Hi there,
i have my odroid xu-4 running DietPi. I want to run all internet connection through a VPN service like Private Internet Access. But i cant seem to find anything about it. Can anybody give me a clue to how its done ?
Tunnel DietPi through OpenVPN
Re: Tunnel DietPi through VPN
Hi,
First of all, it will only work for IPv4 connection. If you have a dual stack network and you want to run all internet connection through your tun interface, you have to disable IPv6 support in dietpi-config.
You have to install OpenVPN or PiVPN on your device first.
Now you have to put the client config files " *.ovpn " on your device, e.g. into your home directory ( /root/vpnbook.ovpn )
In this example here, I will use a free account from VPNBook.
For testing, start your openvpn client with this config file:
Type in your Username and your password if you will need one.
Now you will see some messages like this:
"Initialization Sequence Completed" means that your openvpn connection is established.
Leave this terminal session open and open a new ssh session to test if vpn connection is working.
10.10.1.14/32 ==>> is my VPN client address (tun2 - client Point-to-Point connection)
10.10.1.13/32 ==>> is VPN server tunnel endpoint ip address
176.126.237.214 ==>> is VPN server endpoint public ip address (euro214.vpnbook.com)
ping or trace some targets at the internet:
If all this is working like you want it and your OpenVPN connection needs to manually type in a username and password, you can modify your " *.ovpn " to get automatic login:
Save Password in OpenVPN for Automatic Login
Now openvpn --config /root/vpnbook.ovpn should end up with a VPN connection without type in username and password.
If you want to start a VPN Client connection on every boot, you have to edit:
and paste something like this before the last line (exit 0):
Hope this will help you out.
cu
k-plan
As far as I see, you want to run a openvpn client on your device, not act as an openvpn server.nicolasbuch wrote:I want to run all internet connection through a VPN service like Private Internet Access.
First of all, it will only work for IPv4 connection. If you have a dual stack network and you want to run all internet connection through your tun interface, you have to disable IPv6 support in dietpi-config.
You have to install OpenVPN or PiVPN on your device first.
Now you have to put the client config files " *.ovpn " on your device, e.g. into your home directory ( /root/vpnbook.ovpn )
In this example here, I will use a free account from VPNBook.
For testing, start your openvpn client with this config file:
Code: Select all
root@ZeroPi:~# openvpn --config /root/vpnbook.ovpn
Mon Dec 12 19:53:12 2016 OpenVPN 2.3.11 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on May 23 2016
Mon Dec 12 19:53:12 2016 library versions: OpenSSL 1.0.2j 26 Sep 2016, LZO 2.08
Enter Auth Username: *******
Enter Auth Password: *********
Now you will see some messages like this:
Code: Select all
Mon Dec 12 19:55:46 2016 Socket Buffers: R=[163840->163840] S=[163840->163840]
Mon Dec 12 19:55:46 2016 UDPv4 link local: [undef]
Mon Dec 12 19:55:46 2016 UDPv4 link remote: [AF_INET]176.126.237.214:25000
Mon Dec 12 19:55:47 2016 TLS: Initial packet from [AF_INET]176.126.237.214:25000, sid=628e66d9 cae50908
Mon Dec 12 19:55:47 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Dec 12 19:55:47 2016 VERIFY OK: depth=1, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Mon Dec 12 19:55:47 2016 VERIFY OK: depth=0, C=CH, ST=Zurich, L=Zurich, O=vpnbook.com, OU=IT, CN=vpnbook.com, name=vpnbook.com, emailAddress=admin@vpnbook.com
Mon Dec 12 19:55:47 2016 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Dec 12 19:55:47 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 12 19:55:47 2016 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Mon Dec 12 19:55:47 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 12 19:55:47 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Mon Dec 12 19:55:47 2016 [vpnbook.com] Peer Connection Initiated with [AF_INET]176.126.237.214:25000
Mon Dec 12 19:55:49 2016 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
Mon Dec 12 19:55:49 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 84.200.69.80,dhcp-option DNS 37.235.1.177,route 10.10.0.1,topology net30,ping 5,ping-restart 30,ifconfig 10.10.1.14 10.10.1.13'
Mon Dec 12 19:55:49 2016 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 12 19:55:49 2016 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 12 19:55:49 2016 OPTIONS IMPORT: route options modified
Mon Dec 12 19:55:49 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Dec 12 19:55:49 2016 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=eth0 HWADDR=a0:ce:c8:08:68:d0
Mon Dec 12 19:55:49 2016 TUN/TAP device tun2 opened
Mon Dec 12 19:55:49 2016 TUN/TAP TX queue length set to 100
Mon Dec 12 19:55:49 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Dec 12 19:55:49 2016 /sbin/ip link set dev tun2 up mtu 1500
Mon Dec 12 19:55:49 2016 /sbin/ip addr add dev tun2 local 10.10.1.14 peer 10.10.1.13
Mon Dec 12 19:55:52 2016 /sbin/ip route add 176.126.237.214/32 via 192.168.0.100
Mon Dec 12 19:55:52 2016 /sbin/ip route add 0.0.0.0/1 via 10.10.1.13
Mon Dec 12 19:55:52 2016 /sbin/ip route add 128.0.0.0/1 via 10.10.1.13
Mon Dec 12 19:55:52 2016 /sbin/ip route add 10.10.0.1/32 via 10.10.1.13
Mon Dec 12 19:55:52 2016 Initialization Sequence Completed
Leave this terminal session open and open a new ssh session to test if vpn connection is working.
Code: Select all
root@ZeroPi:~# ip a | grep tun
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
11: tun2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
inet 10.10.1.14 peer 10.10.1.13/32 scope global tun2
10.10.1.13/32 ==>> is VPN server tunnel endpoint ip address
176.126.237.214 ==>> is VPN server endpoint public ip address (euro214.vpnbook.com)
Code: Select all
root@ZeroPi:~# route -n
Kernel-IP-Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.1.13 128.0.0.0 UG 0 0 0 tun2
0.0.0.0 192.168.0.1 0.0.0.0 UG 202 0 0 eth0
10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
10.10.0.1 10.10.1.13 255.255.255.255 UGH 0 0 0 tun2
10.10.1.13 0.0.0.0 255.255.255.255 UH 0 0 0 tun2
128.0.0.0 10.10.1.13 128.0.0.0 UG 0 0 0 tun2
192.168.0.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0
176.126.237.214 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
Code: Select all
root@ZeroPi:~# mtr dietpi.com
Host
1. 10.10.0.1
2. 176.126.237.193
3. 185.57.80.77
4. buc-ird-01c.voxility.net
5. fra-in8-01c.voxility.net
6. ddos.protection.interwerk.de
7. fra-in-01-edge.myvirtualserver.com
8. ???
9. 185.101.92.145
If all this is working like you want it and your OpenVPN connection needs to manually type in a username and password, you can modify your " *.ovpn " to get automatic login:
Save Password in OpenVPN for Automatic Login
Now openvpn --config /root/vpnbook.ovpn should end up with a VPN connection without type in username and password.
If you want to start a VPN Client connection on every boot, you have to edit:
Code: Select all
root@ZeroPi:~# nano /etc/rc.local
Code: Select all
sleep 3
echo -e " * Starting VPN connection ..."
/usr/sbin/openvpn --daemon --config /root/vpnbook.ovpn
sleep 2
echo -e ". Done! \n"
exit 0
cu
k-plan
-
nicolasbuch
Re: Tunnel DietPi through VPN
Hi k-plan,
Thank you so much for your elaborative answer. It was definitely more than just a clue
Actually it was spot on and exactly what i needed.
There are tons of tutorials out there that explains how to set it up as a VPN server, but none (that i could find) that explains the client side setup. So i'm sure that your answer will be able to help out others as well. Either way, you helped me.
Once again, thank you
Thank you so much for your elaborative answer. It was definitely more than just a clue
Actually it was spot on and exactly what i needed.There are tons of tutorials out there that explains how to set it up as a VPN server, but none (that i could find) that explains the client side setup. So i'm sure that your answer will be able to help out others as well. Either way, you helped me.
Once again, thank you
Re: Tunnel DietPi through VPN
Hi nicolasbuch,
Have to fiddle around some days to get it on work for me.
Starting VPN client via /etc/rc.local is not perfect way, because if you like to restart VPN client session, you have to kill it (e.g. with htop) and do a manually restart or execute /etc/rc.local once again.
But I like the feedback message.
Better way will be to build a "VPN-clinet" service and start it via dietpi-services but after running a update, this will be gone every time.
cu
k-plan
Yes, where are many tutorials for GUI client setup or Windows clients, but for Linux CLI it's narrow.nicolasbuch wrote:... but none (that i could find) that explains the client side setup.
Have to fiddle around some days to get it on work for me.
Starting VPN client via /etc/rc.local is not perfect way, because if you like to restart VPN client session, you have to kill it (e.g. with htop) and do a manually restart or execute /etc/rc.local once again.
But I like the feedback message.
Better way will be to build a "VPN-clinet" service and start it via dietpi-services but after running a update, this will be gone every time.
Nice to hear this and thanks for your feedback. It's no longer self-evident.nicolasbuch wrote:Either way, you helped me.
cu
k-plan
Re: Tunnel DietPi through VPN
To get this on work, you have to do (same example as above):k-plan wrote:Better way will be to build a "VPN client" service and start it via dietpi-services
- delete the new lines, you have put in /etc/rc.local before and save.
Code: Select all
root@ZeroPi:~# nano /etc/rc.local
...
## sleep 3
## echo -e " * Starting VPN connection ..."
## /usr/sbin/openvpn --daemon --config /root/vpnbook.ovpn
## sleep 2
## echo -e ". Done! \n"
exit 0
Code: Select all
root@ZeroPi:~# cp /root/vpnbook.ovpn /etc/openvpn/vpnbook.conf
root@ZeroPi:~# cp /root/auth.txt /etc/openvpn/auth.txt
Code: Select all
root@ZeroPi:~# nano /etc/default/openvpn
Code: Select all
# If you're running systemd, changing this variable will
# require running "systemctl daemon-reload" followed by
# a restart of the openvpn service (if you removed entries
# you may have to stop those manually)
#
AUTOSTART="all"
#AUTOSTART="none"
#AUTOSTART="home office"
#
- if you want to auto-start on boot only OpenVPN Client, then uncomment and edit:
Code: Select all
# If you're running systemd, changing this variable will
# require running "systemctl daemon-reload" followed by
# a restart of the openvpn service (if you removed entries
# you may have to stop those manually)
#
#AUTOSTART="all"
#AUTOSTART="none"
AUTOSTART="vpnbook"
#
- now reboot your system:
Code: Select all
root@ZeroPi:~# reboot
Code: Select all
root@ZeroPi:~# htop
- you should see a running openvpn client process as daemon:
- OpenVPN client process as daemon
- 161213-0001.gif (11.17 KiB) Viewed 10729 times
- if you want to restart your OpenVPN client connection, you can now simply use dietpi-services
Code: Select all
root@ZeroPi:~# dietpi-services restart
k-plan
Re: Tunnel DietPi through VPN
Excellent guide K-Plan. Stickied!
EDIT: Created a new sub-forum for guides by our users and moved it there: http://dietpi.com/phpbb/viewforum.php?f=15
EDIT: Created a new sub-forum for guides by our users and moved it there: http://dietpi.com/phpbb/viewforum.php?f=15
If you find our project or support useful, then we’d really appreciate it if you’d consider contributing to the project however you can.
Donating is the easiest – you can use PayPal or become a DietPi patron.
Donating is the easiest – you can use PayPal or become a DietPi patron.
-
odreezy
Re: Tunnel DietPi through VPN
Is it possible to configure openvpn client to read username and password via environment variables?