So you can find your host via NetBIOS later on:
- Mac OS X:
smbutil lookup my-pi
- Windows:
ping my-pi
- Linux:
apt-get install libnss-windbind
, also https://serverfault.com/questions/352305/why-can-windows-machines-resolve-local-names-when-linux-cantping my-pi
wget https://github.com/cfstras/nbnsd/releases/download/v1.1/nbnsd.arm -O /usr/bin/nbnsd
chmod a+x /usr/bin/nbnsd
wget https://raw.githubusercontent.com/cfstras/nbnsd/master/nbnsd.service -O /etc/systemd/system/nbnsd.service
systemctl daemon-reload
systemctl enable --now nbnsd
apt-get update && apt-get install -y openvpn hostapd
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.d/99-sysctl.conf
sysctl -w net.ipv4.ip_forward=1
cat >> /etc/network/interfaces <<EOF
auto eth0
iface eth0 inet static
address 192.168.0.3/24
gateway 192.168.0.1
nameserver 8.8.8.8
auto wlan0
allow-hotplug wlan0
iface wlan0 inet static
address 10.99.0.1/24
EOF
systemctl restart networking
systemctl disable --now NetworkManager
systemctl disable --now wpa_supplicant.service
echo 'DAEMON_CONF="/etc/hostapd/hostapd.conf"' >> /etc/default/hostapd
cat >> /etc/hostapd/hostapd.conf <<EOF
interface=wlan0
hw_mode=g
channel=11
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
ssid=YOUR WIFI SSID
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=WIFI PASSWORD
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
logger_syslog_level=2
EOF
systemctl enable --now hostapd
apt-get install -y dnsmasq
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
cat > /etc/dnsmasq.conf <<EOF
interface=eth0 # Also allow clients on ethernet
interface=wlan0 # Use interface wlan0 mainly
listen-address=10.99.0.1 # Explicitly specify the address to listen on
bind-interfaces # Bind to the interface to make sure we aren't sending things elsewhere
server=1.1.1.1 # specify your VPN Providers DNS servers here
server=1.0.0.1
domain-needed # Don't forward short names (from LAN)
bogus-priv # Never forward addresses in the non-routed address spaces.
dhcp-range=10.99.0.10,10.99.0.150,30d # set DHCP range
no-resolv # don't read resolv.conf
local-service # only perform dns for local subnets
EOF
systemctl enable --now dnsmasq
systemctl restart dnsmasq
apt-get install -y iptables-persistent
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables-save > /etc/iptables/rules.v4
Now, copy your openvpn conf files into /etc/openvpn/client.
hint: add the line auth-user-pass auth.txt
, and a file auth.txt
with two lines (user & password).
Assuming your file is called ${CONFIG}.conf
:
systemctl enable --now openvpn-client@$CONFIG
You're Done!
You can connect clients in one of two ways:
-
Simply connect to the WiFi. Easy, but not very fast (depending on your Pi)
-
Connect them via ethernet cable. Give them this manual IP config:
- IP:
192.168.0.x
(something in the range, not 1, not 3) - Subnet Mask:
255.255.255.0
- Gateway:
192.168.0.3
- DNS:
192.168.0.3
- IP: