Last active
December 4, 2022 05:59
-
-
Save nicosingh/5554770f151c2b18ba09c959aa8cf75a to your computer and use it in GitHub Desktop.
set rpi as wireless AP, based on https://thepi.io/how-to-use-your-raspberry-pi-as-a-wireless-access-point/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # update system | |
| sudo apt-get update | |
| sudo apt-get upgrade -y | |
| # install software | |
| sudo apt-get install hostapd dnsmasq bridge-utils openvpn unzip -y | |
| sudo systemctl stop hostapd | |
| sudo systemctl stop dnsmasq | |
| sudo rm -f /etc/dhcpcd.conf | |
| cat <<'EOF' | sudo tee /etc/dhcpcd.conf | |
| interface wlan0 | |
| static ip_address=192.168.0.200/24 | |
| denyinterfaces eth0 | |
| denyinterfaces wlan0 | |
| EOF | |
| sudo rm -f /etc/dnsmasq.conf | |
| cat <<'EOF' | sudo tee /etc/dnsmasq.conf | |
| interface=wlan0 | |
| dhcp-range=192.168.0.201,192.168.0.250,255.255.255.0,24h | |
| EOF | |
| sudo rm -f /etc/hostapd/hostapd.conf | |
| cat <<'EOF' | sudo tee /etc/hostapd/hostapd.conf | |
| interface=wlan0 | |
| bridge=br0 | |
| hw_mode=g | |
| channel=7 | |
| wmm_enabled=0 | |
| macaddr_acl=0 | |
| auth_algs=1 | |
| ignore_broadcast_ssid=0 | |
| wpa=2 | |
| wpa_key_mgmt=WPA-PSK | |
| wpa_pairwise=TKIP | |
| rsn_pairwise=CCMP | |
| ssid=nicoraspberry | |
| wpa_passphrase=mypass | |
| EOF | |
| sudo sed -i "s/\#DAEMON_CONF\=\"\"/DAEMON_CONF\=\"\/etc\/hostapd\/hostapd.conf\"/g" /etc/default/hostapd | |
| sudo sed -i "s/\#net.ipv4.ip_forward\=1/net.ipv4.ip_forward\=1/g" /etc/sysctl.conf | |
| sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" | |
| # TODO check this! | |
| sudo sed -i "s/exit 0/iptables-restore \< \/etc\/iptables\.ipv4\.nat\nexit 0/g" /etc/rc.local | |
| sudo systemctl start dnsmasq | |
| sudo systemctl start hostapd | |
| sudo brctl addbr br0 | |
| sudo brctl addif br0 eth0 | |
| sudo su -c 'echo "auto br0" >> /etc/network/interfaces' | |
| sudo su -c 'echo "iface br0 inet manual" >> /etc/network/interfaces' | |
| sudo su -c 'echo "bridge_ports eth0 wlan0" >> /etc/network/interfaces' | |
| # using https://thepi.io/how-to-use-your-raspberry-pi-as-a-vpn-router/ and https://nordvpn.com/tutorials/raspberry-pi/openvpn/ and https://gist.github.com/superjamie/ac55b6d2c080582a3e64 | |
| cd /etc/openvpn | |
| sudo wget https://nordvpn.com/api/files/zip | |
| sudo unzip zip | |
| sudo rm -f zip | |
| sudo su -c 'echo "my-nordvpn-username" >> /etc/openvpn/user.auth' | |
| sudo su -c 'echo "my-nordvpn-mypassword" >> /etc/openvpn/user.auth' | |
| sudo openvpn --config us1126.nordvpn.com.udp1194.ovpn --auth-user-pass /etc/openvpn/user.auth | |
| sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE | |
| sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT | |
| sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| ######## | |
| ### ALTERNATIVE WITHOUT BRIDGING | |
| ######## | |
| # update system | |
| sudo apt-get update | |
| sudo apt-get upgrade -y | |
| # set up wireless ap | |
| sudo apt-get install hostapd -y | |
| cat <<'EOF' | sudo tee /etc/hostapd/hostapd.conf | |
| interface=wlan0 | |
| ssid=nico-vpn | |
| wpa_passphrase=mypass | |
| EOF | |
| sudo sed -i "s/\#DAEMON_CONF\=\"\"/DAEMON_CONF\=\"\/etc\/hostapd\/hostapd.conf\"/g" /etc/default/hostapd | |
| sudo systemctl start hostapd | |
| sudo systemctl enable hostapd | |
| # set up DHCP server | |
| sudo apt-get install dnsmasq -y | |
| cat <<'EOF' | sudo tee /etc/dnsmasq.conf | |
| interface=wlan0 | |
| dhcp-range=wlan0,192.168.0.201,192.168.0.250,1h | |
| dhcp-option=3,192.168.0.1 # our router | |
| dhcp-option=6,192.168.0.1 # our DNS Server | |
| dhcp-authoritative # force clients to grab a new IP | |
| EOF | |
| cat <<'EOF' | sudo tee /etc/resolv.conf | |
| nameserver 192.168.0.1 | |
| nameserver 8.8.8.8 | |
| nameserver 8.8.8.4 | |
| EOF | |
| cat <<'EOF' | sudo tee /etc/network/interfaces | |
| iface wlan0 inet static | |
| address 192.168.0.18 | |
| netmask 255.255.255.0 | |
| EOF | |
| sudo systemctl start dnsmasq | |
| sudo systemctl enable dnsmasq | |
| # set up openvpn client | |
| sudo apt-get install openvpn -y | |
| # MANUAL STEP: copy your ovpn file to /etc/openvpn/client.conf as well as your user.auth file | |
| chmod 0600 /etc/openvpn/user.auth | |
| sudo sed -i "s/auth-user-pass/auth-user-pass\ \/etc\/openvpn\/user.auth/g" /etc/openvpn/client.conf | |
| sudo systemctl start openvpn@client | |
| sudo systemctl enable openvpn@client | |
| # set up ntp | |
| sudo apt-get install ntp -y | |
| sudo systemctl start ntp | |
| sudo systemctl enable ntp | |
| # set up nat and routing | |
| sudo sed -i "s/\#net.ipv4.ip_forward\=1/net.ipv4.ip_forward\=1/g" /etc/sysctl.conf | |
| sudo sysctl -p | |
| sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE | |
| sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT | |
| echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections | |
| echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections | |
| sudo apt-get install iptables-persistent -y | |
| https://makezine.com/projects/browse-anonymously-with-a-diy-raspberry-pi-vpntor-router/ | |
| https://4dd0p3r470r.wordpress.com/2015/02/01/browse-anonymously-with-a-diy-raspberry-pi-vpntor-router/ | |
| # TODO try using https://github.com/unixabg/RPI-Wireless-Hotspot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment