services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
556149c5839f08ba792c406ac1977d54dadd11f9
homelab/active/software_pivpn/pivpn.md
ducoterra ef9104c796
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
Details
moving everything to active or retired vs incubating and graduated
2025-04-19 18:52:33 -04:00

110 lines
2.4 KiB
Markdown
Raw Blame History

# VPN
## Raspberry Pi Setup
You'll need to configure systemd-networkd to not use ipv6 privacy extensions
/etc/systemd/network/05-end0.conf
```conf
[Match]
Name=end0
[Network]
DHCP=yes
IPv6PrivacyExtensions=false
IPv6AcceptRA=true
```
## Pihole
<https://github.com/pi-hole/pi-hole/#one-step-automated-install>
If you install pihole first pivpn will discover it automatically.
```bash
curl -sSL https://install.pi-hole.net | bash
```
## PiVPN
<https://www.pivpn.io/>
```bash
curl -L https://install.pivpn.io | bash
# PiVPN can sometimes have issues after install. Run debug to fix them:
pivpn -d
```
## Cloudflared (DOH)
<https://docs.pi-hole.net/guides/dns/cloudflared/>
```bash
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64
sudo mv -f ./cloudflared-linux-arm64 /usr/local/bin/cloudflared
sudo chmod +x /usr/local/bin/cloudflared
cloudflared -v
sudo useradd -s /usr/sbin/nologin -r -M cloudflared
sudo vim /etc/default/cloudflared
# Commandline args for cloudflared, using Cloudflare DNS
CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query
sudo chown cloudflared:cloudflared /etc/default/cloudflared
sudo chown cloudflared:cloudflared /usr/local/bin/cloudflared
sudo vim /etc/systemd/system/cloudflared.service
[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target
[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process
[Install]
WantedBy=multi-user.target
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl status cloudflared
dig @127.0.0.1 -p 5053 google.com
```
Finally, configure Pi-hole to use the local cloudflared service as the upstream DNS server by
specifying 127.0.0.1#5053 as the Custom DNS (IPv4)
```bash
sudo vim /etc/cron.weekly/cloudflared-updater
#!/bin/bash
cloudflared update
systemctl restart cloudflared
sudo chmod +x /etc/cron.weekly/cloudflared-updater
sudo chown root:root /etc/cron.weekly/cloudflared-updater
```
## IPTables
For masquerading to other networks.
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE
```bash
iptables -t nat -I POSTROUTING 1 -s 10.55.87.0/24 -o end0.3 -j MASQUERADE
iptables -I FORWARD 1 -i wg0 -o end0.3 -j ACCEPT
iptables -I FORWARD 1 -i end0.3 -o wg0 -j ACCEPT
```
Reference in New Issue View Git Blame Copy Permalink