User Tools

Site Tools


vpn-pi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
vpn-pi [2020/04/29 16:44]
robm
vpn-pi [2020/04/29 16:54] (current)
robm
Line 149: Line 149:
  
 Then try to connect from another device (e.g. mobile phone). The WiFi network should be visible, and when you connect you should get an IP address, but probably an error about no internet connection. That's next. Then try to connect from another device (e.g. mobile phone). The WiFi network should be visible, and when you connect you should get an IP address, but probably an error about no internet connection. That's next.
 +
 +===== Network Address Translation =====
 +
 +Enable Network Address Translation (NAT) on any traffic that leaves us via ExpressVPN'​s ''​tun0''​ interface.
 +
 +Note that the interface doesn'​t exist until you run ''​expressvpn connect'',​ but you can add the rule to ''​iptables''​ without issue.
 +
 +<​code>​
 +iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
 +</​code>​
 +
 +Note that is this is the **only** MASQUERADE rule (check with ''​iptables -t nat -nvL''​) then devices using this access point will experience 100% packet loss when ExpressVPN is not connected. I consider this a feature, but if you don't you can add another rule for ''​eth0'':​
 +
 +<​code>​
 +iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 +</​code>​
 +
vpn-pi.txt · Last modified: 2020/04/29 16:54 by robm