This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
vpn-pi [2020/04/29 12:00] robm [Configure WiFi settings] |
vpn-pi [2020/04/29 16:54] (current) robm |
||
---|---|---|---|
Line 13: | Line 13: | ||
< | < | ||
- | Forever: | + | Forever: |
- | Disabling the '' | ||
===== Configure WiFi settings ===== | ===== Configure WiFi settings ===== | ||
Line 23: | Line 22: | ||
auto wlan0 | auto wlan0 | ||
iface wlan0 inet static | iface wlan0 inet static | ||
- | address | + | address |
- | nohook wpa_supplicant | + | nohook wpa_supplicant |
- | up ip route del 192.168.167.0/ | + | |
- | up ip route add 192.168.167.40/ | + | |
</ | </ | ||
Line 40: | Line 37: | ||
< | < | ||
root@raspberrypi4: | root@raspberrypi4: | ||
- | wlan0 UP 192.168.167.40/24 169.254.114.246/ | + | wlan0 UP 172.16.0.1/24 169.254.114.246/ |
</ | </ | ||
===== DHCP & DNS Services ===== | ===== DHCP & DNS Services ===== | ||
+ | |||
+ | Disable the default '' | ||
+ | |||
+ | It's important that '' | ||
+ | |||
+ | < | ||
+ | sudo systemctl disable --now systemd-resolved | ||
+ | </ | ||
< | < | ||
Line 56: | Line 61: | ||
&& sudo dnsmasq \ | && sudo dnsmasq \ | ||
--no-daemon \ | --no-daemon \ | ||
- | --dhcp-range=192.168.167.41,192.168.167.49,1h \ | + | --dhcp-range=172.16.0.10,172.16.0.20,1h \ |
--except-interface=eth0 \ | --except-interface=eth0 \ | ||
--dhcp-authoritative \ | --dhcp-authoritative \ | ||
+ | --log-queries \ | ||
--clear-on-reload | --clear-on-reload | ||
</ | </ | ||
Line 143: | Line 149: | ||
Then try to connect from another device (e.g. mobile phone). The WiFi network should be visible, and when you connect you should get an IP address, but probably an error about no internet connection. That's next. | Then try to connect from another device (e.g. mobile phone). The WiFi network should be visible, and when you connect you should get an IP address, but probably an error about no internet connection. That's next. | ||
+ | |||
+ | ===== Network Address Translation ===== | ||
+ | |||
+ | Enable Network Address Translation (NAT) on any traffic that leaves us via ExpressVPN' | ||
+ | |||
+ | Note that the interface doesn' | ||
+ | |||
+ | < | ||
+ | iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE | ||
+ | </ | ||
+ | |||
+ | Note that is this is the **only** MASQUERADE rule (check with '' | ||
+ | |||
+ | < | ||
+ | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | ||
+ | </ | ||
+ |