RobMeerman.co.uk

User Tools

Site Tools

You are here: RobMeerman.co.uk » VPN via Raspberry Pi 4
Trace:
vpn-pi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
Last revision Both sides next revision
vpn-pi [2020/04/05 14:09]
robm created 		vpn-pi [2020/04/29 16:44]
robm
Line 8: Line 8:
  
 In order to use the WiFi chipset as an access point, we need default Raspberry Pi desktop environment (etc) from using it as a client. In order to use the WiFi chipset as an access point, we need default Raspberry Pi desktop environment (etc) from using it as a client.
 +
 +One-off:
  
 <code>sudo wpa_cli terminate</code> <code>sudo wpa_cli terminate</code>
  
-TODOAutomate this, so restarting the Pi doesn't require this to be done every time+ForeverDisabling the service permanently is tricky, as lots of events can cause it to be started. A better solution is to exclude ''wlan0'' from being managed by it, by adding ''nohook wpa_supplicant'' to ''/etc/network/interfaces.d/wlan0'' (created in the next section).
  
 ===== Configure WiFi settings ===== ===== Configure WiFi settings =====
Line 18: Line 20:
  
 <code> <code>
 +auto wlan0
 iface wlan0 inet static iface wlan0 inet static
-  address 172.16.0.1/16+  address 172.16.0.1/24 
 +  nohook wpa_supplicant  # Conflicts with hostapd (WPA is for clients, not access points)
 </code> </code>
  
Line 25: Line 29:
  
 <code> <code>
-sudo ifconfig wlan0 down  # Take interface offline, so when we bring it back it uses our conf +sudo ifdown --verbose wlan0  # Take interface offline, so when we bring it back it uses our conf 
-sudo ifup wlan0+sudo ifup --verbose wlan0
 </code> </code>
  
Line 33: Line 37:
 <code> <code>
 root@raspberrypi4:~# ip -br addr show wlan0 root@raspberrypi4:~# ip -br addr show wlan0
-wlan0            UP             172.16.0.1/16 169.254.114.246/16 fe80::3592:65db:94e0:c992/64+wlan0            UP             172.16.0.1/24 169.254.114.246/16 fe80::3592:65db:94e0:c992/64
 </code> </code>
  
 ===== DHCP & DNS Services ===== ===== DHCP & DNS Services =====
 +
 +Disable the default ''systemd-resolved'' service which runs on localhost, as it takes control of ''/etc/resolv.conf'', which in turn prevents the DHCP + DNS server we're about to install from noticing when expressvpn changes the DNS server.
 +
 +It's important that ''dnsmasq'' notices when ''/etc/resolv.conf'' changes, or DNS lookups will fail entirely due to ExpressVPN adding firewall rules to drop all DNS queries that don't go via ExpressVPN.
 +
 +<code>
 +sudo systemctl disable --now systemd-resolved
 +</code>
  
 <code> <code>
 sudo apt update \ sudo apt update \
 && sudo apt install dnsmasq && sudo apt install dnsmasq
-<code>+</code>
  
 Then test this in the foreground so you can see debug messages, etc Then test this in the foreground so you can see debug messages, etc
Line 49: Line 61:
 && sudo dnsmasq \ && sudo dnsmasq \
   --no-daemon \   --no-daemon \
-  --dhcp-range=172.160.0.50,172.16.0.150,12h \+  --dhcp-range=172.16.0.10,172.16.0.20,1h \
   --except-interface=eth0 \   --except-interface=eth0 \
   --dhcp-authoritative \   --dhcp-authoritative \
 +  --log-queries \
   --clear-on-reload   --clear-on-reload
 </code> </code>
 +
 +Later on, we'll want to move these settings into ''/etc/dnsmasq.conf''
  
 ===== WiFi Access Point ===== ===== WiFi Access Point =====
vpn-pi.txt · Last modified: 2020/04/29 16:54 by robm

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki