Sharing VPN connection on Linux

Most VPN servers allow a single remote session per user, which is all you need most of the times. But sometimes it is necessary to connect multiple devices to the VPN server; but using a single user account it is impossible if the server doesn’t allow it. There is a way around this problem by sharing the VPN connection from a central node to other computers by setting up an ad-hoc wireless network using the wireless modem of the central computer as a hot-spot. The idea is fairly simple provided the central computer has two network cards:

1. Use a central computer to connect to VPN via ethernet or one of the network cards
2. Setup a hotspot on the central computer so that devices in range can connect to it over wifi
3. Route all traffic (inbound & outbound) from the hotspot to the ethernet/vpn connection

So how do we do this? Below is an example to setup this configuration on a Linux box. I used Linux Mint desktop in this example. Here are the steps:

1. Install and configure hostapd application so that you can turn your wireless modem into a hotspot
2. Install and configure a DHCP server so that IP addresses are assigned to devices connected to the hotspot
3. Allow IP masquerading to share the ethernet/vpn connection with the devices connected to the hotspot.

Install and configure hostapd

Use the following command to install the hostapd application

sudo apt-get install hostapd

Configure hostapd by editing the /etc/hostapd/hostapd.conf file as follows

interface=wlan0
driver=nl80211
ssid=kamran-hotspot
hw_mode=g
channel=11
wpa=1
wpa_passphrase=MYPASSWORD
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
wpa_ptk_rekey=600

You can check the wireless interface name by using the iwconfig command, on my machine the interface name was wlan0. Now you can start hostapd using the following command:

sudo hostapd -dd /etc/hostapd/hostapd.conf 1>/dev/null &

Install and configure dhcp

Install the dhcp server using the following command

sudo apt-get install isc-dhcp-server

Edit the /etc/dhcp/dhcpd.conf file to setup subnet by adding the following lines to the file

subnet 10.10.0.0 netmask 255.255.255.0 {
range 10.10.0.25 10.10.0.50;
option domain-name-servers 8.8.4.4;
option routers 10.10.0.1;
}

Edit /etc/default/isc-dhcp-server and add the wireless network interface name like below:

INTERFACES="wlan0"

Configure a new interface and start the dhcp server

    sudo ifconfig wlan0 10.10.0.1 netmask 255.255.255.0

    sudo service isc-dhcp-server start

Allow IP masquerading

Now when the linux box is connected to the VPN, we can share this VPN connection over wifi hotspot by running following commands:

echo "1" | sudo tee /proc/sys/net/ipv4/ip_forward

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -o tun0 -i wlan0 -m conntrack --ctstate NEW -j ACCEPT

In this example the vpn interface is tun0, you can check the interface name using iwconfig command.

So now VPN sharing is setup and all your devices (computers, tablets, smart phones etc.), connected to the hot-spot of your central linux box, can access all the available network resources on VPN.