RobMeerman.co.uk

User Tools

Site Tools

You are here: RobMeerman.co.uk » VPN via Raspberry Pi 4
Trace:
vpn-pi

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
vpn-pi [2020/04/29 12:01]
robm [DHCP & DNS Services] 		vpn-pi [2020/04/29 16:44]
robm
Line 13: Line 13:
 <code>sudo wpa_cli terminate</code> <code>sudo wpa_cli terminate</code>
  
-Forever:+Forever: Disabling the service permanently is tricky, as lots of events can cause it to be started. A better solution is to exclude ''wlan0'' from being managed by it, by adding ''nohook wpa_supplicant'' to ''/etc/network/interfaces.d/wlan0'' (created in the next section).
  
-Disabling the ''wpa_supplicant.service'' in systemd doesn't work, but see below for how to disable the ''wpa_supplicant'' hook in ''/etc/network/interfaces.d/wlan0'' 
 ===== Configure WiFi settings ===== ===== Configure WiFi settings =====
  
Line 23: Line 22:
 auto wlan0 auto wlan0
 iface wlan0 inet static iface wlan0 inet static
-  address 192.168.167.40/24 +  address 172.16.0.1/24 
-  nohook wpa_supplicant +  nohook wpa_supplicant Conflicts with hostapd (WPA is for clientsnot access points)
-  up ip route del 192.168.167.0/24 dev wlan0  # Added by defaultconflicts with eth0 +
-  up ip route add 192.168.167.40/29 dev wlan0 # Limited to just the address dnsmasq serves+
 </code> </code>
  
Line 40: Line 37:
 <code> <code>
 root@raspberrypi4:~# ip -br addr show wlan0 root@raspberrypi4:~# ip -br addr show wlan0
-wlan0            UP             192.168.167.40/24 169.254.114.246/16 fe80::3592:65db:94e0:c992/64+wlan0            UP             172.16.0.1/24 169.254.114.246/16 fe80::3592:65db:94e0:c992/64
 </code> </code>
  
 ===== DHCP & DNS Services ===== ===== DHCP & DNS Services =====
 +
 +Disable the default ''systemd-resolved'' service which runs on localhost, as it takes control of ''/etc/resolv.conf'', which in turn prevents the DHCP + DNS server we're about to install from noticing when expressvpn changes the DNS server.
 +
 +It's important that ''dnsmasq'' notices when ''/etc/resolv.conf'' changes, or DNS lookups will fail entirely due to ExpressVPN adding firewall rules to drop all DNS queries that don't go via ExpressVPN.
 +
 +<code>
 +sudo systemctl disable --now systemd-resolved
 +</code>
  
 <code> <code>
Line 56: Line 61:
 && sudo dnsmasq \ && sudo dnsmasq \
   --no-daemon \   --no-daemon \
-  --dhcp-range=192.168.167.40,192.168.167.47,1h \+  --dhcp-range=172.16.0.10,172.16.0.20,1h \
   --except-interface=eth0 \   --except-interface=eth0 \
   --dhcp-authoritative \   --dhcp-authoritative \
 +  --log-queries \
   --clear-on-reload   --clear-on-reload
 </code> </code>
vpn-pi.txt · Last modified: 2020/04/29 16:54 by robm

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki