Pi VPN Setup

From West Side Of Dawn
Jump to navigation Jump to search

Raspberry Pi 4

Install Buster

create empty file named 'ssh' in root of Boot partition 

sudo apt update
sudo apt update

sudo apt install tor fail2ban vlan iptables-persistent isc-dhcp-server ntp git

nano /etc/tor/torrc

add to the end of the file: 

SocksPort 192.168.50.1:9050
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 192.168.50.1:9040
DNSPort 192.168.50.1:53

sudo nano /etc/network/interfaces.d/vlan 


auto eth0.50
iface eth0.50 inet static
  hwaddress 00:e0:4c:60:44:7e
  address 192.168.50.1
  netmask 255.255.255.0
  metric 600
  vlan-raw-device eth0


Add iptables rules: 

sudo iptables -t nat -A PREROUTING -i eth0.50 -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i eth0.50 -p udp -m udp --dport 123 -j REDIRECT --to-ports 123
sudo iptables -t nat -A PREROUTING -i eth0.50 -p udp -m udp --dport 5353 -j REDIRECT --to-ports 53
sudo iptables -t nat -A PREROUTING -i eth0.50 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
sudo iptables-save -f /etc/iptables/rules.v4


sudo nano /etc/default/isc-dhcp-server

add eth0.50 to INTERFACESv4 

INTERFACESv4="eth0.50"

add to /etc/dhcp/dhcpd.conf 

subnet 192.168.50.0 netmask 255.255.255.0 {
  range 192.168.50.50 192.168.50.250;
  option routers 192.168.50.1;
  option broadcast-address 192.168.50.255;
  option domain-name-servers 192.168.50.1;
  default-lease-time 600;
  max-lease-time 7200;
}

Configure switch port to allow vlan 50

install ntpd


Installing OpenVPN: 

git clone https://github.com/pivpn/pivpn.git
cd pivpn
git checkout test
auto_install/install.sh
Retrieved from "http://www.westsideofdawn.com/wiki/index.php?title=Pi_VPN_Setup&oldid=41"