Zero-Ping

DIY Random tech stuff for Home

RASPBERRY PI

Raspberry PI VPN Gateway with ExpressVPN

SEPTEMBER 22, 2018SEPTEMBER 24, 2018
AB5G
LEAVE A COMMENT
Although I run a OPNsense box as a firewall, I still use a raspberrypi connected to my LAN as my
VPN gateway for my devices. The PI is a low cost hardware and delivers decent VPN performance
for my LAN (~30Mbps). Alternatively I could have the OPNsense box run a VPN client but I
decided against it keeping my requirements in mind. Part of it was also because ExpressVPN
provides a very easy PI package to connect to VPN servers. If you are out to configure the PI to act
as a VPN client for you LAN devices read on.

Assuming you already have the PI setup with an IP address and connected to the network (I have
PI connected to the local network through a wire – eth0). You would do the following
configuration.

Part 1 – Setup PI to Forward traffic to VPN.

Enable IP Forwarding for the PI to forward packets

nano /etc/sysctl.conf
net.ipv4.ip_forward = 1

Enable NAT for packets received on LAN to the tunnel.

 sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

To make the rules persistent use

sudo apt-get install iptables-persistent

Apply the rules at startup

sudo apt-get install iptables-persistent

Part 2 – Setup Express VPN

Download the ExpressVPN installer file to pi. Install and activate using the command

sudo dpkg -i expressvpn_1.2.0_armhf.deb

expressvpn activate

You get the activation code from the Downloads page on ExpressVPN when you download the
ExpressVPN installer for PI.

List servers to connect to

expressvpn list

Connect to a particular server and to check the status

expressvpn connect ussc

expressvpn status
Disconnect from server

expressvpn disconnect

Connect to the last connected server

expressvpn connect

At this point, you should have the PI connected to the VPN and ready to accept connections from
your LAN devices. All that is left to do is to use the PI’s IP as the default gateway for devices that
need a VPN connection (in my case, I point the Apple TV to use the VPN)

Lan is - 192.168.1.0/24
Firewall - 192.168.1.1
PI - 192.168.1.5
Apple TV - 192.168.1.10; Default GW 192.168.1.5

You could also set the PI to provide your the ExpressVPN DNS to your LAN devices by

sudo apt-get install dnsmasq

This ensures your DNS queries do not go leaking to your ISP. Don’t forget to set the DNS on your
devices that need a VPN connection to the PI IP.

End – for now

DNS, OPENVPN, PI, RASPBERRY, VPN

BLOG AT WORDPRESS.COM.