Instructions for setting up your own VPN router using iptables.
Go to file
tim 00743462e8 initial commit 2024-09-02 05:23:16 +00:00
README.md initial commit 2024-09-02 05:23:16 +00:00

README.md

How to setup a VPN router

This guide assumes the following configuration:
A WAN interface called: eth0
A LAN interface called: eth1 with a static ip address of 192.168.1.1 A VPN interface called: wg0-mullvad

Install and configure your VPN client

In this example I am using the official Mullvad client which sets up a network interface called: wg0-mullvad
Make sure it is configured to run at startup.

Enable packet forwarding

Uncomment the following lines in: /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
And apply the new kernel parameters with: sudo sysctl -p

Configure iptables to route traffic through the VPN

sudo iptables -t nat -A POSTROUTING -o wg0-mullvad -j MASQUERADE
sudo iptables -A FORWARD -i eth1 -o wg0-mullvad -j ACCEPT
sudo iptables -A FORWARD -o wg0-mullvad -j ACCEPT
sudo iptables -A FORWARD -i wg0-mullvad -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -i wg0-mullvad -j ACCEPT

To make these changes persist through a reboot, install iptables-persistent:
sudo apt install iptables-persistent
and click "Yes" when prompted to save current IPv4 rules.
If you make any further changes to the iptables rules, don't forget to run sudo dpkg-reconfigure iptables-persistent to make them persist as well.

Install and configure a DHCP server

dnsmasq is a good lightweight DHCP (and DNS, but we won't be using that function) server. To install it run:
sudo apt install dnsmasq
And configure the following options in: /etc/dnsmasq.conf
port=0 will disable the built-in DNS server
interface=eth1 sets which interface to respond to DHCP requests on
dhcp-range=192.168.1.151,192.168.1.254,255.255.255.0,12h sets the ip range of the DHCP ip address pool and 12h is the lease time
dhcp-option=6,10.64.0.1 sets the DNS server address that will be sent to the DHCP clients (this should be the DNS server supplied by your VPN provider)