VPN Pi
OpenFortiVPN
The OpenFortiVPN runs on a Pi and allows any device on the network to route over to the remote network over the VPN tunnel
The DHCP server is configured to provide eth0 MAC a specific IP address

Download Raspbian Buster Lite - https://downloads.raspberrypi.org/raspbian_lite_latest
Download the imager for your platform - https://www.raspberrypi.org/downloads/
Create your SD card using the imager and bootup

$ sudo bash
# systemctl enable ssh
# apt install tmux openfortivpn

edit wpa_supplicant.conf to connect to the guest SSID and reboot

after login start tmux with two sessions.
run company.sh in the first session and
run company-nat.sh in the second session

route add company-vpn-IP gw 192.168.200.5
while true
do
openfortivpn vpn.company.com:10443 -u <user> -p <password> --trusted-cert <string>
echo `date` - restarting in 5 seconds - press ctrl-c to stop
sleep 5
done
# eth0 IP is used to forward queries to DNS1
# eth0:1 IP is used to forward queries to DNS2

ifconfig eth0:1 192.168.0.129/24

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -F
iptables -F
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j DNAT --to company-dns1-IP:53
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 53 -j DNAT --to company-dns1-IP:53
iptables -t nat -A PREROUTING -i eth0:1 -p udp --dport 53 -j DNAT --to company-dns2-IP:53
iptables -t nat -A PREROUTING -i eth0:1 -p tcp --dport 53 -j DNAT --to company-dns2-IP:53
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT

#iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
#iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT

iptables -L
iptables -t nat -L
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=US

network={
        ssid="guest-SSID"
        psk="SSID-password"
        key_mgmt=WPA-PSK
}
Notes
https://github.com/adrienverge/openfortivpn
Showcased here is a capital and operational cost effective approach, using minimal server and networking hardware with multiple virtualized applications for Home and Business. This solution template can be easily scaled out and adapted for larger Enterprise deployments.
drop by the diyIT Matrix public room at #diyit:matrix.ahlawat.com
if you have any IT questions/feedback or to request pro bono consulting for a nonprofit

message me privately at @sharad:matrix.ahlawat.com
or email me at - sharad@ahlawat.com - pgpkey: 68DD6B89
Networking and Security Technologist.
EngineerĀ andĀ an avid Programmer.

https://sharad.ahlawat.com
strive to learn and pass on the knowledge to the next generation
one day humanity will understand the meaning of life and hopefully it will be more than ASCII 42 = "*" regex for whatever you want it to be,
and destiny is more than just a roll of a pair of dice with 42 dots (Lets nail down Quantum Entanglement)

May you Live Long (Intelligently) and Prosper and work on technology that matters.
© 2024 Sharad Ahlawat

No personal identifying data is collected or any form of analytics/metrics reported to a third-party by this website.