Jump to content
Hak5 Forums

Recommended Posts

So I have been working on this Server/VPN project for about a month now and I'm supper happy i finally have everything together, setup and boxed up. A quick rundown on what is in there and what i have done. The top black box is clearly just my router and the bottom hosing is an electronic project box i picked up for my local electronics store (Jaycar). 

The actual internals consist of 3 raspberry pi 3's, a TP 5 port switch which i removed the housing from as the board by itself takes up significantly less room, a 70 watt powered USB hub to power the pi's, 3 micro USB power cables, 3 cat 5e Ethernet cables, and a 2TB external hard drive.

The standalone raspberry pi with the 2TB external drive is a self contained, fully functional, and port forwarded for external access, OwnCloud server which i have found myself using on a dally basis. 

The other 2 that are stack, are VPN related. The bottom pi is my own OpenVPN household server which is port forwarded for external access and it is what i actually connect all of my devices to. The top pi is my NordVPN client that i have also set up as a local internet gateway for my local network.

So the config currently works and is setup as follows. My OwnCloud server stands allow with internal pi encryption, https, and encrypted storage. The OpenVPN local server runs all of its encrypted traffic through the NordVPN pi gateway, then through to my router, while still encrypted out to the NordVPN servers and then finally decrypted and out to the internet with a change of location and ip address. 

Device --> OpenVPN pi Server --> NordVPN pi Client --> Router --> NordVPN Server --> Internet

The theory behind this is now i can create and revoke as many client keys as I want and keep track of all of my devices with my own OpenVPN server as well as encrypting my traffic while i am way from home without setting up all of my devices with NordVPN (its all most as simple as drag and drop a ovpn file for most devices using OpenVPN plus OpenVPN can be setup in may different ways and has loads more configuration options), but then also tunnel them out through the internet while maintaining the encryption (instead of decrypt all of my traffic before it leaves my router) as well as changing my geo-location, hiding my traffic from my ISP and also avoiding the 8 device limit that NordVPN sets.

Thought? Hope i Have sparked some creativity in everyone.

20170420_201402-min.jpg

20170420_201408-min.jpg

20170420_201548-min.jpg

20170420_201622-min.jpg

20170420_201655-min.jpg

20170420_201701-min.jpg

20170420_201705-min.jpg

Edited by BrainEater
  • Upvote 3

Share this post


Link to post
Share on other sites

I like the idea of having 2 Pi's handling the encryption and tunneling.  I'm trying to get OpenVPN working with Stunnel on my Pi and PC but am having difficulties.  I've been trying UPGRDMAN's directions and after 10 attempts, I'm looking elsewhere for a solution that works.  I've tried Starship Engineer's script on GitHub and I've tried PiVPN and can't get any of them to work.

Share this post


Link to post
Share on other sites
digip   

Post your config setups for getting this working, sans private network info. Sure someone will want to build the same project. Maybe @Darren Kitchen can do a similar segment too :)

  • Upvote 1

Share this post


Link to post
Share on other sites
Spoonish   

That's very cool. The bottom grey box reminds of an original NES.

Share this post


Link to post
Share on other sites
Spoonish   

Iv've been thinking about your setup for like two weeks now and I want to impliment something similar but not as nice looking (not intentionally). Great project.

Share this post


Link to post
Share on other sites
Spoonish   

Do you use DNSCrypt at or encrypt/encapsulate your DNS queries through any of this?

Share this post


Link to post
Share on other sites

This is a great project.  I think a video or at least the config files (which variations so we don't have your info) would be great for learning tools for others, myself included.

Share this post


Link to post
Share on other sites

I like this idea, of using mutiple pi's for this  Looks good

Edited by bashincajun

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×