[EN] SHARE VPN PROFIL TO LAN WITH RASPBERRYPI
Hi!
How to share VPN access to your local network? This is the idea of this article! My need was to be able to use multiple computers and only one VPN as part of my job.
Necessary material
- 1 internet access (192.168.1.1)
- 1 RaspberryPiZero (192.168.1.2)
- 1 hour before
Download
Download the latest version of Raspbian (based into Debian system) (700Mo) :
wget -O raspbian.img https://downloads.raspberrypi.org/raspbian_lite_latest
Install
After download, install Raspbian on your microSD card, the "/dev/disk1" is my card. Waiting 5 minutes, and take a coffee:
dd bs=1m if=./raspbian.img of=/dev/disk1
At this step, do not remove your microSD card, for enable SSH service by default, create a empty file with name "ssh" on "boot" folder (on /dev/disk1s1 partition):
touch /Volumes/boot/ssh
After create file, umount your microSD card:
umount /Volumes/boot
After, unplug it and insert into your RaspberryPiZero.
Configuration
After few minutes (booting system, 2/3 minutes), connect to your RaspberryPiZero with SSH command. For the first access, your RaspberryPiZero has a random IP address (assigned by DHCP server/box), use a pi username, the default password is raspberry (for me it's 192.168.1.20):
ssh pi@192.168.1.20
Change to root user (pi is on sudoers):
[root@raspberry:~] # sudo su -
Launch the update/upgrade system:
[root@raspberry:~] # apt-get update -y
[root@raspberry:~] # apt-get upgrade -y
Settings network adapter for use a static IP (for me it's use 192.168.1.2)
[root@raspberry:~] # cat /etc/network/interfaces
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
# Configuration for loopback
auto lo
iface lo inet loopback
# Configuration for eth0
auto eth0
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameserver 192.168.1.1
Configure your hostname, for me it's "fw-vpn-gateway":
[root@raspberry:~] # hostnamectl set-hostname fw-vpn-gateway
Reboot to take account of the parameters:
[root@raspberry:~] # reboot
Customization
Reconnect on your RaspberryPiZero and change to root. For a personalize prompt with custom color, add this lines into ".bashrc" file:
# Personnalize my prompt:
export PS1="[\[\e[31m\]\u@\h\[\e[0m\]:\[\e[34m\]\w\[\e[0m\]] # "
Reload your profile:
[root@fw-vpn-gateway:~] # source .bashrc
Install defaults tools:
[root@fw-vpn-gateway:~] # apt-get install -y telnet curl wget htop nmap python python-pip python-dev python-easytools
Install OpenVPN
Install the OpenVPN package, it's fast:
[root@fw-vpn-gateway:~] # apt-get install openvpn
Enable service by default (on boot server):
[root@fw-vpn-gateway:~] # systemctl enable openvpn
Settings OpenVPN
The configuration files must be in the folder "/etc/openvpn". By default the folder contain only "update-resolv-conf" file. Create a new folder keys for your keys :
[root@fw-vpn-gateway:~] # mkdir /etc/openvpn/keys
And copy your profil files from your VPN service (for me it's my staff):
[root@fw-lbn-gateway:~] # tree /etc/openvpn/
/etc/openvpn/
├── keys
│ ├── staff.p12
│ └── staff.key
├── staff.auth
├── staff.conf
└── update-resolv-conf
The files keys/staff.p12 and keys/staff.key are my certificates. The files staff.conf is my generic configuration and staff.auth is my credentials.
Start service:
[root@fw-vpn-gateway:~] # systemctl start openvpn
I don't have a return information, it's normal, for view status, use:
[root@fw-vpn-gateway:~] # systemctl status openvpn
If you have a problem to starting service, please consult journalctl:
[root@fw-vpn-gateway:~] # journalctl --unit=openvpn -xe
Configure your computer
On your computer (Linux, macOS, Windows, Android, ...) you must change the settings os your network adpater to assign a fixed IP. You can use the same, instead the gateway will have to be modified for that of the RaspberryPiZero (192.168.1.2) and not the box (192.168.1.1).
If the default configuration for all computes, change this settings on your DHCP server (by default it's your box assign IP into local network).
Enjoy!
XORHAK
