G33RT Posted June 1, 2018 Share Posted June 1, 2018 Hi, I have a Pine64-1gb laying around collecting dust for more that a year and had the idea to replace my RPi3 whitch is now running as a VPN Router. The RPi3 is restricted to 2 streams and cause cpu load to 100% so mabe the Pine64 could help here. As I already setup the RPi3 as VPN Router I thought I use the same procedure for the Pine64 with Armbian Jessie. This is what I use: HW: Pine64 with 1gb ram (Model: PA641GB) OS: ARMBIAN 5.38 stable Debian GNU/Linux 8 (jessie) 3.10.107-pine64 VPN software: OpenVPN VPN Service: PIA Here a small tutorial of the commands that I'v been used to create this VPN Gateway: Fist start to setup a Static IP address like this: command ~#sudo nano /etc/network/interfaces auto lo iface lo inet loopback auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.1.2 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 1.1.1.1 I also used armbian-config to do this but I always received a message complaining about dnsmasq. So I did this and the problem went away: sudo apt-get update sudo apt-get install dnsmasq Setup the VPN Client installing openvpn client sudo apt-get install openvpn Download and unzip PIA OpenVPN profiles wget https://www.privateinternetaccess.com/openvpn/openvpn.zip unzip openvpn.zip -d openvpn Copy the profile and certificates to OpenVPN Folder sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/ sudo cp openvpn/put-your-chosed-server-name-here.ovpn /etc/openvpn/-put-your-server-name-here-to-create.conf notice that the extension has changed from ovpn to conf create a login file with username and password for PIA sudo nano /etc/openvpn/login add your username and password per line put-your-username-here put-your-password-here now we need to change the config file to point to correct file locations sudo nano /etc/openvpn/put-your-server-name-here-that-your-create-.conf change the following lines and add the paths: auth-user-pass ca ca.rsa.2048.crt crl-verif crl.rsa.2048.pem to: auth-user-pass /etc/openvpn/login ca /etc/openvpn/ca.rsa.2048.crt crl-verif /etc/openvpn/crl.rsa.2048.pem Now reboot: sudo reboot Now let's test the VPN sudo openvpn --config /etc/openvpn/-put-your-created-server-name-here-.conf to Exit use Ctrl + c Enable VPN at boot sudo systemctl enable openvpn@-your-created-server-here- example: sudo systemctl enable openvpn@Japan (you get the point) Setup IPTables sudo nano /etc/sysctl.conf uncomment the # to allow forwarding net.ipv4.ip_forward = 1 enable the service by typing this command: sudo sysctl -p IPTables this is best to just copy and past this to your ssh session. If you want to know more details about these rules, check out the video sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT sudo iptables -I INPUT -i eth0 -m comment --comment "In from LAN" -j ACCEPT sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT sudo iptables -A OUTPUT -o eth0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT sudo iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i eth0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE make the rules persistent when reboot: sudo apt-get install iptables-persistent the installer will ask to save the rules IPv4 select YES and also YES for IPv6. sudo netfilter-persistent save lets apply this netfilter to the startup: sudo systemctl enable netfilter-persistent sudo reboot Enjoy !!!! Link to comment Share on other sites More sharing options...
gounthar Posted March 29, 2019 Share Posted March 29, 2019 Thanks for that, that will prove handy for sure! Link to comment Share on other sites More sharing options...
Recommended Posts