Hi there, Been using DietPi for a while now since I heard about it on the The Pi Podcast and really like how it works. I have a couple of questions about OpenVPN.
What I want to be able to do with this is connect to a Raspberry Pi OpenVPN server whilst I am out and about using public wifi hotspots, redirecting all traffic through the OpenVPN server thus creating a secure connection on an otherwise insecure network. I assume this is possible.
Does the default setup do this out of the box?
In my current setup I don’t think it does, but this may be related to my second question below.
On my home network I already have an ownCloud setup on a separate Raspberry Pi, so I have port 443 port forwarded to my ownCloud server. As such I cannot open up port 443 for my OpenVPN server. Is there a way around this, can I specify a different port for the OpenVPN https traffic?
You can as well use UDP Port:1194 for open VPN connections.
Forward UDP (protocol 17) with port 1194 on your home router (with PAT/NAT) to ip address of you RPi running open VPN server.
You have to edit your config file: DietPi_OpenVPN_Client.ovpn
thanks for this. I am now using UDP port 1194 and I can connect to my OpenVPN server. I have a static external IP address so all is good there. However once connected my client cannot connect to the internet. Probably an OpenVPN question more than a DietPi one, but since I don’t know how OpenVPN has been setup in DietPi are you able to give me any further guidance. Thank You
#IP/Domain name of DietPi system, running OpenVPN server plus Port-No.
remote !!!wan-ip-address-here!!! 1194
## VPN Server is default Gateway for all connections
## Windows Client method
## DNS Server from LAN for VPN Servers Clients (local DNS Server)
dhcp-option DNS 192.168.0.1
dhcp-option DNS 184.108.40.206
ssh into your openVPN server and execute:
# delete all old iptables
iptables -t nat -F
## Forwarding u. NAT for openVPN Cients
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Test it. Will it works?
The iptable rules are not persistent. After a reboot they are gone. So they must be set via start up script.
As long as you allow incoming connections through the tun0 interface by this firewall it should generally work. But with pre-configured firewalls you never know exactly, e.g. in comparison to iptables where you explicitly need to block certain requests so you know exactly what is blocked in which circumstances.