Skip to content

Instantly share code, notes, and snippets.

@usmansaleem

usmansaleem/rpi2vpngateway.md

Last active March 3, 2023 11:23
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save usmansaleem/572e845c5f1ef42505bd0e1ffc31f548 to your computer and use it in GitHub Desktop.
Save usmansaleem/572e845c5f1ef42505bd0e1ffc31f548 to your computer and use it in GitHub Desktop.
Download ZIP
Raspberry pi as PP2P vpn gateway
Raw
rpi2vpngateway.md

Goal

In Progress

Use Raspberry PI 2 as a PP2P VPN gateway so that devices on the network can be configure to use PI as gateway which should direct the internet traffic through VPN.

Setup

  • Modify main router to issue DHCP address so that PI can be assigned an IP address outside the range.
  • Connect PI using ethernet cable. WIFI may also be used, however, following instructions assume eth.
  • Setup PI with static IP address. Modify /etc/dhcpcd.conf with following contents (192.168.1.2 is PI ip address, 192.168.1.1 is the WAN router IP address):
interface eth0
static ip_address=192.168.1.2/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
  • Reboot and verify ip address assignment.

Update/Upgrade Raspbian This can be time consuming. Expect 10-15 minutes for this step.

  • Run following commands to update/upgrade RaspberryPI.
sudo apt-get update -y
sudo apt-get upgrade -y

Enable IP forward Modify /etc/sysctl.conf and append net.ipv4.ip_forward=1. Reboot

Install PP2P VPN Client Libraries Install pptp-linux package. OpenVPN can be installed though not covered in these instructions.

sudo apt-get install -y pptp-linux

Setup pptp-linux examplela - tunnel name, should not contain spaces, punctuation etc. Substitute all values as per your setup.

sudo pptpsetup --create examplela --server pptp-la.example.com --username exampleuser --password examplepassword --encrypt --start

The configuration file should gets created in /etc/ppp/peers/

  • Modify /etc/ppp/peers/examplela and add following options:
persist
maxfail 0
defaultroute
replacedefaultroute
usepeerdns
  • Modify /etc/rc.local and add following commands
...
#Establish PP2P VPN Connection
printf "Establishing VPN connection through ppp0\n"
pon examplela persist updetach
...
  • Reboot and verify vpn connection establishes.

Routing Setup We will use iptables to setup routing.

To flush all iptables (visit this section in case we mess up later)

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

Following commands set up routing.

sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
sudo iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

The above can also go in /etc/rc.local (without sudo) to allow iptable update on boot.

  • Modify other systems on network with manual ip such that gateway points to PI ip address i.e. 192.168.1.2 and DNS points to google or other public DNS i.e. 8.8.8.8

Reboot and verify things are working ok.

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment