This tutorial will work best using a VM on Unraid or a small standalone server. VM or standalone machine have very low system requirements:
System Requirements:
- 1GB Ram
- 64 bit processor with at least two cores
- 5GB of hard drive spaceNetwork Card (any speed)
Reasons for building:
- If you have limited allowed VPN connections through a provider, this will allow all traffic to go through the connection.
- Want access to different regions’ Online video catalog (example: live in the UK but want access to the US catalog of Netflix).
- Can isolate certain devices to this VPN connection
1. Install ubuntu server. (used Ubuntu 18.04 server)
If running as a VM: 1GB ram is fine along with one vcpu. BIOS set to SeaBIOS
5GB hd. Graphics through VNC
2. Login to server and set a static ip address
(help: https://linuxconfig.org/how-to-configure-static-ip-address-on-ubuntu-18-04-bionic-beaver-linux)
$ sudo nano /etc/netplan/01-netcfg.yaml
(Gateway IP and IP address ranges may be defferent for your router/network)
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp0s3:
dhcp4: no
addresses: [192.168.1.99/24]
gateway4: 192.168.1.1
nameservers:
addresses: [1.1.1.1,1.0.0.1]
save and close
$ sudo netplan apply
3. Reboot and login and check IP address
ip a
or
ifconfig
4. Close vnc and login with ssh (Putty).
– May need to install putty for windows/iOS/Linux or other application that uses ssh
5. Update Ubuntu since new install
$ sudo apt-get update
$ sudo apt-get upgrade
6. Install software needed outside of Openvpn and PIA
$ sudo apt-get install unzip
$ sudo apt-get install iptables-persistent
7.Installing and setting up Openvpn to work with PIA
(help – https://www.dropbox.com/s/uuyw9xa723nk1mx/vpn%20router.txt.zip?dl=0&file_subpath=%2Fvpn+router.txt)
7a. ### Install OpenVPN
$ sudo apt-get install openvpn
7b. ### Install PIA
cd /etc/openvpn
sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
sudo unzip openvpn.zip
7c. ### This next part, you can use whatever vpn connection you like and continue with the following commands (I am using atlanta):
sudo cp us_atlanta.ovpn pia-usa.conf
sudo nano pia-usa.conf
# Change:
# auth-user-pass
# To:
# auth-user-pass login.conf
$ sudo nano login.conf
Add PIA login information to the file without #
# yourPIAusername
# yourPIApassword
save and close
$ sudo chmod 400 login.conf
7d. ### Add an AUTOSTART entry for pia-usa in openvpn, .conf is not needed, do NOT put a # in front example:
sudo nano /etc/default/openvpn
# AUTOSTART=”pia-usa” ← remove the #
save and close
7e. ### Restart server
$ sudo reboot
7f. ### After the restart is done, you should be automatically connected to the VPN. The output from that command should be an IP address, but it should NOT be YOUR PUBLIC IP ADDRESS, it should be one of the IPs from PIA. As long as an IP shows up and it’s not your own IP, you can assume everything is ok and continue. Check with the following command:
$ wget -q -O – ipecho.net/plain
8. Check Openvpn settings and configuration
$ cd /etc/openvpen
$ sudo openvpn –config /etc/openvpn/pia-usa.conf
press ctrl and c to exit
9. Enable autostart openvpn
$ sudo systemctl enable openvpn@pia-usa
10. Enable forwarding
$ sudo nano /etc/sysctl.conf
remove the #:
net.ipv4.ip_forward = 1
save and close
11. Enable forwarding service
$ sudo sysctl -p
12. Importing the iptables
**can paste them all at one time**
sudo iptables –flush
sudo iptables –delete-chain
sudo iptables -t nat -F
sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
sudo iptables -A INPUT -i enp1s0 -p tcp –dport 22 -j ACCEPT
sudo iptables -A INPUT -i lo -m comment –comment “loopback” -j ACCEPT
sudo iptables -A OUTPUT -o lo -m comment –comment “loopback” -j ACCEPT
sudo iptables -I INPUT -i enp1s0 -m comment –comment “In from LAN” -j ACCEPT
sudo iptables -I OUTPUT -o tun+ -m comment –comment “Out to VPN” -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp –dport 1198 -m comment –comment “openvpn” -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp –dport 123 -m comment –comment “ntp” -j ACCEPT
sudo iptables -A OUTPUT -p UDP –dport 67:68 -m comment –comment “dhcp” -j ACCEPT
sudo iptables -A OUTPUT -o enp1s0 -p udp –dport 53 -m comment –comment “dns” -j ACCEPT
sudo iptables -A FORWARD -i tun+ -o enp1s0 -m state –state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i enp1s0 -o tun+ -m comment –comment “LAN out to VPN” -j ACCEPT
sudo iptables -P FORWARD DROP
13. Save new rules to iptables
$ sudo netfilter-persistent save
14. Apply these rules/iptables to startup
$ sudo systemctl enable netfilter-persistent
$ sudo reboot
15. Install dnsmasq
$ sudo apt-get install dnsmasq
16. Add dns forwarding to .conf file
$ sudo nano /etc/openvpn/pia-usa.conf
#add below to the bottom of the .conf file
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
save and close
$ sudo reboot
Complete
useful information/commands
– Can use openvpn kill switch to stop or strart
$ sudo service openvpn stop
$ sudo service openvpn start
– Check IP status
$ ifconfig
– To run containers, VMs or other physical machines set;
(these are examples using the setup IPs above)
Gateway: 192.168.1.99
submask: 255.255.2550
DNS server: 192.168.1.99