Raspberry PI VPN: Difference between revisions
imported>Jawadmin No edit summary |
imported>Jawadmin No edit summary |
||
| Line 6: | Line 6: | ||
$ sudo apt-get install openvpn | $ sudo apt-get install openvpn | ||
Adjust /etc/openvpn/server.conf to reflect the local environment, for rapid see | Adjust /etc/openvpn/server.conf to reflect the local environment, for rapid see | ||
$ vim /etc/openvpn/serverl.conf | |||
/etc/openvpn/serverl.conf | |||
Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it. | Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it. | ||
* $ sudo vim /etc/sysctl.conf | * $ sudo vim /etc/sysctl.conf | ||
Revision as of 09:16, 23 December 2018
Raspberry PI VPN
Install openvpn
$ sudo apt-get update $ sudo apt-get update $ sudo apt-get install openvpn
Adjust /etc/openvpn/server.conf to reflect the local environment, for rapid see
$ vim /etc/openvpn/serverl.conf /etc/openvpn/serverl.conf
Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it.
- $ sudo vim /etc/sysctl.conf
- /etc/sysctl.conf
Activate the change by executing: sudo sysctl -p
Now set the firewall to allow traffic to be routed First view existing entries in iptables sudo iptables -L sudo iptables -t nat -L Enter the iptables rules, for rpi2 this is: sudo iptables -A INPUT -i tun+ -j ACCEPT sudo iptables -A OUTPUT -o tun+ -j ACCEPT sudo iptables -t nat -A POSTROUTING -s 20.172.0.0/24 -o eth0 -j MASQUERADE sudo iptables -I FORWARD -i tun0 -o eth0 -s 20.172.0.0/24 -d 10.0.0.0/24 -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT sudo iptables -A FORWARD -i tun+ -j ACCEPT sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT Check the content: sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 20.172.0.0/24 10.0.0.0/24 ctstate NEW ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere
Now install iptables-persistent, this will ask to save the existing rules in /etc/iptables/rules.v4, which will then be loaded at startup: sudo apt-get install iptables-persistent If iptables-persistent is already installed, run iptables-save and copy the file to /etc/iptables/rules.v4 sudo iptables-save > rules.v4 sudo cp rules.v4 /etc/iptables/ The content of rules.v4 looks like this for rpi2: /etc/iptables/rules.v4
Now reboot sudo shutdown -h now