Last active
December 8, 2016 18:29
-
-
Save rnewson/dbe91d7beea3cf928e09 to your computer and use it in GitHub Desktop.
notes on rPI PIA VPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # fresh raspbian image | |
| # I'm using the Edimax EW-7811UN (http://www.amazon.co.uk/gp/product/B003MTTJOY) | |
| # which requires a custom hostapd. I expect there are better options now that Just Work. | |
| # Initial setup | |
| expand partition | |
| expand filesystem | |
| memory split to 32 | |
| configure sshd to publickey only (and add your key...) | |
| # DHCP server | |
| sudo apt-get -y install dnsmasq | |
| ## create /etc/dnsmasq.d/pia.confs ; | |
| # disables dnsmasq reading any other files like /etc/resolv.conf for nameservers | |
| no-resolv | |
| # Interface to bind to | |
| interface=wlan0 | |
| # Specify starting_range,end_range,lease_time | |
| dhcp-range=10.0.0.3,10.0.0.20,12h | |
| # dns addresses to send to the clients | |
| server=209.222.18.222 | |
| server=209.222.18.218 | |
| ## Restart | |
| sudo service dnsmasq restart | |
| # forwarding | |
| echo 'net.ipv4.ip_forward=1' | sudo tee /etc/sysctl.d/local.conf | |
| sudo sysctl -w net.ipv4.ip_forward=1 | |
| sudo iptables --flush | |
| sudo iptables --table nat --flush | |
| sudo iptables --delete-chain | |
| sudo iptables --table nat --delete-chain | |
| sudo iptables --table nat --append POSTROUTING --out-interface tun0 -j MASQUERADE | |
| sudo iptables --append FORWARD --in-interface wlan0 -j ACCEPT | |
| sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" | |
| # AP setup | |
| sudo apt-get -y install hostapd | |
| ## Replace binary | |
| sudo wget -r -O /usr/local/sbin/hostapd http://dl.dropbox.com/u/1663660/hostapd/hostapd | |
| sudo chown root:root /usr/local/sbin/hostapd | |
| sudo chmod 755 /usr/local/sbin/hostapd | |
| ## Change /etc/init.d/hostapd | |
| DAEMON_SBIN=/usr/local/sbin/hostapd | |
| ## create /etc/hostapd/hostapd.conf | |
| interface=wlan0 | |
| ssid=YOURNAMEHERE | |
| channel=11 | |
| macaddr_acl=0 | |
| auth_algs=1 | |
| ignore_broadcast_ssid=0 | |
| wpa=2 | |
| wpa_passphrase=YOURPASSHERE | |
| wpa_key_mgmt=WPA-PSK | |
| wpa_pairwise=TKIP | |
| rsn_pairwise=CCMP | |
| driver=rtl871xdrv | |
| ieee80211n=1 | |
| device_name=RTL8192CU | |
| manufacturer=Realtek | |
| hw_mode=g | |
| ## Change /etc/default/hostapd | |
| DAEMON_CONF="/etc/hostapd/hostapd.conf" | |
| ## /etc/network/interfaces | |
| auto lo | |
| iface lo inet loopback | |
| iface eth0 inet dhcp | |
| allow-hotplug wlan0 | |
| iface wlan0 inet static | |
| address 10.0.0.1 | |
| gateway YOURGATEWAYHERE | |
| netmask 255.255.255.0 | |
| pre-up iptables-restore < /etc/iptables.ipv4.nat | |
| ## Start it | |
| sudo service hostapd start | |
| # Setup OpenVPN | |
| ## Install it | |
| sudo apt-get -y install openvpn | |
| ## PIA setup | |
| sudo rm -f /etc/openvpn/{ca.crt,crl.pem,*.conf} | |
| wget -c https://www.privateinternetaccess.com/openvpn/openvpn.zip | |
| unzip openvpn.zip | |
| rename 's/ovpn$/conf/' *.ovpn | |
| sudo mv *.conf ca.crt crl.pem /etc/openvpn/ | |
| echo 'AUTOSTART="CHOSEN_CONF_HERE"' | sudo tee /etc/default/openvpn | |
| sudo sed -i'' 's:auth-user-pass:auth-user-pass /etc/openvpn/creds:' /etc/openvpn/*.conf | |
| sudo touch /etc/openvpn/creds | |
| sudo chmod 400 /etc/openvpn/creds | |
| # Fill /etc/openvpn/creds with username and password on separate lines | |
| # Start it | |
| sudo /etc/init.d/openvpn start |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment