This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
vpn-rpi4 [2020/04/29 21:42] robm created |
vpn-rpi4 [2020/04/30 08:59] robm [ExpressVPN Access Point using a Raspberry Pi 4] |
||
---|---|---|---|
Line 6: | Line 6: | ||
* '' | * '' | ||
* CIDR: '' | * CIDR: '' | ||
+ | * DHCP range: '' | ||
* Gateway / router: '' | * Gateway / router: '' | ||
Line 48: | Line 49: | ||
up | up | ||
down ebtables -t filter -D FORWARD --protocol 0x0800 --ip-protocol UDP --ip-destination-port 67 -j DROP | down ebtables -t filter -D FORWARD --protocol 0x0800 --ip-protocol UDP --ip-destination-port 67 -j DROP | ||
+ | |||
+ | # Ethernet Bridging: Be deaf to DHCP requests originating on the wired | ||
+ | # connection (home network), we are not their DHCP server. (.. and dnsmasq | ||
+ | # cannot distinguish the source, as it all appears to be coming from br0) | ||
+ | up | ||
+ | down ebtables -t filter -D INPUT -d FF: | ||
# Internet Protocol Network Address Translation when using this bridge, and | # Internet Protocol Network Address Translation when using this bridge, and | ||
Line 62: | Line 69: | ||
sudo apt remove openresolv | sudo apt remove openresolv | ||
sudo apt install dnsmasq hostapd | sudo apt install dnsmasq hostapd | ||
+ | </ | ||
+ | |||
+ | Remove ''/ | ||
+ | < | ||
+ | nameserver 1.0.0.1 | ||
+ | nameserver 8.8.4.4 | ||
+ | nameserver 1.1.1.1 | ||
+ | nameserver 8.8.8.8 | ||
</ | </ | ||
Modify ''/ | Modify ''/ | ||
< | < | ||
- | dhcp-range=172.16.0.10,172.16.0.20,1h | + | dhcp-range=192.168.167.40,192.168.167.47,1h |
- | except-interface=eth0 | + | |
dhcp-authoritative | dhcp-authoritative | ||
+ | clear-on-reload | ||
+ | bridge-interface=br0, | ||
</ | </ | ||
Line 145: | Line 161: | ||
===== Debugging ===== | ===== Debugging ===== | ||
- | < | + | < |
+ | lo | ||
+ | eth0 | ||
+ | wlan0 UP | ||
+ | br0 UP | ||
+ | |||
+ | |||
+ | pi@raspberrypi4: | ||
+ | lo | ||
+ | eth0 UP | ||
+ | wlan0 UP | ||
+ | br0 UP | ||
+ | |||
pi@raspberrypi4: | pi@raspberrypi4: | ||
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) | Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) | ||
Line 155: | Line 184: | ||
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) | Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) | ||
pkts bytes target | pkts bytes target | ||
- | | + | |
- | | + | |
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) | ||
Line 174: | Line 203: | ||
pi@raspberrypi4: | pi@raspberrypi4: | ||
- | 0.0.0.0/1 via 10.89.0.29 dev tun0 | ||
default via 192.168.167.1 dev br0 onlink | default via 192.168.167.1 dev br0 onlink | ||
- | 10.0.0.0/8 via 192.168.167.1 dev br0 | ||
- | 10.89.0.1 via 10.89.0.29 dev tun0 | ||
- | 10.89.0.29 dev tun0 proto kernel scope link src 10.89.0.30 | ||
- | 128.0.0.0/1 via 10.89.0.29 dev tun0 | ||
- | 172.16.0.0/ | ||
- | 192.168.0.0/ | ||
192.168.167.0/ | 192.168.167.0/ | ||
- | 203.159.81.39 via 192.168.167.1 dev br0 | ||
- | pi@raspberrypi4: | + | pi@raspberrypi4: |
- | A new version is available, download it from https://www.vlycgtx.com/latest? | + | -- Logs begin at Wed 2020-04-29 22:45:20 BST, end at Wed 2020-04-29 22:47:25 BST. -- |
+ | Apr 29 22:45:56 raspberrypi4 systemd[1]: Starting Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator... | ||
+ | Apr 29 22:45:56 raspberrypi4 hostapd[710]: | ||
+ | Apr 29 22:45:56 raspberrypi4 hostapd[710]: | ||
+ | Apr 29 22:45:56 raspberrypi4 systemd[1]: Started Advanced IEEE 802.11 AP and IEEE 802.1X/ | ||
- | Connected to Netherlands - The Hague | ||
- | - To protect your privacy if your VPN connection unexpectedly drops, you can enable Network Lock by typing ' | + | pi@raspberrypi4: |
- | pi@raspberrypi4: | + | -- Logs begin at Wed 2020-04-29 22:45:20 BST, end at Wed 2020-04-29 22:47:25 BST. -- |
+ | Apr 29 22:45:56 raspberrypi4 systemd[1]: Starting dnsmasq - A lightweight DHCP and caching DNS server... | ||
+ | Apr 29 22:45:56 raspberrypi4 dnsmasq[711]: | ||
+ | Apr 29 22:45:56 raspberrypi4 dnsmasq[751]: | ||
+ | Apr 29 22:45:56 raspberrypi4 dnsmasq[751]: | ||
+ | Apr 29 22:45:56 raspberrypi4 dnsmasq[751]: | ||
+ | Apr 29 22:45:56 raspberrypi4 dnsmasq-dhcp[751]: | ||
+ | Apr 29 22:45:56 raspberrypi4 dnsmasq[751]: | ||
+ | Apr 29 22:45:56 raspberrypi4 dnsmasq[751]: | ||
+ | Apr 29 22:45:56 raspberrypi4 dnsmasq[751]: | ||
+ | Apr 29 22:45:56 raspberrypi4 systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server. | ||
+ | Apr 29 22:46:16 raspberrypi4 dnsmasq-dhcp[751]: | ||
+ | Apr 29 22:46:16 raspberrypi4 dnsmasq-dhcp[751]: | ||
</ | </ |