Goal
In Progress
Use Raspberry PI 2 as a PP2P VPN gateway so that devices on the network can be configure to use PI as gateway which should direct the internet traffic through VPN.
Setup
- Modify main router to issue DHCP address so that PI can be assigned an IP address outside the range.
- Connect PI using ethernet cable. WIFI may also be used, however, following instructions assume eth.
- Setup PI with static IP address. Modify
/etc/dhcpcd.conf
with following contents (192.168.1.2 is PI ip address, 192.168.1.1 is the WAN router IP address):
interface eth0
static ip_address=192.168.1.2/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1
- Reboot and verify ip address assignment.
Update/Upgrade Raspbian This can be time consuming. Expect 10-15 minutes for this step.
- Run following commands to update/upgrade RaspberryPI.
sudo apt-get update -y
sudo apt-get upgrade -y
Enable IP forward
Modify /etc/sysctl.conf
and append net.ipv4.ip_forward=1
. Reboot
Install PP2P VPN Client Libraries Install pptp-linux package. OpenVPN can be installed though not covered in these instructions.
sudo apt-get install -y pptp-linux
Setup pptp-linux examplela - tunnel name, should not contain spaces, punctuation etc. Substitute all values as per your setup.
sudo pptpsetup --create examplela --server pptp-la.example.com --username exampleuser --password examplepassword --encrypt --start
The configuration file should gets created in /etc/ppp/peers/
- Modify
/etc/ppp/peers/examplela
and add following options:
persist
maxfail 0
defaultroute
replacedefaultroute
usepeerdns
- Modify
/etc/rc.local
and add following commands
...
#Establish PP2P VPN Connection
printf "Establishing VPN connection through ppp0\n"
pon examplela persist updetach
...
- Reboot and verify vpn connection establishes.
Routing Setup We will use iptables to setup routing.
To flush all iptables (visit this section in case we mess up later)
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
Following commands set up routing.
sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
sudo iptables -A FORWARD -i ppp0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
The above can also go in /etc/rc.local
(without sudo) to allow iptable update on boot.
- Modify other systems on network with manual ip such that gateway points to PI ip address i.e. 192.168.1.2 and DNS points to google or other public DNS i.e. 8.8.8.8
Reboot and verify things are working ok.
References
- https://devtidbits.com/2013/02/19/using-a-point-to-point-tunnelling-protocol-virtual-private-network-pptp-vpn-client-on-a-raspberry-pi/
- https://support.hidemyass.com/hc/en-us/articles/202721486-Using-Linux-Virtual-Machine-instead-of-a-router-for-VPN
- http://raspberrypi.stackexchange.com/questions/1679/run-all-online-traffic-through-an-pptp-vpn-connection