top of page

Portable VPN WiFi Router

​1. Set up VPN     

a. Connect to the internet using the ethernet cable  

b. I use ExpressVPN, but you can also use OpenVPN         

i. sudo apt-get install openvpn unzip       

ii. sudo dpkg-reconfigure tzdata         

iii. openvpn XXX, where XXX is the ovpn file from the OpenVPN server


2. Change the WiFi port from a client to a host    a. sudo apt-get install hostapd     

b. Create a new file /etc/hostapd/hostapd.conf     i.  “interface=wlan0”         

 ii.  “driver=nl80211”       

 iii.  “ssid=XXXXXXXX”, enter your own name         iv.   “hw_mode=g”         v.    “channel=7”         vi.   “wmm_enabled=0”         vii.  “macaddr_acl=0”         viii. “auth_algs=1”     ix.   “ignore_broadcast_ssid=0”         x.   “wpa=2” 

 xi.   “wpa_passphrase=12345678”, enter your               own 8-64 characters         xii.  “wpa_key_mgmt=WPA-PSK”         xiii. “wps_pairwise=TKIP”         xiv.   “rsn_pairwise=CCMP”     

 

c. Modify the following line in /etc/default/hostapd    i.DAEMON_CONF=”/etc/hostapd/hostapd.conf”


3. Set up a DHCP server so others can get IP numbers from the RPi     a. sudo apt-get install dnsmasq     b. Add the following line at the end of /etc/dhcpcd.conf       

 i.    “interface wlan0”       

 ii.   “    static ip_address=192.168.4.1/24”     

c. Replace the old /etc/dnsmasq.conf file with the following          

i.   “interface=wlan0”         

ii.   “      dhcp-range=192.168.4.2,192.168.4.20,255.255.255.0,24h”


4. Route traffic from the WiFi to the VPN     

a. Modify the file at /etc/sysctl.conf to allow forwarding         

i.   net.ipv4.ip_forward=1   

 b. Change the routing tables         

i.   sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE         

ii.  sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT         

iii. sudo iptables -A FORWARD -i tun0 -o wlan0 -m state –state 
             RELATED,ESTABLISHED -j ACCEPT     

c. Save settings to a file with sudo sh -c “iptables-save > /etc/iptables.ipv4.nat”


5. Automatically start from bootup     

a. Edit /etc/rc.local or .bashrc and add the following lines       

 i.   Startup you VPN client, this creates tun0         ii.  “iptables-restore < /etc/iptables.ipv4.nat”     

b. Reboot the RPi


6. Modifications     

a. tun0 is the VPN     

b. eth0 is the ethernet port     

c. wlan0 is the built-in WiFi     

d. wlan1 is a WiFi dongle you can add     

e. By changing the routing, you can direct traffic from VPN to the built-in WiFi  as show here, or from ethernet to WiFi, or WiFi 1 to WiFi 0, or something else.

© 2017 by Prompt Box.

  • Facebook - Grey Circle
  • LinkedIn - Grey Circle
  • Google+ - Grey Circle
bottom of page