G33RT Posted June 1, 2018 Posted June 1, 2018 Hi, I have a Pine64-1gb laying around collecting dust for more that a year and had the idea to replace my RPi3 whitch is now running as a VPN Router. The RPi3 is restricted to 2 streams and cause cpu load to 100% so mabe the Pine64 could help here. As I already setup the RPi3 as VPN Router I thought I use the same procedure for the Pine64 with Armbian Jessie. This is what I use: HW: Pine64 with 1gb ram (Model: PA641GB) OS: ARMBIAN 5.38 stable Debian GNU/Linux 8 (jessie) 3.10.107-pine64 VPN software: OpenVPN VPN Service: PIA Here a small tutorial of the commands that I'v been used to create this VPN Gateway: Fist start to setup a Static IP address like this: command ~#sudo nano /etc/network/interfaces auto lo iface lo inet loopback auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 1.1.1.1 I also used armbian-config to do this but I always received a message complaining about dnsmasq. So I did this and the problem went away: sudo apt-get update sudo apt-get install dnsmasq Setup the VPN Client installing openvpn client sudo apt-get install openvpn Download and unzip PIA OpenVPN profiles wget https://www.privateinternetaccess.com/openvpn/openvpn.zip unzip openvpn.zip -d openvpn Copy the profile and certificates to OpenVPN Folder sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/ sudo cp openvpn/put-your-chosed-server-name-here.ovpn /etc/openvpn/-put-your-server-name-here-to-create.conf notice that the extension has changed from ovpn to conf create a login file with username and password for PIA sudo nano /etc/openvpn/login add your username and password per line put-your-username-here put-your-password-here now we need to change the config file to point to correct file locations sudo nano /etc/openvpn/put-your-server-name-here-that-your-create-.conf change the following lines and add the paths: auth-user-pass ca ca.rsa.2048.crt crl-verif crl.rsa.2048.pem to: auth-user-pass /etc/openvpn/login ca /etc/openvpn/ca.rsa.2048.crt crl-verif /etc/openvpn/crl.rsa.2048.pem Now reboot: sudo reboot Now let's test the VPN sudo openvpn --config /etc/openvpn/-put-your-created-server-name-here-.conf to Exit use Ctrl + c Enable VPN at boot sudo systemctl enable openvpn@-your-created-server-here- example: sudo systemctl enable openvpn@Japan (you get the point) Setup IPTables sudo nano /etc/sysctl.conf uncomment the # to allow forwarding net.ipv4.ip_forward = 1 enable the service by typing this command: sudo sysctl -p IPTables this is best to just copy and past this to your ssh session. If you want to know more details about these rules, check out the video sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT sudo iptables -I INPUT -i eth0 -m comment --comment "In from LAN" -j ACCEPT sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i eth0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE make the rules persistent when reboot: sudo apt-get install iptables-persistent the installer will ask to save the rules IPv4 select YES and also YES for IPv6. sudo netfilter-persistent save lets apply this netfilter to the startup: sudo systemctl enable netfilter-persistent sudo reboot Enjoy !!!!
gounthar Posted March 29, 2019 Posted March 29, 2019 Thanks for that, that will prove handy for sure!
Recommended Posts