20

I would like to enable couple of my machines to access the internet through a VPN connection. My idea is that the PI can simply dial in an establish a connection and then route requests from the other machines through it.

I am thinking that setting up a default router of the device to the IP of the PI.

While somehow experienced with command line configuration of multitude of things, could you please point to me to directions on what packages/services I need?

Summary of the setup:

  • PI connecting to the internet directly through the default router
  • PI creates a VPN connection (OpenVPN) and listens on its local interface for traffic
  • PI re-establishes connection on failures
  • other network devices have default gateway set to the IP of the PI and all their traffic goes through the VPN, provided that is up (and no internet connection if the VPN is down).

I do not need NAT or DHCP services (DNS can also go through the VPN).

petr
  • 337
  • 1
  • 2
  • 7
  • what's the point? if you use your Pi on your local network to create an outbound connection, why don't you use your other computers to create similar outbound connection directly, saving you the cost of Pi and the headache of software installation and setup? the conventional VPN setup is the computer on your local network, that listens to the inbound connections and checks passwords and then let the remote computer to use your local network directly, not vice versa. – lenik May 19 '13 at 02:57
  • 1
    @lenik the point is that I have a multitude of machines that are using the same VPN connection. Also, it is much simpler to configure a single machine than keep changing multiple machines config ensuring they re-dial etc. And you are correct - it is not a standard setup, if it was, I probably would look up tutorial and not be asking – petr May 19 '13 at 07:50
  • 1
    Not to mention that using a another device to do the routing makes a job of ensuring that ALL traffic goes through the VPN much simpler – petr May 19 '13 at 08:04
  • 3
    Some devices are also incapable of connecting to VPNs. These devices include many game consoles, and other devices which don't run standard operating systems that can easily be configured to connect to a VPN. – Kibbee May 23 '13 at 01:23
  • @lenik This setup is common in enterprise level networking equipment. It's in-built in routers starting from around $300 upwards. The OP is looking for a solution for around a 10th of the price... as am I. – Philip Couling Oct 05 '13 at 15:50
  • @couling not sure if you are still looking for a solution - but what I did in the end is to get pfSense router. Solved all my needs and you can pick a cheap used one on Ebay. – petr Apr 01 '16 at 14:10

6 Answers6

16

I have the same setup as you:

Cable modem -> Router (192.168.1.1) +-> Raspberry Pi (192.168.1.11)
                                    |-> iPad (DHCP)
                                    |-> PC (DHCP)
                                    `-> AppleTV (DHCP)

First, I changed my network settings (/etc/network/interfaces) on the RPi to a static address

iface eth0 inet static
address 192.168.1.11
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

After that, you need to setup the OpenVPN on the RPi:

sudo apt-get install openvpn

Next, you have to set the config file for the vpn /etc/openvpn/server.conf. I used the sample provided by my vpn service (Witopia) and change dev tun to dev tun0 and added redirect-gateway at the end.

Next step, modify iptables to allow NAT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To make it permanent, save it like this

sudo bash
iptables-save > /etc/iptables.up.rules
nano /etc/network/if-pre-up.d/iptables

Add this to the new file:

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules

Save and make it executable with chmod +x /etc/network/if-pre-up.d/iptables. You now need to enable IP forwarding by editing /etc/sysctl.conf and uncomment the line net.ipv4.ip_forward = 1

Reboot and the RPi should be connecting to your VPN and be ready to receive incoming traffic. I added a new option to my dhcp service on my router (running OpenWrt) to specify the gateway sent to the client. I added the line list 'dhcp_option' '3,192.168.1.11' to the file /etc/config/dhcp and rebooted the router. My iPad, PC and AppleTV now connect through the RPi to access external urls.

Sources:

nc4pk
  • 1,378
  • 1
  • 13
  • 25
StebQC
  • 176
  • 3
  • 1
    I just finished setting up a similar configuration last weekend. I also had to add "net.ipv4.tcp_ecn=0" to the /etc/sysctl.conf file. Not sure what it does, but the gateway wouldn't work properly without it. – Kibbee May 23 '13 at 01:07
  • This worked for me, with one modification: the NAT rule should be iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE – Regan Walsh Aug 19 '14 at 13:09
  • I had to install a dns server to get strongswan working. I followed the guide at https://www.elektronik-kompendium.de/sites/raspberry-pi/2002171.htm. – koppor Mar 17 '20 at 20:10
1

Try

https://help.ubuntu.com/community/OpenVPN

Raspbian should be close enough to Ubuntu for the setup to be the same, and I've just checked that the OpenVPN package is available in the Raspbian repo.

However, note that most VPN instructions will tell you how to create a server for opening your LAN to VPN clients on the internet rather than vice-versa, so you may need to experiment a bit with routing settings.

Matt Thomason
  • 154
  • 5
  • Thanks, that bit I understand a bit better - what I am not sure of is how to make the PI listen to connections and forward them through the VPN? – petr May 18 '13 at 22:34
  • 1
    @petr You just need to run sysctl -w net.ipv4.ip_forward = 1 , and have your other machines use the RPI as its default gateway, and the RPI will happily route. – nos May 23 '13 at 17:43
1

Currently PPTP only (OpenVPN support coming) - check out my project called DSVR (Domain Specific VPN Router) for the Raspberry Pi.

Blog entry - http://darranboyd.wordpress.com/2013/07/05/selective-vpn-routing-solution-dsvr/

GIThub - https://github.com/dboyd13/DSVR

MrDB
  • 111
  • 1
0

Here is my setup which is very similar to your need; the only thing you need, installing OpenVPN client and doing some configurations on the Raspbian. enter image description here

I described it in my blog; Setting up VPN Gateway with Raspberry PI

afelaho
  • 101
  • 1
  • Hello and welcome! Right now I dont think that the question "could you please point to me to directions on what packages/services I need?could you please point to me to directions on what packages/services I need?" is addressed in the answer. Could you please elaborate a little more without requiring people to follow the link (which in fact is just the figure again)? – Ghanima Jan 15 '15 at 07:26
  • @Ghanima, thanks for your comment. I have changed my reply. – afelaho Jan 16 '15 at 20:26
0

Don't know if this is useful, but I'm using VPN on Raspberry Pi from a vpn provider when I travel out of usa to china, they have a dd-wrt script which I installed and it worked from first time. So may be you can save yourself a lot of trouble if you look for a provider with already made dd-wrt script. If somebody is curious about the script I can post it here.

Michael Donnahew
  • 1
0

I create a OpenVPN Gateway Image for Raspberry Pi. Hope its helpful :)

http://techfunbln.blogspot.de/2013/09/raspberry-pi-as-openvpn-gateway-with-or.html

best regards Paul

paul
  • 1