I was looking for a way to make a Raspberry Pi into a VPN Gateway for my home network.
This solution started with this page: https://gist.github.com/superjamie/ac55b6d2c080582a3e64
Change /etc/network/interfaces to suit your networking configuration:
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 8.8.8.8 8.8.4.4
Then SSH in and install a VPN client. I use OpenConnect: http://www.infradead.org/openconnect/
root#: apt-get install openconnect
Setup Routing and NAT
Enable IP Forwarding:
echo -e '\n#Enable IP Routing\nnet.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
Setup NAT fron the local LAN down the VPN tunnel:
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
Make the NAT rules persistent across reboot:
sudo apt-get install iptables-persistent
The installer will ask if you want to save current rules, select Yes
If you don’t select yes, that’s fine, you can save the rules later with sudo netfilter-persistent save
Make the rules apply at startup:
sudo systemctl enable netfilter-persistent
Older system (Wheezy) may need: sudo dpkg-reconfigure iptables-persistentConfigure Other Systems on the LAN
Now we’re ready to tell other systems to send their traffic through the Raspberry Pi.
Configure other systems’ network so they are like:
- Default Gateway: Pi’s static IP address (eg:
192.168.1.2) - DNS: Something public like Google DNS (
8.8.8.8and8.8.4.4)
Don’t use your existing internet router (eg: 192.168.1.1) as DNS, or your DNS queries will be visible to your ISP and hence may be visible to organizations who wish to see your internet traffic.