commit 00743462e8271fb85cf8006bae1bef42dc8f61d4
Author: tim <tim@noreply.localhost>
Date:   Mon Sep 2 05:23:16 2024 +0000

    initial commit

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..7d0c271
--- /dev/null
+++ b/README.md
@@ -0,0 +1,39 @@
+## How to setup a VPN router
+
+This guide assumes the following configuration:    
+A WAN interface called: `eth0`    
+A LAN interface called: `eth1` with a static ip address of `192.168.1.1`
+A VPN interface called: `wg0-mullvad`
+
+### Install and configure your VPN client
+In this example I am using the official Mullvad client which sets up a network interface called: **wg0-mullvad**    
+Make sure it is configured to run at startup.
+
+### Enable packet forwarding
+Uncomment the following lines in: `/etc/sysctl.conf`    
+`net.ipv4.ip_forward=1`    
+`net.ipv6.conf.all.forwarding=1`    
+And apply the new kernel parameters with: `sudo sysctl -p`
+
+### Configure iptables to route traffic through the VPN
+```
+sudo iptables -t nat -A POSTROUTING -o wg0-mullvad -j MASQUERADE
+sudo iptables -A FORWARD -i eth1 -o wg0-mullvad -j ACCEPT
+sudo iptables -A FORWARD -o wg0-mullvad -j ACCEPT
+sudo iptables -A FORWARD -i wg0-mullvad -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A INPUT -i wg0-mullvad -j ACCEPT
+```
+
+To make these changes persist through a reboot, install **iptables-persistent**:    
+`sudo apt install iptables-persistent`    
+and click "Yes" when prompted to save current IPv4 rules.    
+If you make any further changes to the iptables rules, don't forget to run `sudo dpkg-reconfigure iptables-persistent` to make them persist as well.
+
+### Install and configure a DHCP server
+**dnsmasq** is a good lightweight DHCP (and DNS, but we won't be using that function) server. To install it run:    
+`sudo apt install dnsmasq`    
+And configure the following options in: `/etc/dnsmasq.conf`    
+`port=0` will disable the built-in DNS server    
+`interface=eth1` sets which interface to respond to DHCP requests on    
+`dhcp-range=192.168.1.151,192.168.1.254,255.255.255.0,12h` sets the ip range of the DHCP ip address pool and **12h** is the lease time    
+`dhcp-option=6,10.64.0.1` sets the DNS server address that will be sent to the DHCP clients (this should be the DNS server supplied by your VPN provider)
\ No newline at end of file