Latest revision as of 03:32, 10 July 2020

OpenVPN plus PIA

Preparing the Pi

Fixing iptables legacy

On the Kali linux pi image I used, I had to fix iptables to use a legacy NAT mode:

$ sudo update-alternatives --config iptables
There are 2 choices for the alternative iptables (providing /usr/sbin/iptables).

  Selection    Path                       Priority   Status
------------------------------------------------------------
  0            /usr/sbin/iptables-nft      20        auto mode
* 1            /usr/sbin/iptables-legacy   10        manual mode
  2            /usr/sbin/iptables-nft      20        manual mode

Initially, 0 was selected. Select the one called iptables-legacy.

OpenVPN

https://docs.pi-hole.net/guides/vpn/installation/

Installing OpenVPN

wget https://git.io/vpn -O openvpn-install.sh
chmod 755 openvpn-install.sh
sudo ./openvpn-install.sh

This will ask you which interface the openvpn server should bind to. Select the one that is public-facing (the internet).

I used the default port 1194, defaults for everything else.

Grab a coffee, this will install a bunch of stuff.

Checking OpenVPN Interface

OpenVPN will create a tun0 interface. Get its IP address:

ifconfig tun0 | grep 'inet'

Now take note of this IP address, as we will need to set a DNS option for our OpenVPN connection.

Use Pi VPN Gateway as DNS Server

The next step will tell anyone on the VPN network we just created to use the Pi as the DNS server.

Main article: Kali/OpenVPN/DNS

PIA

https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/

Forwarding from OpenVPN to Access Point

Main article: Kali/OpenVPN/Hotspot

Flags

@@ Line 1: / Line 1: @@
-=Pihole, OpenVPN, DNSCrypt=
+=OpenVPN plus PIA=
 ==Preparing the Pi==
-===Fixing iptables===
+===Fixing iptables legacy===
 On the Kali linux pi image I used, I had to fix iptables to use a legacy NAT mode:
@@ Line 48: / Line 48: @@
 Now take note of this IP address, as we will need to set a DNS option for our OpenVPN connection.
-Edit <code>/etc/openvpn/server/server.conf</code>
+===Use Pi VPN Gateway as DNS Server===
-Add the tun0 interface by adding the line
+The next step will tell anyone on the VPN network we just created to use the Pi as the DNS server.
+{{Main|Kali/OpenVPN/DNS}}
+==PIA==
+https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/
+<!--
+===Setup===
 <pre>
-push "dhcp-option DNS <IP-ADDR-OF-TUN0-INTERFACE>"
+wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
+unzip openvpn.zip -d openvpn
+sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/
+sudo cp 'openvpn/US New York.ovpn' /etc/openvpn/US.conf
 </pre>
-For me,
+===Add to OpenVPN===
+Now add login creds for PIA to file <code>/etc/openvpn/login</code>:
 <pre>
-push "dhcp-option DNS 10.8.0.1
+username123
+password123
 </pre>
-Also comment out any other <code>push "dhcp-option DNS</code> lines.
+Now edit the config file to use these creds:
-Now restart the OpenVPN server:
+<pre>
+vim /etc/openvpn/US.conf
+</pre>
+change the line with <code>auth-user-pass</code> in it to:
 <pre>
-sudo systemctl restart openvpn
+auth-user-pass /etc/openvpn/login
+ca /etc/openvpn/ca.rsa.2048.crt
 </pre>
-==PiHole==
+===Test it out===
-===Installing PiHole===
+Check that it runs interactively:
 <pre>
-sudo curl -sSL https://install.pi-hole.net | bash
+openvpn --config /etc/openvpn/US.conf
 </pre>
-This will ask questions about which interface you want to use (choose <code>tun0</code>, the openvpn interface), the IP address you want to use (should be <code>10.8.0.1/24</code> to choose the openvpn network), and the IPv4 gateway (should be the gateway for the network via which the pi has internet, like 10.0.0.1 if the pi connects to the internet via an ip like 10.0.0.100).
+Now set it as a startup service:
-PiHole will also ask if you want to install the web interface, and if you want to install the lighttpd server.
+<pre>
+sudo systemctl enable openvpn@US
+</pre>
-It will also take a while because it also installs stuff.
+===Enable packet forwarding===
-Got errors about DNS not being available at the end:
+Edit <code>/etc/sysctl.conf</code>
+Add/uncomment the line:
 <pre>
-  [✓] Enabling pihole-FTL service to start on reboot...
+net.ipv4.ip_forward = 1
-  [✓] Restarting pihole-FTL service...
-  [✓] Deleting existing list cache
-  [i] Pi-hole blocking is enabled
-  [✗] DNS service is not running
-  [✓] Restarting DNS service
-  [✗] DNS resolution is not available
 </pre>
-Tried to fix with
+Enable the service:
 <pre>
-service dnsmasq restart
+sudo sysctl -p
 </pre>
+-->
+==Forwarding from OpenVPN to Access Point==
+{{Main|Kali/OpenVPN/Hotspot}}
+=Flags=
+{{PiFlag}}
+{{OpenVPNFlag}}
+[[Category:Networking]]
+[[Category:Iptables]]

RaspberryPi/OpenVPN: Difference between revisions

From charlesreid1