Basic VPN Router with Raspberry Pi

This tutorial builds upon our previous Wireless Access Point tutorial but makes one significant change, and this is to route all the traffic through a VPN.
A VPN Access Point provides a quick and easy way of running any device you want through a VPN even if it doesn’t support any VPN software. As all you need to do is connect that device to your Raspberry Pi wireless access point and all its traffic will be automatically routed through a VPN tunnel.
This project is essentially a VPN router and incredibly easy to set up, and you will need to first run through the first tutorial that I just linked to.
You can choose to utilize your VPN service for this if you have any recommendations for other providers you can drop us a comment on our forums.

 Equipment List

Below are all the bits and pieces that I used for this Raspberry Pi VPN access point tutorial, there is nothing super special that you will need to be able to complete this.

Recommended


Optional

 Preparing OpenVPN for the access point

To set up our VPN Access Point, you will first have to of followed our Wireless Access Point tutorial, as this will set up your Raspberry Pi correctly for this tutorial.
For this tutorial, we will be showing you how you can utilize your VPN service to set up a VPN Access Point.
The two VPNs that we will touch on in this tutorial is VyprVPN and NordVPN. We chose these two as we found both of them to be reliable, speedy and good privacy policies.
For the VPN itself, we will be utilizing the OpenVPN software, the two VPN’s that we will be touching on offers full support for the OpenVPN protocol and provides us with the .opvn files required to get it to run.
1. Before we get started with setting up our VPN Access Point, lets first make sure we have the latest packages by running the following two commands.
sudo apt-get update
sudo apt-get upgrade
2. Now that we are entirely up to date we can install the OpenVPN software that we will rely on.
We can do that by running the following command in the terminal:
sudo apt-get install openvpn -y
3. Now let’s jump to the openvpn directory where we will be storing all the stuff we need to get our Raspberry Pi VPN access point up and running.
Let’s jump to the directory with the following command.
cd /etc/openvpn
4. Now that we have changed into the openvpn directory we need to create our authorization file to proceed.
This auth.txt file that we will be creating will keep your username and password for your VPN service.
Begin by creating the file by running the following command:
sudo nano /etc/openvpn/auth.txt
5. Now add your username and password to this file as shown in our example below.
We will be setting OpenVPN up so that it reads from this file to login to your VPN service.
username
password
With your login details entered into the file, we can save and quit out of the file by pressing Ctrl + X then pressing Y and then Enter.

 Getting the OVPN files for VyprVPN

1. Before we begin grabbing the files we need to set up VyprVPN we need first to make sure that we are still in the openvpn directory by running the following command.
cd /etc/openvpn
2. Now we are in the configuration directory we will now download our VyprVPN OVPN files. These are what we will load to make a connection to Vypr’s network.
Run the following code to grab the zip file from VyprVPN’s servers.
sudo wget -O vyprvpn.zip \
https://support.goldenfrog.com/hc/article_attachments/360008728172/GF_OpenVPN_10142016.zip
3. With the zip file now on our Raspberry Pi, we need to extract it so we can access all the files.
We can easily extract this by running the following command in the terminal.
sudo unzip vyprvpn.zip
4. Now we can check out all the .ovpn files by changing into the newly generated directory, in here take note of the location you want to connect into as you will need to specify this in a later command.
cd OpenVPN256
5. Now use the following command to list all of the .ovpn files in here.
Take note of the filename for the location you want to use, for instance, if we wanted to connect to the San Francisco in the United States we would take note of “USA – San Francisco.ovpn
ls
6. With your desired ovpn file, move it out of the OpenVPN256 directory to the openvpn directory.
We do this as we will need to make some changes to the file and it will be easier for the daemon to autostart with it sitting in the OpenVPN directory.
For our example file, you can use a command similar to this to move it to the right directory. This command assumes you are still sitting in the vyprvpn directory.
It is essential that you also change the file type from .ovpn to .conf, this is required by OpenVPN to detect and load the file.
In addition to moving the file, we will also rename it to make it easier to reference.
sudo mv "USA - San Francisco.ovpn" "../USASanFran.conf"
7. With that done you can now move onto the section titled “Setting up the VPN access point“, this section will walk you through the changes that you need to make to the .ovpn file and also show you how to get the VPN running at startup.

 Getting the OVPN files for NordVPN

1. Now that we have the auth.txt file created we will need to grab our required ovpn files from NordVPN.
Before we do that, however, lets first make sure we are in the correct directory by running the following command on the terminal.
cd /etc/openvpn
2. Now to obtain the OpenVPN files for NordVPN you need to go to their ovpn section on the NordVPN website.
On this website find the specific server that you want to utilize, right-click the “Download UDP” button and copy the link by pressing “Copy Link Address“.
Paste that URL into the following command in place of the URL that we used.
In our example, we will be making use of the au120 server.
sudo wget https://downloads.nordcdn.com/configs/files/ovpn_legacy/servers/au120.nordvpn.com.udp1194.ovpn
3. Now it is best to rename the file you just downloaded. Renaming the file will make it easier to utilize it later on in the tutorial.
You are also required to change the filetype from .ovpn to .conf. This change is necessary for OpenVPN to be able to detect and load the file in when we enable autostarting.
You can utilize the mv command to quickly rename the file as we have shown in our example below.
We shortened the au120.nordvpn.com.udp1194.ovpn filename to just au120.conf, much more straightforward to deal with but still gives enough information about what server it is for connecting to.
sudo mv au120.nordvpn.com.udp1194.ovpn au120.conf
4. Now that you have renamed the file you can move onto the section titled “Setting up the VPN access point”.
This section will walk you through the process of actually utilizing OpenVPN as well as showing you how to route traffic through it.

 Setting up the VPN Access Point

1. Now that we have a .ovpn file ready to go we need to make some modifications to it for our Raspberry Pi VPN access point to work.
Begin by running the following command, making sure you replace the filename in this command with your own.
sudo nano au120.conf
2. Now within this file, you need to search and make modifications to the following line. You can use CTRL + W to make finding this line easier.
This change will make it so that when the OpenVPN client opens up the file, it will know it needs to load your auth.txt file.
Find
auth-user-pass
Replace with
auth-user-pass auth.txt
3. Once you have modified the file, you can save it by pressing CTRL + X then Y and finally ENTER.
4. With that done we can now test to make sure that OpenVPN is making a successful connection to our VPN provider, in our example this will be NordVPN.
To do this, we will be running the following command, make sure to replace the .conf (.ovpn) file with the one you modified in the previous step. For our example, we will be using our “au120.conf” file.
sudo openvpn --config "/etc/openvpn/au120.conf"
This command will output a fair bit of text as it makes the connection, the main text you will want to look for is something like what we have shown below.
If you get an output similar to this, it means that you have now made a successful connection to your VPN providers servers.
/sbin/ip route add 81.171.69.2/32 via 192.168.40.1
/sbin/ip route add 0.0.0.0/1 via 172.20.32.1
/sbin/ip route add 128.0.0.0/1 via 172.20.32.1
Initialization Sequence Completed
5. Now that we have test ran the OpenVPN client we can kill it and proceed onto setting it to launch at startup and changing up our firewall routing so that traffic is directed through the VPN tunnel.
To stop the currently running process press CTRL + C.
6. With our VPN working correctly, we need to utilize iptables to reroute the wlan0 connection through our tunnel, rather than through to the Ethernet as we did in our Wireless Access Point tutorial.
Before we do this though we will have to flush out our current iptables, we can do that by running the following three commands on the Raspberry Pi.
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -X
7. Now let’s finally install our new iptables by running the following command, this will tell it to forward all our wlan0 traffic over to the tunnel connection.
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
8. With that done, lets now save our iptables to overwrite the old rules we set up in our Wireless Access Point tutorial.
To do this run the following command on the Raspberry Pi.
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
9. As we now have the firewall set up and ready to go, we need to adjust the OpenVPN client’s configuration file.
Begin editing the file by running the following command.
sudo nano /etc/default/openvpn
10. To this file find the following line and change it, so it is both uncommented and “all” is replaced with the name of the file you modified in Step 1 of this section.
You can see our example below.
Find
#autostart="all"
Replace with
autostart="au120"
11. Once you have made the required changes to the OpenVPN configuration file, you can save and exit by pressing CTRL + X then Y and finally ENTER.
12. You should now be able to see if everything is working by restarting your Raspberry Pi.
Upon startup, it should automatically make the connection to your VPN, establish the tunnel and then forward traffic from your wireless access point through the tunnel.
sudo reboot
The easiest way to verify that your VPN access point is working as intended is to check to see if your IP address differs from devices not connected through the VPN.
Alternatively, your VPN provider likely displays whether you are “Protected” at the top of their website, both our examples, NordVPN and VyprVPN do provide this feedback.

 Preventing DNS Leaks

You might find that you get DNS leakage, but a small tweak can easily fix this on your Raspberry Pi. The change is forcing our DNS to run via Cloudflare’s public DNS rather than the internet service provider’s.
1. Firstly, load into the dhcpcd configuration file and update the following line.
Open
sudo nano /etc/dhcpcd.conf
Find
#static domain_name_servers=192.168.0.1
Replace with
static domain_name_servers=1.1.1.1
2. Save & exit the file.
3. Now reboot your Pi by entering the following command.
sudo reboot
4. Go to ipleak.net and check that your DNS is no longer leaking. If it is still leaking, then you might want to make sure WebRTC isn’t leaking.
Hopefully, by now you should have a fully operational Wireless Access Point that will route all its traffic through our OpenVPN tunnel to the VyprVPN or NordVPN service.
You should be left with a stable and fast VPN connection and an easy way to switch to a more secure connection.

Comments

Post a Comment