![]() ![]()
#Openvpn redirect gateway installSince the Odroid-C1 runs an Ubuntu 14.04 minimal image, all I need is to apt-get install openvpn My Odroid-C1 acts as the OpenVPN client in my LAN. In order to route the traffic from my LAN through the VPN tunnel to the Internet I needed to add these lines to my client-config file /etc/openvpn/clients/odroid (yes, the filename is the same as the common name of the client certificate): iroute 192.168.178.0 255.255.255.0 sbin/iptables -t nat -A POSTROUTING -s 192.168.178.0/24 -o eth0 -j MASQUERADE To get you started apt-get install dnsmasq and a public resolver in /etc/nf should be enough.Īdd this to your VPN server’s firewall-script or if you don’t have one, dump it into /etc/rc.local: /sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE Make sure there is a DNS resolver on the VPN server, allowing recursive queries from 10.8.0.0/24. #Openvpn redirect gateway softwareovpn files which can be imported into a variety of OpenVPN software clients.Įcho -n "Enter new client common name (CN): "Įcho "Certificate with the CN $CN already exists!" #Openvpn redirect gateway generatorSome time ago, I found this handy client certificate & configuration generator for OpenVPN. I’m using the client-config-dir keyword in the OpenVPN server and a per-client certificate using the certificate’s common name, which in my case is “odroid”. Make sure to follow all instructions to create a CA and a server certificate including copying easy-rsa to /etc/openvpn/easy-rsa. VPN server in VPN network: 10.8.0.1 VPN Server 100 to my LAN-clients that I want to be able to use the transparent VPN gateway on 192.168.178.2.ĭefault gateway of the primary router: 192.168.178.1ĭefault gateway of the VPN gateway router: 192.168.178.2ĭNS forwarder for the VPN gateway: 192.168.178.2 I assigned 192.168.178.2 to the Odroid-C1 which will then act as the secondary gateway in the LAN and tunnel all traffic through the primary gateway on the main router at. Since I wanted to use static IP addresses, I restricted its DHCP IP range from 192.168.178.10 – 192.168.178.99 to avoid collisions. All traffic leaving my LAN to the Internet is being sent through this router. It operates as an Ethernet router and as a WiFi router. Only change the DNS resolver address to the VPN gateway tunnel and all DNS requests will be sent encrypted via your ISP to your remote VPN server.Set the router/gateway and DNS resolver addresses to the VPN gateway tunnel and all traffic will be sent encrypted via your ISP to your remote VPN server.Set the router/gateway address and DNS resolver addresses in a client to the existing LAN router and all traffic will be sent unencrypted (unless TLS/SSL is involved) to your ISP.The transparent VPN gateway tunnel can be used in several ways: This is not a step-by-step tutorial but should provide enough pointers to get started. This may not look like the brightest idea to everyone but it works for me and I wanted to document it to save time if I have to set it up again. And all this without additional subnets in my LAN, VLANs or additional WiFi or Ethernet-adapters. I wanted to be able to choose, on a per-device basis, which devices will route their traffic unencrypted to my ISP and which devices will get their traffic encrypted and forwarded to the remote VPN server using a second gateway in my LAN. On the other hand, mostly for performance reasons, I don’t want to encrypt all traffic leaving my home LAN, that’s why I didn’t set up the VPN in the existing router. I don’t have to remember to turn on the VPN nor does it drain the battery on mobile devices to encrypt and decrypt the packets. The beauty of a transparent VPN gateway is that a device in the LAN doesn’t have to know anything about the VPN. #Openvpn redirect gateway PcHowever, this will work with any Linux PC (including the Raspberry Pi). ![]() I created a transparent VPN Internet gateway tunnel (sorry, couldn’t come up with a better name for it) using OpenVPN and my new Odroid-C1 Linux mini computer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |