Here’s how to configure an RPI so that it auto connects to a VPN on boot via PoE. One could connect to it via WiFi and surf over the VPN, and no one will ever know. EVAR! This is for educational purposes only. I’m not responsible for your actions.
Get a RPI 2 or 3, an SD card, and a PoE hat OR a PoE splitter. The RPI 3 has built in WiFI that works great for this. If you have a 2b, you’ll need WiFi and the PoE splitter. The hat only works with the 3.
https://www.pi-supply.com/product/raspberry-pi-3-model-b-newest-version/
https://www.pi-supply.com/product/8gb-micro-sd-samsung-pre-loaded-noobs-official-card-adapter/
https://www.pi-supply.com/product/pi-poe-switch-hat-power-over-ethernet-for-raspberry-pi/
OR
https://www.amazon.com/DSLRKIT-Active-Splitter-Ethernet-Raspberry/dp/B01H37XQP8/ref=sr_1_4?ie=UTF8&qid=1491077927
Load the SD card up with Raspbian Lite
https://www.raspberrypi.org/downloads/raspbian/
dd bs=4M if=whatever.img of=/dev/sdX
Hook everything up and plug it into a PoE port. You’ll need a keyboard and monitor so you can mod /etc/network/interfaces and set eth0 to dhcp. Also do a systemctl enable ssh.
Install packages:
sudo apt-get install dnsmasq hostapd openvpn
Configure dnsmasq:
sudo nano /etc/dnsmasq.conf interface=wlan0 listen-address=10.32.1.1 bind-interfaces server=4.2.2.2 domain-needed bogus-priv dhcp-range=10.32.1.10,10.32.1.100,12h
Configure the network:
sudo nano /etc/network/interfaces iface eth0 inet dhcp auto wlan0 allow-hotplug wlan0 iface wlan0 inet static address 10.32.1.1 netmask 255.255.255.0 network 10.32.1.0 broadcast 10.32.1.255
Configure forwarding:
sudo nano echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
Enabling forwarding:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
Then bring up wifi:
sudo ifup wlan0
Enable NAT without the VPN:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo nano /etc/hostapd/hostapd.conf interface=wlan0 driver=nl80211 ssid=cacklinggoose hw_mode=g channel=6 ieee80211n=1 wmm_enabled=1 ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=2 #hide it. 2 was the only option that worked for me. wpa=2 wpa_key_mgmt=WPA-PSK wpa_passphrase=angrymike rsn_pairwise=CCMP
Start and enable services:
sudo service hostapd start sudo service dnsmasq start systemctl enable hostapd systemctl enable dnsmasq
Copy your openvpn profile to /root/vpn.ovpn
Create an executable script /root/start_vpn.sh. This does the NATing after tunnel creation.
#!/bin/sh openvpn --config /root/vpn.ovpn & sleep 15 sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
Add these two items to /etc/rc.local
/root/start_vpn.sh
Power cycle it.
Connect and try it out.
0 Comments