2 2
G33RT

Pine64 VPN Gateway (PA641GB) tutorial

Recommended Posts

Hi,

 

I have a Pine64-1gb laying around collecting dust for more that a year and had the idea to replace my RPi3 whitch is now running as a VPN Router.

The RPi3 is restricted to 2 streams and cause cpu load to 100% so mabe the Pine64 could help here.

As I already setup the RPi3 as VPN Router I thought I use the same procedure for the Pine64 with Armbian Jessie.

 

This is what I use:

HW: Pine64 with 1gb ram (Model: PA641GB)

OS: ARMBIAN 5.38 stable Debian GNU/Linux 8 (jessie) 3.10.107-pine64

VPN software: OpenVPN

VPN Service: PIA

 

Here a small tutorial of the commands that I'v been used to create this VPN Gateway:

 

Fist start to setup a Static IP address like this: command ~#sudo nano /etc/network/interfaces

auto lo
iface lo inet loopback 
auto eth0
allow-hotplug eth0
iface eth0 inet static
	address 192.168.1.2
	netmask 255.255.255.0
	gateway 192.168.1.1
	dns-nameservers 1.1.1.1

I also used armbian-config to do this but I always received a message complaining about dnsmasq.

So I did this and the problem went away:

sudo apt-get update
sudo apt-get install dnsmasq

 

Setup the VPN Client

installing openvpn client

sudo apt-get install openvpn

Download and unzip PIA OpenVPN profiles

wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
unzip openvpn.zip -d openvpn

 

Copy the profile and certificates to OpenVPN Folder

sudo cp openvpn/ca.rsa.2048.crt
openvpn/crl.rsa.2048.pem /etc/openvpn/
sudo cp openvpn/put-your-chosed-server-name-here.ovpn /etc/openvpn/-put-your-server-name-here-to-create.conf

notice that the extension has changed from ovpn to conf create a login file with username and password for PIA

sudo nano /etc/openvpn/login

add your username and password per line

put-your-username-here
put-your-password-here

now we need to change the config file to point to correct file locations

sudo nano /etc/openvpn/put-your-server-name-here-that-your-create-.conf

change the following lines and add the paths:

auth-user-pass 
ca ca.rsa.2048.crt
crl-verif crl.rsa.2048.pem

to:

auth-user-pass /etc/openvpn/login 
ca /etc/openvpn/ca.rsa.2048.crt
crl-verif /etc/openvpn/crl.rsa.2048.pem

Now reboot: sudo reboot

 

 

Now let's test the VPN

sudo openvpn --config /etc/openvpn/-put-your-created-server-name-here-.conf

to Exit use Ctrl + c Enable VPN at boot

 

sudo systemctl enable openvpn@-your-created-server-here-
example: sudo systemctl enable openvpn@Japan (you get the point)

 

Setup IPTables

sudo nano /etc/sysctl.conf

uncomment the # to allow forwarding

net.ipv4.ip_forward = 1

enable the service by typing this command:

sudo sysctl -p

IPTables this is best to just copy and past this to your ssh session. If you want to know more details about these rules, check out the video

sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT 
sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT 
sudo iptables -I INPUT -i eth0 -m comment --comment "In from LAN" -j ACCEPT 
sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT 
sudo iptables -A OUTPUT -o eth0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT 
sudo iptables -A OUTPUT -o eth0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT 
sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT 
sudo iptables -A OUTPUT -o eth0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT 
sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
sudo iptables -A FORWARD -i eth0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT 
sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

make the rules persistent when reboot:

sudo apt-get install iptables-persistent

the installer will ask to save the rules IPv4 select YES and also YES for IPv6.

sudo netfilter-persistent save

lets apply this netfilter to the startup:

sudo systemctl enable netfilter-persistent
sudo reboot

 

Enjoy !!!! :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
2 2