Skip to content

j-about/RaspiGate

BranchesTags

Repository files navigation

RaspiGate

Ansible-deployable networking hub for Raspberry Pi 5: DNS server, OpenVPN client/server with multiple routing configurations.

Environment

Ansible - Ansible is a radically simple IT automation system.

How To Use It

gh repo clone j-about/RaspiGate # Clone the RaspiGate repository
cd RaspiGate # Move to the RaspiGate directory
cp .env.example .env # Copy the example environment file

Define environment variables

Name Description Example value
COMPOSE_PROFILES Comma-separated list of components to deploy. See Select components to deploy below. client-chain,isp,local
RPI_IP The IP address of the Raspberry Pi. 192.168.1.101
RPI_USER Username for SSH access to the Raspberry Pi. username
RPI_SSH_PRIVATE_KEY_FILE Path to the SSH private key file for authentication. ~/.ssh/privatekeyfile
RPI_STATIC_IP Static IP address for the Raspberry Pi. 192.168.1.21
CIDR CIDR notation for subnet. 24
GATEWAY Gateway IP for the network. 192.168.1.1
NETWORK Network IP address. 192.168.1.0
NETMASK Network mask. 255.255.255.0
RPI_MACVLAN_STATIC_IP Static IP assigned to the macvlan interface on Raspberry Pi. 192.168.1.22
ADGUARD_STATIC_IP Static IP for AdGuard server deployment. 192.168.1.23
VPN_USERNAME Username for VPN client authentication. JohnDoe
VPN_PASSWORD Password for VPN client authentication. Password123
VPN_CLIENT_STATIC_IP Static IP for the VPN client. 192.168.1.24
VPN_CLIENT_DNS_1 Primary DNS for VPN client. 8.8.8.8
VPN_CLIENT_DNS_2 Secondary DNS for VPN client. 8.8.4.4
EASYRSA_REQ_CN Common Name for EasyRSA certificate request. John Doe
EASYRSA_CLIENT_NAME Client name for EasyRSA configuration. johndoe
VPN_SERVER_VVC_EASYRSA_SERVER_NAME EasyRSA server name for VPN server via VPN client. vpn-server-via-vpn-client
VPN_SERVER_VVC_STATIC_IP Static IP for VPN server via VPN client. 192.168.1.25
VPN_SERVER_VVC_PORT Port for VPN server via VPN client. 443
VPN_SERVER_VVC_PROTOCOL Protocol for VPN server via VPN client. tcp
VPN_SERVER_VVC_HOST Host for VPN server via VPN client. vpn1.example.com
VPN_SERVER_VVC_NETWORK Network for VPN server via VPN client. 192.168.2.0
VPN_SERVER_VVC_NETMASK Netmask for VPN server via VPN client. 255.255.255.0
VPN_SERVER_VISP_EASYRSA_SERVER_NAME EasyRSA server name for VPN server via ISP. vpn-server-via-isp
VPN_SERVER_VISP_STATIC_IP Static IP for VPN server via ISP. 192.168.1.26
VPN_SERVER_VISP_PORT Port for VPN server via ISP. 1194
VPN_SERVER_VISP_PROTOCOL Protocol for VPN server via ISP. tcp
VPN_SERVER_VISP_HOST Host for VPN server via ISP. vpn2.example.com
VPN_SERVER_VISP_NETWORK Network for VPN server via ISP. 192.168.3.0
VPN_SERVER_VISP_NETMASK Netmask for VPN server via ISP. 255.255.255.0
VPN_SERVER_LOCAL_EASYRSA_SERVER_NAME EasyRSA server name for VPN server for local network access only. vpn-server-local
VPN_SERVER_LOCAL_STATIC_IP Static IP for VPN server for local network access only. 192.168.1.27
VPN_SERVER_LOCAL_PORT Port for VPN server for local network access only. 1194
VPN_SERVER_LOCAL_PROTOCOL Protocol for VPN server for local network access only. udp
VPN_SERVER_LOCAL_HOST Host for VPN server for local network access only. vpn3.example.com
VPN_SERVER_LOCAL_NETWORK Network for VPN server for local network access only. 192.168.4.0
VPN_SERVER_LOCAL_NETMASK Netmask for VPN server for local network access only. 255.255.255.0

Select components to deploy

RaspiGate's VPN components are individually toggleable through the COMPOSE_PROFILES environment variable, which activates one or more Docker Compose profiles. adguardhome is always deployed.

Profile Services activated Purpose
client-chain vpn-client + vpn-server-via-vpn-client Outbound VPN client plus a VPN server whose egress traffic is tunnelled through it. Both services must start together; the server hard-routes its default gateway through the client's static IP.
isp vpn-server-via-isp VPN server whose egress traffic goes directly via the ISP.
local vpn-server-local Split-tunnel VPN server: remote clients reach the home LAN through RaspiGate while their Internet traffic keeps going out through whatever network they are currently connected to.

Set COMPOSE_PROFILES in your .env. Examples:

COMPOSE_PROFILES="client-chain,isp,local" # Deploy every VPN component (default)
COMPOSE_PROFILES="local"                  # LAN-only gateway
COMPOSE_PROFILES="client-chain,isp"       # Outbound + ISP-exposed remote access, no LAN server

Add your VPN client configuration files

Place all your .ovpn configuration files into the vpn-client/configs directory. Each file represents a VPN connection you want to use.

ansible-playbook playbooks/*.yaml # Run the Ansible playbooks

About

Ansible-deployable networking hub for Raspberry Pi 5: DNS server, OpenVPN client/server with multiple routing configurations.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages