IMG_20150126_144738

Surf the Internet securely with your very own portable WiFi VPN/TOR router. You can configure a Raspberry Pi with Linux and some extra software to connect to a VPN server of your choice. The VPN connection encrypts your internet traffic so that hackers and spies can’t figure out what web sites you are visiting, and the web sites you are visiting can’t tell which computer you are surfing from.

The router is small and portable, so you can plug it in anywhere, adding secure internet browsing to any occasion, from your room to the café. You can even connect WiFi devices that don’t support VPN, like your Chromecast or Pebl.

The project consists of a Raspberry Pi, two USB WiFi dongles, an SD card, and a power plug.

If you don’t have Ethernet available, your router can connect to a WiFi network in addition to creating its own, acting as a bridge between your personal WiFi access point and an insecure WiFi. The range of this router is just enough to fill a single room.

Once built, any WiFi device has a passive VPN connection. If the VPN connection disconnects, so does your connection to the internet, guaranteeing that unencrypted data is not leaked.

If you are so inclined, we can set it up your router to support TOR, so that you can dive deep into the internet within the internet.

Using open-source software, we can handle WiFi connections from your devices, connect to another WiFi access point, and encrypt your internet through a VPN anywhere you are.

When your friends come over, they will also be on a secure Internet connection, even if they don’t know how to set one up themselves. Additionally, you can access Hulu, Netflix, HBO, or your favorite team’s game while traveling overseas. If you want to take it further, you can add domain-based ad blocking using bind to stop web advertisements dead in their tracks.

Enjoy setting up your very own portable WiFi VPN/TOR router!

  • Difficulty: Intermediate
  • Cost: $60-80
  • Time: 1-4 hours

All images courtesy of NetNinja

Steps

Step #1: Flash SD Card

PrevNext
Browse Anonymously with a DIY Raspberry Pi VPN/TOR RouterBrowse Anonymously with a DIY Raspberry Pi VPN/TOR RouterBrowse Anonymously with a DIY Raspberry Pi VPN/TOR Router
  • Plug your SD card (and card reader) into your computer.
  • We will be using Raspbian Linux for this project. It is a small, Debian-compatible Linux distribution for Raspberry Pi. Go to raspberrypi.org/downloads and download the Raspbian ZIP. When the download is complete, unzip it to reveal an img file. You need to copy this disk image onto the SD card.
  • The Raspberry Pi website has excellent tutorials for how to install a disk image. Essentially, you can use Terminal on Mac or Linux with a command like this: $ sudo dd if=/path/to/raspbian-image.img of=/dev/name-of-sd-card-disk On Windows, you can use a program called Win32DiskImager that lets you drag-and drop the Raspbian image file to the destination disk.
  • When the disk is finished copying, you are ready to assemble. Snap your Raspberry Pi into the case and plug in the WiFi adapters and the SD card. Plug the Pi into a monitor, keyboard, and power adapter, and start it up.

Step #2: Boot Up the Raspberry Pi

PrevNext
Browse Anonymously with a DIY Raspberry Pi VPN/TOR RouterBrowse Anonymously with a DIY Raspberry Pi VPN/TOR RouterBrowse Anonymously with a DIY Raspberry Pi VPN/TOR Router
  • When you boot the Pi for the first time, it will guide you through a setup process called raspi-config. This lets you change your user password, overclock your Pi, and set up the desktop environment.
  • For this project, you should change your user password, expand the disk, and choose “command line” as your Boot environment. If you live outside of the UK, you should change your internationalization options (keyboard, time zone, and locale) to match.
  • You may want to enable SSH, so you can access your Pi after you disconnect its monitor and keyboard. When you exit, you will be brought to a console, ready to go. Log in with the username “pi” and the password you chose for your Pi.

Step #3: Connect to the Internet

PrevNext
Browse Anonymously with a DIY Raspberry Pi VPN/TOR Router
  • Connecting to Ethernet is simple; simply plug in an Ethernet cable and your Pi will figure out how to connect. Connecting to WiFi is a little more challenging. There are several WiFi network types and encryptions available, and each one is configured slightly differently in Linux.
  • To tell your Pi how to connect to WiFi, you’ll have to edit the /etc/network/interfaces file. $ sudo nano –w /etc/network/interfaces In this file, you can set rules for how to connect to a WPA, WEP, or an open WiFi network.
  • Depending on the encryption of the WiFi access point, you’ll need to configure this file differently. [protected-iframe id="37bc87e7b65f9fcd08c96ae5c3c32bdd-30206320-62929444" info="37bc87e7b65f9fcd08c96ae5c3c32bdd" ] For example, if you are connecting to a WPA WiFi network, your /etc/network/interfaces file will contain something like this: allow-hotplug wlan0 # detect WiFi adapter iface wlan0 inet dhcp # connect WiFi with DHCP wpa-ssid "myhostnetwork" # WPA access point name wpa-psk "myhostpassword" # WPA access point password
  • Manually restart WiFi to connect the Raspberry Pi to the Internet. $ sudo ifdown wlan0 $ sudo ifup wlan0 You can validate that you have a WiFi connection by pinging a website or running the command: $ ifconfig wlan0

Step #4: Create an Access Point

PrevNext
Browse Anonymously with a DIY Raspberry Pi VPN/TOR RouterBrowse Anonymously with a DIY Raspberry Pi VPN/TOR RouterBrowse Anonymously with a DIY Raspberry Pi VPN/TOR Router
  • Before proceeding further, update apt-get. $ sudo apt-get update An access point allows a computer to connect to a network over WiFi. On our Pi we will be using hostapd to create the access point and isc-dhcp-server to give IP addresses to computers that connect to our access point.
  • Install access point: You will need a custom version of hostapd, the access point software that supports the Edimax cards you have. Installing hostapd takes about 10 minutes. $ wget https://github.com/jenssegers/RTL8188-hostapd/archive/v1.1.tar.gz $ tar -zxvf v1.1.tar.gz $ cd RTL8188-hostapd-1.1/hostapd $ make $ sudo make install Tell hostapd the name and password of our access point and the name of the device we are using to host WiFi connections: $ sudo nano –w /etc/hostapd/hostapd.conf Change three lines in /etc/hostapd/hostapd.conf to: interface=wlan1 ssid=mySecureRouter wpa_passphrase=mySecurePassword Finally, start hostapd and add it as a service on boot: $ sudo service hostapd start $ sudo update-rc.d hostapd enable
  • Install DHCP server Install dnsmasq: $ sudo apt-get install dnsmasq We will tell our DHCP server that it controls an IP address range between 192.168.0.10 and 192.168.0.200, with our Pi router having the IP of 192.168.0.1. It will be configured as an “authoritative” server acting on the wlan1 device, meaning that it will force clients to discard expired IP addresses. $ sudo nano –w /etc/dnsmasq.d/dnsmasq.custom.conf Add the following to /etc/dnsmasq.d/dnsmasq.custom.conf: interface=wlan1 dhcp-range=wlan1,192.168.10.10,192.168.10.200,2h dhcp-option=3,192.168.10.1 # our router dhcp-option=6,192.168.10.1 # our DNS Server dhcp-authoritative # force clients to grab a new IP Configure the DHCP server to use wlan1 as the device that manages DHCP requests: $ sudo nano -w /etc/resolv.conf In the file /etc/resolv.conf, add the following this line, pointing DNS to the Google public DNS servers: nameserver 192.168.1.1 nameserver 8.8.8.8 nameserver 8.8.8.4 Now configure the wlan1 device to load at boot with a static IP address of 192.168.0.1.$ sudo –w nano /etc/network/interfaces Add the following lines for wlan1: iface wlan1 inet static address 192.168.0.1 netmask 255.255.255.0 Finally, restart the wlan1 WiFi adapter: $ sudo ifdown wlan1 $ sudo ifup wlan1 Now start the DHCP server and add it as a service at boot: $ sudo service dnsmasq start $ sudo update-rc.d dnsmasq enable You should now be able to see “mySecureRouter” as a WiFi access point from your computer. You can connect to it with WPA2 encryption and the password “mySecurePassword.”

Step #5: Connect to a VPN or TOR

PrevNext
Browse Anonymously with a DIY Raspberry Pi VPN/TOR RouterBrowse Anonymously with a DIY Raspberry Pi VPN/TOR RouterBrowse Anonymously with a DIY Raspberry Pi VPN/TOR RouterBrowse Anonymously with a DIY Raspberry Pi VPN/TOR Router
  • Now we are getting to the meat of this project – the encrypted connection to the internet! VPN and TOR are both encryption technologies that hide your browsing activities from prying eyes. It’s not easy to use TOR and VPN on the same network connection, so you should choose which one you want to use on your Pi.
  • TOR vs VPN: TOR, or The Onion Router, is an encryption technology that encrypts and distributes your internet data across a network of computers on the way back and forth to a website, like in image 1. Tor is very easy to install. To use it, you need to also surf on a special TOR-enabled web browser. TOR is relatively slow because it encrypts and routes your Internet traffic over several random nodes on the network before connecting your computer to a web site. TOR also gives you access to a hidden layer of the internet, called the Dark Web, which is unavailable over VPN.
  • VPNs, or Virtual Private Networks, work passively in the background by creating a single encrypted tunnel between your computer and a website, like in image 2. VPNs can be more secure than TOR if you trust your VPN server. A VPN is harder to configure, but don’t require any other special software to use correctly. To use them you must have an account on the VPN server and several files generated on the VPN server that validate your account. You should trust that your VPN server is not recording you or publishing your private information. If you don’t want to pay for a VPN service or you just want to learn to make your own, you can Roll Your Own OpenVPN Server here.
  • To install TOR, install the TOR software: $ sudo apt-get install tor Start TOR and set it up as a service at boot: $ sudo service tor start $ sudo update-rc.d tor enable Lastly, on the computer you will be browsing on, you will have to install the TOR web browser from torproject.org.
  • Installing VPN: Linux supports OpenVPN easily. Many VPN providers also support the OpenVPN protocol. To connect to a VPN, you will need some information from your VPN provider. This may include a CA certificate, and possibly a username and password. You will also need to know the domain name of the VPN server, the port (typically 1194) and protocol (typically UDP). Install OpenVPN: $ sudo apt-get install openvpn If you were provided a CA certificate by a VPN service, save it as /etc/openvpn/ca.crt. If your VPN service provides you with a username and password, put it in /etc/openvpn/auth.txt. auth.txt will look like this: myVPNUserName myVPNPassword Configure the OpenVPN settings to connect to your VPN server. $ sudo nano –w /etc/openvpn/client.conf Although your VPN configuration will depend on your server’s settings, your /etc/openvpn/client.conf should look something like this: client # client mode dev tun proto udp # this must match the server’s protocol remote vpn-server.example.com 1194 # must match the server resolv-retry infinite # reconnect when disconnected nobind persist-key persist-tun ca ca.crt # this file is given by the server #cert client.crt # uncomment if the VPN server requires a client.crt #key client.key # uncomment if the VPN server requires a client.key ns-cert-type server #comp-lzo # uncomment if the server supports lzo compression #auth-user-pass auth.txt # uncomment if your server requires a username and password script-security 3 # must match the server’s script security setting keepalive 5 30 # keep connection alive verb 3 log-append /var/log/openvpn-client.log OpenVPN will not work without a matching timestamp. Since Raspberry Pis don’t have a real-time clock, you’ll need to use the Network Time Protocol (NTP) service. $ sudo service ntp start $ sudo update-rc.d ntp enable Start the OpenVPN client and set it up as a service at boot: $ sudo service openvpn start $ sudo update-rc.d openvpn enable Once you are connected, you can use traceroute to test out your connection by mapping your Internet connection’s path to makezine.staging.wpengine.com. The first step should show that you are connecting to your VPN server on 10.0.0.1.

Step #6: Set up Routing

PrevNext
Browse Anonymously with a DIY Raspberry Pi VPN/TOR Router
  • Routing is what connects your computer to the internet. It takes packets of data that your computer sends to the Pi, then forwards it on to a website. When the web site responds, packets of data are sent back to your Pi across the internet. Your Pi figures out which WiFi client the response is intended for, and passes it forward to your computer.
  • If you have VPN or TOR configured, these packets will also pass through an encrypted service within the internet. This is done using software called iptables. We must enable and configure the rules that allow our Pi to know how to route packets of data the right way. Let’s enable routing: $ echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward Tell Linux to remember this change: $ sudo nano /etc/sysctl.conf In this file, uncomment the line: net.ipv4.ip_forward=1
  • Depending on how you are connecting to the Internet on your Pi (VPN, TOR, Ethernet, or WiFi), you will be routing through one of several devices. Choose the device to route through based on the connection method: [protected-iframe id="65ac4502bc06dd3c23837be5405ed3e6-30206320-62929444" info="65ac4502bc06dd3c23837be5405ed3e6" ]
  • Tell Linux to masquerade as your computer on the internet: $ sudo iptables –t nat –A POSTROUTING –o tun0 -j MASQUERADE Tell it to forward all traffic to the Internet: $ sudo iptables –A FORWARD –i wlan1 –o tun0 -j ACCEPT Finally, tell it to forward returning Internet data to the appropriate client: $ sudo iptables –A FORWARD –i tun0 -o wlan1 –m state --state RELATED,ESTABLISHED –j ACCEPT Save these settings for the next reboot:$ sudo sh –c “iptables-save > /etc/iptables.restore” $ echo “up iptables-restore < /etc/iptables.restore” | sudo tee --append /etc/network/interfaces

Step #7: Connect a WiFi client

PrevNext
Browse Anonymously with a DIY Raspberry Pi VPN/TOR Router
  • Go on your computer and try to connect to your WiFi access point. Access point: mySecureRouter Password: mySecurePassword
  • You’ll be able to see the computer that just connected on your Pi using the arp command: $ sudo arp –i wlan1
  • If you set up TOR on your Pi, you’ll have to also install the TOR browser on your computer.
Tony Gaitatzis

Tony Gaitatzis

Most recently, I’ve been working on NetNinja, a startup that builds high security encrypted VPN/TOR routers. I have been programming since I was in grade school, and have worked on everything from web applications and mobile apps to bio-sensors and wearable tech. When I’m not in my room, smoking hookah and playing guitar or hacking together electronics, I’m out dancing and sniffing out mischief in San Francisco and around the world.


  • Waqar Aziz

    Can my wired pcs etc use the Rpi as its VPN client so I do not need to install the access software on each pc ?

    • Adonis Gaitatzis

      The Raspberry Pi acts as the VPN client. You only need to connect to the Raspberry Pi through Wifi on your PC and suddenly your PC inherits the VPN connection. No extra software required.

      • alice miner

        I have a question in regarding to the tor router setup. If I am configuring the pi as the tor router instead of the vpn one, what’s the point of it when your computer connects to the tor pi will require a tor browser. Isn’t one layer of tor browser on the connecting pc sufficient?

        • Kyle

          Using a Tor browser is like sleeping around without protection. All of the Tor compromises have used vunerabilities in the browser to reveal your home IP address.

          With this little gadget, Tor or your VPN becomes your ISP. Any hacks/viruses/worms that manage to get onto your machine to reveal your ISP to a spy will automatically be routed through Tor by this device instead of through your real ISP.

          With this device, the device or computer you are using is completely isolated from your home IP address. No malware or hacks can coax your machine into revealing your real IP, because it’s not available to the device to begin with.

          Now your wireless device may still tell on you, since the nearby WiFi SSID/MAC IDs of the routers in your and your neighbors’ homes may be in a geo-locatable database somewhere. There could be a vunerability that would allow this info to be leaked. Unfortunately, the only way to disable this vunerability is to shut off your WiFi radio on the device you’re using.

    • Alan Wade

      Waqar you should try this VPN, they are offering 5 multi logins as well: http://www.purevpn.com/vpn-service/vpn-connection.php

      • Waqar Aziz

        Thanks, I already have an account with GhostVPN. I know some expensive routers allow you to set the VPN details within the router and therefore you do not need to install software / setup VPN on the individual pcs etc.
        May still go ahead with this for Wifi only as there are a number of phones / tablets in the house which would benefit with the Rpi acting as a VPN server.

  • blacksmith_tb

    Seems like a BBB would be better choice (though limited usb ports mean you’d want to make sure you were connecting it to your LAN via ethernet). The RPi would be working overtime to handle the the traffic on the two usb interfaces (or one and the ethernet interface, since they’re all going over the same bus), along with the overhead of handling the vpn connection and tor routing.

    • Adonis Gaitatzis

      That might be true, but BBB is twice the price and the Pi seems to handle the load reasonably well.

  • http://www.benshideler.com Ben Shideler

    Would something out of the OpenWRT project be able to do this as well?

    • Adonis Gaitatzis

      It would probably work really well. The only thing is that, in my cursory look over the supported OpenWRT architectures I wasn’t able to find a download for 32bit ARM, needed for Raspberry Pi’s ARM11.

  • TheGuy

    Any suggestions on a battery to power this device for a reasonable amount of time?

    • mborus

      Many power banks (the ones you buy for charging phones and tablets) can power a raspberry for a long time. I use the TECXUS TP10000 which powers my pi for over 10 hours. The thing to watch out is that some of these power banks turn off completely if the connected device doesn’t draw enough power. I have tried a few that turn off when only a pi is connected…

  • Guest

    How do we set up the router to support TOR?

    • Adonis Gaitatzis

      In step 5, it outlines this.

      On the Pi:
      $ sudo apt-get install tor
      $ sudo service tor start

      $ sudo update-rc.d tor enable

      On your computer, you’ll have to download the TOR web browser from torproject.org to close the gap.

  • Dan Von Kohorn

    Great project! I have most of the parts already! It would be nice to walk through the network configuration you use & give a list of VPN providers you like… please? :)

    • Adonis Gaitatzis

      Unfortunately the configuration varies a LOT depending on the VPN provider you choose, but I’m a big fan of:
      – privateinternetaccess.com
      – hide.me
      – hidemyass.com
      – btguard.com
      – getnetninja.com

    • Sally Croft

      Configuration may vary from VPN provider to provider. I like PureVPN, it is easy to configure and the router vpn setup guide available on their website.

  • Rick Guy

    Will this defeat MLB.tv blackouts?

    • Adonis Gaitatzis

      It will allow you to watch MLB.tv when you are overseas, even if they block non-USA clients (known as “geoblocking”).

      However if the site goes down – which is what I presume you mean by “blackout” – then no.

      • Rick Guy

        I meant regional blackouts. As an American, would I be able to defeat mlb.Tvs regional blocking?

        • Adonis Gaitatzis

          Yes!

          • Rick Guy

            Sign me up! Thanks Adonis!

          • shirley2520

            Do you have a Pay-pal ^???Cause if you do you can make an extra 740 dollars week to your PayPal account Freelancing from your couch at home five hrs /a day=>MORE INFO ON FOLLOWING LINK->->->-> EarnProfit

      • Alan Wade

        I configure VPN on router: http://www.purevpn.com/vpn-service/router-vpn.php and access MLB so easily

      • HITLAR

        Some people are able to quit on their own, without the help of others or the use of medicines. But for many smokers, it can be hard to break the social and emotional ties to smoking while getting over nicotine withdrawal symptoms at the same time. Fortunately, there are many sources of support out there.

        http://www.heart.org/121

        “NO SMOKING”

        #############################

    • Guest

      You have a Pay,Pal acc. .?Because you can add an additional $620 at the end of each week in your Pay-pal acc just Freelancing over the internet for several hrs /a day..Check it out here>>>> Work-At-Home

    • Sharon6932

      Have you used Paypal service ?in Case if you have you can get paid an extra 1400 bucks a week to your paycheck by just working from your couch at home for 3 h per day…Learn more here–> Home-Profit

  • DKarim

    Why is the last step to set up a TOR browser on your computer? Doesn’t that kind of defeat the whole purpose here? Can you explain why you think the TOR browser is still needed? Using TOR on the Pi should anonymize your IP right? Perhaps you need to add a step to confirm this; perhaps by navigating to whatismyip and validating that your IP address changes. Is the TOR browser needed for additional anonymity or to prevent cookie tracking?

    • Adonis Gaitatzis

      It does a bit. I believe TOR requires some kind of proxy connection in addition to the TOR routing. Additionally, the TOR browser has other security features that are similar to Incogneto or Private Browsing.

      I’m sure the proxying can be pushed onto the router, eliminating the need for the TOR browser, but I’m not experienced enough to know how to do that. I’d love to learn though!

      • http://www.wastexgames.com Jeremy Southard
      • no1d

        For linux you use TSOCKS, and privoxy along with TOR. TOR config is set to route to privoxy which is configured to the port TOR is running on which would be default. Than using “TSOCKS chromium” or whatever browser you use will make that specific app routed through tor. This can all be automated for raspberry since it runs linux and the entire network connection can be routed through TSOCKS with some more config tinkering. There’s a guide for it on UBUNTU.

        • Kyle

          Be careful with this one! I wouldn’t try that if I were a political activist or dissident in a rogue country where Tor use is illegal!

          Unless Tor is told to only use the VPN tunnel, if and whenever the VPN drops, Tor will use the regular route, which is right out the ISP!

          Using Tor on top of a VPN in most situations is a bit redundant and would slow things down unnessecarialy!

          • no1d

            good point

  • http://enamu.com/blog enamu

    Thanks for a nice, detailed tutorial! I’m definitely giving this a try with my VPN subscription. One question though: Is the 2nd Wifi dongle still needed when you plug ethernet cable to the Raspi?

    • Adonis Gaitatzis

      If the Raspi is connected to Ethernet, then you don’t need a second WiFi dongle. You’ll have to change the routing and access point information from wlan1 to wlan0 though.

      • http://enamu.com/blog enamu

        Thank you so much again!

  • Blake Darley

    I have a RPI B+ I am running the miniDLNA server do you think I will also be able to run this software? Ps awesome work love it

    • Adonis Gaitatzis

      I see no reason why you wouldn’t be able to! I’ve never used miniDLNA but it seems like it’s a standard Linux implementation so it should support all the software and configurations here!

      • Blake Darley

        What about comunications with the rest of my local network? Say I have the RPI conected to my main home wireless modem/router via Ethernet will devices conected to the RPI be able to communicate with devices conected to the main modem/router?

        • Adonis Gaitatzis

          You can communicate “up” but not “down,” meaning that, behind this router you can see devices that are connected to it and to the network above it, but from the network above you won’t be able to see into the network created by this router.

  • Rob Markowitz

    I’ve been toying with the idea of making this or just getting the Safeplug ($40) from Pogoplug. Aside from the fun and challenge of DIY, is there any reason I should not just go for the easier solution?

    • Adonis Gaitatzis

      I can’t tell by looking at Safeplug’s website how it works, so I’m not sure if the technology is comparable.

      I make NetNinja, which is very similar to the device you create in this tutorial. I personally feel that learning how to make something is more interesting than buying something off the shelf.

      • Rob Markowitz

        Thank you for replying!

  • http://www.kabanuk.net Jeff Kabanuk

    Very interested in setting something like this up, was planning on doing it — 100times easier with your guide though! Thank You! I am going to use my ODroidU3 though – forsee any issues ?

    http://www.hardkernel.com/main/products/prdt_info.php?g_code=G138745696275

    i got mine at $59 so not a drastic difference from the PI (have one of those as well(not the + version))

    • Adonis Gaitatzis

      I don’t foresee any issues with this. The oDroid seems to have all the connectivity and power required for this project. I’m curious to learn how it works out though!

  • krazz

    Everything was going well until step 6. When attepting the command:
    sudo iptables –t nat –A POSTROUTING –o -j MASQUERADE
    It doesn’t recognize the argument “MASQUERADE”

    • Adonis Gaitatzis

      I see that – there’s some kind of visual bug in the article. I’ll contact the editor about this but in the mean time, you’ll want to choose between VPN, ethernet, and wifi routing.

      VPN = tun0
      Ethernet = eth0
      Wifi = wlan0

      If, for example you want to route Internet traffic through your VPN, you’ll type in these commands.

      $ sudo iptables –t nat –A POSTROUTING –o tun0 -j MASQUERADE
      $ sudo iptables –A FORWARD –i wlan1 –o tun0 -j ACCEPT
      $ sudo iptables –A FORWARD –i tun0 -o wlan1 –m state –state RELATED,ESTABLISHED –j ACCEPT

      Change tun0 for eth0 or wlan0 if you don’t care about privacy and want to route directly through Ethernet or WiFi.

  • Ted Cullen

    I’m having a bit of a nightmare here. Somewhat n00b. Firstly, is this just a typo or are my error messages right: sudo –w nano /etc/network/interfaces. Secondly, if I’m going to be wirelessly connecting to my Pi but have it wired into my router via ethernet, do I need to change all my wlan1’s to wlan0’s?

    • Ted Cullen

      And will I even need a wifi dongle at all?

      • Ted Cullen

        Also, when I get to sudo nano –w /etc/hostapd/hostapd.conf, it opens up a blank file “-w” every time.

        • krazz

          Are you copy/pasting from this site? If so, try entering it fresh on the command line.

    • Dhuaib

      I believe it should be:

      sudo nano -w /etc/network/interfaces

      Perhaps the -w flag was in the wrong place in the original article.

  • ms4sman

    I apologize if this is a silly question, but the WiFi adapter you listed is a bit pricy, particularly with shipping costs figured in. Is there any alternative place to buy that item? Or is there an alternative product that would also work? For example, this: http://www.amazon.com/dp/B003MTTJOY/

    I honestly am not that knowledgeable about the differences, so I don’t know if it would work or not. What do you think?

    • Adonis Gaitatzis

      Certainly! So long as it has the RTl8192 chipset (which the Edimax EW7811un has), you are good to go!

  • Bobal

    Nice work. What happens if the connection from the vpn is lost while downloading a big file ? Is the download halted or does it switch to the the main internet using the the unsecured connection ?

    • Adonis Gaitatzis

      The way it’s configured in this article, if the VPN connection fails, devices inside the network lose Internet. The big file stops downloading.

      This can be a benefit, say if you don’t want to leak sensitive data out even when your VPN connection fails.

      However if you want to support both VPN and regular internet, you can set up the routing tables on the router to pass packets along both networks:

      # for routing through the VPN
      $ sudo iptables –t nat –A POSTROUTING –o tun0 -j MASQUERADE
      $ sudo iptables –A FORWARD –i wlan1 –o tun0 -j ACCEPT
      $ sudo iptables –A FORWARD –i tun0 -o wlan1 –m state –state RELATED,ESTABLISHED –j ACCEPT

      # for routing through ethernet
      $ sudo iptables –t nat –A POSTROUTING –o eth0 -j MASQUERADE
      $ sudo iptables –A FORWARD –i wlan1 –o eth0 -j ACCEPT
      $ sudo iptables –A FORWARD –i eth0 -o wlan1 –m state –state RELATED,ESTABLISHED –j ACCEPT

  • JB

    Does this require that I subscribe to a 3rd party VPN service? Ordoes the Pi somehow act as the VPN? In that case, wouldn’t my ISP still know the External IP of my device?

  • carltonb

    Love the article was easy to follow. My question is that I do a lot of travelling for work. What would be the best what to use this type of setup in hotels and free wifi spots

  • Haza Newman

    Would it be viable to use a usb 2.0 ethernet adapter and bridge the onboard ethernet connection and usb ethernet adapter together? I was thinking of doing this and just plug the pi between my modem and router. I know you mentioned that the dongle has the ability to output a wifi signal in the room, but my current router (apple timecapsule) outputs a much strong signal. I was hoping to take advantage of that.

  • Guest

    I seem to be running into a small issue. I’ve completed all of the necessary steps to to use it with a VPN. I rolled out my own vpn on a cheap vps server I had laying around.

    Anyways, when I connect to my “Pi Router”, the computer will connect but I’m not getting any internet access. Do you know what might be causing this?

    As far as I can tell everything is setup fine both on my Pi and on my server. But obviously I’m missing something.

  • Austin Gardner

    I seem to be running into a small issue. I’ve completed all of the necessary steps to to use it with a VPN. I rolled out my own vpn on a cheap vps server I had laying around.

    Anyways, when I connect to my “Pi Router”, the computer will connect but I’m not getting any internet access. Do you know what might be causing this?

    As far as I can tell everything is setup fine both on my Pi and on my server. But obviously I’m missing something.

  • Terry Gillett

    Would it be possible to install OpenWRT or Tomato Firmware just to give the device an extra added layer of security?

    Looking at the chart I’ve uploaded you actually get an idea of what kind connectivity you’d end up getting with a VPN/TOR connection. Now add WRT or Tomato Firmware into the fold and it might end up being even more secure connection. But the connectivity might be slow and laggy due to running three different routing protocols on such a low memory device.

    Just an idea

    • Kyle

      I’m sitting here CRINGING at the thought of how slow that cattle roundup would go!

  • Guest

    hi!
    can I use the Edimax EW-7811UN instead of the 811UN?
    thanks!

  • Brad

    Mistake: $ sudo –w nano /etc/network/interfaces

    should be

    sudo nano -w /etc/network/interfaces

  • Guest

    as

  • CunGur

    Wonderful project thank you. I got it up and running with a couple of changes. I use Rasp Pi Model B, 4GB Sandisk SD Card and TP-Link TL-WN823N Wireless N USB Adpater.I have a couple of comments/corrections that may help others who may have the same problem. Let me summarize below:

    1) I used this guide: http://www.daveconroy.com/turn-your-raspberry-pi-into-a-wifi-hotspot-with-edimax-nano-usb-ew-7811un-rtl8188cus-chipset/ for hostapd for my USB Wireless Adapter.
    2) There was a mismatch with ip adresses in dnsmasq we give 192.168.10.1 in resolv.conf we use 192.168.0.1. I think both should be the same.
    3) My VPN provider’s OpenVPN ciphers were not available in OpenVPN 2.2.1 so I was getting a cipher mismatch error. You can solve this by installing new version of OpenVPN (which was 2.3.6 when I installed). I used the howto in this address: http://www.raspberrypi.org/forums/viewtopic.php?t=89216&p=637279
    4) I couldn’t get to store iptables regardless of trying multiple times. Everything was working fine until a restart but after restart I had to redo the iptables. I think corrrect command should be “ifup iptables-restore < /etc/iptables.restore” instead of “up iptables-restore < /etc/iptables.restore”. But that did not work for me as well so I used solution #2 in page help.ubuntu.com/community/IptablesHowTo under Configuration on Startup.
    5) Compatible usb dongles can be found on http://elinux.org/RPi_USB_Wi-Fi_Adapters

    As always I learnt a lot while trying to make it work. Thanks again for this nice project.

  • BilalAsif1900

    I always prefer to use VPN which i choose from VpnRanks. But i think i should try it too so that i can suggest to my clients if it work well.

  • John Necina

    Silly question, what happened to the rest of the article? I only see a portion :(

  • Joe_Zacccaria

    I get both the digital and printed versions of the magazine. The digital doesn’t seem to load today. Are the details on how to do this project in the digital addition of Make? I am not seeing the details here. Thanks.

  • mario

    “If you set up TOR on your Pi, you’ll have to also install the TOR browser on your computer.”
    does not work without installed client?

    i have a machine does not have browser !!!!

    • Kyle

      Installing Tor on the Pi does nothing unless you set up NAT to send traffic from devices connected to the Pi through the SOCKS port of Tor. (See OnionPi)

      I have done this before, and it can be a real PITA since protocols that require UDP will NOT work. Only TCP will work, and some sites have Tor users blocked, requiring you use your real connection. So it’s usually best to use the browser bundle and forget installing Tor on the Pi, and have it stick to NAT’ting your VPN…

  • Ga0khan

    Starting the hostapd service gives me this:

    hostapdioctl[SIOCSIWMODE]: Invalid argument

    failed!

    I’m using RT5370 wifi adapters :/

  • sarath0333

    is it possible to use single wi-fi adapter for raspberry pi that servers as access point and client?

  • vfulco

    I get the following error when I try to start hostapd as a service: update-rc.d: error: no runlevel symlinks to modify, aborting! it works manually. Also, only 10 ft. away from Rpi shwoing 54MB and my phone and tablet won’t connect saying poor internet connection. Can’t help but think the proximity of the two dongles might have something to do with it. Wish my attempt at the project was as flawless as others here.

    • jgadget

      What do you mean by saying manually? Can you explain? Got the same error.

      • vfulco

        Hi- It has been a bit since I did this and as I recall reviewing the instructions and carefully re-doing/rebooting it got me a working device. Unfortunately the second WIFI dongle has defaulted to settings which render the range/strength of it to make the whole thing useless. Googling for answers has not helped so i put it aside. If not jammed in next few weeks will revisit before I move overseas where this will be super useful.

    • freqflyercoll

      I ran into the same problem with update-rc.d, and I found some solutions to this issue after searching google.

      https://theezitguy.wordpress.com/2014/10/26/raspberry-pi-turn-your-pi-into-a-wireless-router/

      https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=37898

      Hope those help anyone else who runs into this. Might I suggest if those links can be added to the article?

  • Matt Gray

    There’s a step in routing that isn’t showing. It comes up as :

    Depending on how you are connecting to the Internet on your Pi (VPN, TOR, Ethernet, or WiFi), you will be routing through one of several devices. Choose the device to route through based on the connection method: [protected-iframe id=”65ac4502bc06dd3c23837be5405ed3e6-30206320-62929444″ info=”65ac4502bc06dd3c23837be5405ed3e6″ ]

    What should it say?

  • Vadim Konings

    I’m getting ERROR 406 when trying to wget hostpad. Is the link broken? Sort of a noob here…

  • tracy leon

    I am using Purevpn and this awesome in performance as i am using for unblocking websites and channels: @vpnranks

  • tracy leon

    What is best for overseas internet users how they can stream and access blocked stuff? I am outside us and wants solution please help me out someone :(

  • http://www.linevpn.org Yorkles

    If configure VPN in router, the speed will be very slow whatever I am browsing local websites or other countries websites. I would like to specific one browser into VPN, another browser surf via my local network. I am already in use FlyVPN. It is providing specific traffic via VPN feature. Awesome for me.

  • James Lovato

    Why would I use this $80 solution instead of just using the VPN client on my pc?

  • Jhon leon

    I tried vpn on raspberry pi and its working awesome here.. I think its not a bad deal to use vpn for this purpose..

  • Guest

    Every Time makezine with you
    ————— SEE MORE INFO<—– <<<<

  • http://www.ultimatexbmc.com/ Ultimatexbmc.com

    Thank you

  • Blake

    Did anyone else get this to work? I followed the guide exactly and got no joy. The guide has you set the static ip for wlan1 to 192.168.0.1, but if you do that and don’t set it to 192.168.10.1 then the access point wont assign you an IP and when you try to connect. If I make the appropriate adjustment I can connect and got the VPN working fine, but all I get when I connect via wifi is resolving host – it’s like the pi is not routing the traffic from the vpn to wlan1 – any suggestions?

  • Steve Bull

    this sounds like a really good idea with all this i.d. theft going on nowadays, thank you, tony gaitatzis

  • Elem Shalit

    Have any of you tried to surf the web on a public wifi through tor? Isn’t TOO slow? I was wondering if I can mod this to use VPN only without tor. Any thoughts? Thanks!

  • Mauricio Bonani

    Great article! I would like to suggest you to change the second item of step 2 as follows:

    If you live outside of the UK, you should change your internationalization options (keyboard, time zone, and locale) to match. For this project, you should change your user password, expand the disk, and choose “command line” as your Boot environment.

    Because depending on the password you choose, you won’t be able to login after you change the keyboard map.

  • johnson16

    How To you get cash with makezine
    ————— SEE MORE INFO<—– <<<<

  • Hani Umer

    Hey dude you sure the ip address in the dhcp conf are right? You have a range 192.168.10.0 till 200 but later you assign wlan1 with an ip address of 192.168.0.1 sure you havent messed up 10 and 0 with a typo?

  • Stanley Mitchell

    Great Reading! There is, however a simpler way to get Tor-integrated VPN without Tor browser. It is called Privatoria https://privatoria.net/blog/tor-through-vpn/

  • Christopher Head

    the router ip for this and the ip for my router are the same is there a way to change it so i can avoid the conflict that cancels out my router?

  • Jess Guest

    Useful device, I should admit. When I`m somewhere abroad and lose access to the website I badly need, I use proxies http://fineproxy.org/eng/ . It always helps me in access issues.

  • DesdinovaX

    I’m currently working my way through steps 3 and 4. My wlan0 is fine and I can get “mySecureRouter” to show up. But what seems to happen is every time wlan1 turns on the resolv.conf gets overwritter, and I have to go in each time and change the nameservers. Is this a known problem, and if so, is there an easy fix?

    I’m sure I’ll have more questions once I get to step 5 (I plan on using Tor), but I’d like to surmount this issue first.

    Thank you!