RaspberryPi/OpenVPN: Difference between revisions
From charlesreid1
| Line 166: | Line 166: | ||
sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE | sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE | ||
</pre> | </pre> | ||
=Flags= | |||
{{PiFlag}} | |||
{{OpenVPNFlag}} | |||
Revision as of 23:28, 1 December 2019
OpenVPN plus PIA
Preparing the Pi
Fixing iptables legacy
On the Kali linux pi image I used, I had to fix iptables to use a legacy NAT mode:
$ sudo update-alternatives --config iptables There are 2 choices for the alternative iptables (providing /usr/sbin/iptables). Selection Path Priority Status ------------------------------------------------------------ 0 /usr/sbin/iptables-nft 20 auto mode * 1 /usr/sbin/iptables-legacy 10 manual mode 2 /usr/sbin/iptables-nft 20 manual mode
Initially, 0 was selected. Select the one called iptables-legacy.
OpenVPN
https://docs.pi-hole.net/guides/vpn/installation/
Installing OpenVPN
wget https://git.io/vpn -O openvpn-install.sh chmod 755 openvpn-install.sh sudo ./openvpn-install.sh
This will ask you which interface the openvpn server should bind to. Select the one that is public-facing (the internet).
I used the default port 1194, defaults for everything else.
Grab a coffee, this will install a bunch of stuff.
Checking OpenVPN Interface
OpenVPN will create a tun0 interface. Get its IP address:
ifconfig tun0 | grep 'inet'
Now take note of this IP address, as we will need to set a DNS option for our OpenVPN connection.
Edit /etc/openvpn/server/server.conf
Add the tun0 interface by adding the line
push "dhcp-option DNS <IP-ADDR-OF-TUN0-INTERFACE>"
For me,
push "dhcp-option DNS 10.8.0.1
Also comment out any other push "dhcp-option DNS lines.
Now restart the OpenVPN server:
sudo systemctl restart openvpn
PIA
https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/
Forwarding from OpenVPN to Access Point
https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/
The following assumes that you have the following configuration:
wlan0 --> Internet
tun0 (OpenVPN) --> Internet via wlan0
WiFi Network --> wlan1 (Wifi AP) --> Internet via tun0
Run these commands to wire up wlan1 to tun0:
sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT sudo iptables -I INPUT -i wlan1 -m comment --comment "In from LAN" -j ACCEPT sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT sudo iptables -A OUTPUT -o wlan1 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT sudo iptables -A OUTPUT -o wlan1 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT sudo iptables -A OUTPUT -o wlan1 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT sudo iptables -A FORWARD -i tun+ -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan1 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
Flags
 |
OpenVPN a tool for creating and connecting to virtual private networks.
Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS
|