RaspberryPi/OpenVPN
From charlesreid1
OpenVPN plus PIA
Preparing the Pi
Fixing iptables
On the Kali linux pi image I used, I had to fix iptables to use a legacy NAT mode:
$ sudo update-alternatives --config iptables There are 2 choices for the alternative iptables (providing /usr/sbin/iptables). Selection Path Priority Status ------------------------------------------------------------ 0 /usr/sbin/iptables-nft 20 auto mode * 1 /usr/sbin/iptables-legacy 10 manual mode 2 /usr/sbin/iptables-nft 20 manual mode
Initially, 0 was selected. Select the one called iptables-legacy.
OpenVPN
https://docs.pi-hole.net/guides/vpn/installation/
Installing OpenVPN
wget https://git.io/vpn -O openvpn-install.sh chmod 755 openvpn-install.sh sudo ./openvpn-install.sh
This will ask you which interface the openvpn server should bind to. Select the one that is public-facing (the internet).
I used the default port 1194, defaults for everything else.
Grab a coffee, this will install a bunch of stuff.
Checking OpenVPN Interface
OpenVPN will create a tun0 interface. Get its IP address:
ifconfig tun0 | grep 'inet'
Now take note of this IP address, as we will need to set a DNS option for our OpenVPN connection.
Edit /etc/openvpn/server/server.conf
Add the tun0 interface by adding the line
push "dhcp-option DNS <IP-ADDR-OF-TUN0-INTERFACE>"
For me,
push "dhcp-option DNS 10.8.0.1
Also comment out any other push "dhcp-option DNS lines.
Now restart the OpenVPN server:
sudo systemctl restart openvpn
PIA
https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip unzip openvpn.zip -d openvpn sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/ sudo cp 'openvpn/US New York.ovpn' /etc/openvpn/US.conf
now add login creds for PIA to file /etc/openvpn/login:
username123 password123
Now edit the config file to use these creds:
vim /etc/openvpn/US.conf
change the line with auth-user-pass in it to:
auth-user-pass /etc/openvpn/login ca /etc/openvpn/ca.rsa.2048.crt