Raspberry Pi Zero W – Wireless Router with VPN

If you want to keep your privacy and safety when browsing on the internet in a café or if you want to avoid region based content restrictions.

(Hungarian version link)

Prerequisites

  • Raspberry Pi Zero W (link)
  • USB WiFi adapter (link)
  • One old USB cable
  • Micro sd card class 10 (I used 8 GB SanDisk ultra)
  • Raspberry Pi Zero Case (link)
  • Raspbian Buster with desktop (link)
1. Copy the rasbian image to sd card:

Mac: https://www.raspberrypi.org/documentation/installation/installing-images/mac.md
Windows: https://www.raspberrypi.org/documentation/installation/installing-images/windows.md

2. Install packages:

sudo aptget update && sudo aptget upgrade y
sudo aptget install hostapd dnsmasq y


DHCP Configuration

3. Static IP address for wlan1:

sudo nano /etc/dhcpcd.conf
Copy at the end of the file:
interface wlan1
static ip_address=192.168.111.254/24
nohook wpa_supplicant
denyinterfaces wlan1

4. IP range for wlan1:

Create a backup file:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.default

Create a new file:
sudo nano /etc/dnsmasq.conf

Copy this to new file:
interface=wlan1
dhcprange=192.168.111.1,192.168.111.20,255.255.255.0,24h


Configuring a Wireless Access Point

5. Configure hostapd:

sudo nano /etc/hostapd/hostapd.conf
Copy this to the file:
interface=wlan1
hw_mode=g
channel=1
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ssid=PrivateVpn
wpa_passphrase=12345678910
ieee80211n=1

sudo nano /etc/default/hostapd
change this line:
DAEMON_CONF=“” to DAEMON_CONF=/etc/hostapd/hostapd.conf”

Enable and start hostapd:
sudo
systemctl unmask hostapd.service
sudo systemctl enable hostapd.service
sudo systemctl start hostapd.service

6. Enabling traffic forwarding and forwarding rule configuration:

sudo nano /etc/sysctl.conf
Uncomment this line:
#net.ipv4.ip_forward=1

sudo iptables t nat A POSTROUTING o wlan0 j MASQUERADE
sudo iptables A FORWARD m conntrack ctstate RELATED,ESTABLISHED j ACCEPT
sudo iptables A FORWARD i wlan1 o wlan0 j ACCEPT
sudo sh c “iptables-save > /etc/iptables.ipv4.nat”
sudo nano /etc/rc.local

Add this line above “exit 0”:
iptablesrestore < /etc/iptables.ipv4.nat

7. Set wifi network for wlan0:

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

Copy this to the file:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=HU #set your country 
network={
        ssid=”home_wifi”
        psk=”passwd”
        id_str=”home”
}
network={
        ssid=”work_wifi”
        scan_ssid=1  #if SSID is hidden
        psk=”passwd”
        id_str=”work”
}


Configuring a VPN Surfshark

If you sign in with Android or IOS app you can try with 7 days free trial

8. After registration (!) login to website:

https://account.surfshark.com/login

and go to

https://account.surfshark.com/setup/manual

at the bottom of the page:
Get service credentials
These login details are only valid for manual setup: 

9. How to set up OpenVPN using Linux Terminal:
(it is from here https://support.surfshark.com/hc/en-us/articles/360011051133-How-to-set-up-OpenVPN-using-Linux-Terminal)
  1. Install the necessary packages by entering the command:
    • sudo apt-get install openvpn unzip
    • If you are requested to enter your password, please enter your computer’s admin password.
  2. Navigate to OpenVPN directory by entering:
    • cd /etc/openvpn
  3. Download Surfshark OpenVPN configuration files:
    • sudo wget https://account.surfshark.com/api/v1/server/configurations
  4. Extract `configurations.zip`:
    • sudo unzip configurations
  5. Remove the .zip file which will not be used:
    • sudo rm configurations
  6. To see the list of all the available servers enter:
    • ls
  7. Choose one of the servers from the servers list and connect to Surfshark by entering:
    • sudo openvpn [file name]
      For example:
    • sudo openvpn us-dal.prod.surfshark.com_udp.ovpn
    • sudo openvpn /etc/openvpn/us-dal.prod.surfshark.com_udp.ovpn
10. Enabling traffic forwarding and forwarding rule configuration with VPN:

sudo nano /etc/sysctl.conf
Uncomment this line:
#net.ipv4.ip_forward=1

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan1 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o wlan1 -m state –state RELATED,ESTABLISHED -j ACCEPT
sudo sh -c “iptables-save > /etc/iptables.restore”
echo “up iptables-restore < /etc/iptables.restore” | sudo tee –append /etc/network/interfaces

Create file for authentication:
sudo nano /etc/openvpn/auth.txt

Add username and password:
useassdasdasd
passsdsaddsas

Run OpenVPN and connect example to USA:
sudo openvpn –config “/etc/openvpn/us-dal.prod.surfshark.com_udp.ovpn” –auth-user-pass “/etc/openvpn/auth.txt”

And if “Initialization Sequence Completed” you can using and test on https://whatismycountry.com


Raspberry Pi Zero W build with USB WIFI adapter and with USB


References:

https://www.raspberrypi.org/documentation/configuration/wireless/access-point.md
https://www.instructables.com/id/Use-Raspberry-Pi-3-As-Router/
https://www.raspberrypi.org/documentation/configuration/tcpip/README.md
https://www.raspberrypi.org/documentation/installation/installing-images/mac.md
https://www.raspberrypi.org/documentation/installation/installing-images/windows.md
https://support.surfshark.com/

You May Also Like

Analysis Lab on Raspberry Pi Cluster

1 thought on “Raspberry Pi Zero W – Wireless Router with VPN”

  1. Hello,
    sorry, but with this new Buster-Version “2020-08-20-raspios-buster-armhf.img” it is not possible to alter the IPTABLES. I get error-messages. “apt-get” is not available any more, so “apt” has to used instead.
    Is there any solution for IPTABLES ?

Comments are closed.