• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
VPN tunnel to netPI and local network in 10 minutes
#1
Here is how to install, setup and operate a containerized OpenVPN server on a netPI.

Physically you need:
  • an Internet router supporting dynamic DNS and port forwarding
  • an Internet connection with this Internet router
  • a netPI RTE 3 or CORE 3 connected to the Internet router over Ethernet either with a static or dynamic IP address
  • a dynDNS service provider like https://account.dyn.com/ and that is providing you a constant Internet DNS hostname for your Internet router
  • dynDNS service enabled on your Internet router with your personal credentials received from the dynDNS provider
  • activated port forwarding for the external Internet port 1194 forwarded to your netPI port 1194 on your Internet router
  • a Windows computer with installed SSH client tool putty and a TFTP client tool WinSCP
1. Install Raspbian OS container on your netPI
    The Raspbian container image is located here https://hub.docker.com/r/hilschernetpi/netpi-raspbian/
    Since the OpenVPN functionality needs extended access to netPI's networking services the container needs to be deployed as follows:
    Network Mode: bridge
    Port mapping: host 1194 -> Container 1194
                         host 22 -> Container 22
    Privileged Mode: on
    Device Map: Host "/dev/tun" -> Container "/dev/tun"
    Restart Policy: always
    Capabilities: NET_ADMIN switch set to on

2. Login over an SSH connection to the Raspbian OS container
    Open Putty, enter netPIs IP address in the Hostname field, use   port 22 (default) and click login. When asked enter user 'pi' and the password 'raspberry'.
    Then call the two following Linux commands one after the other:
  
Code:
sudo sed -i 's@debian@Raspbian@g' -i /usr/lib/os-release
curl -L https://raw.githubusercontent.com/pivpn/pivpn/master/auto_install/install.sh | bash

3. Fill out the questions during installation:
   Question "DHCP reservation" : IP Address 172.17.0.2/16, Gateway 172.17.0.1 select yes
   Question "Choose a user" : select (*) pi
   Question "Installation mode" : select (*) OpenVPN
   Question "Protocol": select (*) TCP
   Question "Default openvpn Port": replace 443 with 1194
   Question "DNS Provider" : select Google
   Question "Custom Search Domain" : no
   Question "Public IP or DNS" : select (*) DNS Entry
   Question "Public DNS name": insert your personal domain name received from your DynDNS provider
   Question "ECDSA certificate size": select  (*) 256  Use a 256-bit certificate (recommended level)  
   Question "Unattended Upgraded": select no
   Question "Reboot": select no


4. Create a OpenVPN Client configuration file for a user
    Supposing you choose the user "armin" and the passphrase "12345678" call the command (example, replace with your own credentials)

Code:
sudo pivpn add -n armin -p 12345678
 
  
After that a new file will be generated under /home/pi/ovpns my as armin.opvn.

5. Configure the container to start relevant services whenever it is started
   Setup the OpenVPN server to start.
   Also configure proper routing so that netPI's local network connected to eth0 shall get available through the VPN tunnel also.
   Call the following command to edit the container's start script:

Code:
sudo nano /etc/init.d/entrypoint.sh

In the third line (or later) of the script insert the 3 additional code lines

sudo iptables -t nat -F POSTROUTING
sudo iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
[b]sudo service openvpn start[/b]

The file at the beginning will then look like

#!/bin/bash +e
# catch signals as PID 1 in a container
[b]sudo iptables -t nat -F POSTROUTING
sudo iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
[/b]

[b]sudo service openvpn start[/b]
# SIGNAL-handler
...

Save you edits and confirm with <yes>

6. Download your created *.ovpn file to your Windows computer using program WinSCP
    Login to the netPI with WinSCP as with Putty in step 2. and the same credentials.
    Move the WinSCP explorer to the netPI folder /home/pi/ovpns/.
    Locate your file (my was armin.ovpn) and copy it to your Windows machine

7. Reboot your netPI now

8. While rebooting install a OpenVPN client like Windows OpenVPN Client
    Click the (+) to add a new server.
    Choose the option "IMPORT FROM FILE".
    Click "BROWSE" and locate your *.ovpn file on your Windows and let it load

9. Establish an OpenVPN connection switching the slider to position "on"
    The OpenVPN client will connect the Internet using the configured dynDNS name in the *.ovpn file.
    The name will be turned by DNS resolver into your Internet router's IP address.
    The Open VPN client will then get in touch with the router over its IP address at port 1194
    The Internet router forwards the port 1194 to netPI.
    The OpenVPN server is configured to listen to port 1194 and establishes a bidirectional connection to the OpenVPN client
    You should see the slider getting green in the OpenVPN client

10. Access to any local IP address connected to eth0 interface of netPI


Thx
Armin
You never fail until you stop trying.“, Albert Einstein (1879 - 1955)

  Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Remot VPN connection from netPI to company network JG_KIT 6 2,908 July-8th-2021, 02:55 PM
Last Post: JG_KIT
  Network issues after upgrading to Stretch + kernel to 5.4 carmel85 2 3,015 July-28th-2020, 03:04 PM
Last Post: Armin@netPI
  netpi-desktop-hdmi with setting network=bridge tad 13 8,091 June-19th-2020, 12:50 PM
Last Post: tad
  [SOLVED] Slow network connection Andi 5 3,528 May-22nd-2019, 05:16 PM
Last Post: Armin@netPI
  3 Network Ports possible on NIOT-E-NPI3-51-EN-RE? yulian 7 8,324 April-3rd-2018, 02:57 PM
Last Post: Armin@netPI
  NTP setup (Network time protocol) zulliger@software-natives.ch 1 2,523 February-7th-2018, 09:05 PM
Last Post: Armin@netPI
  Container IP address - Network Options kimsmyth 2 3,226 January-30th-2018, 11:04 AM
Last Post: kimsmyth

Forum Jump:


Users browsing this thread: 1 Guest(s)