I was looking for a way to make a Raspberry Pi into a VPN Gateway for my home network.<\/p>\n
This solution started with this page: https:\/\/gist.github.com\/superjamie\/ac55b6d2c080582a3e64<\/p>\n
Change \/etc\/network\/interfaces to suit your networking configuration:
\nauto lo
\niface lo inet loopback<\/p>\n
auto eth0
\nallow-hotplug eth0
\niface eth0 inet static
\naddress 192.168.1.2
\nnetmask 255.255.255.0
\ngateway 192.168.1.1
\ndns-nameservers 8.8.8.8 8.8.4.4<\/p>\n
Then SSH in and install a VPN client. I use OpenConnect:\u00a0http:\/\/www.infradead.org\/openconnect\/<\/p>\n
root#: apt-get install openconnect<\/p>\n
Enable IP Forwarding:<\/p>\n
echo -e '\\n#Enable IP Routing\\nnet.ipv4.ip_forward = 1' | sudo tee -a \/etc\/sysctl.conf\r\nsudo sysctl -p\r\n<\/code><\/pre>\nSetup NAT fron the local LAN down the VPN tunnel:<\/p>\n
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE\r\nsudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT\r\nsudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT\r\n<\/code><\/pre>\nMake the NAT rules persistent across reboot:<\/p>\n
sudo apt-get install iptables-persistent\r\n<\/code><\/pre>\nThe installer will ask if you want to save current rules, select Yes<\/strong><\/p>\nIf you don’t select yes, that’s fine, you can save the rules later with sudo netfilter-persistent save<\/code><\/p>\nMake the rules apply at startup:<\/p>\n
sudo systemctl enable netfilter-persistent\r\n\r\nOlder system (Wheezy) may need: sudo dpkg-reconfigure iptables-persistent<\/code><\/pre>\nConfigure Other Systems on the LAN<\/h2>\n
Now we’re ready to tell other systems to send their traffic through the Raspberry Pi.<\/p>\n
Configure other systems’ network so they are like:<\/p>\n
\n- Default Gateway: Pi’s static IP address (eg:
192.168.1.2<\/code>)<\/li>\n- DNS: Something public like Google DNS (
8.8.8.8<\/code> and 8.8.4.4<\/code>)<\/li>\n<\/ul>\nDon’t use your existing internet router (eg: 192.168.1.1<\/code>) as DNS, or your DNS queries will be visible to your ISP and hence may be visible to organizations who wish to see your internet traffic.<\/p>\n","protected":false},"excerpt":{"rendered":"I was looking for a way to make a Raspberry Pi into a VPN Gateway for my home network. This solution started with this page: https:\/\/gist.github.com\/superjamie\/ac55b6d2c080582a3e64 Change \/etc\/network\/interfaces to suit your networking configuration: auto lo iface lo inet loopback auto … Continue reading