1

I've been googling for a solution to my case and tried some stuff, but the solutions I found didn't fit very well. Also, if this is not the correct place to ask, please let me know.

Currently, I have my network set up like this:

  • Personal devices that use PiHole as DNS. e.g., Local LAN 192.168.1.0
  • Device that has country-restricted/aware apps and content. e.g., 192.168.1.10
  • Home gateway at 192.168.1.1, using PiHole as a DNS. e.g., 192.168.1.2
Personal PCs ______       Raspberry Pi --- PiHole DNS (Docker)
(and other stuff)  \           |
                    \          |
  Device that        \         |
Must use a VPN ---------- Home Router ---- Internet

This particular device has IP/DNS/Gateway settings but no VPN/Proxy configuration, but I'd like to force all its network usage through a VPN after PiHole (So, PiHole would still be the DNS for this device). How could I accomplish this using a Docker container or VM while leaving the rest of the network alone?

In a nutshell, I'm trying to accomplish this:

                      _ Force Internet Traffic through VPN _
                     /    while using PiHole as DNS sink    \
                    /                                        \
  Device that _____/       Raspberry Pi --- VPN Container (OpenVPN Client)
Must use a VPN     \           |        |_ PiHole DNS (Docker)
                    \          |
Personal PCs         \         |
(and other stuff) ------- Home Router ---- Internet

I could do this by buying a router with a VPN config and making this device connect to the internet via this router, of course. But I know that there's a way of doing it via software.

So, the questions here are the following:

  • I'm not well-versed in networking on Linux. Could you please point me somewhere with more or less cohesive (and up-to-date) resources on the subject?
  • If I set up a Docker container with a bridged network and the OpenVPN client on it, is it possible to accomplish this using IPTables/UFW rules? Or should I spin up a full-fledged router OS for this?
  • My router doesn't have configurable LAN routes. Only WAN/LAN routes.

Is there a way to force it via IP or route packages from a given MAC?

Thank you in advance!

Improve this question
4
  • 2
    I think your question lacks focus and clarity. If you need a device connect to VPN, just connect to a VPN from it? Or are you trying to avoid running a VPN client on the device itself? And what's the capabilities of your current router? Like is it some "simple and dumb" home router or one that is WRT-ish / customizable? Which device were you thinking of for running all the fancy docker / "full-fledge router OS" plan? Do you need to prevent the device (that needs to connect to a VPN) from being able to access any LAN host but the Pi (and maybe even, only its DNS server)?
    – Tom Yan
    Commented Dec 28, 2022 at 2:22
  • 2
    And in case you are not aware: being connected to a VPN does not necessarily means you cannot use a LAN host as your DNS server.
    – Tom Yan
    Commented Dec 28, 2022 at 2:25
  • Hi @TomYan. Thank you for your comments. So, as I have stated above, the device has no way to configure Proxy or VPN on itself. In other words, there is no way to run a VPN client on it. Regarding the router, it is a mid-range Huawei router. As I mentioned above, there is no way to configure LAN routes on it. Just WAN/LAN routes. I'm planning to run this solution (if possible) on the Raspberry PI (if not over docker, then on Raspberry OS itself). Regarding LAN access to this device: Would be great to have it, but I think it is not needed for now.
    – cezarlamann
    Commented Dec 28, 2022 at 9:48
  • If you can configure static IP on that device, do so and use the Pi as its default gateway. But dockerizing the VPN would probably make configuration more complicated, albeit likely feasible. It would be easier to use only an alternate route table and an ip rule (so that the Pi itself does not use the VPN for its own traffics). If static IP is not possible either, or you cannot limit the DHCP range on the router, you might need to disable the DHCP server on it as well and use the Pi as the DHCP server, then figure out how to announce different default gateway for different LAN hosts.
    – Tom Yan
    Commented Dec 28, 2022 at 10:48

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .