0

I'm trying to figure out, how to pass OpenVPN connection to device from Raspberry Pi There is openVPN connection set up on Raspberry Pi. Also pi-hole is set up for the whole network via main gateway (192.168.4.1)

What I've managed to do so far:

Setup NAT for VPN traffic on Raspberry Pi and allowed traffic to roter(192.168.4.26) via tun0 interface, using iptables

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

VPN is working on the whole 192.168.1.0 subnet. enter image description here What I'm trying to achieve:

To make only one desired device to use VPN, while all other devices use normal connection from main gateway (192.168.4.1)

Here is the network map

https://ibb.co/y4VbjWq

This is ifconfig on Raspberry Pi:

eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet6 fe80::dea6:32ff:fe77:aad5  prefixlen 64  scopeid 0x20<link>
        ether dc:a6:32:77:aa:d5  txqueuelen 1000  (Ethernet)
        RX packets 201  bytes 20556 (20.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 35  bytes 4493 (4.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 963679  bytes 64497533 (61.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 963679  bytes 64497533 (61.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.2.4.41  netmask 255.255.255.0  destination 10.2.4.41
        inet6 fe80::5771:b937:4abf:a649  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 526  bytes 261965 (255.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 44079  bytes 3212701 (3.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.4.134  netmask 255.255.252.0  broadcast 192.168.7.255
        inet6 fded:e1f6:da1:a0f7:d277:13d9:6c2a:a991  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::967b:faf9:3b40:3a25  prefixlen 64  scopeid 0x20<link>
        inet6 fd63:24b9:a0e1:1:34ed:ea0c:a201:1feb  prefixlen 64  scopeid 0x0<global>
        ether dc:a6:32:77:aa:d6  txqueuelen 1000  (Ethernet)
        RX packets 158020  bytes 26009412 (24.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 92237  bytes 49728175 (47.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Spent hours trying to do that... I would appreciate any clues on doing that. Thanks!

Improve this question
4
  • Can you switch modes on the router to just extend the 192.168.4.0 subnet? Your current setup requires that your router supports doing policy/source-based routing, or basically tunnel from your desired device to the pi
    – Cpt.Whale
    Commented Feb 1 at 23:00
  • Hi, thanks for answer! Do you mean bridged mode? Ive tried it and its not working. My setup requires another router running in another room which is quite far from main gateway, so ive ran the cable to that room and its separate wifi network there.
    – soulmv
    Commented Feb 1 at 23:29
  • Ive managed to route tun interface via et0 to that router, and all devices in it's subnet can successfully use vpn, but i need only one device from that subnet to use vpn. Tried adding static route on a router - no luck
    – soulmv
    Commented Feb 1 at 23:35
  • The name depends on the brand, but it's usually access point or AP mode. It should disable dhcp for example, to where every device has Gateway as its default gateway. Routes only care about destination (which is the internet, not your pi), and have no way to say traffic from one device should be treated differently
    – Cpt.Whale
    Commented Feb 2 at 17:27

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .