Raspberry pi as a vpn router

Having issues with your DietPi installation, or, found a bug? Post it here.
User avatar
WarHawk
Posts: 623
Joined: Thu Jul 20, 2017 8:55 am

Re: Raspberry pi as a vpn router

Post by WarHawk »

Just found this...maybe it will help

https://hackaday.io/project/2040-web-se ... everywhere
User avatar
MichaIng
Site Admin
Posts: 2343
Joined: Sat Nov 18, 2017 6:21 pm

Re: Raspberry pi as a vpn router

Post by MichaIng »

Generally the vulnerabilities are exactly the two software titles that you have installed: The WiFi hotspot and the VPN software.

The hotspot is implemented with hostapd, and supports WPA2 encryption by default. WPA2 is known to have some security leaks meanwhile, but it is still very widely used, e.g. by all common home routers. EAP has better security but requires a much more complicated setup (with host and user certificates and keys, so password is not sufficient to connect), e.g. used for the eduroam network and larger company networks and such.

The VPN is implemented either with OpenVPN or WireGuard. The first is very well known and probed, the second is a very new promising approach that allows much faster transfer rates and higher security etc, but it is new and did not yet reach official stable stage: https://www.wireguard.com/
In both cases, it is essential that you keep and transfer the private keys for server and client safe and secure. In case of OpenVPN this is true for the .ovpn file which contains the private key as well. This must never be readable by anyone else as the client software or to related user. If this is the case, then the software itself can be considered as secure (both, OpenVPN and WireGuard IMO).

Assure that, as long as you only need to connect to the VPN remotely, only the related VPN port is forwarded to the RPi and no other port.

About logging, I am not 100% sure what is logged by default with hostapd, OpenVPN and WireGuard. But all persistent logs (stored on disk) can be found in /var/log. journalctl allows to see all system logs, which includes user authentication and AFAIK some from those software titles as well, but the journal by default is not stored to disk but only hold in RAM. It would be stored to disk automatically, if you create the directory /var/log/journal.
ghettopi
Posts: 44
Joined: Tue Jul 30, 2019 9:17 pm

Re: Raspberry pi as a vpn router

Post by ghettopi »

All of your questions would:

1. Be better answered in your own thread, not in this one which is a completely different topic
2. Be better answered by an introductory video into computer security or netsec on Youtube

Short answer is:

Anything that you connect to the internet is vulnerable to being breached (hacked).

The only truly secure way to use your Diet-Pi is to keep it off the internet completely, and do not allow the device to be connected via WiFi. That is, make sure it's not possible for anyone to access it when connected to your network over WiFi (so don't use WiFi on the network the Diet-Pi is connected to). This means that someone would need physical access to the Diet-Pi to break into it.

Otherwise you should learn about subnets and network zones. You can put some network devices on a zone that's basically hidden and almost inaccessible from people outside your network.

As for logs. The Diet-Pi logs some basic things mostly for troubleshooting. However, passwords are stored encrpyted except for in the main setup file, but if you were smart you would have changed the defult password from dietpi to something else on the first setup.
User avatar
MichaIng
Site Admin
Posts: 2343
Joined: Sat Nov 18, 2017 6:21 pm

Re: Raspberry pi as a vpn router

Post by MichaIng »

See also our general security recommends: https://github.com/MichaIng/DietPi/wiki ... mmendation
melaniestaines
Posts: 15
Joined: Tue Oct 01, 2019 9:52 am

Re: Raspberry pi as a vpn router

Post by melaniestaines »

I've been wanting to do this for awhile now, looked into it a lot and found a few tutorials but never really managed to get it working properly or past the installation of OpenVPN.

I have spare Raspberry Pi which I've wondered would I be able to turn into a VPN router which I can stick to my laptop so when I'm in a public area I can connect to my Pi and then connect to the internet through the Pi and then be able to encrypt my data in public. I don't know if this is entirely possible the way I'm thinking of it but if it is can you link me to a guide which works or goes into detail with what needs to be done.
User avatar
Joulinar
Posts: 2327
Joined: Sat Nov 16, 2019 12:49 am

Re: Raspberry pi as a vpn router

Post by Joulinar »

that sound quite complicated to connect first to your Pi and than to the public WiFi. Why not installing VPN Client on your laptop directly and than connect back home to your privat VPN Server?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
User avatar
trendy
Posts: 133
Joined: Tue Feb 25, 2020 2:54 pm

Re: Raspberry pi as a vpn router

Post by trendy »

No need to reply to spambots 8)
Post Reply