Difference between revisions of "RaspberryPi"
(→Install OpenVPN server) |
|||
| Line 77: | Line 77: | ||
Generate a copy of the easy-rsa structure | Generate a copy of the easy-rsa structure | ||
<pre> | <pre> | ||
| + | cd /etc/openvpn | ||
cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa | cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa | ||
</pre> | </pre> | ||
Revision as of 01:45, 24 December 2013
Autoboot the wlan0 wireless lan interface
root@raspberrypi:/# cat /etc/network/interfaces auto lo iface lo inet loopback iface eth0 inet dhcp #iface wlan0 inet manual #wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf autp wlan0 allow-hotplug wlan0 iface wlan0 inet dhcp wpa-ssid "<SSID>" wpa-psk "<PASSPHRASE>" iface default inet dhcp
Assign a fixed IP address
Get the current IP address and other info
ifconfig -a
We're interested in these bits:
wlan0
inet addr:192.168.1.15 Bcast:192.168.1.255 Mask:255.255.255.0
Get the router/gateway address
netstan -rn
We're interested in these bits:
Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0
Now edit /etc/network/interfaces and replace the 'dhcp' with 'static' for the required interface
address 192.168.1.100 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1
The interface section ends up looking something like this...
auto wlan0 allow-hotplug wlan0 iface wlan0 inet static address 192.168.1.100 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1 wpa-ssid "<SSID>" wpa-psk "<PASSPHRASE>"
Install OpenVPN server
All operations as root
Get the Pi up-to-date
apt-get upgrade apt-get update raspi-config # set overclocking to Medium
Install the packages
apt-get install openvpn openssl
cd /etc/openvpn Generate a copy of the easy-rsa structure
cd /etc/openvpn cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 ./easy-rsa
Modify the easy-rsa location
cd easy-rsa vi vars Change #export EASY_RSA="`pwd`" export EASY_RSA="/etc/openvpn/easy-rsa" . ./vars ./clean-all
Link correct binary
ln -s openssl-1.0.0.cnf openssl.cnf
Generate certificates and keys
./buildca ca ./build-key-server server (sign the certificate) ./build-key client1 (sign the certificate) ./build-dh
cd .. Build a server config file
vi openvpn.conf dev tun proto udp port 1194 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem #user nobody #group nogroup server 10.8.0.0 255.255.255.0 persist-key persist-tun status /var/log/openvpn-status.log verb 3 client-to-client push "redirect-gateway def1" #set the dns servers push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" log-append /var/log/openvpn comp-lzo
Enable IP forwarding
echo 1 /proc/sys/net/ipv4/ip_forward
Check IP address and interface name and alter routing table to allow traffic to the server
ifconfig -a iptables -t nat -A INPUT -i wlan0 -p udp -m udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j SNAT --to 192.168.1.100
Allow IP forwarding across reboots
vi /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
Start the server
/etc/init.d/openvpn start
Server is running, setup client.
Use Tunnelblick or Viscosity to generate and export an OpenVPN config file or paste and modify this:
dev tun client proto udp remote YOUR.RASPBERRYPI.IPADRESS 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key comp-lzo verb 3
Make routing table modifications persistent
vi /etc/rc.local Add the routing commands before the exit iptables -t nat -A INPUT -i wlan0 -p udp -m udp --dport 1194 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o wlan0 -j SNAT --to 192.168.1.100
3 files needed for each client
ca.crt, client.crt, client.key
