Last active
September 3, 2024 14:00
-
-
Save paulscode/0b643b7f1fc91dd1873f6cc39b7a31ae to your computer and use it in GitHub Desktop.
Create Hotspot on Debian or RaspiOS Bullseye
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: | |
| # chmod +x ./create-hotspot-debian.sh | |
| # sudo ./create-hotspot-debian.sh <ssid> <pass> [--usetor] [--reverse] | |
| # Exit immediately if a command exits with a non-zero status | |
| set -e | |
| # Must be run with sudo | |
| if [[ "$EUID" -ne 0 ]]; then | |
| echo "Please run with sudo" | |
| exit 1 | |
| fi | |
| # Install necessary packages | |
| apt-get update | |
| apt-get install -y screen tmux hostapd dnsmasq iptables-persistent nftables tor | |
| # Set default values: | |
| DEFAULT_SSID="DebianHotSpot" | |
| DEFAULT_PASS="1234567890" | |
| USE_TOR=false | |
| REVERSE=false | |
| # Process positional parameters | |
| SSID="${1:-$DEFAULT_SSID}" | |
| PASS="${2:-$DEFAULT_PASS}" | |
| # Process optional flags | |
| for arg in "$@"; do | |
| case $arg in | |
| --usetor) | |
| USE_TOR=true | |
| ;; | |
| --reverse) | |
| REVERSE=true | |
| ;; | |
| esac | |
| done | |
| # Check if Tor is installed if --usetor is specified | |
| if [ "$USE_TOR" = true ]; then | |
| if ! command -v tor >/dev/null 2>&1; then | |
| echo "Tor is not installed. Please install Tor before using the --usetor option." | |
| exit 1 | |
| fi | |
| fi | |
| # Identify the network interfaces (adjust these based on actual interface names) | |
| WIFI_INTERFACE=$(iw dev | awk '$1=="Interface"{print $2}') | |
| ETH_INTERFACE=$(ip link show | grep -m 1 -o -E 'en[sp][0-9]s[0-9]') | |
| # Construct a summary of the actions based on the parameters | |
| if [[ "$REVERSE" = true && "$USE_TOR" = true ]]; then | |
| ACTION="connect to the Wi-Fi network '$SSID' and share the internet over Ethernet with Tor routing enabled." | |
| elif [[ "$REVERSE" = true ]]; then | |
| ACTION="connect to the Wi-Fi network '$SSID' and share the internet over Ethernet." | |
| elif [[ "$USE_TOR" = true ]]; then | |
| ACTION="create a Wi-Fi hotspot named '$SSID' and route traffic through Tor." | |
| else | |
| ACTION="create a Wi-Fi hotspot named '$SSID'." | |
| fi | |
| # Confirm with the user before proceeding | |
| echo "This script will make changes to your network configuration to $ACTION" | |
| echo "The system will reboot upon completion." | |
| read -p "Do you want to proceed? (y/n) " -n 1 -r | |
| echo # move to a new line | |
| if [[ ! $REPLY =~ ^[Yy]$ ]]; then | |
| echo "Operation canceled." | |
| exit 1 | |
| fi | |
| # Run the script in a detached screen session | |
| session_name="hotspot_setup" | |
| screen -dmS "$session_name" bash -c ' | |
| # Normal mode or reverse mode depending on the parameters | |
| if [[ "$REVERSE" = true ]]; then | |
| # Reverse mode: connect to an existing Wi-Fi network and share internet over Ethernet | |
| # Configure wpa_supplicant for connecting to the Wi-Fi network | |
| cat <<EOF > /etc/wpa_supplicant/wpa_supplicant.conf | |
| country=US | |
| ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev | |
| update_config=1 | |
| network={ | |
| ssid="$SSID" | |
| psk="$PASS" | |
| } | |
| EOF | |
| # Restart the dhcpcd service to apply changes | |
| systemctl restart dhcpcd | |
| # Uncomment the line net.ipv4.ip_forward=1 in /etc/sysctl.conf | |
| sed -i "s/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf | |
| # Create nftable directory if not exists | |
| mkdir -p /etc/nftable | |
| # Create nftable rule for reverse mode: | |
| cat <<EOF1 > /etc/nftable/nft-stat-rev.nft | |
| flush ruleset | |
| table inet rev { | |
| chain routethrough { | |
| type nat hook postrouting priority filter; policy accept; | |
| oifname "$WIFI_INTERFACE" masquerade | |
| } | |
| chain fward { | |
| type filter hook forward priority filter; policy accept; | |
| iifname "$WIFI_INTERFACE" oifname "$ETH_INTERFACE" ct state established,related accept | |
| iifname "$ETH_INTERFACE" oifname "$WIFI_INTERFACE" accept | |
| } | |
| } | |
| EOF1 | |
| # Give nftable rule execute permissions | |
| chmod +x /etc/nftable/nft-stat-rev.nft | |
| # Include the nftable rule in nftables.conf | |
| cat <<EOF2 >> /etc/nftables.conf | |
| include "/etc/nftable/nft-stat-rev.nft" | |
| EOF2 | |
| # Enable nftables service | |
| systemctl enable nftables | |
| # Set up iptables rules for routing traffic through Tor if --usetor is specified | |
| if [ "$USE_TOR" = true ]; then | |
| iptables -F | |
| iptables -t nat -F | |
| iptables -t nat -A PREROUTING -i "$ETH_INTERFACE" -p tcp --dport 80 -j REDIRECT --to-ports 9050 | |
| iptables -t nat -A PREROUTING -i "$ETH_INTERFACE" -p tcp --dport 443 -j REDIRECT --to-ports 9050 | |
| iptables -A FORWARD -i "$ETH_INTERFACE" -o "$WIFI_INTERFACE" -j ACCEPT | |
| iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| iptables -t nat -A POSTROUTING -o "$WIFI_INTERFACE" -j MASQUERADE | |
| # Save iptables rules | |
| netfilter-persistent save | |
| fi | |
| echo "Reverse setup is complete." | |
| else | |
| # Normal mode: create a hotspot | |
| # Exit if hostapd config already exists (script would break things if run more than once) | |
| if [ -f /etc/hostapd/hostapd.conf ]; then | |
| echo "This script cannot be run more than once" | |
| exit 1 | |
| fi | |
| # Configure hostapd: | |
| cat <<EOF3 > /etc/hostapd/hostapd.conf | |
| interface=$WIFI_INTERFACE | |
| driver=nl80211 | |
| ssid=$SSID | |
| hw_mode=g | |
| channel=6 | |
| wmm_enabled=0 | |
| macaddr_acl=0 | |
| auth_algs=1 | |
| ignore_broadcast_ssid=0 | |
| wpa=2 | |
| wpa_passphrase=$PASS | |
| wpa_key_mgmt=WPA-PSK | |
| rsn_pairwise=CCMP | |
| EOF3 | |
| # Unmask and enable hostapd: | |
| systemctl unmask hostapd | |
| systemctl enable hostapd | |
| # Configure dnsmasq: | |
| cat <<EOF4 >> /etc/dnsmasq.conf | |
| interface=$WIFI_INTERFACE | |
| bind-dynamic | |
| domain-needed | |
| bogus-priv | |
| dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h | |
| EOF4 | |
| # Configure dhcpcd: | |
| cat <<EOF5 >> /etc/dhcpcd.conf | |
| interface $WIFI_INTERFACE | |
| nohook wpa_supplicant | |
| static ip_address=192.168.50.10/24 | |
| static routers=192.168.50.1 | |
| static domain_name_servers=8.8.8.8 | |
| EOF5 | |
| # Uncomment the line net.ipv4.ip_forward=1 in /etc/sysctl.conf | |
| sed -i "s/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf | |
| # Create nftable directory if not exists | |
| mkdir -p /etc/nftable | |
| # Create nftable rule: | |
| cat <<EOF6 > /etc/nftable/nft-stat-ap.nft | |
| flush ruleset | |
| table inet ap { | |
| chain routethrough { | |
| type nat hook postrouting priority filter; policy accept; | |
| oifname "$ETH_INTERFACE" masquerade | |
| } | |
| chain fward { | |
| type filter hook forward priority filter; policy accept; | |
| iifname "$ETH_INTERFACE" oifname "$WIFI_INTERFACE" ct state established,related accept | |
| iifname "$WIFI_INTERFACE" oifname "$ETH_INTERFACE" accept | |
| } | |
| } | |
| EOF6 | |
| # Give nftable rule execute permissions | |
| chmod +x /etc/nftable/nft-stat-ap.nft | |
| # Include the nftable rule in nftables.conf | |
| cat <<EOF7 >> /etc/nftables.conf | |
| include "/etc/nftable/nft-stat-ap.nft" | |
| EOF7 | |
| # Enable nftables service | |
| systemctl enable nftables | |
| # Set up iptables rules for routing traffic through Tor if --usetor is specified | |
| if [ "$USE_TOR" = true ]; then | |
| iptables -F | |
| iptables -t nat -F | |
| iptables -t nat -A PREROUTING -i "$WIFI_INTERFACE" -p tcp --dport 80 -j REDIRECT --to-ports 9050 | |
| iptables -t nat -A PREROUTING -i "$WIFI_INTERFACE" -p tcp --dport 443 -j REDIRECT --to-ports 9050 | |
| iptables -A FORWARD -i "$WIFI_INTERFACE" -o "$ETH_INTERFACE" -j ACCEPT | |
| iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| iptables -t nat -A POSTROUTING -o "$ETH_INTERFACE" -j MASQUERADE | |
| # Save iptables rules | |
| netfilter-persistent save | |
| fi | |
| echo "Hotspot setup is complete." | |
| fi | |
| echo "Rebooting now..." | |
| sleep 5 | |
| reboot | |
| ' | |
| echo "The script is running in the background. The Debian system will reboot automatically when the process completes." |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Usage: | |
| # chmod +x ./create-hotspot-pi.sh | |
| # sudo ./create-hotspot-pi.sh <ssid> <pass> [--usetor] [--reverse] | |
| # Exit immediately if a command exits with a non-zero status | |
| set -e | |
| # Must be run with sudo | |
| if [[ "$EUID" -ne 0 ]]; then | |
| echo "Please run with sudo" | |
| exit 1 | |
| fi | |
| # Install screen or tmux if not installed | |
| apt-get update | |
| apt-get install -y screen tmux | |
| # Set default values: | |
| DEFAULT_SSID="RPiHotSpot" | |
| DEFAULT_PASS="1234567890" | |
| USE_TOR=false | |
| REVERSE=false | |
| # Process positional parameters | |
| SSID="${1:-$DEFAULT_SSID}" | |
| PASS="${2:-$DEFAULT_PASS}" | |
| # Process optional flags | |
| for arg in "$@"; do | |
| case $arg in | |
| --usetor) | |
| USE_TOR=true | |
| ;; | |
| --reverse) | |
| REVERSE=true | |
| ;; | |
| esac | |
| done | |
| # Check if Tor is installed if --usetor is specified | |
| if [ "$USE_TOR" = true ]; then | |
| if ! command -v tor >/dev/null 2>&1; then | |
| echo "Tor is not installed. Please install Tor before using the --usetor option." | |
| exit 1 | |
| fi | |
| fi | |
| # Construct a summary of the actions based on the parameters | |
| if [[ "$REVERSE" = true && "$USE_TOR" = true ]]; then | |
| ACTION="connect to the Wi-Fi network '$SSID' and share the internet over Ethernet with Tor routing enabled." | |
| elif [[ "$REVERSE" = true ]]; then | |
| ACTION="connect to the Wi-Fi network '$SSID' and share the internet over Ethernet." | |
| elif [[ "$USE_TOR" = true ]]; then | |
| ACTION="create a Wi-Fi hotspot named '$SSID' and route traffic through Tor." | |
| else | |
| ACTION="create a Wi-Fi hotspot named '$SSID'." | |
| fi | |
| # Confirm with the user before proceeding | |
| echo "This script will make changes to your network configuration to $ACTION" | |
| echo "The system will reboot upon completion." | |
| read -p "Do you want to proceed? (y/n) " -n 1 -r | |
| echo # move to a new line | |
| if [[ ! $REPLY =~ ^[Yy]$ ]]; then | |
| echo "Operation canceled." | |
| exit 1 | |
| fi | |
| # Run the script in a detached screen session | |
| session_name="hotspot_setup" | |
| screen -dmS "$session_name" bash -c ' | |
| # Normal mode or reverse mode depending on the parameters | |
| if [[ "$REVERSE" = true ]]; then | |
| # Reverse mode: connect to an existing Wi-Fi network and share internet over Ethernet | |
| # Configure wpa_supplicant for connecting to the Wi-Fi network | |
| cat <<EOF > /etc/wpa_supplicant/wpa_supplicant.conf | |
| country=US | |
| ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev | |
| update_config=1 | |
| network={ | |
| ssid="$SSID" | |
| psk="$PASS" | |
| } | |
| EOF | |
| # Restart the dhcpcd service to apply changes | |
| systemctl restart dhcpcd | |
| # Uncomment the line net.ipv4.ip_forward=1 in /etc/sysctl.conf | |
| sed -i "s/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf | |
| # Create nftable directory if not exists | |
| mkdir -p /etc/nftable | |
| # Create nftable rule for reverse mode: | |
| cat <<EOF1 > /etc/nftable/nft-stat-rev.nft | |
| flush ruleset | |
| table inet rev { | |
| chain routethrough { | |
| type nat hook postrouting priority filter; policy accept; | |
| oifname "wlan0" masquerade | |
| } | |
| chain fward { | |
| type filter hook forward priority filter; policy accept; | |
| iifname "wlan0" oifname "eth0" ct state established,related accept | |
| iifname "eth0" oifname "wlan0" accept | |
| } | |
| } | |
| EOF1 | |
| # Give nftable rule execute permissions | |
| chmod +x /etc/nftable/nft-stat-rev.nft | |
| # Include the nftable rule in nftables.conf | |
| cat <<EOF2 >> /etc/nftables.conf | |
| include "/etc/nftable/nft-stat-rev.nft" | |
| EOF2 | |
| # Enable nftables service | |
| systemctl enable nftables | |
| # Set up iptables rules for routing traffic through Tor if --usetor is specified | |
| if [ "$USE_TOR" = true ]; then | |
| iptables -F | |
| iptables -t nat -F | |
| iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 9050 | |
| iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-ports 9050 | |
| iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT | |
| iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE | |
| # Save iptables rules | |
| netfilter-persistent save | |
| fi | |
| echo "Reverse setup is complete." | |
| else | |
| # Normal mode: create a hotspot | |
| # Exit if hostapd config already exists (script would break things if run more than once) | |
| if [ -f /etc/hostapd/hostapd.conf ]; then | |
| echo "This script cannot be run more than once" | |
| exit 1 | |
| fi | |
| # Configure hostapd: | |
| cat <<EOF3 > /etc/hostapd/hostapd.conf | |
| interface=wlan0 | |
| driver=nl80211 | |
| ssid=$SSID | |
| hw_mode=g | |
| channel=6 | |
| wmm_enabled=0 | |
| macaddr_acl=0 | |
| auth_algs=1 | |
| ignore_broadcast_ssid=0 | |
| wpa=2 | |
| wpa_passphrase=$PASS | |
| wpa_key_mgmt=WPA-PSK | |
| rsn_pairwise=CCMP | |
| EOF3 | |
| # Unmask and enable hostapd: | |
| systemctl unmask hostapd | |
| systemctl enable hostapd | |
| # Configure dnsmasq: | |
| cat <<EOF4 >> /etc/dnsmasq.conf | |
| interface=wlan0 | |
| bind-dynamic | |
| domain-needed | |
| bogus-priv | |
| dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h | |
| EOF4 | |
| # Configure dhcpcd: | |
| cat <<EOF5 >> /etc/dhcpcd.conf | |
| interface wlan0 | |
| nohook wpa_supplicant | |
| static ip_address=192.168.50.10/24 | |
| static routers=192.168.50.1 | |
| static domain_name_servers=8.8.8.8 | |
| EOF5 | |
| # Uncomment the line net.ipv4.ip_forward=1 in /etc/sysctl.conf | |
| sed -i "s/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/" /etc/sysctl.conf | |
| # Create nftable directory if not exists | |
| mkdir -p /etc/nftable | |
| # Create nftable rule: | |
| cat <<EOF6 > /etc/nftable/nft-stat-ap.nft | |
| flush ruleset | |
| table inet ap { | |
| chain routethrough { | |
| type nat hook postrouting priority filter; policy accept; | |
| oifname "eth0" masquerade | |
| } | |
| chain fward { | |
| type filter hook forward priority filter; policy accept; | |
| iifname "eth0" oifname "wlan0" ct state established,related accept | |
| iifname "wlan0" oifname "eth0" accept | |
| } | |
| } | |
| EOF6 | |
| # Give nftable rule execute permissions | |
| chmod +x /etc/nftable/nft-stat-ap.nft | |
| # Include the nftable rule in nftables.conf | |
| cat <<EOF7 >> /etc/nftables.conf | |
| include "/etc/nftable/nft-stat-ap.nft" | |
| EOF7 | |
| # Enable nftables service | |
| systemctl enable nftables | |
| # Set up iptables rules for routing traffic through Tor if --usetor is specified | |
| if [ "$USE_TOR" = true ]; then | |
| iptables -F | |
| iptables -t nat -F | |
| iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 80 -j REDIRECT --to-ports 9050 | |
| iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 443 -j REDIRECT --to-ports 9050 | |
| iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT | |
| iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | |
| # Save iptables rules | |
| netfilter-persistent save | |
| fi | |
| echo "Hotspot setup is complete." | |
| fi | |
| echo "Rebooting now..." | |
| sleep 5 | |
| reboot | |
| ' | |
| echo "The script is running in the background. The Raspberry Pi will reboot automatically when the process completes." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment