This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
vpn-pi [2020/04/05 14:09] robm created |
vpn-pi [2020/04/29 16:54] (current) robm |
||
---|---|---|---|
Line 8: | Line 8: | ||
In order to use the WiFi chipset as an access point, we need default Raspberry Pi desktop environment (etc) from using it as a client. | In order to use the WiFi chipset as an access point, we need default Raspberry Pi desktop environment (etc) from using it as a client. | ||
+ | |||
+ | One-off: | ||
< | < | ||
- | TODO: Automate this, so restarting | + | Forever: Disabling |
===== Configure WiFi settings ===== | ===== Configure WiFi settings ===== | ||
Line 18: | Line 20: | ||
< | < | ||
+ | auto wlan0 | ||
iface wlan0 inet static | iface wlan0 inet static | ||
- | address 172.16.0.1/16 | + | address 172.16.0.1/24 |
+ | nohook wpa_supplicant | ||
</ | </ | ||
Line 25: | Line 29: | ||
< | < | ||
- | sudo ifconfig | + | sudo ifdown --verbose |
- | sudo ifup wlan0 | + | sudo ifup --verbose |
</ | </ | ||
Line 33: | Line 37: | ||
< | < | ||
root@raspberrypi4: | root@raspberrypi4: | ||
- | wlan0 UP | + | wlan0 UP |
</ | </ | ||
===== DHCP & DNS Services ===== | ===== DHCP & DNS Services ===== | ||
+ | |||
+ | Disable the default '' | ||
+ | |||
+ | It's important that '' | ||
+ | |||
+ | < | ||
+ | sudo systemctl disable --now systemd-resolved | ||
+ | </ | ||
< | < | ||
sudo apt update \ | sudo apt update \ | ||
&& sudo apt install dnsmasq | && sudo apt install dnsmasq | ||
- | < | + | </code> |
Then test this in the foreground so you can see debug messages, etc | Then test this in the foreground so you can see debug messages, etc | ||
Line 49: | Line 61: | ||
&& sudo dnsmasq \ | && sudo dnsmasq \ | ||
--no-daemon \ | --no-daemon \ | ||
- | --dhcp-range=172.160.0.50,172.16.0.150,12h \ | + | --dhcp-range=172.16.0.10,172.16.0.20,1h \ |
--except-interface=eth0 \ | --except-interface=eth0 \ | ||
--dhcp-authoritative \ | --dhcp-authoritative \ | ||
+ | --log-queries \ | ||
--clear-on-reload | --clear-on-reload | ||
</ | </ | ||
+ | |||
+ | Later on, we'll want to move these settings into ''/ | ||
===== WiFi Access Point ===== | ===== WiFi Access Point ===== | ||
Line 134: | Line 149: | ||
Then try to connect from another device (e.g. mobile phone). The WiFi network should be visible, and when you connect you should get an IP address, but probably an error about no internet connection. That's next. | Then try to connect from another device (e.g. mobile phone). The WiFi network should be visible, and when you connect you should get an IP address, but probably an error about no internet connection. That's next. | ||
+ | |||
+ | ===== Network Address Translation ===== | ||
+ | |||
+ | Enable Network Address Translation (NAT) on any traffic that leaves us via ExpressVPN' | ||
+ | |||
+ | Note that the interface doesn' | ||
+ | |||
+ | < | ||
+ | iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE | ||
+ | </ | ||
+ | |||
+ | Note that is this is the **only** MASQUERADE rule (check with '' | ||
+ | |||
+ | < | ||
+ | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | ||
+ | </ | ||
+ |