How do I create a VPN Gateway on my local network for other devices to use?

waterloo

New Member
Joined
Jul 11, 2023
Messages
1
Reaction score
0
Credits
25
Hi there, I am running the latest Debian and am a novice user, but here is what I am trying to accomplish:

- Debian installation running on 192.168.0.200 connected to NordVPN account (done)

- Point other devices, especially 'dumb' ones with no VPN clients but accept manual IP configuration, to use 192.168.0.200 as a gateway address and receive an IP of 192.168.0.201-192.168.0.254 via DHCP server or whatever (on standby waiting to do this)

- Still internal contactable within the local 192.168.0.x network (seems fine so far, already whitelisted via nordvpn commandline and it's working) but all outbound traffic is via nordlynx

WHY? 2 gigantic reasons:
1 - Nord (or most other paid VPN services) have a device limit of say 6 devices, for example. But using this gateway I could potentially have ~50 devices all through this one connection

2 - As I touched on above, 'dumb' devices, and some that aren't even so dumb but simply missing key features like my Nvidia Shield TV Pro - have NO killswitch ability baked into the VPN client nor the AndroidTV operating system. This is a big problem because if the VPN suddenly disconnects, all the traffic will go through unencrypted between torrents or whatever and thus resulting in ISP warning letters. This way I could set the Shield TV to use my gateway and kill 2 birds with 1 stone - it no longer wastes an additional connection on my account, and also if the VPN disconnects, I'm assuming the packets would just be dropped and not go anywhere because the link is down


Here is where I am currently at:

Code:
me@testing:~$ nordvpn connect canada
Connecting to Canada #1455 (ca1455.nordvpn.com)
You are connected to Canada #1455 (ca1455.nordvpn.com)!
Code:
me@testing:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether XX:XX:XX:XX:XX:XX brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    inet 192.168.0.200/24 brd 192.168.0.255 scope global dynamic ens18
       valid_lft 85882sec preferred_lft 85882sec
3: nordlynx: <POINTOPOINT,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.5.0.2/32 scope global nordlynx
       valid_lft forever preferred_lft forever
Code:
me@testing:~$ ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=1.78 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.738 ms

--- 192.168.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.738/1.257/1.776/0.519 ms
Code:
me@testing:~$ ping google.ca
PING google.ca (142.251.32.67) 56(84) bytes of data.
64 bytes from yyz12s07-in-f3.1e100.net (142.251.32.67): icmp_seq=1 ttl=119 time=5.82 ms
64 bytes from yyz12s07-in-f3.1e100.net (142.251.32.67): icmp_seq=2 ttl=119 time=6.64 ms

--- google.ca ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 5.823/6.229/6.635/0.406 ms
Code:
me@testing:~$ curl icanhazip.com
37.19.213.95

VPN is currently connected, connectivity to both local network and external internet is working as intended. IP is correctly set to 192.168.0.200

I'm hoping this is a perfectly clean slate to start with

What do I do next?

Thank you!
 

Members online

No members online now.

Top