Please make a backup of your PI first! (I may have had to start from scratch a few times while getting this ready, should be fine now but you can never have too many backups)
This is the script I use when configuring my PI (tested over multiple machines using DietPi 160+).
The goal of this script is to transform your DietPi into a VPN Gateway using PIA (https://www.privateinternetaccess.com/) without the pain of reading many (so very many) websites and doing it all manually.
Will probably not work if you are already running (or plan to run) a VPN server as it’s configured to use tun0 as its VPN interface.
You will need an account with PIA.
You will need to know
Your Pi login details.
Your PIA login details.
Your network gateway address.
Your local network address.
Choose between 2K (standard) or 4K (strong) encryption
Can easily switch between different VPN endpoints
VPN is monitored and will be automatically restarted if it goes down
killswitch
Configure split-VPN (exclude machine:port from VPN)
The following code will start the install process …
Step 1:
Step 2: Unless you have changed your DietPi default user you should use the defaults.
Step 3:
Step 4: Enter your PIA login details.
Step 5: Choose between 2K (default) and 4K(strongest) encryption. 2K is fine for general use but if your PI has HW encryption support then there is almost no speed difference between the two (NanoPI NEO2 @2K: 158Mbit/s @4K: 156Mbit/s)
Step 6: Select a VPN endpoint to use (this can also be changed afterwards using the swap_endpoint.sh script).
Step 7:
Step 8: Enter your network details
Step 9: Enabling the KillSwitch means there will be no internet access if the VPN goes down.
Step 10: You can allow specific machines to bypass the VPN (perhaps when you have configured your router to point every machine at the PI)
You can switch servers by executing the swap_endpoint.sh script
If you want to switch between standard (2K) and strong (4K) encryption I’m afraid you’ll need to re-run the install script (takes me about 45 seconds all up).
Use the add_exception.sh script to allow a machine to bypass the VPN (I have not used this yet so it may need some work)
I did some testing and this setup, while working great, leaks DNS unfortunately.
I have posted to creators github (though I dont know how active he is) to work on a solution.
I think it may be as simple as incorporating a up & down of the update-resolv-conf in the config file.
Adding these lines to the end of: /etc/openvpn/PIAvpn.conf
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Now forwards all DNS traffic through the VPN
I posted the issue on the guys github, hopefully he fixes it for everyone, otherwise if not I may fork it.
To test that it’s leaking run
ping whoami.ultradns.net -c 1
IP address your match your VPN IP: To see your external ip run
curl -s ipinfo.io/ip
If they do not match you’re leaking DNS info. (Mine was definitely not going through VPN)
Add above code to vpn.conf file and restart vpn
Rerun test and all my DNS info is being forwarded through PIA.
Are you using it as a gateway or just a client?
I may still do this but I don’t have a lot of free time… I want to get a feel for what most people use it for.
Same! I’ve Been breaking myself for two days to get PureVPN working as a client… As for me, I’d like a 24-7 RPi2 Torrentbox, running OpenVPN, Deluge, Sonarr & Radarr. Would love to test this.
Ty for that.
I’ve had some days ago some problems with vpn and a special function.
have a look at that may you integrate in your solution the “port open function” for transmission and other program.
i have market the TCP Packs with a VPN User so that all communication from this user goes through the tunnel and the rest eg. PLEX and others can come out directly.
MichaIng
I will see if I can implement mine for testing into DietPi-NordVPN.
Hi,. Just installed on a fresh dietpi on a pi2. Worked fine,except I had to install pihole as a DNS server. Otherwise I had no DNS responses. I assume I did something wrong…but I have no idea what…
Neilj1983
Hmm which upstream DNS server uses Pi-hole then? The same should work for your system as well.
If you use DHCP for your network connection, then your router serves the DNS entry for the system. That should usually work, however in your case obviously not. If you choose static IP, you can set the DNS entry yourself. Usually using the router itself works best, as most serve as DNS resolver themselves and have a DNS cache as well, but if not, then 8.8.8.8 (Google DNS) is a reliable solution, at least to test general system-wise DNS resolving.
time wget --spider https://dietpi.com can be used to test and compare speeds.
I tried this last night & sadly (out of the box) from a fresh install it didn’t work. I did get it working though .
With a fresh install the device it was installed on was working & getting its public IP from PIA, it just wasn’t able to route any traffic over the VPN.
I just made sure “sysctl -p” was run on startup & everything is working fine now. This I don’t think is a problem with this script as it does the same when setting up PiVPN/OpenVPN.
Also I set a static IP 192.168.1.5 before installing the script, after a reboot it reports at startup a IP 192.168.1.144 although I have a SSH session via 192.168.1.5
After I Enable IPv6 in the dietpi-config and re-run the script again it now reports the IP address 192.168.1.5 correctly.
So I guess when you Disable the IPv6 the script does not work correctly !?
.
