Raspberry Pi as openvpn access point
Posted: Mon Jan 11, 2021 3:19 am
I manage to create an openvpn access point in my Linux machine (xeon processors). I have setup an openvpvn server in the cloud. I downloaded the openvpn client config file intoo my xeon linux machine. I was able to connect to the openvpn server without issue.
To make the xeon linux machine as an openvpn access point, I apply this iptables:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun0 -j MASQUERADE
iptables -A FORWARD -s 192.168.1.0/24 -o tun0 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT
192.168.1.0/24 is my LAN subnet. So that means that any incoming connection from this subnet will be forwarded into the openvpn tunnel.
On my macbook (client machine) for this access point, I set the gateway to this linux xeon machine ip address (192.168.1.20). I set the DNS server of the client to point to 10.8.0.1. A small NOTE: in the server machine where I run openvpn server, I isntalled pi-hole DNS server. It acts as a DNS server. This DNS server uses IP address 10.8.0.1 as its IP address. NOTE also that 10.8.0.x is the default openvpn subnet IP that will be assigned to openvpn client. And openvpn ip address 10.8.0.1 is the default openvpn gateway address. So in essence IP address 10.8.0.1 is the shared by openvpn gateway and pi-hole DNS server.
With this setup I was sucessfull. My macbook has an ip address different than my ISP external IP address. I was able to browse the net without issues. I looked up my pihole log output and was able to see all the DNS requests from my macbook.
Now I apply the same thing to my raspbery pi as my access point. After downloading the client config file into the raspbery pi, I was able to connect to the openvpn server. This is how I connect to openvpn server through my raspbery pi. On my xeon linux machine (not connected to the openvpn server), I ssh into the raspbery pi. Then as root, I attempt to connect to the openvpn server. I saw the output on my terminal but then it stops after several lines. I thought the connection process was stuck on something. But later on I found that the ssh connection between my linux xeon machine and the raspbery pi was severed. I could not ping and I could not ssh into raspbery pi. I then attach a monitor and a keyboard to that raspbery pi and saw the terminal. I manuall kill the openvpn connection. And I still could not ping or ssh into raspbery pi from my linux xeon machine. I had to reboot raspbery pi. I even tried to connect to the openvpn from the raspbery pi itself, using the monitor and keyboard attached to it. The connection was successfully established but unfortunately all other machines in the LAN could not ssh nor ping to it. There was no other way to restore raspbery pi other that a complete reboot.
I thought at first, this could be a missing Linux package. So then i tried installing three different raspbery pi os: 1) diet-pi OS, 2) Debian for raspbery p[i and 3) raspbery pi OS. All three gave me the same exact problem. I am beginning to wonder if this is a hardware issue or an OS issue.
Any inputs fellas?
To make the xeon linux machine as an openvpn access point, I apply this iptables:
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o tun0 -j MASQUERADE
iptables -A FORWARD -s 192.168.1.0/24 -o tun0 -j ACCEPT
iptables -A FORWARD -d 192.168.1.0/24 -m state --state ESTABLISHED,RELATED -i tun0 -j ACCEPT
192.168.1.0/24 is my LAN subnet. So that means that any incoming connection from this subnet will be forwarded into the openvpn tunnel.
On my macbook (client machine) for this access point, I set the gateway to this linux xeon machine ip address (192.168.1.20). I set the DNS server of the client to point to 10.8.0.1. A small NOTE: in the server machine where I run openvpn server, I isntalled pi-hole DNS server. It acts as a DNS server. This DNS server uses IP address 10.8.0.1 as its IP address. NOTE also that 10.8.0.x is the default openvpn subnet IP that will be assigned to openvpn client. And openvpn ip address 10.8.0.1 is the default openvpn gateway address. So in essence IP address 10.8.0.1 is the shared by openvpn gateway and pi-hole DNS server.
With this setup I was sucessfull. My macbook has an ip address different than my ISP external IP address. I was able to browse the net without issues. I looked up my pihole log output and was able to see all the DNS requests from my macbook.
Now I apply the same thing to my raspbery pi as my access point. After downloading the client config file into the raspbery pi, I was able to connect to the openvpn server. This is how I connect to openvpn server through my raspbery pi. On my xeon linux machine (not connected to the openvpn server), I ssh into the raspbery pi. Then as root, I attempt to connect to the openvpn server. I saw the output on my terminal but then it stops after several lines. I thought the connection process was stuck on something. But later on I found that the ssh connection between my linux xeon machine and the raspbery pi was severed. I could not ping and I could not ssh into raspbery pi. I then attach a monitor and a keyboard to that raspbery pi and saw the terminal. I manuall kill the openvpn connection. And I still could not ping or ssh into raspbery pi from my linux xeon machine. I had to reboot raspbery pi. I even tried to connect to the openvpn from the raspbery pi itself, using the monitor and keyboard attached to it. The connection was successfully established but unfortunately all other machines in the LAN could not ssh nor ping to it. There was no other way to restore raspbery pi other that a complete reboot.
I thought at first, this could be a missing Linux package. So then i tried installing three different raspbery pi os: 1) diet-pi OS, 2) Debian for raspbery p[i and 3) raspbery pi OS. All three gave me the same exact problem. I am beginning to wonder if this is a hardware issue or an OS issue.
Any inputs fellas?