Last active
November 5, 2022 14:04
-
-
Save C0nw0nk/5e3f16e50b91945d21aa5b188b141783 to your computer and use it in GitHub Desktop.
RaspberryPI VPN setup PrivateInternetAccess
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
#tweak for your own needs original guide was here but everybody has their own setup https://not-blog.heyitschris.com/how-to-properly-set-up-pia-vpn-on-a-raspberry-pi-with-a-killswitch-ckhi6vlp900kt1cs189cm5w7u | |
#Obtain openvpn file such as uk-london from https://www.privateinternetaccess.com/openvpn/openvpn.zip | |
#Directory to store vpn files /etc/openvpn/client/uk-london.conf | |
sudo apt update && sudo apt upgrade -y | |
curl https://ipinfo.io/ | |
sudo apt install openvpn -y | |
sudo bash -c 'echo "USERNAME" >> /etc/openvpn/login' | |
sudo bash -c 'echo "PASSWORD" >> /etc/openvpn/login' | |
#Modify Line | |
auth-user-pass -> auth-user-pass /etc/openvpn/login | |
sudo nano /etc/openvpn/client/uk-london.conf | |
sudo systemctl start openvpn-client@uk-london | |
sudo systemctl enable openvpn-client@uk-london | |
curl https://ipinfo.io/ | |
# Allow loopback device (internal communication) | |
sudo iptables -A INPUT -i lo -j ACCEPT | |
sudo iptables -A OUTPUT -o lo -j ACCEPT | |
#Allow all local traffic. | |
sudo iptables -A INPUT -s 192.168.8.0/24 -j ACCEPT | |
sudo iptables -A OUTPUT -d 192.168.8.0/24 -j ACCEPT | |
# Allow VPN establishment | |
# Only 2 ports open, 1 for DNS and 1 for VPN | |
# If establishing thru an IP and not a name, the ones with port 53 can be removed | |
# Port 1198 may be different depending on the VPN | |
sudo iptables -A OUTPUT -p udp --dport 53 -j ACCEPT | |
sudo iptables -A INPUT -p udp --sport 53 -j ACCEPT | |
sudo iptables -A OUTPUT -p udp --dport 1198 -j ACCEPT | |
sudo iptables -A INPUT -p udp --sport 1198 -j ACCEPT | |
#Accept all TUN connections (tun = VPN tunnel) | |
sudo iptables -A OUTPUT -o tun+ -j ACCEPT | |
sudo iptables -A INPUT -i tun+ -j ACCEPT | |
#Set default policies to drop all communication unless specifically allowed | |
sudo iptables -P INPUT DROP | |
sudo iptables -P OUTPUT DROP | |
sudo iptables -P FORWARD DROP | |
sudo apt-get install iptables-persistent -y && sudo netfilter-persistent save && sudo systemctl enable netfilter-persistent && sudo reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment