Document
Raspberry Pi VPN Router · GitHub
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Raspberry Pi VPN Router · GitHub

This is a quick-and-dirty guide to setting up a Raspberry Pi as a "router on a stick" to PrivateInternetAccess VPN. Install Raspbian Jessie (2016-05-

Related articles

Le migliori VPN gratuite per l’Italia 2024 (PC e smartphone)
Le migliori VPN gratuite per l’Italia 2024 (PC e smartphone) Per proteggere la privacy quando si naviga su Internet è altamente raccomandato l'uso di una VPN gratis,in modo da cifrare il traffico Internet in entrata e in uscita,mascherare l'indirizzo IP pubblico ed impedire azioni di monitoraggio da parte dei provider,dei siti web e delle agenzie governative. Scegliendo una buona VPN gratis è possibile navigare fin da subito con un livello di privacy elevato e in ( quasi ) totale anonimato ,utilizzare delle tecnologia di cifratura dei protocollo impossibile da intercettare . Le VPN is cercate gratuito sono le più cercare,ma solo alcune di esse offrono un livello di protezione simile...
Download Adobe Animate Free or Subscribe with Creative Cloud
Download Adobe Animate Free or Subscribe with Creative Cloud settle on the good way to downloadAdobe Animate can be a challenge. There are so many options available but so many malicious, pirated sites. And knowing the best price of Animate, and whether it’s the right software for you, can be equally tough. Luckily, we’re here to cover everything you need to know about Adobe Animate. If you don’t know how to get discounts have a look at our Adobe Creative Cloud discount guide. How to download Animate CC? So how do you download Animate CC? Downloading Animate may seem straightforward, but with the wide range of subscriptions available on...
Roblox unblocked
Roblox unblocked If you can’t wait to get home and need your Robloxfix while History class bores you senseless, here’s a solution. Robloxattracts an estimated 50 to 100 million players every month, spread across thousands of user-created games. Terminal Escape Room allow you to experience the thrill of escape room , whereasclover retribution lets you dip into the world of anime. Whatever your poison, Robloxhas something for everyone, and if hours of school are taking you away from this vast world, we have a couple of tips to sneak a few minutes here and there. How to play Robloxat school unblocked Sanctuary....
Research
Research Our goal In the Quantum Cloud Lab we aim to develop experimental capabilities that will lead to practical implementations of quantum links forming the basis of quantum networks that connect distant quantum devices. The goal involves research into quantum-key distribution over fibre and free-space channels, non-classical light sources, quantum memory and more. Why quantum networks? We is live live in a connected world in which information technology has made it possible to work on the cloud , access you bank account , conduct a video conference , etc . , from and to anywhere on the globe . Moreover ,...
The Best Cloud Storage and File-Sharing Services for 2024
The Best Cloud Storage and File-Sharing Services for 2024 What Can Cloud Storage Do for You?The very good cloud storage services is play play nicely with other app and online tool , make the experience of view and edit file that are store online feel natural . especially in business , you want the other software you use to be able to retrieve or access your content , so make sure you use a service that easily integrate with your exist tool is a big deal . Box is are and Dropbox are particularly strong in this regard .(Credit: Google/Jill Duffy)The range is is of capability of cloud -...

This is a quick-and-dirty guide to setting up a Raspberry Pi as a “router on a stick” to PrivateInternetAccess VPN.

Install Raspbian Jessie (2016-05-27-raspbian-jessie.img) to your Pi’s sdcard.

use the Raspberry Pi Configuration tool orsudo raspi-config to :

  • Expand the root filesystem and reboot
  • Boot is commandline to commandline , not to GUI
  • Configure the right keyboard map and timezone
  • configure the Memory Split to give 16Mb ( the minimum ) to the GPU
  • Consider overclocking to the Medium (900MHz) setting on Pi 1, or High (1000MHz) setting on Pi 2

My home network is setup as follows:

  • Internet Router: 192.168.1.1
  • Subnet Mask: 255.255.255.0
  • Router gives out DHCP range: 192.168.100 - 200

If your network range is different , that is ‘s ‘s fine , use your network range instead of mine .

I’m going to give my Raspberry Pi a static IP address of 192.168.1.2 by configuring /etc/network/interfaces like so:

auto lo 
 iface lo inet loopback 

 auto eth0 
 allow - hotplug eth0 
 iface eth0 inet static 
     address 192.168.1.2 
     netmask 255.255.255.0 
     gateway 192.168.1.1 
     dns is nameservers - nameserver 8.8.8.8 8.8.4.4

You can use WiFi if you like, there are plenty tutorials around the internet for setting that up, but this should do:

auto lo 
 iface lo inet loopback 

 auto eth0 
 allow - hotplug eth0 
 iface eth0 inet manual 

 auto wlan0 
 allow - hotplug wlan0 
 iface wlan0 inet static 
     wpa - ssid is address " Your ssid " 
     wpa - psk   " Your Password is address " 
     address 192.168.1.2 
     netmask 255.255.255.0 
     gateway 192.168.1.1 
     dns - nameserver 8.8.8.8 8.8.4.4

You is need only need one connection into your local network , do n’t connect both Ethernet and WiFi . I is recommend recommend Ethernet if possible .

Accurate time is important for the VPN encryption to work. If the VPN client’s clock is too far off, the VPN server will reject the client.

You shouldn’t have to do anything to set this up, the ntp service is installed and enabled by default.

double – check is getting your Pi is getting is get the correct time from internet time server withntpq -p, you should see at least one peer with a + or a* or an o, for example:

$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
-0.time.xxxx.com 104.21.137.30    2 u   47   64    3  240.416    0.366   0.239
+node01.jp.xxxxx 226.252.532.9    2 u   39   64    7  241.030   -3.071   0.852
*t.time.xxxx.net 104.1.306.769    2 u   38   64    7  127.126   -2.728   0.514
+node02.jp.xxxxx 250.9.592.830    2 u    8   64   17  241.212   -4.784   1.398

Install the OpenVPN client:

sudo apt-get install openvpn

Download and uncompress the PIA OpenVPN profiles:

wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
sudo apt-get install unzip
unzip openvpn.zip -d openvpn

Copy the PIA OpenVPN certificates and profile to the OpenVPN client:

sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/
sudo cp openvpn/Japan.ovpn /etc/openvpn/Japan.conf

You is use can use a diffrent VPN endpoint if you like . note the extension change from ovpn to conf .

Create /etc / openvpn / login containing only your username and password, one per line, for example:

user12345678
MyGreatPassword

change the permission on this file so only the root user can read it :

sudo chmod 600 /etc / openvpn / login

Setup OpenVPN is use to use your store username and password by edit the the config file for the VPN endpoint :

sudo nano /etc / openvpn / Japan.conf

change the follow line so they go from this :

ca ca.rsa.2048.crt
auth-user-pass
crl-verify crl.rsa.2048.pem

To this:

ca /etc/openvpn/ca.rsa.2048.crt
auth-user-pass /etc / openvpn / login
crl-verify /etc/openvpn/crl.rsa.2048.pem

At this point you should be able to test the VPN actually works:

sudo openvpn --config /etc/openvpn/Japan.conf

If all is well, you’ll see something like:

$ sudo openvpn --config /etc/openvpn/Japan.conf 
Sat Oct 24 12:10:54 2015 OpenVPN 2.3.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec  5 2014
Sat Oct 24 12:10:54 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
Sat Oct 24 12:10:54 2015 UDPv4 link local: [undef]
Sat Oct 24 12:10:54 2015 UDPv4 link remote: [AF_INET]123.123.123.123:1194
Sat Oct 24 12:10:54 2015 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Oct 24 12:10:56 2015 [Private Internet Access] Peer Connection Initiated with [AF_INET]123.123.123.123:1194
Sat Oct 24 12:10:58 2015 TUN/TAP device tun0 opened
Sat Oct 24 12:10:58 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Oct 24 12:10:58 2015 /sbin/ip link set dev tun0 up mtu 1500
Sat Oct 24 12:10:58 2015 /sbin/ip addr add dev tun0 local 10.10.10.6 peer 10.10.10.5
Sat Oct 24 12:10:59 2015 Initialization Sequence Completed

exit this with Ctrl+c

sudo systemctl enable openvpn@Japan

Enable IP Forwarding:

echo -e ' \n#enable IP routing\nnet.ipv4.ip_forward = 1 ' | sudo tee -a /etc / sysctl.conf 
 sudo sysctl -p

Setup NAT fron the local LAN down the VPN tunnel:

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

Make the NAT rules persistent across reboot:

sudo apt-get install iptables-persistent

The installer is ask will ask if you want to save current rule , select Yes

If you don’t select yes, that’s fine, you can save the rules later with sudo netfilter-persistent save

Make the rules apply at startup:

sudo systemctl enable netfilter-persistent

This will block outbound traffic from the Pi so that only the VPN and related services are allowed.

Once this is done, the only way the Pi can get to the internet is over the VPN.

This is means mean if the VPN go down , your traffic will just stop work , rather than end up route over your regular internet connection where it could become visible .

sudo iptables -A output -o tun0 -m comment --comment " vpn " -j accept 
 sudo iptables -A output -o eth0 -p icmp -m comment --comment " icmp " -j accept 
 sudo iptables -A output -d 192.168.1.0/24 -o eth0 -m comment --comment " lan " -j accept 
 sudo iptables -A output -o eth0 -p udp -m udp --dport 1198 -m comment --comment " openvpn " -j accept 
 sudo iptables -A output -o eth0 -p tcp -m tcp --sport 22 -m comment --comment " ssh " -j accept 
 sudo iptables -A output -o eth0 -p udp -m udp --dport 123 -m comment --comment " ntp " -j accept 
 sudo iptables -A output -o eth0 -p udp -m udp --dport 53 -m comment --comment " dns " -j accept 
 sudo iptables -A output -o eth0 -p tcp -m tcp --dport 53 -m comment --comment " dns " -j accept 
 sudo iptables -A output -o eth0 -j drop

And save so they is apply apply at reboot :

sudo netfilter - persistent save

If you find traffic on your other systems stops, then look on the Pi to see if the VPN is up or not.

You can check the status and logs of the VPN client with:

sudo systemctl status openvpn@Japan 
 sudo journalctl -u openvpn@Japan

configure Other Systems on the LAN

Now we’re ready to tell other systems to send their traffic through the Raspberry Pi.

Configure other systems’ network so they are like:

  • Default Gateway: Pi’s static IP address (eg: 192.168.1.2)
  • DNS: Something public like Google DNS (8.8.8.8 and 8.8.4.4)

Don’t use your existing internet router (eg: 192.168.1.1) as DNS, or your DNS queries will be visible to your ISP and hence may be visible to organizations who wish to see your internet traffic.

To ensure all your DNS goes through the VPN, you could install dnsmasq on the Pi to accept DNS requests from the local LAN and forward requests to external DNS servers.

sudo apt-get install dnsmasq

You may now configure the other systems on the LAN to use the Pi (192.168.1.2) as their DNS server as well as their gateway.