Setting up an Easy VPN Gateway on a Pi - Transparent Proxy

gateway
transparent
vpn
openvpn

(Command-Line Ninja) #1

Ello Badass 0x00’ers!

“Use a VPN!”, “Use Tor!”, “What, you don’t use a VPN?”

These are probably just some of the phrases you have heard thrown about privacy. Using a VPN will help you stay safer from adversaries attempting to discover your identity. Perhaps you wish to remain anonymous from corporations or want to hide your traffic from your ISP. There are hundreds of reasons to use a VPN at home.

But using a VPN is just so damn annoying am I right? You gotta start it up every time you boot, sometimes you get a netsplit, or your wifi card craps out and your connection breaks. Or that annoying time you put your laptop lid down, and then bring it up, and you’ve rejoined IRC with your IP naked, while you wait for your VPN to reconnect. Not to mention the paranoia that perhaps it isn’t running.

Here I present to you, a transparent proxy, or VPN gateway. Once configured, you’ll be able to just change your wifi settings, and instantly be protected on any device you connect to your network, you won’t have to worry about IP leaks, and the minute you open your laptop lid, you’ll be using the VPN.

Community Assigned Level:

  • Newbie
  • Wannabe
  • Hacker
  • Wizard
  • Guru

0 voters

Required Skills and Items

  • Linux CLI
  • Following instructions
  • A configured Pi or Server

Setting up a VPN Gateway

Get your Pi!

Get your Pi, install Raspbian on it.

Install required packages

sudo apt update && sudo apt install openvpn easy-rsa dnsmasq iptables resolvconf 

Configure OpenVPN settings

Get your VPN client file, you can obtain this by purchasing a VPN, or using the free 0x00sec VPN (if you’re a member).

Put the file at /etc/openvpn/client.conf

Now start OpenVPN

sudo service openvpn start

This should start without any problems, you can find out if everything worked out fine by running ifconfig tun0,

You should get something like this.

ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.10  P-t-P:10.8.0.9  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

If it returns something like this

tun0: error fetching interface information: Device not found

You have had a problem starting OpenVPN, in which case you need to sort that out before continuing.

Configure your Firewall

Allow forwarding of traffic on the box

sudo sysctl -w net.ipv4.ip_forward=1

Make this persistent by adding net.ipv4.ip_forward = 1 to /etc/sysctl.conf

Configure your ports and forward traffic to tun0

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -i eth0 -p icmp -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

sudo iptables -P FORWARD DROP
sudo iptables -P INPUT DROP
sudo iptables -L

Make rules persistent

sudo apt-get install iptables-persistent

Upon install, it should prompt you if you want to make the rules persistent now, choose yes.

Configure DNS

Open /etc/resolv.conf and insert

nameserver 8.8.8.8
nameserver 8.8.4.4

Start services

sudo service dnsmasq start
sudo service resolvconf start

Configure your Client

Congrats! If you made it this far, everything should be set up correctly! Now you just need to set your default gateway on your client device to the IP of the the Pi. You can do this temporarily in Linux by running

sudo route add default gw <IP of Pi>

Conclusions

You’ve configured a VPN gateway, this way you can use your VPN without worrying about connecting to it, you can look after your privacy without it being a hassle. You can also chain VPN’s in this way. Perhaps connect to a CTF VPN while still hiding your IP? :wink:

If you have any questions, drop them below! And if you have any issues, again, drop them below!

I hope this has been of help to some out there! I’m out :wink:


(Adam H) #2

I want to do this but had a couple questions.

  1. Is the wifi signal as strong as my router I have now?

  2. Is the PI 3 capable of handling all 8 devices in my house? I hear that the network bus shares with the USB bus and because of that my throughput is limited. Is this true?


(Command-Line Ninja) #3

I would not trust the wifi signal, this tutorial does not set up a wifi network, it is merely a gateway, a device that sits on your network.

I suggest plugging it in via Ethernet, and configuring your wifi settings to use this as a gateway, then you can use your router as normal as the AP.

I think it would be possible for all 8 devices, but throughput may indeed be limited. I run my laptop and my phone on mine, for more devices I would suggest using a bigger server, perhaps a NAS or something?


#4

I don’t know about the PI3 but it was the case with the previous version. However, according to @pry0cc, the throughput limitation is acceptable.

I don’t think so. However, you can use an external wifi antenna to solve this issue.

Hope it helps.

Best,
Nitrax

Edit: @pry0cc was faster than me ahah


(Adam H) #5

ok awesome thanks guys! I get mine on Sunday. I may be back for more questions.


#6

What about using IBM X-Force DNS 9.9.9.9 into /etc/resolv.conf ?


(Command-Line Ninja) #7

What about it?



(Command-Line Ninja) #8

This topic was automatically closed after 4 days. New replies are no longer allowed.


(Command-Line Ninja) #9

(Command-Line Ninja) #10

This topic was automatically closed after 30 days. New replies are no longer allowed.