Using the Raspberry Pi and OpenVPN

Question

I have had a burning issue with my VPN setup and I am hoping someone will be able to help, or advise.

So I currently have a DD-WRT router with an OpenVPN client setup serving my devices. However the speeds are a bit poor due to a slow CPU. However I have a Raspberry Pi and from what I see you can get around 50mbps on a VPN with it which is 10times faster than I get with my router.

So I bought a usb to ethernet adapter and my plan was to put the Pi inbetween my ISP router and my Current VPN router (Obviosuly turning off the OpenVPN client on this once my Pi is up and running)

So I followed a guide online and got the VPN working on my Pi however, I'm not good with Linux to start with and my IPTable knowledge is limited, I have not been able to get my router to get its internet connection from the PI.

If anyone has any thoughts I would appreciate some help.

My current setup looks like this anyway:

ISP Router -----Ethernet to Eth0 on PI---> Raspberry PI with OpenVPN Client -----Ethernet from Eth1 to Router -----> DD-WRT Router --------Ethernet or Wifi clients------>

Thanks

Tim

What RasPi do you use? Is it a 3B+? Can you please Tag it? – Ingo Oct 22 '18 at 17:59 — Ingo, Oct 22 '18 at 17:59

score 0 · Answer 1 · answered Oct 23 '18 at 18:58

As from your comment you use a Raspberry Pi 3 but such a model does not exist. I assume you mean a Raspberry Pi 3B with integrated 10/100 Mbit/s Ethernet, 802.11n wireless, Bluetooth 4.1.

The Raspberry Pi has three interraces: eth0 to the internet router, eth1 to the local DD-WRT router and tun0 (I guess you use the default VPN interface) to the VPN server anywhere on the internet. Problems with more than two interaces are mostly from wrong configured routing. For this setup eth0 and eth1 must have static ip addresses because they are addressed as gateways on routes.

You have three router and four different subnets: the subnet of eth0 to the internet router, the subnet of eth1 to the DD-WRT router, the subnet of the VPN, and the subnet of the ethernet and wifi clients (if they are bridged by the DD-WRT router and both live on the same subnet). It may be possible to also bridge the port on the DD-WRT router to the RasPi (eth1) so the RasPi belongs also to the subnet of the ethernet and wifi clients. That reduces the subnets by one, but it is another configuration and a lot of guess. So I will look at four subnets.

You should have set the default gateway on the DD-WRT router to the ip address from eth1 on the RasPi.

On the RasPi the default gateway must be set to the static ip address of the internet router. I just don't know if this is set by default from the setup. You should check it. To route traffic to the VPN you must set a static route to that network with the ip address of the VPN server as next hop (gateway). To return packages from the internet and from the VPN to your local clients you also must set a static route to their subnet with next hop the ip address of the DD-WRT router. So with the default gateway you have three static routes on the RasPi, one for each interface.

On the internet router you must set a static route to the subnet of the ethernet and wifi clients. Next hop (gateway) of that static route is the ip address of eth0 on the RasPi. If you do not have access to the internet router you can fake it with a NAT (network address translation) on interface eth0.

On the VPN server you must set a static route to the subnet of the ethernet and wifi clients. Next hop (gateway) of that static route is the ip address of tun0 on the RasPi. If you do not have access to the VPN server you can fake it with a NAT on interface tun0.

I hope I haven't overseen something.

I have described a similar but less complex setup at How To Create A Private Subnet Behind Raspberry Pi?. It may give you an idea how it should work.

To reduce complexity you may consider to completely replace the DD-WRT router by the RasPi. With its wifi and ethernet interfaces it can do that.

Thanks for the info. But It's way too confusing to, one try explain what im wanting to do and 2 understand what you wrote. I'm a Windows guy really and can get it to work with that but the power drain on a PC is excessive. I'm just going to buy a more powerful router and stick DD-WRT on with OpenVPN client. It will do the job, just cost more money — Tim, Oct 24 '18 at 09:18
@Tim Yes, it's confusing, but it shows that it's not trivial to manage three router and four subnets with less knowledge. Invest more money is a pragmatic solution. Btw.: the Raspberry Pi is primary made to learn Linux ;-) — Ingo, Oct 24 '18 at 10:14
Your answer is a good one; pity it was wasted on this particular "contributor" :) May I make a suggestion? Why not formulate a new question for which this answer is well-suited - or with only minor edits? In other words, make up a good *hypophora*. As incentive, I can promise at least one upvote... I don't want to vote for this answer because I feel the question is unworthy, and should be deleted. — Seamus, Feb 20 '20 at 17:18
Hi @Seamus, I will have a look at it but at the moment I'm just working on some other projects, mainly wireguard and merging similar setups. — Ingo, Feb 20 '20 at 19:55

Using the Raspberry Pi and OpenVPN

1 Answers1