use Pineapple as VPN tunnel / Wifi repeater at the same time

[Yamada Taro]

Hi!

I hope this is the correct place for my question..

I want to do the following..->

I travel very often and change apartments ..

That means I always get access to those appartments wlans as well.

But I want to make sure that my devices ( smartphone laptop etc) alway go to an encrypted VPN to make sure nobody is seeing my stuff and also I dont wnt anybody to learn my real IP address.

Can I use the Pineapple to make this happen?

I meant simply cable connect it to any of the avaliable routers and have all my device use the pineapple wifi ?

So the Pineapple actually conencts to the VPN through the "guest" router?

is it possible to get this done without any cables? ( besides energy of course )

Like using the pineapple as a repeater and VPN tunnel at the same time?

Thank you for your help!

Also I offer 0.5 BTC as a bounty for the best answer :)

CHeers!

[Sebkinne]

Hey Yamada Taro,

Is this possible? Yes! It is and doesn't take too much effort to set up.

What you will need to do is set up a VPN client on the pineapple. There are different options out there for OpenWRT - depending on what type of VPN you use as a server.

Then, you would connect to the WiFi wherever you are. Easy way to do this is over the network manager infusion. Connect and then start the VPN tunnel.

Then, it should be easy to route any traffic from whatever interface you want to connect to through the VPN tunnel interface. Iptables can do that without much trouble.

All information you need you can find on the OpenWRT wiki. Just google "VPN client OpenWRT" and you will find plenty of things.

So now you may want to find a way to automate this. Maybe you will manually connect to the wifi (kind of makes sense) and bind the VPN tunnel starting and routing to the WPS button.. There are many possibilities.

Hope I could help!

Sebkinne

[Yamada Taro]

HI!

Thanks for your fast answer...

So I will get the Pineapple started and upgrade to the latest version this Weekend.

Do I need any extras ?

I will use OPEN VPN.

So can I do that without cable connections ? ( besides the initial setup)? Or will I need an additional WIFI USB adapter for that?

Hopefully not as I would like to leave an USB stick in there for additional space.

I will probably ask for advice a few times in this thread :) So at the end maybe lemme know your btc address ^

THX!

[Sebkinne]

I won't accept any donations for this, this is kind of what I do.

What extras you need depends on the usage scenario.

If you want to connect your devices to the pineapple over WiFi and want to connect the pineapple to a wireless network - you'll need a second wifi card (and possibly a powered hub).

If you want to connect your devices to the pineapple over WiFi and have a wired connection going to the pineapple - you won't need extra hardware.

If you want to connect your devices to the pineapple using an ethernet cable, you won't need any extra things as the internal wifi card can do the connection.

In regards to setting up OpenVPN, you'll find this helpful.

Best Regards,

Sebkinne

[demonjester]

I won't accept any donations for this, this is kind of what I do.

What extras you need depends on the usage scenario.

If you want to connect your devices to the pineapple over WiFi and want to connect the pineapple to a wireless network - you'll need a second wifi card (and possibly a powered hub).

If you want to connect your devices to the pineapple over WiFi and have a wired connection going to the pineapple - you won't need extra hardware.

If you want to connect your devices to the pineapple using an ethernet cable, you won't need any extra things as the internal wifi card can do the connection.

In regards to setting up OpenVPN, you'll find this helpful.

Best Regards,

Sebkinne

I'm gonna jump in and ask this, if I wanted my whole internet connection from point A to point B to be fully encrypted by vpn, will I need a vps to route my traffic through?

[Sebkinne]

I'm gonna jump in and ask this, if I wanted my whole internet connection from point A to point B to be fully encrypted by vpn, will I need a vps to route my traffic through?

Well, look at it this way:

Connection from your client to pineapple isn't encrypted (assuming you are using an open wifi connection, as it is by default). Connection from pineapple to wherever the VPN server is, is encrypted through the VPN tunnel. From there, it is just like browsing from the home network. If you make connections without encryption, the connection from VPN to end point is not encrypted.

So yes, you will need some sort of server that is running a VPN server. Say you have a server at home and you set up a VPN server. Once you are connected to the pineapple and the pineapple connected to the VPN, it is as if you were browsing from your home connection. Is that secure? Is someone going to wiretap that? Probably less likely than an open network at a hotel. You are basically shifting the point of trust.

[telot]

Shifting the point of trust is really key here. Thanks for mentioning it Seb. See this merely as a way to secure your otherwise open wifi/Ethernet connection from your immediate neighbors/landlords/hotel owners. This is not a secured connection to websites on the net. It's a secured connection to your VPN server, and that's it. Just a friendly FYI in case you don't already know/respect this.

Now, depending how much traffic you're going to put through this VPN, you may want to look at commercial VPN services. As a near-constant traveler (job...) I've found that vyprvpn has been a great investment for my company. Security, reliability, and flexibility is all there (l2tp and IPSec is available in addition to the craptastic ptpp).

If you're not planning on pushing too much traffic through (no Netflix, YouTube, etc), you can get a cheap vps and install open VPN or whatever. Just beware their bandwidth restrictions when signing up. I've fund vps as cheap as $15/year - much cheaper than the $5-10/month you'll spend with a commercial VPN service.

If you'd care to do a write up and post it to these forums once you've completed this setup, I'm sure a lot of us would enjoy! Good luck Yamada Taro!

telot

Edited May 26, 2013 by telot

[Yamada Taro]

Hi Guys !

Okay so far so good :)

I reset my Mark IV and begin from scratch.

First I upgraded to the newest firmware 2.81.

Then I attached my 8GB Sandisk and made it work flawlessly.

The I went to the Pineapple Bar and installed ALL infusions to the attached USB.

Via OPKG Network Manger then ICS was setup and the Pineapples AP got secured with WPA2 Personal. ( Mark IV is connected to WAN via cable)

Then a reboot and everything fine and dandy...

After getting the *.opvn ; user.crt & key.crt from my VPN provider ( AirVPN)

they were copied to the Pineapple .

on the Mark IV login via SSH then

cd ..

mkdir VPN

then back on the host machine

scp *.* root@172.16.42.1:/VPN/ (executed in the directory where ONLY these files exist,otherwise you will copy the ALL files in the directory :))

All files copied correctly and I proceed

openvpn --config myvpnconfig.ovpn

but that throws the following error ->

Options error: Unrecognized option or missing parameter(s) in AirVPN_Switzerland_UDP-443.ovpn:17: explicit-exit-notify (2.2.2)

Use --help for more information.

Help is greatly appreciated....

Also couldn't a VPN option added to the Network manager Module?

Cheers!

[Yamada Taro]

Okay I solved it pretty fast

just comment out the following line in your *.ovpn file

#explicit-exit-notify 5^M

Then it worked an it connected as the end it shows I

Initialization Sequence Completed

then ->

iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to-source 10.

4.17.134

10.4.17.134 was the result of ifconfig tun0

but it looks like the tunnel to the VPN is started BUT my clients dont get internet access...

as soon as i stop the VPN they get it again..

where is the last small error ? Please help :)

[Yamada Taro]

iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to-source 10.

4.17.134

tried to change to

iptables -t nat -A POSTROUTING -o tun+ -j SNAT --to-source 10.

4.17.134

but doesnt work...but there somewhere the solution lies :)

[Yamada Taro]

Verified that the VPN indeed works as the public IP of the MarkIV is now an anonymous Proxy..

Last step would be to automatically create the VPN connection upon pressing the WPS button...

something like this ???

iptables -t nat -A POSTROUTING -o tap+ -j SNAT --to-source 10.xx.x.xx
openvpn --config /root/myvpnconfig.ovpn &
exit 0

correct?

Edited June 2, 2013 by Yamada Taro

[Yamada Taro]

hmmm..

tried to setup the following in rc.local via scripts tab..

##Start VPN

cd..

cd VPN/

openvpn --config AirVPN_Switzerland_UDP-443.ovpn

exit 0

did not start the vpn connection upon reboot.

also i can see that when i start the vpn conenction manually in ICS there is the option to

share tun0 with wlan0 and i have set that up..but it doesnt work :(

But I am confident with some help from you guys that will be solved before the weekend..

then I am gonna do the same on my Pi and compare the speeds :)

[Yamada Taro]

Any help out there ?

[Yamada Taro]

Nobody knows how to solve the problem?

Or how exactly I can make clients using the VPN connection?

[Yamada Taro]

BUMP

[Mr-Protocol]

Nobody knows how to solve the problem?

Or how exactly I can make clients using the VPN connection?

There is a lot of research out there regarding VPNs. I decided to put myself through a crash course some time ago and while the concepts are simple, the setup can be difficult and depend on many variables. It would be your responsibility to learn these variables and understand how it works. There really is no "click this, this and that to have this working".

[Yamada Taro]

Yes thats what I am trying to accomplish and my plan is to write a full tutorial upon succeeding in the endavour..

I just asked for some help and insights ...as I ran into a wall here..

Isn't that what a forum is for?

To find solutions as a community?

Sorry for the Bump anyhow..

I have never seen Bumping being penalized before,, :)

[Yamada Taro]

Also as you can see i got the VPN working...the last problem which has to be solved is the routing and autostart on the Pineapple...

So the clients can access this as well...