mirror of
https://github.com/pivpn/pivpn.git
synced 2024-12-20 20:00:16 +00:00
Updated FAQ (markdown)
parent
85d56322f9
commit
e3f64e1d57
2 changed files with 70 additions and 100 deletions
70
FAQ-(OpenVPN).md
Normal file
70
FAQ-(OpenVPN).md
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
# FAQ (Frequently Asked Questions)
|
||||||
|
|
||||||
|
## How do I use Pi-hole with PiVPN?
|
||||||
|
You can safely install PiVPN on the same Raspberry Pi as your Pi-hole install, and point your VPN clients to the IP of your Pi-hole so they get ad blocking, etc.
|
||||||
|
Note that if you install PiVPN after Pi-hole, your existing Pi-hole installation will be detected and the script will ask if you want to use is as the DNS for the VPN, so you won't need to go through all these steps.
|
||||||
|
|
||||||
|
1. Create a new file `sudo nano /etc/dnsmasq.d/02-pivpn.conf`
|
||||||
|
2. Add `interface=tun0` inside to tell Pi-hole to listen on the VPN interface as well
|
||||||
|
3. Save the file end exit
|
||||||
|
4. Restart Pi-hole with `pihole restartdns`
|
||||||
|
5. Edit the server config with `sudo nano /etc/openvpn/server.conf`
|
||||||
|
6. Remove every `push "dhcp-option DNS [...]"` line
|
||||||
|
7. Add this line `push "dhcp-option DNS 10.8.0.1"` to point clients to the PiVPN IP
|
||||||
|
8. Save the file and exit
|
||||||
|
9. Restart openvpn with `sudo systemctl restart openvpn`
|
||||||
|
|
||||||
|
## How do I change the public IP/DNS name of the PiVPN after the install?
|
||||||
|
You will need to change `/etc/openvpn/easy-rsa/pki/Default.txt` and your `.ovpn` files if you have already generated them.
|
||||||
|
|
||||||
|
## How do I allow clients access to my home network but not the internet through my PiVPN?
|
||||||
|
|
||||||
|
Replace the following line in `/etc/openvpn/server.conf`: `push "redirect-gateway def1"` with `push "192.168.23.0 255.255.255.0"` (assuming that 192.168.23.0 and 255.255.255.0 are respectively the network IP and netmask of your LAN). Then restart the openvpn service: `sudo systemcl restart openvpn`.
|
||||||
|
|
||||||
|
## How Can I Migrate my configs to another PiVPN Instance?
|
||||||
|
|
||||||
|
Backup your server with `pivpn -bk`
|
||||||
|
copy the tar archive to your computer.
|
||||||
|
example using scp on linux:
|
||||||
|
|
||||||
|
`scp <user>@<server>:~/pivpnbackup/<archivename> <path/on/local>`
|
||||||
|
|
||||||
|
**Install OpenVPN on the new pi/server**
|
||||||
|
|
||||||
|
1. Backup the current install:`sudo cp -r /etc/openvpn /etc/openvpn_backup`
|
||||||
|
2. Extract the backup archive: `tar xzpfv <archive name>`
|
||||||
|
3. Copy the extracted content: `sudo cp -r etc/openvpn /etc/openvpn`
|
||||||
|
4. Restart the openvpn service: `sudo systemcl restart openvpn`
|
||||||
|
|
||||||
|
**OBS:** Please be aware of the difference between `/etc/` and `etc/`!
|
||||||
|
/etc with the starting slash is a system directory
|
||||||
|
etc/ without starting slash and tailing slash means its a directory in your current working dir.
|
||||||
|
|
||||||
|
## How to resolve local hostnames?
|
||||||
|
|
||||||
|
All you have to do is to use your router as DNS Server instead of using other public DNS providers.
|
||||||
|
If you have already a working installation of OpenVPN, all you need to do is to edit `/etc/openvpn/server.conf` and replace every `push "dhcp-option DNS [...]"` line, with A SINGLE `push "dhcp-option DNS 192.168.23.1"` (assuming 192.168.23.1 is your gateway IP). Then restart the openvpn service: `sudo systemcl restart openvpn`.
|
||||||
|
|
||||||
|
Alternatively you can change `/etc/hosts` file and add `<IPAddress> <hostname>`
|
||||||
|
Example:
|
||||||
|
```
|
||||||
|
192.168.1.1 JohnDoeRouter
|
||||||
|
192.168.1.2 JohnDoePC
|
||||||
|
192.168.1.3 JaneDoePC
|
||||||
|
192.168.1.4 CatPC
|
||||||
|
192.168.1.5 DogPC
|
||||||
|
```
|
||||||
|
|
||||||
|
## How to kick a connected client
|
||||||
|
|
||||||
|
From issue [#577](https://github.com/pivpn/pivpn/issues/577)
|
||||||
|
|
||||||
|
1. Stop the server with `sudo systemctl openvpn stop`
|
||||||
|
2. Edit the server config with `sudo nano /etc/openvpn/server.conf`
|
||||||
|
3. Add this line`management 127.0.0.1 PORT` (replace PORT with a port number, like 1234)
|
||||||
|
3. Save the file and exit
|
||||||
|
5. Start the server with `sudo systemctl openvpn start`
|
||||||
|
|
||||||
|
To connect to the management interface, use `nc 127.0.0.1 PORT`, then disconnect a client with `kill CLIENTNAME`, use CTRL-C to exit.
|
||||||
|
|
||||||
|
More info [here](https://openvpn.net/community-resources/management-interface/). Consider also setting a password on the management interface as suggested on the [manual](https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage).
|
100
FAQ.md
100
FAQ.md
|
@ -1,100 +0,0 @@
|
||||||
# FAQ (Frequently Asked Questions)
|
|
||||||
## What boards/OSes does PiVPN support?
|
|
||||||
PiVPN runs at least on the following boards:
|
|
||||||
* Raspberry Pi 1/2/3/4 running Raspbian Strech, Raspbian Buster Lite.
|
|
||||||
* All SBC's running DietPi. This is currently: Raspberry Pi's (all models), Odroid C1, Odroid C2 (arm64), Odroid XU3/4, Pine A64, NanoPi NEO, NanoPi NEO Air, NanoPi M1, NanoPi M2/T2, NanoPi M3/T3, Banana Pi Pro Banana Pi M2+, OrangePi PC and OrangePi One
|
|
||||||
* Most servers running a Debian or Ubuntu based distro.
|
|
||||||
|
|
||||||
### What About Octopi?
|
|
||||||
|
|
||||||
https://github.com/guysoft/OctoPi/issues/373 OctoPi doesn't play well with PiVPN installer as they use a git wrapper that blocks it from running as root user.
|
|
||||||
|
|
||||||
To disable the git wrapper please do: `sudo rm /root/bin/git`
|
|
||||||
|
|
||||||
## Can I change the hostname, the IP address, protocol or port after the install?
|
|
||||||
Yes. To change the hostname or IP address, you will need to change `/etc/openvpn/easy-rsa/pki/Default.txt` and your `.ovpn` files if you have already generated them.
|
|
||||||
|
|
||||||
## My ISP doesn't give me a static external IP address, so my servers IP address keeps changing!
|
|
||||||
You will need a dynamic DNS service and a hostname. If your IP address changes, your hostname will then automatically point to the new IP address. Some free dynamic DNS services are <http://noip.com> or <http://freedns.afraid.org/>.
|
|
||||||
|
|
||||||
## Installing with Pi-hole
|
|
||||||
You can safely install PiVPN on the same Raspberry Pi as your Pi-hole install, and point your VPN clients to the IP of your Pi-hole so they get ad blocking, etc. Here's how:
|
|
||||||
|
|
||||||
1. Create a new file `sudo nano /etc/dnsmasq.d/02-pivpn.conf`
|
|
||||||
2. Add `interface=tun0` inside to tell Pi-hole to listen on the VPN interface as well
|
|
||||||
3. Save the file end exit
|
|
||||||
4. Restart Pi-hole with `pihole restartdns`
|
|
||||||
5. Edit the server config with `sudo nano /etc/openvpn/server.conf`
|
|
||||||
6. Remove every `push "dhcp-option DNS [...]"` line
|
|
||||||
7. Add this line `push "dhcp-option DNS 10.8.0.1"` to point clients to the PiVPN IP
|
|
||||||
8. Save the file and exit
|
|
||||||
9. Restart openvpn with `sudo systemctl restart openvpn`
|
|
||||||
|
|
||||||
|
|
||||||
## Allow Clients to connect but block their access to the internet
|
|
||||||
|
|
||||||
If you don't want your VPN clients to be able to access the internet simply comment the following line in `/etc/openvpn/server.conf`
|
|
||||||
|
|
||||||
```
|
|
||||||
push "redirect-gateway def1"
|
|
||||||
```
|
|
||||||
|
|
||||||
**If you remove the above PUSH command, you'll need to add a route PUSH command to get access to your LAN.
|
|
||||||
Add the PUSH command:**
|
|
||||||
|
|
||||||
`push "192.168.2.0 255.255.255.0"`
|
|
||||||
|
|
||||||
**Ensure that the IP and netmask match what the VPN side of the network is.**
|
|
||||||
|
|
||||||
## How Can I Migrate my configs to another PiVPN Instance?
|
|
||||||
|
|
||||||
Backup your server with `pivpn -bk`
|
|
||||||
copy the tar archive to your computer.
|
|
||||||
example using scp on linux:
|
|
||||||
|
|
||||||
`scp <user>@<server>:~/pivpnbackup/<archivename> <path/on/local>`
|
|
||||||
|
|
||||||
**Install openvpn or wireguard on the new pi/server**
|
|
||||||
|
|
||||||
backup the current install: `sudo cp -r /etc/openvpn /etc/openvpn_backup` or `sudo cp -r /etc/wireguard /etc/wireguard_backup`
|
|
||||||
extract the backup archive: `tar xzpfv <archive name>`
|
|
||||||
copy the extracted content: `sudo cp -r from etc/openvpn /etc/openvpn` or `sudo cp -r etc/wireguard /etc/wireguard`
|
|
||||||
restart openvpn or wireguard service:
|
|
||||||
`sudo systemctl restart openvpn` or `sudo systemcl restart wg-quick@wg0`
|
|
||||||
|
|
||||||
|
|
||||||
**OBS:** Please be aware of the difference between `/etc/` and `etc/`!
|
|
||||||
/etc with the starting slash is a system directory
|
|
||||||
etc/ without starting slash and tailing slash means its a directory in your current working dir.
|
|
||||||
|
|
||||||
## How to resolve local hostnames?
|
|
||||||
|
|
||||||
to resolve local hostnames all you have to do is to use your router as DNS Server instead of using other public DNS providers.
|
|
||||||
If you have already a working installation of OpenVPN, all you need to do is to edit `/etc/openvpn/server.conf` and change the following line:
|
|
||||||
|
|
||||||
```
|
|
||||||
#Assuming your router IP address is 192.168.1.1
|
|
||||||
push "dhcp-option DNS 192.168.1.1"
|
|
||||||
```
|
|
||||||
Alternatively you can change `/etc/hosts` file and add `<IPAddress> <hostname>`
|
|
||||||
Example:
|
|
||||||
```
|
|
||||||
192.168.1.1 JohnDoeRouter
|
|
||||||
192.168.1.2 JohnDoePC
|
|
||||||
192.168.1.3 JaneDoePC
|
|
||||||
192.168.1.4 CatPC
|
|
||||||
192.168.1.5 DogPC
|
|
||||||
```
|
|
||||||
## How to kick a connected client
|
|
||||||
|
|
||||||
from Issue #577
|
|
||||||
|
|
||||||
1. Stop the server with `sudo systemctl openvpn stop`
|
|
||||||
2. Edit the server config with `sudo nano /etc/openvpn/server.conf`
|
|
||||||
3. Add this line`management 127.0.0.1 PORT` (replace PORT with a port number, like 1234)
|
|
||||||
3. Save the file and exit
|
|
||||||
5. Start the server with `sudo systemctl openvpn start`
|
|
||||||
|
|
||||||
To connect to the management interface, use `nc 127.0.0.1 PORT`, then disconnect a client with `kill CLIENTNAME`, use CTRL-C to exit.
|
|
||||||
|
|
||||||
More info [here](https://openvpn.net/community-resources/management-interface/). Consider also setting a password on the management interface as suggested on the [manual](https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage).
|
|
Loading…
Reference in a new issue