![]() Sudo iptables -A OUTPUT -p tcp -dport 502 -j ACCEPT Sudo iptables -A INPUT -p udp -sport 53 -j ACCEPT Sudo iptables -A OUTPUT -p udp -dport 53 -j ACCEPT # Port 1198 may be different depending on the VPN # If establishing thru an IP and not a name, the ones with port 53 can be removed # Only 2 ports open, 1 for DNS and 1 for VPN # Allow loopback device ( internal communication) ![]() Make sure to change the 192.168.0.0 to your local network's address, while keeping the /24 CIDR. If you are using a different configuration than the recommended TCP one, make sure to change these commands accordingly. This allows in/output through port udp:53 and tcp:502 as discussed above. Execute these commands together otherwise you will be locked out of your server before you can finish. This is where we'll set up that all packets - directed outside of your local network - get dropped that are not going through the VPN tunnel. Take note of the IP address and make sure you are indeed connecting through your new VPN tunnel. ![]() After the server has started again, SSH in and test if your connection is up with the same command curl. When you enable a service with systemctl, it will run at boot if the server gets restarted. We want the connection to automatically get established after each reboot. You can stop and start the OpenVPN service with replacing start with stop or get information about the service with status.Įnable the service so it starts at boot. The goal is for them not to match of course. If they match, your VPN is not working correctly. It will show you your current public IP address and you'll compare that to the one from before. Type the following command, this will give you information about your connection. This should give you a some nice lines signaling that you are connected to the VPN. sudo systemctl start openvpn- based on the above example, is us-californa. Try the connection, this is where the new systemctl magic comes in. If you do not do this, OpenVPN will ask for a username and password each time you want to connect, and that's not a good headless setup. Modify the file you just created (I suggest nano) at the following line: auth-user-pass -> auth-user-pass /etc/openvpn/login. Name it something simple, for example nf as this filename will become the name of the OpenVPN service later. Save your configuration with nano /etc/openvpn/client/.conf. I don't know why this happened, but switching to the TCP/:502 setup solved the problem instantly. I had a connection on paper, but there was no data flow. When I tried with the recommended UDP configuration files, there was a successful connection and ping went through as well, but nothing else. Use the Recommended TCP configuration.Your speed should not be affected that much anyways as long as it's decently close. For me for example, the closest server is always very busy with high latency throughout the evening, so I chose one that's a bit further but never as congested. Make sure to choose one that is reliable 24/7. There is no automatic failover or connection to another region. You can only have a single location at a time.Try another server if you face this issue as well. I got access denied - authentication failure on some of the servers, the others worked perfectly.Go to PIA OpenVPN Configurator and create a configuration file for your favorite location. Sudo bash - c 'echo "PASSWORD" > /etc/openvpn/login'ĭownload PIA OpenVPN config file. sudo bash - c 'echo "USERNAME" > /etc/openvpn/login' As long as your Pi is well secured, it should not be a problem. While this is not technically "best practice", I could not come up with a safer way. Since PIA VPN uses auth-pass in its configuration, we need to save the PIA username + password in a file on the server - the same you use to log into the desktop app or website. Install OpenVPN on your Raspberry sudo apt install openvpn -yĬreate a login file for OpenVPN. Take note of the IP address displayed there, that's your current public IP without the VPN. sudo apt update & sudo apt upgrade -yĬheck if you have an internet connection to begin with. Pi VPN Setup for PIA with killswitch and DHCP - Does not work. ![]() We will be running PIA via OpenVPN fully in headless mode. Mine runs the latest (as of November 2020) Raspberry Pi OS on a Raspberry Pi 3, but it will work on the 4 as well. I'd have a hard guess that this setup / method works with anything that uses OpenVPN however. I needed this setup because I want to turn one of my Raspberry Pis into a seedbox, and I sleep much better at night when it's behind a VPN. I never liked dealing with OpenVPN, let alone on a Raspberry Pi but here we are. I feel the need to start with that because all of the guides out there on the internet are too old and do not work anymore. This post was written on the 14th of November 2020.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |