[Testers Wanted] Simple PIA VPN Gateway

Guides and tutorials for various stuff. Posted by DietPi users.
User avatar
Phillski
Posts: 8
Joined: Fri Feb 02, 2018 9:52 am

[Testers Wanted] Simple PIA VPN Gateway

Post by Phillski » Tue Apr 17, 2018 1:42 am

Based on the work by Sam Groveman (https://github.com/ShVerni/Raspberry-Pi-VPN-Gateway) all credit should be given to him.

Please make a backup of your PI first! (I may have had to start from scratch a few times while getting this ready, should be fine now but you can never have too many backups)

This is the script I use when configuring my PI (tested over multiple machines using DietPi 160+).

The goal of this script is to transform your DietPi into a VPN Gateway using PIA (https://www.privateinternetaccess.com/) without the pain of reading many (so very many) websites and doing it all manually.

Will probably *not* work if you are already running (or plan to run) a VPN server as it's configured to use tun0 as its VPN interface.

You will need an account with PIA.
You will need to know
- Your Pi login details.
- Your PIA login details.
- Your network gateway address.
- Your local network address.

- Choose between 2K (standard) or 4K (strong) encryption
- Can easily switch between different VPN endpoints
- VPN is monitored and will be automatically restarted if it goes down
- killswitch
- Configure split-VPN (exclude machine:port from VPN)


The following code will start the install process ...

Code: Select all

wget -O PIAVPN.zip http://dietpi.com/phpbb/download/file.php?id=1034 && unzip PIAVPN.zip -d PIAVPN && cd PIAVPN && sudo chmod 744 InstallVPN.sh && sed -i $'s/\r$//' InstallVPN.sh && sudo ./InstallVPN.sh
Attachments
PIAVPN.zip
(22.12 KiB) Downloaded 21 times
Last edited by Phillski on Thu Apr 19, 2018 1:28 am, edited 6 times in total.

User avatar
Phillski
Posts: 8
Joined: Fri Feb 02, 2018 9:52 am

Re: Simple PIA VPN Gateway Script

Post by Phillski » Tue Apr 17, 2018 2:14 am

Step 1:
VPN01.png
Step 2: Unless you have changed your DietPi default user you should use the defaults.
VPN02.png
Step 3:
VPN03.png
Step 4: Enter your PIA login details.
VPN04.png
Step 5: Choose between 2K (default) and 4K(strongest) encryption. 2K is fine for general use but if your PI has HW encryption support then there is almost no speed difference between the two (NanoPI NEO2 @2K: 158Mbit/s @4K: 156Mbit/s)
VPN05.png
Last edited by Phillski on Tue Apr 17, 2018 8:37 am, edited 1 time in total.

User avatar
Phillski
Posts: 8
Joined: Fri Feb 02, 2018 9:52 am

Re: Simple PIA VPN Gateway Script

Post by Phillski » Tue Apr 17, 2018 2:20 am

Step 6: Select a VPN endpoint to use (this can also be changed afterwards using the swap_endpoint.sh script).
VPN06.png
Step 7:
VPN07.png
Step 8: Enter your network details
VPN08.png
Step 9: Enabling the KillSwitch means there will be no internet access if the VPN goes down.
VPN09.png
Step 10: You can allow specific machines to bypass the VPN (perhaps when you have configured your router to point every machine at the PI)
VPN10.png

User avatar
Phillski
Posts: 8
Joined: Fri Feb 02, 2018 9:52 am

Re: Simple PIA VPN Gateway Script

Post by Phillski » Tue Apr 17, 2018 2:21 am

Step 11: Tidy up?
VPN11.png
Step 12: Fingers crossed it all works.
VPN12.png

hd888
Posts: 7
Joined: Fri Apr 06, 2018 1:56 pm

Re: [Testers Wanted] Simple PIA VPN Gateway

Post by hd888 » Wed May 02, 2018 2:33 pm

I'm giving it a go! Thanks!

It works!

How do I switch servers and so on?

User avatar
Phillski
Posts: 8
Joined: Fri Feb 02, 2018 9:52 am

Re: [Testers Wanted] Simple PIA VPN Gateway

Post by Phillski » Thu May 03, 2018 2:08 am

Hi hd888

You can switch servers by executing the swap_endpoint.sh script

If you want to switch between standard (2K) and strong (4K) encryption I'm afraid you'll need to re-run the install script (takes me about 45 seconds all up).

Use the add_exception.sh script to allow a machine to bypass the VPN (I have not used this yet so it may need some work)

hd888
Posts: 7
Joined: Fri Apr 06, 2018 1:56 pm

Re: [Testers Wanted] Simple PIA VPN Gateway

Post by hd888 » Fri May 04, 2018 11:04 pm

Hey Phillski,

I did some testing and this setup, while working great, leaks DNS unfortunately.

I have posted to creators github (though I dont know how active he is) to work on a solution.
I think it may be as simple as incorporating a up & down of the update-resolv-conf in the config file.

hd888
Posts: 7
Joined: Fri Apr 06, 2018 1:56 pm

Re: [Testers Wanted] Simple PIA VPN Gateway

Post by hd888 » Sat May 05, 2018 12:11 am

Adding these lines to the end of: /etc/openvpn/PIAvpn.conf

Code: Select all

script-security 2 
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Now forwards all DNS traffic through the VPN

I posted the issue on the guys github, hopefully he fixes it for everyone, otherwise if not I may fork it.

To test that it's leaking run
ping whoami.ultradns.net -c 1
IP address your match your VPN IP: To see your external ip run
curl -s ipinfo.io/ip

If they do not match you're leaking DNS info. (Mine was definitely not going through VPN)
Add above code to vpn.conf file and restart vpn
Rerun test and all my DNS info is being forwarded through PIA.

More info here:
https://www.privateinternetaccess.com/f ... ite-needed

martymoose
Posts: 2
Joined: Fri Oct 13, 2017 2:54 am

Re: [Testers Wanted] Simple PIA VPN Gateway

Post by martymoose » Sat May 26, 2018 10:06 pm

is there any chance of incorporating nordvpn. or others?
cheers good work

hd888
Posts: 7
Joined: Fri Apr 06, 2018 1:56 pm

Re: [Testers Wanted] Simple PIA VPN Gateway

Post by hd888 » Thu May 31, 2018 12:56 pm

martymoose wrote:
Sat May 26, 2018 10:06 pm
is there any chance of incorporating nordvpn. or others?
cheers good work
Are you using it as a gateway or just a client?
I may still do this but I don't have a lot of free time... I want to get a feel for what most people use it for.

Post Reply