RobMeerman.co.uk

User Tools

Site Tools

You are here: RobMeerman.co.uk » VPN via Raspberry Pi 4
Trace:
vpn-pi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
Next revision Both sides next revision
vpn-pi [2020/04/05 14:09]
robm created 		vpn-pi [2020/04/29 16:37]
robm [DHCP & DNS Services]
Line 8: Line 8:
  
 In order to use the WiFi chipset as an access point, we need default Raspberry Pi desktop environment (etc) from using it as a client. In order to use the WiFi chipset as an access point, we need default Raspberry Pi desktop environment (etc) from using it as a client.
 +
 +One-off:
  
 <code>sudo wpa_cli terminate</code> <code>sudo wpa_cli terminate</code>
  
-TODOAutomate this, so restarting the Pi doesn'require this to be done every time+Forever: 
 + 
 +Disabling the ''wpa_supplicant.service'' in systemd doesn'work, but see below for how to disable the ''wpa_supplicant'' hook in ''/etc/network/interfaces.d/wlan0''
  
 ===== Configure WiFi settings ===== ===== Configure WiFi settings =====
Line 18: Line 22:
  
 <code> <code>
 +auto wlan0
 iface wlan0 inet static iface wlan0 inet static
-  address 172.16.0.1/16+  address 172.16.0.1/24 
 +  nohook wpa_supplicant
 </code> </code>
  
Line 25: Line 31:
  
 <code> <code>
-sudo ifconfig wlan0 down  # Take interface offline, so when we bring it back it uses our conf +sudo ifdown --verbose wlan0  # Take interface offline, so when we bring it back it uses our conf 
-sudo ifup wlan0+sudo ifup --verbose wlan0
 </code> </code>
  
Line 33: Line 39:
 <code> <code>
 root@raspberrypi4:~# ip -br addr show wlan0 root@raspberrypi4:~# ip -br addr show wlan0
-wlan0            UP             172.16.0.1/16 169.254.114.246/16 fe80::3592:65db:94e0:c992/64+wlan0            UP             172.16.0.1/24 169.254.114.246/16 fe80::3592:65db:94e0:c992/64
 </code> </code>
  
Line 41: Line 47:
 sudo apt update \ sudo apt update \
 && sudo apt install dnsmasq && sudo apt install dnsmasq
-<code>+</code>
  
 Then test this in the foreground so you can see debug messages, etc Then test this in the foreground so you can see debug messages, etc
Line 49: Line 55:
 && sudo dnsmasq \ && sudo dnsmasq \
   --no-daemon \   --no-daemon \
-  --dhcp-range=172.160.0.50,172.16.0.150,12h \+  --dhcp-range=172.16.0.10,172.16.0.20,1h \
   --except-interface=eth0 \   --except-interface=eth0 \
 +  --bind-interfaces \
   --dhcp-authoritative \   --dhcp-authoritative \
   --clear-on-reload   --clear-on-reload
 </code> </code>
 +
 +Notes:
 +
 +  * ''--bind-interfaces' causes the DNS server (TCP/UDP port 53) to bind to the network interfaces it will serve requests from. We need this because the default behaviour of binding to all interfaces via the special address ''0.0.0.0'' conflicts with ''systemd-resolved'' which binds to ''127.0.0.53%lo''. This essentially works around it.
 +
 +Later on, we'll want to move these settings into ''/etc/dnsmasq.conf''
  
 ===== WiFi Access Point ===== ===== WiFi Access Point =====
vpn-pi.txt · Last modified: 2020/04/29 16:54 by robm

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki