Getting Started with Raspberry Pi: Your First Step Towards Enhanced Security and Privacy

The Raspberry Pi is a fantastic, credit-card-sized computer that's perfect for a multitude of projects. From robotics to home automation, its versatility is unmatched. But today, we're going to set the stage for something impactful: implementing a Raspberry Pi as a powerful ad-blocker and VPN server to bolster your home network's security and privacy, and even protect you on the go!

While we'll dive deep into the ad-blocking and VPN server setup in other posts, this guide will walk you through the essential first steps of getting your Raspberry Pi up and running.

This guide will not cover redundancy. As such, this is NOT an enterprise grade solution and is not suitable for sensitive workflows. The goal of this guide is to make the concept of deploying ad and tracker blocking as well as a self-hosted VPN service more approachable. Initially, your Raspberry Pi will be a single point of failure. Creating a pi cluster and making these services more highly available will come in future posts.

If you would like to explore enterprise grade solutions for your business, please contact us.

What You'll Need:

Before we begin, gather these items:

1. Raspberry Pi: A Raspberry Pi 4 Model B or newer is recommended for optimal performance, especially when handling VPN traffic.
2. MicroSD Card: A high-quality, brand name 32GB (Class 10 or U1) microSD card is ideal. This will be your Pi's "hard drive", so it is best not to go for the cheapest option here.
3. Power Supply: An official Raspberry Pi power supply is recommended.
4. UPS: You will want to ensure that your Raspberry Pi and your internet modem/router are protected by a UPS so that you will not be impacted by short or medium length power outages. A 350-500VA UPS should keep your modem and Pi running for about an hour in the event that the lights go out at home.
5. Ethernet Cable: For a stable network connection.
6. Computer with an SD card reader: To flash the operating system onto the microSD card.

So, Why Not Use Third-Party Solutions?

This setup is going to cost some money, there is no doubt about that. It will also require an investment of time. Here are the reasons why it will pay dividends:

• Third Party VPNs are not free. The cheapest option I found costs CA$3.75 per month plus tax.
• Third Party VPNs receive all data transmitted to/from your devices. Do you trust them?
• Ad-blocking services do exist but are also not free. The cheapest solution I found costs CA$3.99 per month plus tax.
• Similarly to VPNs, if you sign up for a third party ad-blocking service you will be sending all of your DNS queries to this one company. Do you trust them?

The optimal solution is to self-host these services using open source software that adheres to modern security practices. There is a point at which you will save back the money invested in your equipment by avoiding monthly subscription fees for third party provided services. You will also gain the peace of mind that you have taken all reasonable precautions in keeping your privacy and data as protected as possible.

With all that said, let's get started!

Step 1: Downloading and Flashing Raspberry Pi OS

The first thing we need is an operating system for our Raspberry Pi. Raspberry Pi OS (formerly Raspbian) is the official recommendation and comes in a few flavors. For our purposes, the Raspberry Pi OS Lite version is perfect. It does not include a graphical desktop, which is ideal for a server, as it saves resources and reduces the potential attack surface.

1. Download Raspberry Pi Imager: On your main computer, click here and download the Raspberry Pi Imager tool. This makes flashing the OS super easy.
2. Insert MicroSD Card: Insert your microSD card into your computer's SD card reader. If you are prompted to format the card, click cancel.
3. Launch Raspberry Pi Imager: Open the Imager software.
4. Choose OS: Click "CHOOSE OS" and select Raspberry Pi OS Lite (64-bit).
5. Choose Storage: Click "CHOOSE STORAGE" and select your microSD card. Double-check this step carefully to ensure you don't accidentally erase the wrong drive!
6. Configure Advanced Options (The Magic Step):
   1. Click the Gear icon ⚙️ in the bottom-right corner to open the Advanced Options menu.
   2. Enable SSH: Check this box. Select "Use password authentication."
   3. Set username and password: This is critical. Change the default username pi to something else if you like, and set a strong, memorable password.
   4. Set hostname: Check this box. A good, simple name is raspberrypi. This will let you access it at raspberrypi.local.
   5. Configure wireless LAN: Leave this disabled.
   6. Click "SAVE".
7. Write: Click "WRITE" and wait for the process to complete. This will download the OS, write it to the card, and verify it. This may take a few minutes.

Step 2: First Boot and Finding Your Pi

1. Insert Card: Eject the microSD card from your computer and insert it into your Raspberry Pi.
2. Connect Network: Plug the Ethernet cable from your Pi into your router.
3. Power On: Plug in the power supply. The Pi will boot up. Give it a minute or two to connect to your network.
4. Find the Pi's IP Address: We need to know where to connect.
   • Method 1 (Easiest): If you set the hostname to raspberrypi, you can almost always use raspberrypi.local.
   • Method 2 (Most Reliable): Log in to your router's administration page (often an address like 192.168.0.1 or 192.168.1.1). Look for a "Connected Devices" or "DHCP Clients" list. You should see your Pi's hostname (raspberrypi) and its assigned IP address (e.g., 192.168.1.120).

Once you have either the hostname (raspberrypi.local) or the IP address, you're ready to connect.

Step 3: Connecting via SSH (Your New Command Center)

SSH (Secure Shell) is a way to get a secure command-line terminal on your Pi from your main computer. This is how we'll control it from now on.

The command is the same for all platforms: ssh [your_username]@[hostname_or_ip] For example: ssh myuser@raspberrypi.local or ssh myuser@192.168.1.120

Note: Be sure to use the username you created in Step 1.

When you connect for the first time, you'll see a security message about an "RSA key fingerprint." This is normal. Type yes and press Enter.

On macOS and Linux

SSH is built-in.

1. Open the Terminal application.
2. Type your command: ssh [your_username]@raspberrypi.local
3. Press Enter.
4. Type your password when prompted (you won't see the letters as you type). Press Enter.

On Windows

Windows 10 and newer includes a built-in SSH client.

1. Open Command Prompt or PowerShell (from the Start Menu).
2. Type your command: ssh [your_username]@raspberrypi.local
3. Press Enter.
4. Type your password when prompted. Press Enter.

Step 4: Keeping Your Pi Up-to-Date

Now that you are connected via SSH, the first and most important task is to update your Pi's software to the latest version. This ensures you have all the latest security patches. Run the following commands, one after the other. You will be prompted for your password for the first sudo command.

sudo apt update
sudo apt full-upgrade -y

This process may take several minutes.

Step 5: Set a Static IP Address

For a server, this step is essential. Your devices and router need to send DNS requests to your Raspberry Pi. If its IP address changes (which can happen with default settings), your ad-blocking will break.

We need to give the Pi a permanent, predictable IP address. To avoid potential address conflicts on your home network, let use a DHCP address reservation on your router to give the Pi a permanent address.

DHCP Reservation

This is the easiest and cleanest method. Instead of configuring the Pi itself, you'll tell your router to always give the Raspberry Pi the same IP address.

1. Find Your Pi's MAC Address: While connected via SSH, type the following command: ip link show eth0
2. Look for the line that says link/ether followed by a six-part code, like e4:5f:01:2a:3b:4c. This is the unique "fingerprint" of your Pi's network card. Copy it down.
3. Log in to Your Router: Open a web browser and log in to your router's administration page (e.g., 192.168.0.1 or 192.168.1.1). Most internet modems now have a sticker on them with the IP address, username and password required to access this page.
4. Find "DHCP Reservation": Look for a settings page named "DHCP Reservation," "Static Leases," "Address Reservation," or "Static DHCP." It's usually in the "Network" or "LAN" settings.
5. Create the Reservation: This page will let you link a MAC address to a specific IP.

• MAC Address: Enter the link/ether address you found in Step 1.
• IP Address: You can either use the current IP address your Pi already has (which you found in Step 2) or pick a new one. If you pick a new one, make sure it's outside your router's main "DHCP pool" (e.g., if your router assigns IPs from 192.168.1.100 to .200, pick 192.168.1.53). Using the current one is often easiest.

6. Save and Reboot: Save your router's settings. Then, reboot your Raspberry Pi from the SSH terminal:Bash

sudo reboot

Wait a minute, then SSH back in (you may need to use the new IP if you assigned one). Your Pi will now always receive this IP from your router.

Congratulations! Your Raspberry Pi is Ready!

You've successfully set up your Raspberry Pi! It's now a fully functional computer, ready for whatever you throw at it. Next, let's transform this little device into a robust shield for your digital life, starting with:

• Blocking Ads and Trackers Across Your Entire Network: Say goodbye to intrusive advertisements and hidden trackers with a network-wide ad-blocker.

In the coming weeks, watch for the following:

• Creating Your Own Secure VPN Server: Access your home network securely from anywhere in the world and protect your internet traffic when using public Wi-Fi.

Stay tuned for those guides, where we'll delve deeper into the software configurations that will truly unleash the power of your Raspberry Pi for privacy and security!

Want to stay connected to this blog? Click the subscribe button above and you'll receive notifications when future articles are posted!

Have a question? Need some help? Or maybe you have a suggestion for other topics. Whatever it is, we'd love to hear from you. Please post a comment below!