Create a wireless route for Raspberry Pi
OpenVPN is a private protocol and requires proprietary clients. Therefore, it is difficult to use OpenVPN on Android (CM9 supports OpenVPN), iOS, and WP8. Combining Raspberry Pi and OpenVPN to build a soft AP can easily solve these problems.
Why is this combination selected?
Raspberry Pi is very impulsive to make people DIY, especially to get rid of the guilt that server startup is not low-carbon 24 hours a day. As a standard linux on ARMv6, it has better configurability than Openwrt or dd-wrt.
PPTP and L2TP are unavailable in China. In contrast, OpenVPN can choose TCP links and content encryption to better avoid traffic filtering restrictions. In addition, you can set an http proxy to prevent Remote IP addresses from being blocked. More importantly, OpenVPN supports IPv6.
However, because OpenVPN is a private protocol and requires proprietary clients, it is difficult to use OpenVPN on Android (CM9 supports OpenVPN), iOS, and WP8. Combining Raspberry Pi and OpenVPN to build a soft AP can easily solve these problems.
Required
Raspberry Pi: (if it is used for a long time, we recommend that you add a heat sink to the CPU and Ethernet chip );
OpenVPN Service: Remote OpenVPN Service, preferably port TCP/443;
Nano Wireless network adapter: due to the use of the nl80211 driver and support for AP or master mode, it is difficult to select a Wireless network adapter. See Linux Wireless Doc. I am using the RT5730 chip TENDA W311M, RMB29;
If you use an ssh connection, the network may be down, and you may need to use a keyboard + HDMI display (Note: if there is no hardware environment, you can also use the Screen command to prevent ssh connection disconnection due to network problems );
Pi @ raspberrypi ~ $ Lsusb
Bus 001 Device 002: ID 0424: 9512 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b: 0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424: ec00 Standard Microsystems Corp.
Bus 001 Device 004: ID 148f: 5370 Ralink Technology, Corp. RT5370 Wireless Adapter
Pi @ raspberrypi ~ $ Iw list
Supported interface modes:
* IBSS
* Managed
* AP
* AP/VLAN
* WDS
* Monitor
* Mesh point
About IPv6
OpenVPN supports IPv6. however, Debian/Raspbian does not release the corresponding deb.
If Raspberry Pi uses Arch Linux ARM, there is already a pkg of OpenVPN 2.3;
If you select Raspbian (Debian), you may need to compile OpenVPN from the source. You have not tried it yourself.
The following example uses Raspbian (my environment does not have IPv6 at the moment). I believe that Arch users must be under no pressure.
Arch problems: If hostapd is up, the eth0 is automatically down, and the configuration is constantly checked. Later, the problem is that the USB power supply is insufficient ..
Start Configuration
Deb required for Raspberry Pi:
Pi @ raspberrypi ~ $ Sudo apt-get install hostapd dnsmasq openvpn
If you use an ssh connection, the network may be down, and you may need to use a keyboard + HDMI display.
First configure hostapd:
Pi @ raspberrypi ~ $ Sudo vi/etc/hostapd. conf
Interface = wlan0
Driver = nl80211
Ssid = RaspberryPi
Hw_mode = g
Channel = 11
Wpa = 1
Wpa_passphrase = YOUR_PASS
Wpa_key_mgmt = WPA-PSK
Wpa_pairwise = TKIP CCMP
Wpa_ptk_rekey= 600
Macaddr_acl = 0
In this case, you can test hostapd:
Sudo hostapd/etc/hostapd. conf
Wifi should be able to scan to the AP, and enter the password should be able to connect, but cannot get the IP address. The configuration is correct. Add the default start of hostapd:
Pi @ raspberrypi ~ $ Sudo vi/etc/default/hostapd
DAEMON_CONF = "/etc/hostapd. conf"
Change the connection and IP address of wlan0:
Pi @ raspberrypi ~ $ Sudo vi/etc/network/interfaces
Auto wlan0
Iface wlan0 inet static
Address 192.168.200.1
Netmask 255.255.255.0
Then configure dnsmasq to provide dhcp and dns (not required if the static configuration address is used ).
Pi @ raspberrypi ~ $ Sudo vi/etc/dnsmasq. conf
Interface = wlan0
Dhcp-range = 192.168.200.100, 192.168.200.200, 255.255.255.0, 12 h
Pi @ raspberrypi ~ $ Sudo ifconfig wlan0 192.168.200.1
Pi @ raspberrypi ~ $ Sudo service dnsmasq restart
In this case, the client should be able to connect to and obtain the IP address, and ping 192.168.200.1 should be able to ping.
Configure OpenVPN
You need to provide a config file that matches the server. You can directly refer to other linux configuration files. For example, mine is:
Pi @ raspberrypi ~ $ Sudo vi/etc/openvpn/client. conf
Client
Remote SERVER_ADDR PORT
Proto tcp
Dev tun
Resolv-retry infinite
Ca/etc/openvpn/ca. crt
Cert/etc/openvpn/client. crt
Key/etc/openvpn/client. key # This file shocould be kept secret
Persist-key
Persist-tun
Comp-lzo
Pull dhcp-options
Nobind
Verb 3
Cipher none
You can set to enable the client after power-on:
Pi @ raspberrypi ~ $ Sudo vi/etc/default/openvpn
AUTOSTART = "client"
In this case, you can test OpenVPN:
Pi @ raspberrypi ~ $ Sudo service openvpn restart
After several seconds, you can see tun0 in ifconfig.
Configure routes
The NAT method used here (the bridge method is skipped), so you can use iptables to set the route.
Iptables-t nat-a postrouting-o tun0-s 192.168.200.0/16-j MASQUERADE
Echo 1>/proc/sys/net/ipv4/ip_forward
Of course, you can flexibly configure routes as needed, which is also the biggest advantage of Raspberry Pi, using iptables to sort packets. For example, the domestic package is automatically switched to eth0 for direct processing, and the Foreign Package tun0 is sent.
Can be placed in/etc/networ/if-up.d/up. sh, can also be placed in/etc/rc. local
In this case, you can restart the Raspberry Pi, which is already a complete self-VPN Router.
Possible problems
Hostapd error. Generally, it is the driver of the wireless network card. To avoid drive troubles, try to repeat the support for nl80211.
An error occurred while obtaining the IP address. The client prompts "The time has expired ..", Generally, DHCP does not work. You can check the status of dnsmasq.
OpenVPN cannot establish a connection. Generally, certificate matching and configuration files are highly problematic.
OpenVPN construction and related configuration in CentOS6.3
Build OpenVPN server with CentOS6
OpenVPN client configuration tutorial in Ubuntu
Build OpenVPN in Ubuntu 10.04
Ubuntu 13.04 VPN (OpenVPN) configuration and connection cannot access the Intranet and Internet at the same time
How to build a secure remote network architecture using OpenVPN in Linux
Setting up an OpenVPN Server on Ubuntu Server 14.04 to protect your privacy
Deploy Remote VPN service using OpenVPN in CentOS 6.3
This article permanently updates the link address: