pi by editing

/etc/network/interfaces 

with (for example)(change text below with your actual values):

auto eth0
iface eth0 inet static
        address [YOUR_PI_LOCAL_IP_ADDRESS]
        netmask 255.255.255.0
        gateway 192.168.0.1
        dns-nameserver 192.168.0.1
        dns-search [YOUR_DNS_NAME]

Or setup your router to always assign the same IP-address to your Pi.

You'll need to forward port 1194 (UDP traffic) to your Raspberry Pi’s internal IP address, but the way you do this will vary depending on your router, so check with your router manufacturer’s information. If you want to use another port or TCP, that’s fine, but just be sure to change 1194 in the tutorial to the correct number for you, and anywhere it says "UDP" to "TCP."

Step 2 - Install OpenVPN

We need the open source software. Type: 

sudo apt-get install openvpn

Step 3 - Generating Keys

You don’t want anyone who finds your VPN server address to be able to connect. So next, we’re going to make a key for the server address. It’s just like keeping the door to your house locked. 

OpenVPN comes with Easy_RSA, a light and easy package for using the RSA encryption method. Developed in 1977, RSA was one of the first usable cryptosystems that is still used today. The encryption key is public, while the decryption key is secret.

With Easy_RSA, you run an algorithm that comes with the software to generate a new unique key. 

We type:

cp –r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/easy-rsa 
cd /etc/openvpn/easy-rsa 
nano vars

Now, find and change EASY_RSA variable to: 

export EASY_RSA=”/etc/openvpn/easy-rsa” 

Type Control+X to save your changes and exit the nano editor. 

Step 4 - Getting Cryptographic

It’s time to build the CA Certificate and Root CA certificate. 

In cryptography, a certificate authority (CA) is an entity that issues digital certificates. The digital certificate certifies the ownership of a public key.

cd /etc/openvpn/easy-rsa  
source ./vars 
./clean-all  

This will remove any previous keys, if there are any. If you have keys you don’t want to remove in this folder (like you’re doing this tutorial a second time), skip this command. 

./build-ca 

Now you can name the server (change below to a name of your choice).

./build-key-server [Server_Name] 

Press enter or whatever you want, but pay attention to these three fields:  

Common Name MUST be the server name you picked. It should default to this.

A challenge password? MUST be left blank.

Sign the certificate? [y/n] Obviously, you must type “y.”

1 out of 1 certificate requests certified, commit? [y/n] Obviously, type “y.”

That’s the server side setup.

Now it’s time to build keys for each user, or "client". It’s possible to be lazy and create just one client key for all of them, but in that case, only one device would be able to access the VPN at a time.  

./build-key-pass [User_Name] 

I found it simplest to make the usernames Client1, Client2, Client3… or the names of your employees.

And after that, more prompts! 

Enter PEM pass phrase Make it a password you will remember! It asks you to input this twice, so there’s no danger of ruining it. 

A challenge password? MUST be left blank.

Sign the certificate? [y/n] Signing certifies it for 10 more years.

cd keys
openssl rsa -in Client1.key -des3 -out Client1.3des.key 

Use the same passphrase as before. And then two more times, as shown.

Now that we’ve created a server certificate and (at least one) client certificate, type the following: 

cd .. 

Now let’s generate the Diffie-Hellman key exchange. This is the central code that makes your VPN server tick, an exchange that lets two entities with no prior knowledge of one another share secret keys over a public server. 

./build-dh

This could take a while, longer if you’re on 2048-bit encryption. There’s no way really to predict how long it will take because it is using random numbers and looking for some specific relationships. In fact, while I was making this tutorial, it only took 5 minutes with 1024-bit encryption.

Generate the static HMAC key with the following line:

openvpn --genkey --secret keys/ta.key

Step 5 - Putting It All Together

We have to actually create a .conf (configuration) file in the nano editor. 

nano /etc/openvpn/server.conf 

Fill it in with this:

local 192.168.0.200 # SWAP THIS NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
dev tun
proto udp #Some people prefer to use tcp. Don't change it if you don't know.
port 1194
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/Server.crt # SWAP WITH YOUR CRT NAME
key /etc/openvpn/easy-rsa/keys/Server.key # SWAP WITH YOUR KEY NAME
dh /etc/openvpn/easy-rsa/keys/dh1024.pem # If you changed to 2048, change that here!
server 10.8.0.0 255.255.255.0
# server and remote endpoints
#ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
#push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
#push "route 10.8.0.0 255.255.255.0"
# your local subnet
#push "route 192.168.0.200 255.255.255.0" # SWAP THE IP NUMBER WITH YOUR RASPBERRY PI IP ADDRESS
# Set primary domain name server address to the SOHO Router
# If your router does not do DNS, you can use Google DNS 8.8.8.8
push "dhcp-option DNS 192.168.0.1" # This should already match your router address and not need to be changed.
push "dhcp-option DNS 8.8.8.8" # Googles DNS
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 1

I commented in all caps where you absolutely need to change numbers and titles to your own IP address/names. Hit Control+X to save your changes. 

Let’s edit another configuration file.

nano /etc/sysctl.conf

Near the top it says, “Uncomment the next line to enable packet forwarding for IPv4.”

To uncomment the line, remove the # immediately in front of it.

Hit Control+X to save your changes. Apply these changes by typing the following command:

sysctl -p 

We just made a functioning server that can access the Internet. But we can’t use it yet because Raspbian has a built-in firewall that will block incoming connections. 

Additionally, Raspbian’s firewall configuration resets by default when you reboot the Pi. We want to make sure it remembers the OpenVPN connection is always permitted, so what we’re going to do is create a simple script which runs on boot:

nano /etc/firewall-openvpn-rules.sh

This is currently a blank shell executable file. Fill it with this:

#!/bin/sh 
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 192.168.0.200

Don’t forget to change the IP address 192.168.0.200 to your Pi’s IP address!

Let’s break this down: 10.8.0.0 is the default address for Raspberry Pi for clients that are connected to the VPN. "eth0" stands for ethernet port. Switch this to "wlan0" if you’re on a wireless connection, which is not recommended. Hit Control+X to save your changes.  

I had problem with my iptables because of old firmware on the RPi. Run to update:

sudo rpi-update

Set permissions:

chmod 700 /etc/firewall-openvpn-rules.sh 
chown root /etc/firewall-openvpn-rules.sh

We’ve created the script that punches an OpenVPN-shaped hole in the firewall. Now we just need to inject it into the interfaces setup code so it runs on boot. 

nano /etc/network/interfaces

Find the line that goes: “iface eth0 inet dhcp”. We want to add a line below it and at an indent. So this is what the two lines, existing and new, will look like when you’re done:

iface eth0 inet dhcp
pre-up /etc/firewall-openvpn-rules.sh

Hit Control+X to save your changes (as you should be doing whenever you use nano). 

Finally reboot your Pi. 

sudo reboot

Congratulations! That's the server!

Step 6 - The Script

The script will access our default settings to generate files for each client. The first thing we need to do, then, is create a blank text file in which those default settings can be read. 

nano /etc/openvpn/easy-rsa/keys/Default.txt 

Fill in the blank text file with the following: 

client 
dev tun
proto udp
remote <YOUR_PUBLIC_IP_ADDRESS_HERE> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20 

Now, if you don’t have a static public IP address, you need to use a dynamic domain name system (DDNS) service to give yourself a domain name to put in place of the IP address. I recommend using the free service DTDNS, which lets you pick a name of your choice. Then on your Pi, you need to run DDclient to update your DDNS registry automatically. I wrote a full tutorial for how to do this here

As always, press Control+X to save and exit the nano editor. 

Next, we need to create the actual script file.

nano /etc/openvpn/easy-rsa/keys/MakeOVPN.sh 

Here’s the script. Copy and paste it into your blank shell file:

#!/bin/bash 
# Default Variable Declarations
DEFAULT="Default.txt"
FILEEXT=".ovpn"
CRT=".crt"
KEY=".3des.key"
CA="ca.crt"
TA="ta.key"
#Ask for a Client name
echo "Please enter an existing Client Name:"
read NAME
#1st Verify that client’s Public Key Exists
if [ ! -f $NAME$CRT ]; then
echo "[ERROR]: Client Public Key Certificate not found: $NAME$CRT"
exit
fi
echo "Client’s cert found: $NAME$CR"
#Then, verify that there is a private key for that client
if [ ! -f $NAME$KEY ]; then
echo "[ERROR]: Client 3des Private Key not found: $NAME$KEY"
exit
fi
echo "Client’s Private Key found: $NAME$KEY"
#Confirm the CA public key exists
if [ ! -f $CA ]; then
echo "[ERROR]: CA Public Key not found: $CA"
exit
fi
echo "CA public Key found: $CA"
#Confirm the tls-auth ta key file exists
if [ ! -f $TA ]; then
echo "[ERROR]: tls-auth Key not found: $TA"
exit
fi
echo "tls-auth Private Key found: $TA"
#Ready to make a new .opvn file - Start by populating with the default file
cat $DEFAULT > $NAME$FILEEXT
#Now, append the CA Public Cert
echo "<ca>" >> $NAME$FILEEXT
cat $CA >> $NAME$FILEEXT
echo "</ca>" >> $NAME$FILEEXT
#Next append the client Public Cert
echo "<cert>" >> $NAME$FILEEXT
cat $NAME$CRT | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $NAME$FILEEXT
echo "</cert>" >> $NAME$FILEEXT
#Then, append the client Private Key
echo "<key>" >> $NAME$FILEEXT
cat $NAME$KEY >> $NAME$FILEEXT
echo "</key>" >> $NAME$FILEEXT
#Finally, append the TA Private Key
echo "<tls-auth>" >> $NAME$FILEEXT
cat $TA >> $NAME$FILEEXT
echo "</tls-auth>" >> $NAME$FILEEXT
echo "Done! $NAME$FILEEXT Successfully Created."
#Script written by Eric Jodoin

You still need to give this script permission to run.

cd /etc/openvpn/easy-rsa/keys/

And then give it root privileges.

chmod 700 MakeOVPN.sh

Finally, execute the script with: 

./MakeOVPN.sh

As the script runs, it'll ask you to input the names of the existing clients for whom you generated CA keys earlier. Example: “Client1”. Be sure to name only clients that already exist.

If all goes well, you should see this line appear:

Done! Client1.ovpn Successfully Created.

Repeat this step for each existing client. 

The last thing to do is connect to your Raspberry Pi so you can download files from it. You need to use a SCP (Secure Copy Protocol) client in order to do this. For Windows, I recommend WinSCP. For Mac,use Fugu

Note: if you cannot get permission to connect to your SCP client, you’ll need to grant yourself read/write access to the folder. Back on the Raspberry Pi, write: 

chmod 777 -R /etc/openvpn

Be sure to undo this when you’re done copying files, so others can’t do it! Put the permission back to 600 when you’re done, so only the Pi user can read/write files:

chmod 600 -R /etc/openvpn

Put it into your client and you’re done. 

Step 7 - Working With Client Software

Okay, the hard part is over. From here, we need to input the scripts we generated earlier into a Graphical User Interface. For your PC, Android, or iOS mobile device, you can download OpenVPN Connect. There isn't one for your Mac computer, but the free Tunnelblick is a good choice.

Download the version of Tunnelblick that works for your version of OS X. I'm using Mavericks, so I downloaded the beta. The fact that it popped up in a bunch of languages looked funny to me, but that's the legitimate download. 

Then, it'll ask if you already have a file you want to use. I did—my Client5.ovpn file.

It will then ask if your configuration file is in .ovpn format or .tblk. If you select .ovpn, it'll walk you through changing the file type to Tunnelblick's native type. I did this by transferring Client5.ovpn into a folder Tunnelblick provided, and then changing the name of the folder to Client5.tblk.

Now you're all set to connect. Click the Tunnelblick icon on the top right of your screen and select Client5. 

It will ask you for a pass phrase. This is the same pass phrase we generated last tutorial, back when we were generating keys for each client.

If you get the password right, it'll look like this! 

Try out your new connection at coffee shop, the local library, anywhere there's unencrypted Wi-Fi. You may still be using the public connection, but over VPN, your data is anything but out in the open.