I’m trying to figure out, how to pass OpenVPN connection to device from Raspberry Pi
There is openVPN connection set up on Raspberry Pi. Also pi-hole is set up for the whole network via main gateway (192.168.4.1)
What I’ve managed to do so far:
Setup NAT for VPN traffic on Raspberry Pi and allowed traffic to roter(192.168.4.26) via tun0 interface, using iptables
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
VPN is working on the whole 192.168.1.0 subnet.
enter image description here
What I’m trying to achieve:
To make only one desired device to use VPN, while all other devices use normal connection from main gateway (192.168.4.1)
Here is the network map
This is ifconfig on Raspberry Pi:
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet6 fe80::dea6:32ff:fe77:aad5 prefixlen 64 scopeid 0x20<link>
ether dc:a6:32:77:aa:d5 txqueuelen 1000 (Ethernet)
RX packets 201 bytes 20556 (20.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35 bytes 4493 (4.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 963679 bytes 64497533 (61.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 963679 bytes 64497533 (61.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.2.4.41 netmask 255.255.255.0 destination 10.2.4.41
inet6 fe80::5771:b937:4abf:a649 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 526 bytes 261965 (255.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 44079 bytes 3212701 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.4.134 netmask 255.255.252.0 broadcast 192.168.7.255
inet6 fded:e1f6:da1:a0f7:d277:13d9:6c2a:a991 prefixlen 64 scopeid 0x0<global>
inet6 fe80::967b:faf9:3b40:3a25 prefixlen 64 scopeid 0x20<link>
inet6 fd63:24b9:a0e1:1:34ed:ea0c:a201:1feb prefixlen 64 scopeid 0x0<global>
ether dc:a6:32:77:aa:d6 txqueuelen 1000 (Ethernet)
RX packets 158020 bytes 26009412 (24.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 92237 bytes 49728175 (47.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Spent hours trying to do that… I would appreciate any clues on doing that.
Thanks!