RaspberryPi/OpenVPN: Difference between revisions
From charlesreid1
| Line 47: | Line 47: | ||
Now take note of this IP address, as we will need to set a DNS option for our OpenVPN connection. | Now take note of this IP address, as we will need to set a DNS option for our OpenVPN connection. | ||
===Use Pi VPN Gateway as DNS Server=== | |||
The next step will tell anyone on the VPN network we just created to use the Pi as the DNS server. This ensures DNS queries are passed through the Pi. | |||
Edit <code>/etc/openvpn/server/server.conf</code> | Edit <code>/etc/openvpn/server/server.conf</code> | ||
Make the Pi the DNS resolver by adding the line | |||
<pre> | <pre> | ||
| Line 59: | Line 63: | ||
<pre> | <pre> | ||
push "dhcp-option DNS 10.8.0.1 | push "dhcp-option DNS 10.8.0.1" | ||
</pre> | </pre> | ||
Revision as of 23:39, 1 December 2019
OpenVPN plus PIA
Preparing the Pi
Fixing iptables legacy
On the Kali linux pi image I used, I had to fix iptables to use a legacy NAT mode:
$ sudo update-alternatives --config iptables There are 2 choices for the alternative iptables (providing /usr/sbin/iptables). Selection Path Priority Status ------------------------------------------------------------ 0 /usr/sbin/iptables-nft 20 auto mode * 1 /usr/sbin/iptables-legacy 10 manual mode 2 /usr/sbin/iptables-nft 20 manual mode
Initially, 0 was selected. Select the one called iptables-legacy.
OpenVPN
https://docs.pi-hole.net/guides/vpn/installation/
Installing OpenVPN
wget https://git.io/vpn -O openvpn-install.sh chmod 755 openvpn-install.sh sudo ./openvpn-install.sh
This will ask you which interface the openvpn server should bind to. Select the one that is public-facing (the internet).
I used the default port 1194, defaults for everything else.
Grab a coffee, this will install a bunch of stuff.
Checking OpenVPN Interface
OpenVPN will create a tun0 interface. Get its IP address:
ifconfig tun0 | grep 'inet'
Now take note of this IP address, as we will need to set a DNS option for our OpenVPN connection.
Use Pi VPN Gateway as DNS Server
The next step will tell anyone on the VPN network we just created to use the Pi as the DNS server. This ensures DNS queries are passed through the Pi.
Edit /etc/openvpn/server/server.conf
Make the Pi the DNS resolver by adding the line
push "dhcp-option DNS <IP-ADDR-OF-TUN0-INTERFACE>"
For me,
push "dhcp-option DNS 10.8.0.1"
Also comment out any other push "dhcp-option DNS lines.
Now restart the OpenVPN server:
sudo systemctl restart openvpn
PIA
https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/
Forwarding from OpenVPN to Access Point
https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/
The following assumes that you have the following configuration:
wlan0 --> Internet
tun0 (OpenVPN) --> Internet via wlan0
WiFi Network --> wlan1 (Wifi AP) --> Internet via tun0
Run these commands to wire up wlan1 to tun0:
sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT sudo iptables -I INPUT -i wlan1 -m comment --comment "In from LAN" -j ACCEPT sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT sudo iptables -A OUTPUT -o wlan1 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT sudo iptables -A OUTPUT -o wlan1 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT sudo iptables -A OUTPUT -o wlan1 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT sudo iptables -A FORWARD -i tun+ -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan1 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
Flags
 |
OpenVPN a tool for creating and connecting to virtual private networks.
Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS
|