DIY VPN Instructions

RUT240 IS NOW OFFICIALLY SUPPORTED!

Thank you to Nik (https://gristleking.com/) – I have obtained a RUT240 for testing and have figured out how to make this work! Follow the DIY guide as below – The setup is exactly the same until you get to the end of the VPN setup where you’ll jump to the RUT instructions!

Before we start

I spent quite a bit of time on this guide and process. If you have your own pi and don’t want to manage your own Azure resources, it may be better off for you to just pay the $40 set up fee and $14 monthly afterwards. If you don’t know what the terminal is, you should just buy the Raspberry Pi device I’m selling.

This guide only covers your hotspot being connected via wifi – not via ethernet (or two wifi cards). If you are technical, the instructions are the same except reversing eth0 and wlan0 in the scripts and docs I provide. For two wifi cards, eth0 becomes wlan0 and wlan0 becomes wlan1.

Send Tips Here:

Cash App: ajkellypros
145UZRW2PhUmTM4YiCyyFCJRQUfdVcU2XegP1fmzNomoRx1qrzW

Prerequisites

  • Raspberry Pi with Wifi and Ethernet* or a RUT240
  • Micro SD card large enough for the Raspbian build (only for Pi option)
  • An Azure Subscription
  • Some knowledge of how to use the terminal
  • Some knowledge of how this system works

Azure Setup Instructions

  1. Create a Open VPN Server. A Standard_B1s (1vcpu, 1gib memory) works great – anything smaller will crash. Be sure to turn off “Enable Auto-Shutdown” on the Management Tab during creation.

(Azure deployment instructions are not covered, if you don’t know how to do this, I recommend you purchasing my services instead).

2. SSH in to your server and just hit enter or type yes to all the prompts.
ssh azureuser@your.server.ip.address

3. Once the initial configuration is done, go ahead and run this command:

sudo iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 44158 -j DNAT --to-destination 172.27.240.2:44158

3B. Got a sense cap? Go ahead and run this command too if you want to be able to login remotely:

sudo iptables -t nat -I PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.27.240.2:80

3C. You may need to run one final command below, especially if your ports don’t appear to be open:

sudo iptables -F

3D. If you used an SSH public key for your server (like you should), you need to do this as well and set a password so you can login to the vpn server: sudo passwd openvpn

4. Now that you’ve set up forwarding on the OpenVPN Server, go back to the azure portal and open the Network Security Rules with your VM (Open the VM, click Networking on the left).

5. Click “Add inbound port rule” and fill it out like the below.

6. You’re done with the Azure side of things, now on to the VPN itself.

OpenVPN Settings

  1. Launch your VPN server by visiting it (the link will be something like https://xxx.xxx.xxx.xxx:943/admin/) – you can get the public IP by visiting your VM in Azure and seeing it at the top right.
  2. Ignore your browsers warnings and continue anyway warnings *Note, Mac users need to use something other than Chrome because it won’t let you bypass it.
  3. Login as user openvpn and use the password you set above (or your root password)
  4. Click Configuration -> VPN Settings
  5. Type 172.27.240.0 in the box that says Static IP Address Network (Optional) and 24 in the # of netmask bits
  6. Click save at the bottom then click the button at the top of the page that says apply after reload
  7. Click User Management -> User Permissions
  8. Click the “Allow Auto-login” box next to the user openvpn
  9. Click “More Settings” next to openvpn
  10. Select “Use Static” and type in 172.27.240.2 for the user.
  11. Click Save at the bottom of the page
  12. Click update server if it prompts.
  13. Open your server again without the /admin (so https://xxx.xxx.xxx.xxx:943)
  14. Login as openvpn again
  15. There should be a link that says “Yourself (autologin profile)” – click that and store the client.ovpn file so you can put it on your device.

If you’re using a raspberry pi, you should continue below. If not, you should jump to the section that says “RUT240 SETUP”.

Raspberry Pi setup

  1. Format a micro SD card with a clean installation of Raspbian
  2. Connect via ethernet and finish the setup (let it download updates, be sure to select your locale in raspi-config)
    NOTE: Thanks to Steve (dewigo.com), you may need to use this guide to set the locale: https://rohankapoor.com/2012/04/americanizing-the-raspberry-pi/
  3. Download this zip file and unzip it to your home directory on the pi
  4. Place the client.ovpn file in the home directory of the pi
  5. Update the file dnsmasq.conf on line 158 and uncomment it, add your Wifi Mac address found in the diagnostics section of the app (looks similar to below, but obviously 00:11:22:33:44 would be your mac address)
dhcp-range=wlan0,192.168.2.10,192.168.2.150
dhcp-host=00:11:22:33:44,192.168.2.11
  • Create a new file in the home directory called hostapd.conf and type this in (change SSID and password):
  • NOTE: If you’re using a Pi 4 and prefer to use 5Ghz, use hw_mode=a and channel=36.
  • NOTE: If you’re not living in the USA, the channel below (or above) may need to change.
interface=wlan0
driver=nl80211
ssid=YOUR_SSID_HERE
channel=1
hw_mode=g
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=YOUR_PASSWORD_HERE
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

6. Finally – Open Terminal and run the following commands

cd ~
sudo chmod +xX step1.sh
sudo ./step1.sh

7. After your Pi reboots the device will automatically connect to VPN and when your hotspot connects to the pi, you will have traffic!

RUT240 Setup

  1. Start off by setting up your RUT and connecting your miner.
  2. You need to set a static lease for your miner – let’s do that by clicking Network -> LAN then scrolling down to Static Leases. Click add then scroll back down to the static leases section once the page refreshes.
  3. Select the MAC address of your Miner in the list and then select the IP address in the box – it will look something like this…

4. Click save and remember the IP address you just selected, we’re going to need this shortly!

5. Click Services -> VPN and enter anything into the box that says New configuration name: (I used Default) then click “Add New”

6. The page will reload, click Edit on the new item listed (like below)

7. Select the following boxes “Enable” and “Enable OpenVPN config from file” and the page will change to give you an upload box. Select the client.ovpn you downloaded from Step 15 in the VPN section and click “upload”.

8. Let the RUT240 do it’s thing and restart. Reconnect to the RUT and you’ll notice that your public IP has changed – now we just need to open the port!

9. Click System -> User Scripts

10. Copy and paste the information below into the new box and replace the *** with your IP address of your miner from step 3. Finally, click save and reboot the RUT one last time!

10b. (Sensecaps only: duplicate the line before exit 0 and change both 44158 to 80 if you want your web UI to be accessible via your ip 🙂 )

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

iptables -t nat -I PREROUTING -i tun0 -p tcp -m tcp --dport 44158 -j DNAT --to-destination 192.168.1.***:44158

#sensecaps only: remove the # below and add your IP if you want to remotely manage your sensecap
#iptables -t nat -I PREROUTING -i tun0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.***:80


exit 0

Final Notes

You may want to let the hotspot sync on a ethernet network to start with (not through the VPN service). This will be a lot faster and a lot cheaper for you.

autoboot.sh has a debug line that I used to test with another device on my home network. You can remove this: iptables -t nat -I PREROUTING -i tun0 -p tcp -m tcp --dport 44159 -j DNAT --to-destination 192.168.2.12:44159, or if you want to test with a second device, leave it in and add this to the dnsmasq.conf

dhcp-host=PUT:YOUR:MAC:ADDRESS:HERE,192.168.2.12

Helium:

145UZRW2PhUmTM4YiCyyFCJRQUfdVcU2XegP1fmzNomoRx1qrzW

Bitcoin:

bc1q8qqxlzuuzpgje3h5u6ysnge68vk8u82m6pelwa

Ethereum:

0x2A82C3bB0e2EfB9d77299fe8a5309b1679C757eD

48 thoughts on “DIY VPN Instructions

  1. I would like to buy the rasbury pi your selling. How many hotspots will work on one configured pi?

  2. Dude, need 1 of these to test, and maybe more to deploy a helium network …. let me know

    1. You are welcome to buy one!

      1. I like the service. I would like to buy, but have some questions as my set up is unique. Can you please email me. Ty

        1. Hey Joseph, feel free to email me at contact@dinskydoodles.com

  3. I followed everything in the guide, and I checked three times, but port 44158 isn’t open when I go to portchecker.co and enter the IP address of my server and port 44158. By the way, this is a DIY, I have my own Pi. Any help would be appreciated.

    1. You are welcome to pay me to do it for you or hire me at a consulting rate. If you’d like me to reach out via my hourly rate, respond to this and I’ll drop you an email!

      Also, you’re getting this response because I have no idea what you did – if you followed this guide to a t, your setup would work.

      The only other thing you can try is

      sudo iptables -F

      On the azure server. If that doesn’t work, feel free to reply and I’ll set up time for us to talk.

      1. I just payed for the DIY plan. Not sure what is happening. BTW, the command

        sudo iptables -F

        did not have any output on the azure server.

        1. It won’t, but the port may magically open if you do that.

          Cool on the plan, I’ll send you the cert and installation soon!

          1. Oh….it magically opened the port. Ah well I will still use your service. Could you make the Azure server based in Wyoming please? I believe it is West Central US in Azure. It is closer to me which will make the ping lower.

          2. You’ve got it! You’ll just download the cert I send to you and place it in the home directory. From there, you’ll run sudo ./step1.sh again and everything will be good to go.

            I’ll send it to you in a bit 🙂

      2. Hey can you send me an email. I’d like to run a helium miner on Starlink if possible. Will pay for your time.

  4. Hi, Well I’ve been using my own pi and this does work however the bobcat miner is not seeing the pi as a hotspot. Unless you mean in the docs that the dnsmasq.conf address should be the bobcat mac address. From the the doc I thought it was the mac address of the wifi on the pi.

    Port 44158 says closed and I’m still stuck in relay mode.

    Thanks, Jason

    1. I do infact mean the MAC address of the bobcat 🙂

      1. Thank you for clearing that up. That REALLY makes more sense now. I was losing a little bit of my mind.

  5. Hey, I wanted to buy yur service “bring your own pi” (+ your monthly service) because i live in Europe and shipping costs are very high.
    But i have 2 questions:
    1. You wrote it work, if you are in university network without login. Does this means, if i need a login, it wont work?
    2. You write that helium wont need Port 44158, where you get that info from? Does it mean if all ports are blocked from my ISP, helium mining will work? Or will i need the virtual private pi anyway?

    Thanks

    1. Hey there Tom – the problem with #1 is that universities use Radius login and I’m just not certain this will work with that type of network.

      For #2 – it’s well documented that this is something you need to do.

  6. Hello,

    Thank you for the instructions.

    I have a Raspberry Pi but am not well versed with Azure. Would i be able to hire you to do it for me?

    1. Of course – reach out to me at contact@dinskydoodles.com

  7. How can i contact you?

  8. I followed this guide and the wifi of the raspberry broke. it says could not communicate with wpa_supplicant

    1. You did something wrong. I promise if you followed this guide to a T, it wouldn’t break. 🙂

  9. Hi I am very interested. Are these available currently? I am located in the US. Pls advise. Thanks

    1. Yup! They within a day or two. 🙂

  10. Hi,

    Really cool, is it possible to have a reverse connection configuration wlan to connect on the router and ethernet cable on the Hotspot side? I am very interested.

  11. Will this configuration guide only work for miners? I tried connecting my iphone through the virtual pi to see if I can route the iphones traffic through the vpn. But it doesnt seem to have an internet connection once I connect to the virtualpi via wifi. I used the mac address for my iphone in the dnsmasq file instead of my miners mac address, but other than that I left everything virtually the same

    1. Yes, but you need to set your nameservers manually likely. Also need to add a few more lines to hostapd.conf.

      1. Hmm Ill just trust that I followed the guide correctly and when I hook my hotspot up to the virtualpi tomorrow hopefully everything just starts working out. I can see the pi is initiating a session with OpenVPN each time I reboot it, so I think im setup properly.

  12. Sadly I ran into some issues when finally trying to connect my Bobcat to my VirtualPi wifi being broadcasted. An error pops up stating “something went wrong”. Would really love some pointers I feel like Im very close to having this setup correctly.

    1. The server im hosting on the cloud seems to have internet, the pi itself has internet, but when the miner connects to the wifi that the pi broadcasts, the miner has no internet. Is the SSID that the pi broadcasts supposed to be the same as my normal wifi? Or can I have it as any ssid I wish?

      1. May have found my issue. I think I left the hostname as default when setting up OpenVPN

        Changing Default Hostname
        Since Microsoft Azure automatically uses an internal IP address for your instance, you will need to login to the Web Admin UI and configure the Hostname parameter manually (inside the Server Settings section). You may either use an IP address or a hostname here, although it is strongly recommended that you use a hostname since your clients will depend on this setting to be able to know where to connect to, and updating a DNS record is much easier than reinstalling all clients to update the IP address they need to connect to. Also, SSL certificates require a proper FQDN hostname in order to function properly.

        Note: If you leave this setting as the default, NONE of your clients will be able to connect to your VPN server since by default it is set to a non-routable (private) IP address!

        Tip: You may choose to configure an Azure supplied DNS hostname if you do not have a custom domain or FQDN. To do this, click the Configure link under the virtual machine instance properties below the DNS name heading.

  13. Great guide. Anyone set this up on an AWS instance? My pi is connecting to my VPN server (can see it in the openVPN admin dashboard), my miner is connecting to the wifi (can access the miner admin page from the pi over wifi) but p2p traffic isn’t getting to the miner. My firewall is set properly, so I’m assuming it has something to do with iptables, though I can see the rules after executing. Going to tear it down and try again but wondering if there’s a difference in the default settings between providers that I missed while launching.

    1. I work for Microsoft in my day job… What’s Amazon? 🙂

      J/K. It should work with any cloud provider. Just remember that an EC2 instance is deny all by default.

      1. Ha, understood. Tracked down the problem looking at the autorun script- iptables wasn’t installed on my pi. Up and running now, thanks again.

        1. If you want to write the instructions for AWS, I’ll happily post them!

  14. Thanks for the write up, I’ll be donating! I have one question that was not explained above, what is 172.27.240.2?

    1. That’s the IP address of the raspberry pi – you set that as a static IP in one of the steps. 🙂

  15. Quick Question:

    If my TP-Link 4G Router TL-MR6400 has a OpenVPN server preinstalled on it, can I use it to connect to Azure ?

    1. You want a client, not a server!

  16. Does this work on ethernet or only WIFI? My bobcat 300 has two Mac addresses. I used Mac 2 for Wifi and it worked with no relay… I moved the unit and redid these instructions with Mac 1 and used ethernet and I’m in relay purgatory….

    1. I have not written the guide to do the wifi to Ethernet yet. I will eventually do that when I have time 🙂

      1. Ok, so Wifi only. No problem. I’m going to set it back to Mac2 and just use WiFi and see if it works again. I made a .01 HNT yesterday in relay purg…. I need to get out immediately haha

  17. Hi ,
    Will this work in Australia ?
    Trying to run a SenseCAP on mobile phone hotspot will never get out of Relayed .
    So this will solve that issue ?
    I have a Raspberry Pi3 ( from my XYO Network days ) Will Pi3 work in this setup ?

    1. Yes, as far as I’m aware this will work in Australia. You’d want the Wifi to Ethernet version. A pi 3 may or may not work depending on the hardware, I’d recommend a 4 if you can find it.

  18. Hello! I just got a miner how ever it is staying in relayed mode because I am using starlink satellite internet. Is this something that would help work around that ? or are there better methods for this ?

    1. Yes, this works with starlink – I have at least two people who I know who use it!

Leave a Reply to shaun Cancel reply

Your email address will not be published.