services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc2df62d04ce89fcc3d11104cc34d7bc9bb7340a
homelab/active/software_pivpn/pivpn.md
ducoterra ef9104c796
All checks were successful
Reese's Arch Toolbox / build-and-push-arch-toolbox (push) Successful in 14s
Details
moving everything to active or retired vs incubating and graduated
2025-04-19 18:52:33 -04:00

2.4 KiB
Raw Blame History

VPN

Raspberry Pi Setup

You'll need to configure systemd-networkd to not use ipv6 privacy extensions

/etc/systemd/network/05-end0.conf

[Match]
Name=end0

[Network]
DHCP=yes
IPv6PrivacyExtensions=false
IPv6AcceptRA=true

Pihole

https://github.com/pi-hole/pi-hole/#one-step-automated-install

If you install pihole first pivpn will discover it automatically.

curl -sSL https://install.pi-hole.net | bash

PiVPN

https://www.pivpn.io/

curl -L https://install.pivpn.io | bash

# PiVPN can sometimes have issues after install. Run debug to fix them:
pivpn -d

Cloudflared (DOH)

https://docs.pi-hole.net/guides/dns/cloudflared/

wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64
sudo mv -f ./cloudflared-linux-arm64 /usr/local/bin/cloudflared
sudo chmod +x /usr/local/bin/cloudflared
cloudflared -v

sudo useradd -s /usr/sbin/nologin -r -M cloudflared
sudo vim /etc/default/cloudflared

# Commandline args for cloudflared, using Cloudflare DNS
CLOUDFLARED_OPTS=--port 5053 --upstream https://1.1.1.1/dns-query --upstream https://1.0.0.1/dns-query

sudo chown cloudflared:cloudflared /etc/default/cloudflared
sudo chown cloudflared:cloudflared /usr/local/bin/cloudflared

sudo vim /etc/systemd/system/cloudflared.service

[Unit]
Description=cloudflared DNS over HTTPS proxy
After=syslog.target network-online.target

[Service]
Type=simple
User=cloudflared
EnvironmentFile=/etc/default/cloudflared
ExecStart=/usr/local/bin/cloudflared proxy-dns $CLOUDFLARED_OPTS
Restart=on-failure
RestartSec=10
KillMode=process

[Install]
WantedBy=multi-user.target

sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl status cloudflared

dig @127.0.0.1 -p 5053 google.com

Finally, configure Pi-hole to use the local cloudflared service as the upstream DNS server by specifying 127.0.0.1#5053 as the Custom DNS (IPv4)

sudo vim /etc/cron.weekly/cloudflared-updater

#!/bin/bash
cloudflared update
systemctl restart cloudflared

sudo chmod +x /etc/cron.weekly/cloudflared-updater
sudo chown root:root /etc/cron.weekly/cloudflared-updater

IPTables

For masquerading to other networks.

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 -j MASQUERADE

iptables -t nat -I POSTROUTING 1 -s 10.55.87.0/24 -o end0.3 -j MASQUERADE

iptables -I FORWARD 1 -i wg0 -o end0.3 -j ACCEPT
iptables -I FORWARD 1 -i end0.3 -o wg0 -j ACCEPT
Reference in New Issue View Git Blame Copy Permalink