Raspberry pi as a vpn router

Having issues with your DietPi installation, or, found a bug? Post it here.
User avatar
WarHawk
Posts: 588
Joined: Thu Jul 20, 2017 7:55 am

Re: Raspberry pi as a vpn router

Post by WarHawk »

Just found this...maybe it will help

https://hackaday.io/project/2040-web-se ... everywhere

User avatar
MichaIng
Site Admin
Posts: 2167
Joined: Sat Nov 18, 2017 5:21 pm

Re: Raspberry pi as a vpn router

Post by MichaIng »

Generally the vulnerabilities are exactly the two software titles that you have installed: The WiFi hotspot and the VPN software.

The hotspot is implemented with hostapd, and supports WPA2 encryption by default. WPA2 is known to have some security leaks meanwhile, but it is still very widely used, e.g. by all common home routers. EAP has better security but requires a much more complicated setup (with host and user certificates and keys, so password is not sufficient to connect), e.g. used for the eduroam network and larger company networks and such.

The VPN is implemented either with OpenVPN or WireGuard. The first is very well known and probed, the second is a very new promising approach that allows much faster transfer rates and higher security etc, but it is new and did not yet reach official stable stage: https://www.wireguard.com/
In both cases, it is essential that you keep and transfer the private keys for server and client safe and secure. In case of OpenVPN this is true for the .ovpn file which contains the private key as well. This must never be readable by anyone else as the client software or to related user. If this is the case, then the software itself can be considered as secure (both, OpenVPN and WireGuard IMO).

Assure that, as long as you only need to connect to the VPN remotely, only the related VPN port is forwarded to the RPi and no other port.

About logging, I am not 100% sure what is logged by default with hostapd, OpenVPN and WireGuard. But all persistent logs (stored on disk) can be found in /var/log. journalctl allows to see all system logs, which includes user authentication and AFAIK some from those software titles as well, but the journal by default is not stored to disk but only hold in RAM. It would be stored to disk automatically, if you create the directory /var/log/journal.

ghettopi
Posts: 44
Joined: Tue Jul 30, 2019 8:17 pm

Re: Raspberry pi as a vpn router

Post by ghettopi »

All of your questions would:

1. Be better answered in your own thread, not in this one which is a completely different topic
2. Be better answered by an introductory video into computer security or netsec on Youtube

Short answer is:

Anything that you connect to the internet is vulnerable to being breached (hacked).

The only truly secure way to use your Diet-Pi is to keep it off the internet completely, and do not allow the device to be connected via WiFi. That is, make sure it's not possible for anyone to access it when connected to your network over WiFi (so don't use WiFi on the network the Diet-Pi is connected to). This means that someone would need physical access to the Diet-Pi to break into it.

Otherwise you should learn about subnets and network zones. You can put some network devices on a zone that's basically hidden and almost inaccessible from people outside your network.

As for logs. The Diet-Pi logs some basic things mostly for troubleshooting. However, passwords are stored encrpyted except for in the main setup file, but if you were smart you would have changed the defult password from dietpi to something else on the first setup.

User avatar
MichaIng
Site Admin
Posts: 2167
Joined: Sat Nov 18, 2017 5:21 pm

Re: Raspberry pi as a vpn router

Post by MichaIng »

See also our general security recommends: https://github.com/MichaIng/DietPi/wiki ... mmendation

melaniestaines
Posts: 16
Joined: Tue Oct 01, 2019 8:52 am

Re: Raspberry pi as a vpn router

Post by melaniestaines »

I've been wanting to do this for awhile now, looked into it a lot and found a few tutorials but never really managed to get it working properly or past the installation of OpenVPN.

I have spare Raspberry Pi which I've wondered would I be able to turn into a VPN router which I can stick to my laptop so when I'm in a public area I can connect to my Pi and then connect to the internet through the Pi and then be able to encrypt my data in public. I don't know if this is entirely possible the way I'm thinking of it but if it is can you link me to a guide which works or goes into detail with what needs to be done.

User avatar
Joulinar
Posts: 1539
Joined: Fri Nov 15, 2019 11:49 pm

Re: Raspberry pi as a vpn router

Post by Joulinar »

that sound quite complicated to connect first to your Pi and than to the public WiFi. Why not installing VPN Client on your laptop directly and than connect back home to your privat VPN Server?
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team

Adamkekaa2
Posts: 2
Joined: Thu Mar 05, 2020 4:50 pm

Re: Raspberry pi as a vpn router

Post by Adamkekaa2 »

Joulinar wrote:
Fri Mar 06, 2020 11:55 am
that sound quite complicated to connect first to your Pi and than to the public WiFi. Why not installing VPN Client on your laptop directly and than connect back home to your privat VPN Server?
For a 100 Mbit upload, I wouldn't recommend a Raspberry Pi. You could go for something more powerful in similar form factors, like https://www.seedboxco.net/ or something.
Last edited by Adamkekaa2 on Tue Mar 10, 2020 2:42 pm, edited 1 time in total.

trendy
Posts: 90
Joined: Tue Feb 25, 2020 1:54 pm

Re: Raspberry pi as a vpn router

Post by trendy »

No need to reply to spambots 8)

Post Reply