Ello Badass 0x00’ers!

“Use a VPN!”, “Use Tor!”, “What, you don’t use a VPN?”

These are probably just some of the phrases you have heard thrown about privacy. Using a VPN will help you stay safer from adversaries attempting to discover your identity. Perhaps you wish to remain anonymous from corporations or want to hide your traffic from your ISP. There are hundreds of reasons to use a VPN at home.

But using a VPN is just so damn annoying am I right? You gotta start it up every time you boot, sometimes you get a netsplit, or your wifi card craps out and your connection breaks. Or that annoying time you put your laptop lid down, and then bring it up, and you’ve rejoined IRC with your IP naked, while you wait for your VPN to reconnect. Not to mention the paranoia that perhaps it isn’t running.

Here I present to you, a transparent proxy, or VPN gateway. Once configured, you’ll be able to just change your wifi settings, and instantly be protected on any device you connect to your network, you won’t have to worry about IP leaks, and the minute you open your laptop lid, you’ll be using the VPN.

Community Assigned Level:

Newbie

Wannabe

Hacker

Wizard

Guru 0 voters

Required Skills and Items

Linux CLI

Following instructions

A configured Pi or Server

Setting up a VPN Gateway

Get your Pi!

Get your Pi, install Raspbian on it.

Install required packages

sudo apt update && sudo apt install openvpn easy-rsa dnsmasq iptables resolvconf

Configure OpenVPN settings

Get your VPN client file, you can obtain this by purchasing a VPN, or using the free 0x00sec VPN (if you’re a member).

Put the file at /etc/openvpn/client.conf

Now start OpenVPN

sudo service openvpn start

This should start without any problems, you can find out if everything worked out fine by running ifconfig tun0 ,

You should get something like this.

ifconfig tun0 tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1

If it returns something like this

tun0: error fetching interface information: Device not found

You have had a problem starting OpenVPN, in which case you need to sort that out before continuing.

Configure your Firewall

Allow forwarding of traffic on the box

sudo sysctl -w net.ipv4.ip_forward=1

Make this persistent by adding net.ipv4.ip_forward = 1 to /etc/sysctl.conf

Configure your ports and forward traffic to tun0

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -i eth0 -p icmp -j ACCEPT sudo iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT sudo iptables -P FORWARD DROP sudo iptables -P INPUT DROP sudo iptables -L

Make rules persistent

sudo apt-get install iptables-persistent

Upon install, it should prompt you if you want to make the rules persistent now, choose yes.

Configure DNS

Open /etc/resolv.conf and insert

nameserver 8.8.8.8 nameserver 8.8.4.4

Start services

sudo service dnsmasq start sudo service resolvconf start

Configure your Client

Congrats! If you made it this far, everything should be set up correctly! Now you just need to set your default gateway on your client device to the IP of the the Pi. You can do this temporarily in Linux by running

sudo route add default gw <IP of Pi>

Conclusions

You’ve configured a VPN gateway, this way you can use your VPN without worrying about connecting to it, you can look after your privacy without it being a hassle. You can also chain VPN’s in this way. Perhaps connect to a CTF VPN while still hiding your IP?

If you have any questions, drop them below! And if you have any issues, again, drop them below!

I hope this has been of help to some out there! I’m out