Raspberry PI VPN

From wiki
Jump to navigation Jump to search

Return Raspberry PI Knowledge Base Next Raspberry PI WiFi

Install openvpn 

$ sudo apt-get update
$ sudo apt-get update
$ sudo apt-get install openvpn

Adjust /etc/openvpn/server.conf to reflect the local environment, for rapid see 

$ vim /etc/openvpn/serverl.conf
 /etc/openvpn/serverl.conf

Routing is required enable this in sys control by changing /etc/openvpn/server.conf and activating it. 

$ sudo vim /etc/sysctl.conf
 /etc/sysctl.conf

Activate the change by executing: 

$ sudo sysctl -p

Now set the firewall to allow traffic to be routed. First view existing entries in iptables: 

$ sudo iptables -L
$ sudo iptables -t nat -L

Enter the iptables rules, for rpi2 this is: 

$ sudo iptables -A INPUT -i tun+ -j ACCEPT
$ sudo iptables -A OUTPUT -o tun+ -j ACCEPT
$ sudo iptables -t nat -A POSTROUTING -s 20.172.0.0/24 -o eth0 -j MASQUERADE
$ sudo iptables -I FORWARD -i tun0 -o eth0 -s 20.172.0.0/24 -d 10.9.9.0/24 -m conntrack --ctstate NEW -j ACCEPT
$ sudo iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
$ sudo iptables -A FORWARD -i tun+ -j ACCEPT
$ sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT

Check the content: 

$ sudo iptables -L
 Chain INPUT (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     all  --  anywhere             anywhere            
 ACCEPT     udp  --  anywhere             anywhere             state NEW udp dpt:openvpn
 Chain FORWARD (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     all  --  20.172.0.0/24        10.0.0.0/24          ctstate NEW
 ACCEPT     all  --  anywhere             anywhere            
 ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
 ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
 Chain OUTPUT (policy ACCEPT)
 target     prot opt source               destination         
 ACCEPT     all  --  anywhere             anywhere

Now install iptables-persistent, this will ask to save the existing rules in /etc/iptables/rules.v4, which will then be loaded at startup: 

$ sudo apt-get install iptables-persistent

If iptables-persistent is already installed, run iptables-save and copy the file to /etc/iptables/rules.v4 

$ sudo iptables-save > rules.v4
$ sudo cp rules.v4 /etc/iptables/

The content of rules.v4 looks like this for rpi2: 

/etc/iptables/rules.v4

Now reboot 

$ sudo shutdown -h now

Return Raspberry PI Knowledge Base Return Raspberry PI Knowledge Base

Retrieved from "https://wiki.sjakio.com:443/index.php?title=Raspberry_PI_VPN&oldid=42"