Share my VPN connection with other LAN users
Solution 1:
fugitive's answer works, even on Ubuntu 19.04 but if you don't need to host an internet connection for your other LAN devices, then you can skip a few steps.
If all devices are connected to your LAN via wifi or wired, you can just use these steps:
-
Confirm that your PC with the VPN connection can forward packets like a router
- cat /proc/sys/net/ipv4/ip_forward ##this should return '1', if it doesn't do step 2
- echo '1' >> /proc/sys/net/ipv4/ip_forward
or you can use sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p #persistent mode
then set iptables to NAT and forward packets received on your local LAN interface and sent out of your tun interface (VPN)
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
iptables -A FORWARD -i wlan+ -o tun+ -j ACCEPT #change wlan+ to match your LAN adapter
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
Finally, on your other LAN computer that you want to use your shared VPN - 1. use the route command to add a route for the VPN'd subnets and set the gateway to the IP of your LAN computer network adapter that you set in iptables (not tun, but the wlan+ or en+ adapter)
example: if the computer with the VPN connection has an en0 adapter on your local network with an ip of 192.168.0.100, and your VPN accessible network subnet is 10.0.0.0/24
On your other LAN computer without the VPN connection you'd enter a route cmd like --(for Windows OS)
route add 10.0.0.0 mask 255.0.0.0 192.168.0.100 metric 200 if <interface>
Solution 2:
Solution with wifi adapter
and hostapd
software:
sudo apt-get install hostapd -y
Configure hostapd
interface=wlan0
ssid=Your_WLAN
hw_mode=g # can be b/g/n
wpa=2
wpa_passphrase=PASS
wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256
Edit /etc/network/interfaces
auto wlan0
iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf
address 192.168.0.1
netmask 255.255.255.0
Because your PC is router you need to enable forwarding to interfaces
- 1st way
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p
# persistent mode - 2nd -
echo 1 > /proc/sys/net/ip/ipv4/ip_forward
To enable it on the boot and start it: systemctl enable hostapd && systemctl start hostapd
Install dnsmasq
as it will be both your dns and dhcp server.
sudo apt install dnsmasq
edit it's conf file: vi /etc/dnsmasq.conf
interface=lo,wlan0
no-dhcp-interface=lo
dhcp-range=192.168.0.2,192.168.0.254,255.255.255.0,12h
Iptables:
iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE
iptables -A FORWARD -i wlan+ -o tun+ -j ACCEPT
iptables -A FORWARD -o tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
Let me know if it works for you.