PI as a VPN router for local machines

Question

I would like to enable couple of my machines to access the internet through a VPN connection. My idea is that the PI can simply dial in an establish a connection and then route requests from the other machines through it.

I am thinking that setting up a default router of the device to the IP of the PI.

While somehow experienced with command line configuration of multitude of things, could you please point to me to directions on what packages/services I need?

Summary of the setup:

PI connecting to the internet directly through the default router
PI creates a VPN connection (OpenVPN) and listens on its local interface for traffic
PI re-establishes connection on failures
other network devices have default gateway set to the IP of the PI and all their traffic goes through the VPN, provided that is up (and no internet connection if the VPN is down).

I do not need NAT or DHCP services (DNS can also go through the VPN).

score 16 · Accepted Answer · edited May 23 '13 at 10:46

I have the same setup as you:

Cable modem -> Router (192.168.1.1) +-> Raspberry Pi (192.168.1.11)
                                    |-> iPad (DHCP)
                                    |-> PC (DHCP)
                                    `-> AppleTV (DHCP)

First, I changed my network settings (/etc/network/interfaces) on the RPi to a static address

iface eth0 inet static
address 192.168.1.11
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

After that, you need to setup the OpenVPN on the RPi:

sudo apt-get install openvpn

Next, you have to set the config file for the vpn /etc/openvpn/server.conf. I used the sample provided by my vpn service (Witopia) and change dev tun to dev tun0 and added redirect-gateway at the end.

Next step, modify iptables to allow NAT

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To make it permanent, save it like this

sudo bash
iptables-save > /etc/iptables.up.rules
nano /etc/network/if-pre-up.d/iptables

Add this to the new file:

#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules

Save and make it executable with chmod +x /etc/network/if-pre-up.d/iptables. You now need to enable IP forwarding by editing /etc/sysctl.conf and uncomment the line net.ipv4.ip_forward = 1

Reboot and the RPi should be connecting to your VPN and be ready to receive incoming traffic. I added a new option to my dhcp service on my router (running OpenWrt) to specify the gateway sent to the client. I added the line list 'dhcp_option' '3,192.168.1.11' to the file /etc/config/dhcp and rebooted the router. My iPad, PC and AppleTV now connect through the RPi to access external urls.

Sources:

score 1 · Answer 2 · answered May 18 '13 at 22:31

Try

https://help.ubuntu.com/community/OpenVPN

Raspbian should be close enough to Ubuntu for the setup to be the same, and I've just checked that the OpenVPN package is available in the Raspbian repo.

However, note that most VPN instructions will tell you how to create a server for opening your LAN to VPN clients on the internet rather than vice-versa, so you may need to experiment a bit with routing settings.

score 1 · Answer 3 · answered Jul 22 '13 at 08:45

Currently PPTP only (OpenVPN support coming) - check out my project called DSVR (Domain Specific VPN Router) for the Raspberry Pi.

Blog entry - http://darranboyd.wordpress.com/2013/07/05/selective-vpn-routing-solution-dsvr/

GIThub - https://github.com/dboyd13/DSVR

afelaho · Answer 4 · 2015-04-18T23:01:38.760

0

Here is my setup which is very similar to your need; the only thing you need, installing OpenVPN client and doing some configurations on the Raspbian. enter image description here

I described it in my blog; Setting up VPN Gateway with Raspberry PI

edited Apr 18 '15 at 23:01

answered Jan 14 '15 at 23:27

afelaho

101
1

score 0 · Answer 5 · answered Sep 22 '13 at 14:57

Don't know if this is useful, but I'm using VPN on Raspberry Pi from a vpn provider when I travel out of usa to china, they have a dd-wrt script which I installed and it worked from first time. So may be you can save yourself a lot of trouble if you look for a provider with already made dd-wrt script. If somebody is curious about the script I can post it here.

score 0 · Answer 6 · answered Sep 22 '13 at 17:06

0

I create a OpenVPN Gateway Image for Raspberry Pi. Hope its helpful :)

http://techfunbln.blogspot.de/2013/09/raspberry-pi-as-openvpn-gateway-with-or.html

best regards Paul

answered Sep 22 '13 at 17:06

paul

1

PI as a VPN router for local machines

6 Answers6

Linked