Raspberry PI VPN: Difference between revisions
Jump to navigation
Jump to search
imported>Jawadmin No edit summary |
imported>Jacob No edit summary |
||
| (8 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
Raspberry PI | <hr><p style="text align:left;"> | ||
Return [[Raspberry PI Knowledge Base]] | |||
<span style="float:right;"> | |||
Next [[Raspberry PI WiFi]] | |||
</span></p><hr> | |||
Install openvpn | Install openvpn | ||
| Line 7: | Line 11: | ||
Adjust /etc/openvpn/server.conf to reflect the local environment, for rapid see | Adjust /etc/openvpn/server.conf to reflect the local environment, for rapid see | ||
$ vim /etc/openvpn/serverl.conf | $ vim /etc/openvpn/serverl.conf | ||
/etc/openvpn/serverl.conf | [[/etc/openvpn/serverl.conf]] | ||
Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it. | Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it. | ||
$ sudo vim /etc/sysctl.conf | |||
[[/etc/sysctl.conf]] | |||
Activate the change by executing: | Activate the change by executing: | ||
sudo sysctl -p | $ sudo sysctl -p | ||
Now set the firewall to allow traffic to be routed | Now set the firewall to allow traffic to be routed. | ||
First view existing entries in iptables | First view existing entries in iptables: | ||
sudo iptables -L | $ sudo iptables -L | ||
sudo iptables -t nat -L | $ sudo iptables -t nat -L | ||
Enter the iptables rules, for rpi2 this is: | Enter the iptables rules, for rpi2 this is: | ||
sudo iptables -A INPUT -i tun+ -j ACCEPT | $ sudo iptables -A INPUT -i tun+ -j ACCEPT | ||
sudo iptables -A OUTPUT -o tun+ -j ACCEPT | $ sudo iptables -A OUTPUT -o tun+ -j ACCEPT | ||
sudo iptables -t nat -A POSTROUTING -s 20.172.0.0/24 -o eth0 -j MASQUERADE | $ sudo iptables -t nat -A POSTROUTING -s 20.172.0.0/24 -o eth0 -j MASQUERADE | ||
sudo iptables -I FORWARD -i tun0 -o eth0 -s 20.172.0.0/24 -d 10. | $ sudo iptables -I FORWARD -i tun0 -o eth0 -s 20.172.0.0/24 -d 10.9.9.0/24 -m conntrack --ctstate NEW -j ACCEPT | ||
sudo iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT | $ sudo iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT | ||
sudo iptables -A FORWARD -i tun+ -j ACCEPT | $ sudo iptables -A FORWARD -i tun+ -j ACCEPT | ||
sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT | $ sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT | $ sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
Check the content: | Check the content: | ||
sudo iptables -L | $ sudo iptables -L | ||
Chain INPUT (policy ACCEPT) | Chain INPUT (policy ACCEPT) | ||
target prot opt source destination | target prot opt source destination | ||
ACCEPT all -- anywhere anywhere | ACCEPT all -- anywhere anywhere | ||
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn | ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn | ||
Chain FORWARD (policy ACCEPT) | Chain FORWARD (policy ACCEPT) | ||
target prot opt source destination | target prot opt source destination | ||
ACCEPT all -- 20.172.0.0/24 10.0.0.0/24 ctstate NEW | ACCEPT all -- 20.172.0.0/24 10.0.0.0/24 ctstate NEW | ||
ACCEPT all -- anywhere anywhere | ACCEPT all -- anywhere anywhere | ||
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | ||
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | ||
Chain OUTPUT (policy ACCEPT) | Chain OUTPUT (policy ACCEPT) | ||
target prot opt source destination | target prot opt source destination | ||
ACCEPT all -- anywhere anywhere | ACCEPT all -- anywhere anywhere | ||
Now install iptables-persistent, this will ask to save the existing rules in /etc/iptables/rules.v4, which will then be loaded at startup: | Now install iptables-persistent, this will ask to save the existing rules in /etc/iptables/rules.v4, which will then be loaded at startup: | ||
sudo apt-get install iptables-persistent | $ sudo apt-get install iptables-persistent | ||
If iptables-persistent is already installed, run iptables-save and copy the file to /etc/iptables/rules.v4 | If iptables-persistent is already installed, run iptables-save and copy the file to /etc/iptables/rules.v4 | ||
sudo iptables-save > rules.v4 | $ sudo iptables-save > rules.v4 | ||
sudo cp rules.v4 /etc/iptables/ | $ sudo cp rules.v4 /etc/iptables/ | ||
The content of rules.v4 looks like this for rpi2: | The content of rules.v4 looks like this for rpi2: | ||
/etc/iptables/rules.v4 | [[/etc/iptables/rules.v4]] | ||
Now reboot | Now reboot | ||
sudo shutdown -h now | $ sudo shutdown -h now | ||
<hr><p style="text align:left;"> | |||
Return [[Raspberry PI Knowledge Base]] | |||
<span style="float:right;"> | |||
Return [[Raspberry PI Knowledge Base]] | |||
</span></p> | |||
Latest revision as of 15:24, 6 March 2020
Return Raspberry PI Knowledge Base Next Raspberry PI WiFi
Install openvpn
$ sudo apt-get update $ sudo apt-get update $ sudo apt-get install openvpn
Adjust /etc/openvpn/server.conf to reflect the local environment, for rapid see
$ vim /etc/openvpn/serverl.conf /etc/openvpn/serverl.conf
Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it.
$ sudo vim /etc/sysctl.conf /etc/sysctl.conf
Activate the change by executing:
$ sudo sysctl -p
Now set the firewall to allow traffic to be routed. First view existing entries in iptables:
$ sudo iptables -L $ sudo iptables -t nat -L
Enter the iptables rules, for rpi2 this is:
$ sudo iptables -A INPUT -i tun+ -j ACCEPT $ sudo iptables -A OUTPUT -o tun+ -j ACCEPT $ sudo iptables -t nat -A POSTROUTING -s 20.172.0.0/24 -o eth0 -j MASQUERADE $ sudo iptables -I FORWARD -i tun0 -o eth0 -s 20.172.0.0/24 -d 10.9.9.0/24 -m conntrack --ctstate NEW -j ACCEPT $ sudo iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT $ sudo iptables -A FORWARD -i tun+ -j ACCEPT $ sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT $ sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
Check the content:
$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 20.172.0.0/24 10.0.0.0/24 ctstate NEW ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere
Now install iptables-persistent, this will ask to save the existing rules in /etc/iptables/rules.v4, which will then be loaded at startup:
$ sudo apt-get install iptables-persistent
If iptables-persistent is already installed, run iptables-save and copy the file to /etc/iptables/rules.v4
$ sudo iptables-save > rules.v4 $ sudo cp rules.v4 /etc/iptables/
The content of rules.v4 looks like this for rpi2:
/etc/iptables/rules.v4
Now reboot
$ sudo shutdown -h now
Return Raspberry PI Knowledge Base Return Raspberry PI Knowledge Base