tim f1f45d3171 | ||
---|---|---|
README.md |
README.md
How to setup a VPN router
This guide assumes the following configuration:
A WAN interface called: eth0
A LAN interface called: eth1
with a static ip address of 192.168.1.1
A VPN interface called: wg0-mullvad
Install and configure your VPN client
In this example I am using the official Mullvad client which sets up a network interface called: wg0-mullvad
Make sure it is configured to run at startup.
Enable packet forwarding
Uncomment the following lines in: /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
And apply the new kernel parameters with: sudo sysctl -p
Configure iptables to route traffic through the VPN
sudo iptables -t nat -A POSTROUTING -o wg0-mullvad -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o wg0-mullvad -j ACCEPT
sudo iptables -A FORWARD -o wg0-mullvad -j ACCEPT
sudo iptables -A FORWARD -i wg0-mullvad -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -i wg0-mullvad -j ACCEPT
To make these changes persist through a reboot, install iptables-persistent:
sudo apt install iptables-persistent
and click "Yes" when prompted to save current IPv4 rules.
If you make any further changes to the iptables rules, don't forget to run sudo dpkg-reconfigure iptables-persistent
to make them persist as well.
Install and configure a DHCP server
dnsmasq is a good lightweight DHCP (and DNS, but we won't be using that function) server. To install it run:
sudo apt install dnsmasq
And configure the following options in: /etc/dnsmasq.conf
port=0
will disable the built-in DNS server
interface=eth1
sets which interface to respond to DHCP requests on
dhcp-range=192.168.1.151,192.168.1.254,255.255.255.0,12h
sets the ip range of the DHCP ip address pool and 12h is the lease time
dhcp-option=6,10.64.0.1
sets the DNS server address that will be sent to the DHCP clients (this should be the DNS server supplied by your VPN provider)