Rubin Shrestha
Zend certified PHP/Magento developer
Rubin Shrestha
Blog

Issue with passing OpenVPN connection from Raspberry Pi device to only one particular device in subnet

by |Published

I’m trying to figure out, how to pass OpenVPN connection to device from Raspberry Pi
There is openVPN connection set up on Raspberry Pi. Also pi-hole is set up for the whole network via main gateway (192.168.4.1)

What I’ve managed to do so far:

Setup NAT for VPN traffic on Raspberry Pi and allowed traffic to roter(192.168.4.26) via tun0 interface, using iptables

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

VPN is working on the whole 192.168.1.0 subnet.
enter image description here
What I’m trying to achieve:

To make only one desired device to use VPN, while all other devices use normal connection from main gateway (192.168.4.1)

Here is the network map

https://ibb.co/y4VbjWq

This is ifconfig on Raspberry Pi:

eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet6 fe80::dea6:32ff:fe77:aad5  prefixlen 64  scopeid 0x20<link>
        ether dc:a6:32:77:aa:d5  txqueuelen 1000  (Ethernet)
        RX packets 201  bytes 20556 (20.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 35  bytes 4493 (4.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 963679  bytes 64497533 (61.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 963679  bytes 64497533 (61.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.2.4.41  netmask 255.255.255.0  destination 10.2.4.41
        inet6 fe80::5771:b937:4abf:a649  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 526  bytes 261965 (255.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 44079  bytes 3212701 (3.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.4.134  netmask 255.255.252.0  broadcast 192.168.7.255
        inet6 fded:e1f6:da1:a0f7:d277:13d9:6c2a:a991  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::967b:faf9:3b40:3a25  prefixlen 64  scopeid 0x20<link>
        inet6 fd63:24b9:a0e1:1:34ed:ea0c:a201:1feb  prefixlen 64  scopeid 0x0<global>
        ether dc:a6:32:77:aa:d6  txqueuelen 1000  (Ethernet)
        RX packets 158020  bytes 26009412 (24.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 92237  bytes 49728175 (47.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Spent hours trying to do that… I would appreciate any clues on doing that.
Thanks!

You may also like