Skip to content

juliusberner/rpi_vpn_router

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
group_vars/openwrt
group_vars/openwrt
 
 
roles/common
roles/common
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
hosts.yml
hosts.yml
 
 
project.png
project.png
 
 
site.yml
site.yml
 
 

Repository files navigation

Raspberry Pi VPN Router

Ansible playbook to setup a VPN router using OpenWrt 21.02.3 and ProtonVPN on a Raspberry Pi (RPI) 4B with a Realtek RTL8192CU USB WiFi adapter. Based on NetworkChuck, OpenWrt, and ProtonVPN tutorials.

Project image

Prerequisites

  1. Flash OpenWrt to an SD card, see here for the tutorial and here to download the factory image. If your RPI is already running OpenWrt, you can set sysupgrade to yes in roles/common/defaults/main.yml and download a sysupgrade image (named *.img.gz) to roles/common/files to automatically update the RPI in the playbook.
  2. Connect to your RPI via ethernet, see here. By default, the IP address of your RPI is configured as static 192.168.1.1.
  3. Install Ansible, see here.
  4. Install the ansible-openwrt role via ansible-galaxy install gekmihesg.openwrt
  5. Download your OpenVPN config files (named *.ovpn) to roles/common/files. If you add multiple configurations, you can specify the default one using default_openvpn_config in roles/common/defaults/main.yml.
  6. Edit the secrets in group_vars/openwrt/vault.example.yml, save as group_vars/openwrt/vault.yml, and encrypt using ansible-vault encrypt group_vars/openwrt/vault.yml. If necessary, adapt the default values in roles/common/defaults/main.yml.

Setup

  1. Run ansible-playbook site.yml -i hosts.yml --ask-vault-pass to setup your RPI.
  2. Change the root password: ssh root@192.168.1.1 passwd.

If you set new_lan_ip in group_vars/openwrt/vault.yml the playbook changes the IP address of your RPI and you need to adjust your local ethernet configuration. If you want to re-run the playbook, you will need to pass the new IP address: ansible-playbook site.yml -i hosts.yml --extra-vars "host_ip=<new_lan_ip>" --ask-vault-pass.

Usage

After running the playbook, your RPI should be connected to the WiFi specified by vault_sta_interface in group_vars/openwrt/vault.yml. Moreoever, it should provide a hotspot named rpi_vpn with password given by vault_ap_interface_key in group_vars/openwrt/vault.yml. Any device connected to this hotspot should automatically be using the VPN given by the configuration in roles/common/files. Check your device's public IP address and check for DNS leaks!

About

Ansible playbook to setup a VPN router using OpenWrt on a Raspberry Pi

Topics

ansible ansible-playbook openwrt openvpn-client vpn-router protonvpn rpi4 raspberry-pi-4b

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages