Setting up Raspberry Pi as OpenVPN Wireless Access Point

Installing Wireless Access Point

Step 1: install Raspbian

Step 2: install necessary software and edit dhcp configuration

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install dnsmasq hostapd speedtest-cli
sudo systemctl stop dnsmasq
sudo systemctl stop hostapd
sudo nano /etc/dhcpcd.conf

Step 3: Insert the following lines and save

interface wlan0
    static ip_address=192.168.4.1/24

Step 4: Restart DHCP server and start editing dnsmasq

sudo service dhcpcd restart
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf

Step 5: Write the following lines and save

interface=wlan0      # Use the require wireless interface - usually wlan0
  dhcp-range=192.168.4.2,192.168.4.20,255.255.255.0,24h

Step 6: Edit hostapd configuration

sudo nano /etc/hostapd/hostapd.conf

Step 7: Write the following configuration and adapt to your situation

interface=wlan0
driver=nl80211
ssid=NameOfNetwork
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=AardvarkBadgerHedgehog
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Step 8: Point to the above configuration

sudo nano /etc/default/hostapd

Make sure the following line exists and save

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Step 9: Edit sysctl

sudo nano /etc/sysctl.conf

Step 10: Uncomment and save

net.ipv4.ip_forward=1

Step 11: Setup IP tables

sudo iptables -t nat -A  POSTROUTING -o eth0 -j MASQUERADE
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

Step 12: Make sure configuration persists on restart by editing

sudo nano /etc/rc.local

and injecting the following line right before 'exit 0'

iptables-restore < /etc/iptables.ipv4.nat

At this point WAP should be up and running. Now, let's setup PIA OpenVPN client:

Step 13: Adapt the following to your situation and run

sudo apt-get install openvpn
cd /etc/openvpn
sudo wget http://www.privateinternetaccess.com/openvpn/openvpn.zip
sudo unzip openvpn.zip
sudo mv -fv US\ New\ York\ City.ovpn us_new_york.ovpn
sudo nano us_new_york.ovpn

Step 14: Make sure the following line is present

auth-user-pass creds.pwd

Step 15: Create creds.pwd and add your VPN username/password in the first two lines

sudo nano creds.pwd

Step 16: Test the configuration by running (press Enter twice after the first command)

sudo openvpn --config us_new_york.ovpn & disown
speedtest-cli

Step 17: Redirect WiFi traffic to the openvpn interface

sudo iptables -F
sudo iptables -t nat -F
sudo iptables -X
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
sudo nano /etc/rc.local

Step 18: Enter the following lines right before 'exit 0'

sleep 5
cd /etc/openvpn
sudo openvpn --config us_new_york.ovpn

Step 19: Reboot

sudo reboot

References:

• https://pimylifeup.com/raspberry-pi-wireless-access-point/
• https://pimylifeup.com/raspberry-pi-vpn-access-point/
• https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md#internet-sharing
• https://askubuntu.com/questions/104755/how-to-check-internet-speed-via-terminal?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
• https://nordvpn.com/tutorials/raspberry-pi/openvpn/

Troubleshooting:

• If Raspberry does not start and green light did not flash, it means it could not read the SD card