Share my VPN connection with other LAN users

sharing networking vpn openvpn gateway

Solution 1:

fugitive's answer works, even on Ubuntu 19.04 but if you don't need to host an internet connection for your other LAN devices, then you can skip a few steps.

If all devices are connected to your LAN via wifi or wired, you can just use these steps:

  • Confirm that your PC with the VPN connection can forward packets like a router

    1. cat /proc/sys/net/ipv4/ip_forward ##this should return '1', if it doesn't do step 2
    2. echo '1' >> /proc/sys/net/ipv4/ip_forward

or you can use sysctl.conf

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p #persistent mode

then set iptables to NAT and forward packets received on your local LAN interface and sent out of your tun interface (VPN)

iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

iptables -A FORWARD -i wlan+ -o tun+ -j ACCEPT #change wlan+ to match your LAN adapter
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -m conntrack --ctstate ESTABLISHED,RELATED   -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT

Finally, on your other LAN computer that you want to use your shared VPN - 1. use the route command to add a route for the VPN'd subnets and set the gateway to the IP of your LAN computer network adapter that you set in iptables (not tun, but the wlan+ or en+ adapter)

example: if the computer with the VPN connection has an en0 adapter on your local network with an ip of 192.168.0.100, and your VPN accessible network subnet is 10.0.0.0/24

On your other LAN computer without the VPN connection you'd enter a route cmd like --(for Windows OS)

route add 10.0.0.0 mask 255.0.0.0 192.168.0.100 metric 200 if <interface>

Solution 2:

Solution with wifi adapter and hostapd software:

sudo apt-get install hostapd -y

Configure hostapd

interface=wlan0
ssid=Your_WLAN
hw_mode=g # can be b/g/n
wpa=2
wpa_passphrase=PASS
wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256

Edit /etc/network/interfaces

auto wlan0
iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf
address 192.168.0.1
netmask 255.255.255.0

Because your PC is router you need to enable forwarding to interfaces

  • 1st way echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p # persistent mode
  • 2nd - echo 1 > /proc/sys/net/ip/ipv4/ip_forward

To enable it on the boot and start it: systemctl enable hostapd && systemctl start hostapd

Install dnsmasq as it will be both your dns and dhcp server.

sudo apt install dnsmasq

edit it's conf file: vi /etc/dnsmasq.conf

interface=lo,wlan0
no-dhcp-interface=lo
dhcp-range=192.168.0.2,192.168.0.254,255.255.255.0,12h

Iptables:

iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE

iptables -A FORWARD -i wlan+ -o tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -m conntrack --ctstate ESTABLISHED,RELATED   -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT

Let me know if it works for you.

Related

Why should I avoid having differents filesystem for / and /home?
Can't launch google-chrome-stable. Getting Out of date NSS (Libnss3)
State of Okular in Ubuntu 17.10?
When steam is downloading it uses all my cpu
Autocomplete in windows cmd prompt?
Bash Auto-complete Adds Trailing Slash After Filename
Window tiling in Gnome without Compiz?
Where can I find an equivalent of Torbutton for Google Chrome?
Mailing List Application?
How can I prevent Chrome from preloading HTML5 audio and video contents?
Quit Notepad++ when last tab is closed?
I have a modern 64-bit CPU. Does my BIOS still operate in 16-bit REAL mode?