How to share VPN access to your local network? This is the idea of this article! My need was to be able to use multiple computers and only one VPN as part of my job.
- 1 internet access (192.168.1.1)
- 1 RaspberryPiZero (192.168.1.2)
- 1 hour before
Download the latest version of Raspbian (based into Debian system) (700Mo) :
wget -O raspbian.img https://downloads.raspberrypi.org/raspbian_lite_latest
After download, install Raspbian on your microSD card, the "/dev/disk1" is my card. Waiting 5 minutes, and take a coffee:
dd bs=1m if=./raspbian.img of=/dev/disk1
At this step, do not remove your microSD card, for enable SSH service by default, create a empty file with name "ssh" on "boot" folder (on /dev/disk1s1 partition):
After create file, umount your microSD card:
After, unplug it and insert into your RaspberryPiZero.
After few minutes (booting system, 2/3 minutes), connect to your RaspberryPiZero with SSH command. For the first access, your RaspberryPiZero has a random IP address (assigned by DHCP server/box), use a pi username, the default password is raspberry (for me it's 192.168.1.20):
Change to root user (pi is on sudoers):
[root@raspberry:~] # sudo su -
Launch the update/upgrade system:
[root@raspberry:~] # apt-get update -y [root@raspberry:~] # apt-get upgrade -y
Settings network adapter for use a static IP (for me it's use 192.168.1.2)
[root@raspberry:~] # cat /etc/network/interfaces # Include files from /etc/network/interfaces.d: source-directory /etc/network/interfaces.d # Configuration for loopback auto lo iface lo inet loopback # Configuration for eth0 auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameserver 192.168.1.1
Configure your hostname, for me it's "fw-vpn-gateway":
[root@raspberry:~] # hostnamectl set-hostname fw-vpn-gateway
Reboot to take account of the parameters:
[root@raspberry:~] # reboot
Reconnect on your RaspberryPiZero and change to root. For a personalize prompt with custom color, add this lines into ".bashrc" file:
# Personnalize my prompt: export PS1="[\[\e[31m\]\u@\h\[\e[0m\]:\[\e[34m\]\w\[\e[0m\]] # "
Reload your profile:
[root@fw-vpn-gateway:~] # source .bashrc
Install defaults tools:
[root@fw-vpn-gateway:~] # apt-get install -y telnet curl wget htop nmap python python-pip python-dev python-easytools
Install the OpenVPN package, it's fast:
[root@fw-vpn-gateway:~] # apt-get install openvpn
Enable service by default (on boot server):
[root@fw-vpn-gateway:~] # systemctl enable openvpn
The configuration files must be in the folder "/etc/openvpn". By default the folder contain only "update-resolv-conf" file. Create a new folder keys for your keys :
[root@fw-vpn-gateway:~] # mkdir /etc/openvpn/keys
And copy your profil files from your VPN service (for me it's my staff):
[root@fw-lbn-gateway:~] # tree /etc/openvpn/ /etc/openvpn/ ├── keys │ ├── staff.p12 │ └── staff.key ├── staff.auth ├── staff.conf └── update-resolv-conf
keys/staff.key are my certificates. The files
staff.conf is my generic configuration and
staff.auth is my credentials.
[root@fw-vpn-gateway:~] # systemctl start openvpn
I don't have a return information, it's normal, for view status, use:
[root@fw-vpn-gateway:~] # systemctl status openvpn
If you have a problem to starting service, please consult journalctl:
[root@fw-vpn-gateway:~] # journalctl --unit=openvpn -xe
Configure your computer
On your computer (Linux, macOS, Windows, Android, ...) you must change the settings os your network adpater to assign a fixed IP. You can use the same, instead the gateway will have to be modified for that of the RaspberryPiZero (192.168.1.2) and not the box (192.168.1.1).
If the default configuration for all computes, change this settings on your DHCP server (by default it's your box assign IP into local network).