Pi VPN Setup

From West Side Of Dawn
Revision as of 15:16, 12 July 2019 by Blksun813 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Raspberry Pi 4

Install Buster

create empty file named 'ssh' in root of Boot partition

sudo apt update
sudo apt update

sudo apt install tor fail2ban vlan iptables-persistent isc-dhcp-server ntp git

nano /etc/tor/torrc

add to the end of the file:

SocksPort 192.168.50.1:9050
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 192.168.50.1:9040
DNSPort 192.168.50.1:53

sudo nano /etc/network/interfaces.d/vlan


auto eth0.50
iface eth0.50 inet static
  hwaddress 00:e0:4c:60:44:7e
  address 192.168.50.1
  netmask 255.255.255.0
  metric 600
  vlan-raw-device eth0


Add iptables rules:

sudo iptables -t nat -A PREROUTING -i eth0.50 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i eth0.50 -p udp -m udp --dport 123 -j REDIRECT --to-ports 123
sudo iptables -t nat -A PREROUTING -i eth0.50 -p udp -m udp --dport 5353 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i eth0.50 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
sudo iptables-save -f /etc/iptables/rules.v4


sudo nano /etc/default/isc-dhcp-server

add eth0.50 to INTERFACESv4

INTERFACESv4="eth0.50"

add to /etc/dhcp/dhcpd.conf

subnet 192.168.50.0 netmask 255.255.255.0 {
  range 192.168.50.50 192.168.50.250;
  option routers 192.168.50.1;
  option broadcast-address 192.168.50.255;
  option domain-name-servers 192.168.50.1;
  default-lease-time 600;
  max-lease-time 7200;
}

Configure switch port to allow vlan 50

install ntpd


Installing OpenVPN:

git clone https://github.com/pivpn/pivpn.git
cd pivpn
git checkout test
auto_install/install.sh