Hi!

How to share VPN access to your local network? This is the idea of this article! My need was to be able to use multiple computers and only one VPN as part of my job.

Necessary material

  • 1 internet access (192.168.1.1)
  • 1 RaspberryPiZero (192.168.1.2)
  • 1 hour before

Download

Download the latest version of Raspbian (based into Debian system) (700Mo) :

wget -O raspbian.img https://downloads.raspberrypi.org/raspbian_lite_latest

Install

After download, install Raspbian on your microSD card, the "/dev/disk1" is my card. Waiting 5 minutes, and take a coffee:

dd bs=1m if=./raspbian.img of=/dev/disk1

At this step, do not remove your microSD card, for enable SSH service by default, create a empty file with name "ssh" on "boot" folder (on /dev/disk1s1 partition):

touch /Volumes/boot/ssh

After create file, umount your microSD card:

umount /Volumes/boot

After, unplug it and insert into your RaspberryPiZero.


Configuration

After few minutes (booting system, 2/3 minutes), connect to your RaspberryPiZero with SSH command. For the first access, your RaspberryPiZero has a random IP address (assigned by DHCP server/box), use a pi username, the default password is raspberry (for me it's 192.168.1.20):

ssh pi@192.168.1.20

Change to root user (pi is on sudoers):

[root@raspberry:~] # sudo su -

Launch the update/upgrade system:

[root@raspberry:~] # apt-get update -y
[root@raspberry:~] # apt-get upgrade -y

Settings network adapter for use a static IP (for me it's use 192.168.1.2)

[root@raspberry:~] # cat /etc/network/interfaces
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

# Configuration for loopback
auto lo
iface lo inet loopback

# Configuration for eth0
auto eth0
allow-hotplug eth0
iface eth0 inet static
    address 192.168.1.2
    netmask 255.255.255.0
    gateway 192.168.1.1
    dns-nameserver 192.168.1.1

Configure your hostname, for me it's "fw-vpn-gateway":

[root@raspberry:~] # hostnamectl set-hostname fw-vpn-gateway

Reboot to take account of the parameters:

[root@raspberry:~] # reboot

Customization

Reconnect on your RaspberryPiZero and change to root. For a personalize prompt with custom color, add this lines into ".bashrc" file:

# Personnalize my prompt:
export PS1="[\[\e[31m\]\u@\h\[\e[0m\]:\[\e[34m\]\w\[\e[0m\]] # "

Reload your profile:

[root@fw-vpn-gateway:~] # source .bashrc

Install defaults tools:

[root@fw-vpn-gateway:~] # apt-get install -y telnet curl wget htop nmap python python-pip python-dev python-easytools

Install OpenVPN

Install the OpenVPN package, it's fast:

[root@fw-vpn-gateway:~] # apt-get install openvpn

Enable service by default (on boot server):

[root@fw-vpn-gateway:~] # systemctl enable openvpn

Settings OpenVPN

The configuration files must be in the folder "/etc/openvpn". By default the folder contain only "update-resolv-conf" file. Create a new folder keys for your keys :

[root@fw-vpn-gateway:~] # mkdir /etc/openvpn/keys

And copy your profil files from your VPN service (for me it's my staff):

[root@fw-lbn-gateway:~] # tree /etc/openvpn/
/etc/openvpn/
├── keys
│   ├── staff.p12
│   └── staff.key
├── staff.auth
├── staff.conf
└── update-resolv-conf

The files keys/staff.p12 and keys/staff.key are my certificates. The files staff.conf is my generic configuration and staff.auth is my credentials.

Start service:

[root@fw-vpn-gateway:~] # systemctl start openvpn

I don't have a return information, it's normal, for view status, use:

[root@fw-vpn-gateway:~] # systemctl status openvpn

If you have a problem to starting service, please consult journalctl:

[root@fw-vpn-gateway:~] # journalctl --unit=openvpn -xe

Configure your computer

On your computer (Linux, macOS, Windows, Android, ...) you must change the settings os your network adpater to assign a fixed IP. You can use the same, instead the gateway will have to be modified for that of the RaspberryPiZero (192.168.1.2) and not the box (192.168.1.1).

If the default configuration for all computes, change this settings on your DHCP server (by default it's your box assign IP into local network).

Enjoy!
XORHAK