## How to setup a VPN router

This guide assumes the following configuration:    
A WAN interface called: `eth0`    
A LAN interface called: `eth1` with a static ip address of `192.168.1.1`
A VPN interface called: `wg0-mullvad`

### Install and configure your VPN client
In this example I am using the official Mullvad client which sets up a network interface called: **wg0-mullvad**    
Make sure it is configured to run at startup.

### Enable packet forwarding
Uncomment the following lines in: `/etc/sysctl.conf`    
`net.ipv4.ip_forward=1`    
`net.ipv6.conf.all.forwarding=1`    
And apply the new kernel parameters with: `sudo sysctl -p`

### Configure iptables to route traffic through the VPN
```
sudo iptables -t nat -A POSTROUTING -o wg0-mullvad -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o wg0-mullvad -j ACCEPT
sudo iptables -A FORWARD -o wg0-mullvad -j ACCEPT
sudo iptables -A FORWARD -i wg0-mullvad -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -i wg0-mullvad -j ACCEPT
```

To make these changes persist through a reboot, install **iptables-persistent**:    
`sudo apt install iptables-persistent`    
and click "Yes" when prompted to save current IPv4 rules.    
If you make any further changes to the iptables rules, don't forget to run `sudo dpkg-reconfigure iptables-persistent` to make them persist as well.

### Install and configure a DHCP server
**dnsmasq** is a good lightweight DHCP (and DNS, but we won't be using that function) server. To install it run:    
`sudo apt install dnsmasq`    
And configure the following options in: `/etc/dnsmasq.conf`    
`port=0` will disable the built-in DNS server    
`interface=eth1` sets which interface to respond to DHCP requests on    
`dhcp-range=192.168.1.151,192.168.1.254,255.255.255.0,12h` sets the ip range of the DHCP ip address pool and **12h** is the lease time    
`dhcp-option=6,10.64.0.1` sets the DNS server address that will be sent to the DHCP clients (this should be the DNS server supplied by your VPN provider)