Raspberry PI VPN: Difference between revisions
Jump to navigation
Jump to search
imported>Jawadmin No edit summary |
imported>Jawadmin No edit summary |
||
| Line 9: | Line 9: | ||
/etc/openvpn/serverl.conf | /etc/openvpn/serverl.conf | ||
Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it. | Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it. | ||
$ sudo vim /etc/sysctl.conf | |||
/etc/sysctl.conf | |||
Activate the change by executing: | Activate the change by executing: | ||
sudo sysctl -p | $ sudo sysctl -p | ||
Now set the firewall to allow traffic to be routed | Now set the firewall to allow traffic to be routed. | ||
First view existing entries in iptables | First view existing entries in iptables: | ||
sudo iptables -L | $ sudo iptables -L | ||
sudo iptables -t nat -L | $ sudo iptables -t nat -L | ||
Enter the iptables rules, for rpi2 this is: | Enter the iptables rules, for rpi2 this is: | ||
sudo iptables -A INPUT -i tun+ -j ACCEPT | $ sudo iptables -A INPUT -i tun+ -j ACCEPT | ||
sudo iptables -A OUTPUT -o tun+ -j ACCEPT | $ sudo iptables -A OUTPUT -o tun+ -j ACCEPT | ||
sudo iptables -t nat -A POSTROUTING -s 20.172.0.0/24 -o eth0 -j MASQUERADE | $ sudo iptables -t nat -A POSTROUTING -s 20.172.0.0/24 -o eth0 -j MASQUERADE | ||
sudo iptables -I FORWARD -i tun0 -o eth0 -s 20.172.0.0/24 -d 10.0.0.0/24 -m conntrack --ctstate NEW -j ACCEPT | $ sudo iptables -I FORWARD -i tun0 -o eth0 -s 20.172.0.0/24 -d 10.0.0.0/24 -m conntrack --ctstate NEW -j ACCEPT | ||
sudo iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT | $ sudo iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT | ||
sudo iptables -A FORWARD -i tun+ -j ACCEPT | $ sudo iptables -A FORWARD -i tun+ -j ACCEPT | ||
sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT | $ sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT | $ sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
Check the content: | Check the content: | ||
sudo iptables -L | $ sudo iptables -L | ||
Chain INPUT (policy ACCEPT) | Chain INPUT (policy ACCEPT) | ||
target prot opt source destination | target prot opt source destination | ||
ACCEPT all -- anywhere anywhere | ACCEPT all -- anywhere anywhere | ||
ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn | ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn | ||
Chain FORWARD (policy ACCEPT) | Chain FORWARD (policy ACCEPT) | ||
target prot opt source destination | target prot opt source destination | ||
ACCEPT all -- 20.172.0.0/24 10.0.0.0/24 ctstate NEW | ACCEPT all -- 20.172.0.0/24 10.0.0.0/24 ctstate NEW | ||
ACCEPT all -- anywhere anywhere | ACCEPT all -- anywhere anywhere | ||
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | ||
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED | ||
Chain OUTPUT (policy ACCEPT) | Chain OUTPUT (policy ACCEPT) | ||
target prot opt source destination | target prot opt source destination | ||
ACCEPT all -- anywhere anywhere | ACCEPT all -- anywhere anywhere | ||
Now install iptables-persistent, this will ask to save the existing rules in /etc/iptables/rules.v4, which will then be loaded at startup: | Now install iptables-persistent, this will ask to save the existing rules in /etc/iptables/rules.v4, which will then be loaded at startup: | ||
Revision as of 09:19, 23 December 2018
Raspberry PI VPN
Install openvpn
$ sudo apt-get update $ sudo apt-get update $ sudo apt-get install openvpn
Adjust /etc/openvpn/server.conf to reflect the local environment, for rapid see
$ vim /etc/openvpn/serverl.conf /etc/openvpn/serverl.conf
Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it.
$ sudo vim /etc/sysctl.conf /etc/sysctl.conf
Activate the change by executing:
$ sudo sysctl -p
Now set the firewall to allow traffic to be routed. First view existing entries in iptables:
$ sudo iptables -L $ sudo iptables -t nat -L
Enter the iptables rules, for rpi2 this is:
$ sudo iptables -A INPUT -i tun+ -j ACCEPT $ sudo iptables -A OUTPUT -o tun+ -j ACCEPT $ sudo iptables -t nat -A POSTROUTING -s 20.172.0.0/24 -o eth0 -j MASQUERADE $ sudo iptables -I FORWARD -i tun0 -o eth0 -s 20.172.0.0/24 -d 10.0.0.0/24 -m conntrack --ctstate NEW -j ACCEPT $ sudo iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT $ sudo iptables -A FORWARD -i tun+ -j ACCEPT $ sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT $ sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
Check the content:
$ sudo iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW udp dpt:openvpn Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 20.172.0.0/24 10.0.0.0/24 ctstate NEW ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere
Now install iptables-persistent, this will ask to save the existing rules in /etc/iptables/rules.v4, which will then be loaded at startup: sudo apt-get install iptables-persistent If iptables-persistent is already installed, run iptables-save and copy the file to /etc/iptables/rules.v4 sudo iptables-save > rules.v4 sudo cp rules.v4 /etc/iptables/ The content of rules.v4 looks like this for rpi2: /etc/iptables/rules.v4
Now reboot sudo shutdown -h now