Secure Hotel Wi-Fi Sharing Over A Single VPN Tunnel For All Your Devices With A Raspberry Pi

Raspi-wifi-vpnAs I often stay in hotels and try to make the best of the available hotel Wi-Fi, I've bought a Wi-Fi distribution dongle that connects to the Internet over the hotel Wi-Fi on the one side and spans up a private Wi-Fi network on the other side for all my devices to connect to. The advantage is that I only need to configure the Wi-Fi distribution dongle and that I only need to pay for one connection. The disadvantage of the approach is that while I can use a VPN tunnel on the PC to protect my data traffic, a lot of data that I exchange with services on the Internet with my other devices is unprotected. Needless to say that at some point it was time to change this.

The platform of choice for this project is of course a Raspberry Pi with two Wi-Fi interfaces. I did a lot of research on the net but could not find a single project that combined the Wi-Fi Access Point functionality I needed with a second Wi-Fi USB stick for the client connection that acts as a backhaul and an OpenVPN client configuration that uses the backhaul to tunnel all traffic of my private Wi-Fi network. But each of these things are described separately and after experimenting a bit with all bits of the puzzle I was able to put the project together. In addition to using a Wi-Fi network as a backhaul link it's also possible to use the Ethernet port in case the hotel has cabled Internet access.

At first I thought I'd describe the solution in a blog entry but I soon realized that describing how to install a dozen packages and to modify 15+ configuration files is a bit too much in a single blog entry. So I put together an installation script, sample configuration files plus installation and usage information and put the result on GitHub. I spent two weekends to get the script and configuration files in a form and shape that their usage is straight forward on a newly installed Raspian with little manual work required. A lot of comments have gone into the script file so for those who'd like to know the details, have a look there and also at the configuration files used for the different components that are installed.

I've been using the solution in quite a number of environments over the past few weeks now and I'm pretty happy with the result and hope that this will be useful for others as well. Have fun!