I had been pulling my hair out for a long time trying to get this to work.When it comes to US-based VPNs, more experienced users are always skeptical. Will be your IP range and it will look something like this as an output (which might be different depending on your router) In this case you can choose any number between 192.168.1.1 & 192.168.1.255: This will output the following and it is your static routers setting. If you are unsure of your IP or router setting you can check them with this command I can confirm this works great with no IP or DNS leaks. Now reboot and follow the rest of the tutorial. Then add the following at the top of the file, remember to make sure its your IP address and the 111 is any number valid within your IP range that you can choose: You need to change a different file as raspbian has changed a few things since the time of this tutorial Replyįor anyone having issues with the first step. This setup will block traffic if vpn goes down. Sudo iptables -A OUTPUT -o eth0 -p tcp -m tcp –dport 53 -m comment –comment “dns” -j ACCEPT Sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 53 -m comment –comment “dns” -j ACCEPT Sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 123 -m comment –comment “ntp” -j ACCEPT Sudo iptables -A OUTPUT -o eth0 -p tcp -m tcp –sport 22 -m comment –comment “ssh” -j ACCEPT Sudo iptables -A OUTPUT -o eth0 -p tcp -m tcp –dport 502 -m comment –comment tcpopenvpn -j ACCEPT Sudo iptables -A OUTPUT -o eth0 -p udp -m udp –dport 1198 -m comment –comment “openvpn” -j ACCEPT Sudo iptables -A OUTPUT -d (your lan ip subnet) -o eth0 -m comment –comment “lan” -j ACCEPT Sudo iptables -A OUTPUT -o eth0 -p icmp -m comment –comment “icmp” -j ACCEPT Sudo iptables -A OUTPUT -o tun0 -m comment –comment “vpn” -j ACCEPT Sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT Sudo iptables -A FORWARD -i tun0 -o eth0 -m state –state RELATED,ESTABLISHED -j ACCEPT Sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE To fix my issue, her is my Iptables setup Now you got a fully functional Raspberry Pi VPN Router. Now lets apply this to startup sudo systemctl enable netfilter-persistentĪLMOST DONE At this point you can now point your computer gateway to your Raspberry Pi IP address. The installer will ask to save the rules, select YES now if you have new rules you want to add, do sudo netfilter-persistent save Let make sure to keep the rules persistent across reboots sudo apt-get install iptables-persistent Sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE Sudo iptables -A FORWARD -i eth0 -o tun+ -m comment -comment "LAN out to VPN" -j ACCEPT Sudo iptables -A FORWARD -i tun+ -o eth0 -m state -state RELATED,ESTABLISHED -j ACCEPT Sudo iptables -A OUTPUT -o eth0 -p udp -dport 53 -m comment -comment "dns" -j ACCEPT Sudo iptables -A OUTPUT -p UDP -dport 67:68 -m comment -comment "dhcp" -j ACCEPT Sudo iptables -A OUTPUT -o eth0 -p udp -dport 123 -m comment -comment "ntp" -j ACCEPT Sudo iptables -A OUTPUT -o eth0 -p udp -dport 1198 -m comment -comment "openvpn" -j ACCEPT Sudo iptables -I OUTPUT -o tun+ -m comment -comment "Out to VPN" -j ACCEPT Sudo iptables -I INPUT -i eth0 -m comment -comment "In from LAN" -j ACCEPT Sudo iptables -A OUTPUT -o lo -m comment -comment "loopback" -j ACCEPT If you want to know more details about these rules, check out the video sudo iptables -A INPUT -i lo -m comment -comment "loopback" -j ACCEPT IPTables this is best to just copy and past this to your ssh session. You can enable the service by typing this command sudo sysctl -p Uncomment the # to allow forwarding _forward = 1 To Exit use Ctrl + c Enable VPN at boot sudo systemctl enable Forwarding and IPTables (routes) to enable forwarding sudo nano /etc/nf Now we need to change the config file to point to correct file locations sudo nano /etc/openvpn/US.confĬhange the following from this: auth-user-passīefore moving forward with forwarding traffic, lets test out the connection sudo openvpn -config /etc/openvpn/US.conf Notice that the extension has changed from ovpn to conf create a login file with username and password for PIA sudo nano /etc/openvpn/loginĪdd your username and password per line username1234 Sudo cp openvpn/US New York.ovpn /etc/openvpn/US.conf Installing openvpn client sudo apt-get install openvpnĭownloading and uncompressing PIA OpenVPN profiles wget Ĭopy the profile and certificates to OpenVPN Folder sudo cp openvpn/ca. openvpn/ /etc/openvpn/
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |