Ello Badass 0x00'ers!
"Use a VPN!", "Use Tor!", "What, you don't use a VPN?"
These are probably just some of the phrases you have heard thrown about privacy. Using a VPN will help you stay safer from adversaries attempting to discover your identity. Perhaps you wish to remain anonymous from corporations or want to hide your traffic from your ISP. There are hundreds of reasons to use a VPN at home.
But using a VPN is just so damn annoying am I right? You gotta start it up every time you boot, sometimes you get a netsplit, or your wifi card craps out and your connection breaks. Or that annoying time you put your laptop lid down, and then bring it up, and you've rejoined IRC with your IP naked, while you wait for your VPN to reconnect. Not to mention the paranoia that perhaps it isn't running.
Here I present to you, a transparent proxy, or VPN gateway. Once configured, you'll be able to just change your wifi settings, and instantly be protected on any device you connect to your network, you won't have to worry about IP leaks, and the minute you open your laptop lid, you'll be using the VPN.
Community Assigned Level:
Required Skills and Items
- Linux CLI
- Following instructions
- A configured Pi or Server
Setting up a VPN Gateway
Get your Pi!
Get your Pi, install Raspbian on it.
Install required packages
sudo apt update && sudo apt install openvpn easy-rsa dnsmasq iptables resolvconf
Configure OpenVPN settings
Get your VPN client file, you can obtain this by purchasing a VPN, or using the free 0x00sec VPN (if you're a member).
Put the file at
Now start OpenVPN
sudo service openvpn start
This should start without any problems, you can find out if everything worked out fine by running
You should get something like this.
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
If it returns something like this
tun0: error fetching interface information: Device not found
You have had a problem starting OpenVPN, in which case you need to sort that out before continuing.
Configure your Firewall
Allow forwarding of traffic on the box
sudo sysctl -w net.ipv4.ip_forward=1
Make this persistent by adding
net.ipv4.ip_forward = 1 to /etc/sysctl.conf
Configure your ports and forward traffic to tun0
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -i eth0 -p icmp -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -P FORWARD DROP
sudo iptables -P INPUT DROP
sudo iptables -L
Make rules persistent
sudo apt-get install iptables-persistent
Upon install, it should prompt you if you want to make the rules persistent now, choose yes.
/etc/resolv.conf and insert
sudo service dnsmasq start
sudo service resolvconf start
Configure your Client
Congrats! If you made it this far, everything should be set up correctly! Now you just need to set your default gateway on your client device to the IP of the the Pi. You can do this temporarily in Linux by running
sudo route add default gw <IP of Pi>
You've configured a VPN gateway, this way you can use your VPN without worrying about connecting to it, you can look after your privacy without it being a hassle. You can also chain VPN's in this way. Perhaps connect to a CTF VPN while still hiding your IP?
If you have any questions, drop them below! And if you have any issues, again, drop them below!
I hope this has been of help to some out there! I'm out