I have been trying to find some information on how to make a raspberry pi an OpenVPN client bridg...

[G+_Gehric Barreau]

I have been trying to find some information on how to make a raspberry pi an OpenVPN client bridge/access point so that I can take a raspberry pi to remote location, connect it to the location network via cable or wifi and have all of my devices connect to the pi via wireless or cable accessing all the remote services, VoIP, printers, NAS and so on

[G+_Black Merc]

Their are many technical hurdles in that request.

First of all, their is no simple dropin solution. Second, it is possible but, on the mobile end... You are basically configuring a router/firewall/vpn to fit the available connection from scratch. And with the pi use cli commands to build it each time.(untill someone creates a script to streamline the setup) You also may have to contend with paywalls or initial access webpages(wifi coffee shops and the like) to gain access to the internet.

 

This is a short list of it... Not saying it cannot be done, just saying you may want to study much cli-foo before you begin.

[G+_James Hughes]

Why not just get a HooToo travel router and connect it via wifi or ethernet. Then connect all of your devices to it. Much more simple.

[G+_Black Merc]

Sorry for my previous long post.

I have been searching for such an clean and easy solution to this very problem for a truck driver friend. The doggy truck-stop wifi, an ethernet jack(if he can find one) or cellular dongle. All present problems in one regard or another, and all he wants is a secure chat(and file transfers) with the wife on a razor thin budget.

[G+_Travis Hershberger]

Black Merc Best bet is to teach him how to use TOR (or a paid for VPN service). Adding a device to do this will complicate things because the device would have to be reconfigured every time he wants to connect in a different place.

[G+_Ben Reese]

This is definitely possible and I've thought about doing something similar, but I don't think there's a drop-in solution yet. The "captive portal" (pay wall, usage agreement, etc) that Black Merc? mentioned is the biggest hurdle.

 

Connecting to an OpenVPN server as a client is easy once installed (something like "sudo openvpn myConfigFile.ovpn"). And installation is easy (should be "sudo apt-get install openvpn").

 

There are also tutorials on creating a Raspberry Pi access point. I've done it once several years ago and played around with it a little on a Pi Zero-W recently. It's not too difficult, just takes a while with a few config files to update.

 

The trick is to get them to both work and have an easy on/off switch for the VPN so you can authenticate with the captive portal first then switch the VPN on. A VNC connection into the Raspbian Pixel UI might be the best option, but isn't as user-friendly as an automatic solution or a physical button on the device.

[G+_Black Merc]

That's the entire(holy grail) trick isn't it?

Making something that is so complicated into a push button solution.

Especially for (my friend for instance) ones that have no idea what is 'under the hood'.

[G+_Benjamin Webb]

OpenWRT can do all that. I built my own router running LEDE (a fork of openwrt).

 

I did not do it with raspi hardware and I did not implement the VPN but I know it is an option. What may ruin your life is configuring it but you would start off with a nice web interface for configuration that you can set up https.

 

It works with ipv6 and can run stateful firewall if needed.

[G+_Ben Reese]

Benjamin Webb might be on the right track. The Hak5 WiFi Pineapple is a small router that I believe is running OpenWRT out of the box. A bit more expensive than the Pi, but would certainly be easier to setup quickly.

[G+_Benjamin Webb]

Ben Reese I like the idea of the pineapple as it would be more plug and play but $200 is pretty steep considering it is not even AC wireless.

 

I would probably pick up an Archer C7 used for $50-$80 on eBay then flash as I am cheap.

 

For $200 I would probably jump up to $250 and do my full on DIY router with this as a base then need radio and antenna

 

pcengines.ch - PC Engines apu2 system boards

 

I am more on the crazy DIY side but hard to beat the flexibility of a device like this even though the configuration is painful.

[G+_Ben Reese]

Benjamin Webb yeah, that's a good point. I wouldn't consider AC that important for a travel router, but there's definitely cheaper alternatives for DIY. There's a large selection of routers that can be flashed with OpenWRT. That might be the best and cheapest route.

 

But I'd still love to see the original project done and I'm not sure it would be that difficult.

[G+_Benjamin Webb]

I figure a raspi and about 2 full days I could put up an image and a config file. I don't have a new PI though. I don't host anything though but could maybe do a torrent. Be pretty busy for next month as just bought a house so maybe look into it then.

[G+_Benjamin Webb]

Looked up the technical details of the PI 3 it is a single stream radio but it can operate simultanesly as wifi client and hotspot although I shudder at the loss of throughput. this could be fixed by adding a USB wifi device to function as the hotspot and use the inernal as a wifi client.

 

We could also go the wired to wireless bridge route. As for the VPN that is going to probably be a fair bit of overhead as well.

 

I figure I will try the all wireless route and see what the little PI can do. if the throughput is laughable can adjust from there. Sounds like a pretty interesting project.

 

[G+_Gehric Barreau]

I think this would be a very good project giving all the devices a secure conection from where you are

[G+_Benjamin Webb]

Do you want just ipv4 or dual stack? Dual stack may make the VPN tricky. Also think ipv6 leaking through can cause some privacy issues.

 

I am pretty confident in an ipv4 config but may make security mistakes with ipv6 and I have trouble finding people good with ipv6 to audit me.

 

I am fine experimenting on myself but would feel bad if someone else got owned.

[G+_Gehric Barreau]

IPV 4 would be brilliant as most devices uses it

[G+_Gehric Barreau]

What do think to this Fr. Robert Ballecer, SJ