RaspberryPi/OpenVPN: Difference between revisions

From charlesreid1
Line 99: Line 99:


<pre>
<pre>
service dnsmasq restart
sudo service dnsmasq restart
</pre>
</pre>

Revision as of 11:33, 24 November 2019

Pihole, OpenVPN, DNSCrypt

Preparing the Pi

Fixing iptables

On the Kali linux pi image I used, I had to fix iptables to use a legacy NAT mode: 

$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
------------------------------------------------------------
  0            /usr/sbin/iptables-nft      20        auto mode
* 1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode

Initially, 0 was selected. Select the one called iptables-legacy.

OpenVPN

https://docs.pi-hole.net/guides/vpn/installation/

Installing OpenVPN

wget https://git.io/vpn -O openvpn-install.sh
chmod 755 openvpn-install.sh
sudo ./openvpn-install.sh

This will ask you which interface the openvpn server should bind to. Select the one that is public-facing (the internet).

I used the default port 1194, defaults for everything else.

Grab a coffee, this will install a bunch of stuff.

Checking OpenVPN Interface

OpenVPN will create a tun0 interface. Get its IP address: 

ifconfig tun0 | grep 'inet'

Now take note of this IP address, as we will need to set a DNS option for our OpenVPN connection.

Edit /etc/openvpn/server/server.conf

Add the tun0 interface by adding the line 

push "dhcp-option DNS <IP-ADDR-OF-TUN0-INTERFACE>"

For me, 

push "dhcp-option DNS 10.8.0.1

Also comment out any other push "dhcp-option DNS lines.

Now restart the OpenVPN server: 

sudo systemctl restart openvpn

PiHole

Installing PiHole

sudo curl -sSL https://install.pi-hole.net | bash

This will ask questions about which interface you want to use (choose tun0, the openvpn interface), the IP address you want to use (should be 10.8.0.1/24 to choose the openvpn network), and the IPv4 gateway (should be the gateway for the network via which the pi has internet, like 10.0.0.1 if the pi connects to the internet via an ip like 10.0.0.100).

PiHole will also ask if you want to install the web interface, and if you want to install the lighttpd server.

It will also take a while because it also installs stuff.

Got errors about DNS not being available at the end: 

  [✓] Enabling pihole-FTL service to start on reboot...
  [✓] Restarting pihole-FTL service...
  [✓] Deleting existing list cache
  [i] Pi-hole blocking is enabled
  [✗] DNS service is not running
  [✓] Restarting DNS service
  [✗] DNS resolution is not available

Tried to fix with 

sudo service dnsmasq restart
Retrieved from "https://charlesreid1.com/w/index.php?title=RaspberryPi/OpenVPN&oldid=27121"