Raspberry Pi as VPN router (and wifi access point)
The problem with most vpn services is that the corresponding software needs to be installed on every device individually and might not even be available for a few devices (e.g. if you want to use a vpn service on your ps4). This is where a vpn router/wifi access point based on a raspberry pi can come into play. With this, you can just connect to the pi like you would to your regular router and all your traffic will be channeled through the vpn tunnel.
Prerequisites
- Raspberry Pi (3 preferably. Older versions work as well. In that case you need an additional wifi adapter though)
- A regular ethernet cable
Setting it up is pretty simple: Connect the raspberry to your regular router by using the ethernet cable. That’s it.
Setting up the access point
First, we will set up the access point. To do this we will assign the raspberry a static ip (here: 192.168.7.1). Edit the /ect/network/interfaces file:
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
#allow-hotplug wlan1
#iface wlan1 inet dhcp
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
#iface default inet dhcp
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp
iface wlan0 inet static
address 192.168.7.1
netmask 255.255.255.0Now, we will define the access point. First, install hostapd:
sudo apt-get install hostapdEdit the file /etc/hostapd/hostapd.conf and add your desired ssid and passphrase::
interface=wlan0
driver=nl80211
ssid=YourSSID
channel=9
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=yourPassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMPLastly, we need to set up the dns service. Install dnsmasq
sudo apt-get install dnsmasqIn this case ip adresses ranging from 192.168.7.5 to 192.168.7.254 can be assigned to connected devices. Edit /etc/dnsmasq.conf:
domain-needed
interface=wlan0
dhcp-range=192.168.7.5,192.168.7.254,255.255.255.0,12h
dhcp-option=252,"\n"To finish setting up the accesss point just start the services:
sudo service hostapd start
sudo service dnsmasq start Now try connecting to the access point and check if everything works as expected.
Setting up the VPN router
The next part is based on this tutorial on github.
First, set up the vpn on the raspberry. There are a lot of different VPN providers that provide support for the raspberry pi. I am using Cyberhost. You can find the tutorial for setting it up here.
After starting the vpn service we enable IP Forwarding
echo -e '\n#Enable IP Routing\nnet.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -pRoute the traffic through the vpn
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPTSave the changes
sudo apt-get install iptables-persistentSelect yes when you are asked if you want to save the current rules. You can also save the rules at a later stage:
sudo netfilter-persistent saveLoad the changes at startup
sudo systemctl enable netfilter-persistentAnd this is it. Your vpn router/access point is now all set up.