Step #1: Flash SD Card
- Plug your SD card (and card reader) into your computer.
- We will be using Raspbian Linux for this project. It is a small, Debian-compatible Linux distribution for Raspberry Pi. Go to raspberrypi.org/downloads and download the Raspbian ZIP. When the download is complete, unzip it to reveal an img file. You need to copy this disk image onto the SD card.
- The Raspberry Pi website has excellent tutorials for how to install a disk image. Essentially, you can use Terminal on Mac or Linux with a command like this:
$ sudo dd if=/path/to/raspbian-image.img of=/dev/name-of-sd-card-diskOn Windows, you can use a program called Win32DiskImager that lets you drag-and drop the Raspbian image file to the destination disk. - When the disk is finished copying, you are ready to assemble. Snap your Raspberry Pi into the case and plug in the WiFi adapters and the SD card. Plug the Pi into a monitor, keyboard, and power adapter, and start it up.
Step #2: Boot Up the Raspberry Pi
- When you boot the Pi for the first time, it will guide you through a setup process called raspi-config. This lets you change your user password, overclock your Pi, and set up the desktop environment.
- For this project, you should change your user password, expand the disk, and choose “command line” as your Boot environment. If you live outside of the UK, you should change your internationalization options (keyboard, time zone, and locale) to match.
- You may want to enable SSH, so you can access your Pi after you disconnect its monitor and keyboard. When you exit, you will be brought to a console, ready to go. Log in with the username “pi” and the password you chose for your Pi.
Step #3: Connect to the Internet
- Connecting to Ethernet is simple; simply plug in an Ethernet cable and your Pi will figure out how to connect. Connecting to WiFi is a little more challenging. There are several WiFi network types and encryptions available, and each one is configured slightly differently in Linux.
- To tell your Pi how to connect to WiFi, you’ll have to edit the /etc/network/interfaces file.
$ sudo nano –w /etc/network/interfacesIn this file, you can set rules for how to connect to a WPA, WEP, or an open WiFi network. - Depending on the encryption of the WiFi access point, you’ll need to configure this file differently. [protected-iframe id="37bc87e7b65f9fcd08c96ae5c3c32bdd-30206320-62929444" info="37bc87e7b65f9fcd08c96ae5c3c32bdd" ] For example, if you are connecting to a WPA WiFi network, your /etc/network/interfaces file will contain something like this:
allow-hotplug wlan0 # detect WiFi adapter iface wlan0 inet dhcp # connect WiFi with DHCP wpa-ssid "myhostnetwork" # WPA access point name wpa-psk "myhostpassword" # WPA access point password - Manually restart WiFi to connect the Raspberry Pi to the Internet.
$ sudo ifdown wlan0 $ sudo ifup wlan0You can validate that you have a WiFi connection by pinging a website or running the command:$ ifconfig wlan0
Step #4: Create an Access Point
- Before proceeding further, update apt-get.
$ sudo apt-get updateAn access point allows a computer to connect to a network over WiFi. On our Pi we will be using hostapd to create the access point and isc-dhcp-server to give IP addresses to computers that connect to our access point. - Install access point: You will need a custom version of hostapd, the access point software that supports the Edimax cards you have. Installing hostapd takes about 10 minutes.
$ wget https://github.com/jenssegers/RTL8188-hostapd/archive/v1.1.tar.gz $ tar -zxvf v1.1.tar.gz $ cd RTL8188-hostapd-1.1/hostapd $ make $ sudo make installTell hostapd the name and password of our access point and the name of the device we are using to host WiFi connections:$ sudo nano –w /etc/hostapd/hostapd.confChange three lines in /etc/hostapd/hostapd.conf to:interface=wlan1 ssid=mySecureRouter wpa_passphrase=mySecurePasswordFinally, start hostapd and add it as a service on boot:$ sudo service hostapd start $ sudo update-rc.d hostapd enable
- Install DHCP server Install dnsmasq:
$ sudo apt-get install dnsmasqWe will tell our DHCP server that it controls an IP address range between 192.168.0.10 and 192.168.0.200, with our Pi router having the IP of 192.168.0.1. It will be configured as an “authoritative” server acting on the wlan1 device, meaning that it will force clients to discard expired IP addresses.$ sudo nano –w /etc/dnsmasq.d/dnsmasq.custom.confAdd the following to /etc/dnsmasq.d/dnsmasq.custom.conf:interface=wlan1 dhcp-range=wlan1,192.168.10.10,192.168.10.200,2h dhcp-option=3,192.168.10.1 # our router dhcp-option=6,192.168.10.1 # our DNS Server dhcp-authoritative # force clients to grab a new IPConfigure the DHCP server to use wlan1 as the device that manages DHCP requests:$ sudo nano -w /etc/resolv.confIn the file /etc/resolv.conf, add the following this line, pointing DNS to the Google public DNS servers:nameserver 192.168.1.1 nameserver 8.8.8.8 nameserver 8.8.8.4Now configure the wlan1 device to load at boot with a static IP address of 192.168.0.1.$ sudo –w nano /etc/network/interfacesAdd the following lines for wlan1:iface wlan1 inet static address 192.168.0.1 netmask 255.255.255.0Finally, restart the wlan1 WiFi adapter:$ sudo ifdown wlan1 $ sudo ifup wlan1Now start the DHCP server and add it as a service at boot:$ sudo service dnsmasq start $ sudo update-rc.d dnsmasq enableYou should now be able to see “mySecureRouter” as a WiFi access point from your computer. You can connect to it with WPA2 encryption and the password “mySecurePassword.”
To add PPTP client
or just do this
to have the tunnel started on system boot:
To start, you will need to install pptpclient, this can be achieved by:
sudo apt-get install pptp-linux
Next, Create a file in /etc/ppp/peers with arbitrary name and the following contents: you can create a file using cat > vpn.txt and enter the following press CTRL + D to save and exit.
pty "pptp $VPNHOSTNAME --nolaunchpppd --debug"
name $USERNAME
password $PASSWORD
remotename PPTP
require-mppe-128
require-mschap-v2
refuse-eap
refuse-pap
refuse-chap
refuse-mschap
noauth
debug
persist
maxfail 0
defaultroute
replacedefaultroute
usepeerdns
Where $VPNHOSTNAME is your VPN host name, $PASSWORD is your VPN password and $USERNAME is your VPN username.
After you have done that, you should do sudo pon $FILENAME where $FILENAME is the name of the file you saved earlier.
To start your VPN client on boot, you can follow the instructions onhttp://pptpclient.sourceforge.net/howto-debian.phtml (point 8 or 9, Hand configuration section)
or just do this
to have the tunnel started on system boot:
- for Debian Sarge and later, edit the /etc/network/interfaces file, and add this section: $TUNNEL below should be replace with the file you created in the previous step
auto tunnel
iface tunnel inet ppp
provider $TUNNEL
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto wlan0
iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf
address 192.168.8.1
netmask 255.255.255.0Step #6: Set up Routing
- Routing is what connects your computer to the internet. It takes packets of data that your computer sends to the Pi, then forwards it on to a website. When the web site responds, packets of data are sent back to your Pi across the internet. Your Pi figures out which WiFi client the response is intended for, and passes it forward to your computer.
- If you have VPN or TOR configured, these packets will also pass through an encrypted service within the internet. This is done using software called iptables. We must enable and configure the rules that allow our Pi to know how to route packets of data the right way. Let’s enable routing:
$ echo 1 | sudo tee /proc/sys/net/ipv4/ip_forwardTell Linux to remember this change:$ sudo nano /etc/sysctl.confIn this file, uncomment the line:net.ipv4.ip_forward=1 - Depending on how you are connecting to the Internet on your Pi (VPN, TOR, Ethernet, or WiFi), you will be routing through one of several devices. Choose the device to route through based on the connection method: [protected-iframe id="65ac4502bc06dd3c23837be5405ed3e6-30206320-62929444" info="65ac4502bc06dd3c23837be5405ed3e6" ]
- Tell Linux to masquerade as your computer on the internet:
$ sudo iptables –t nat –A POSTROUTING –o tun0 -j MASQUERADETell it to forward all traffic to the Internet:$ sudo iptables –A FORWARD –i wlan1 –o tun0 -j ACCEPTFinally, tell it to forward returning Internet data to the appropriate client:$ sudo iptables –A FORWARD –i tun0 -o wlan1 –m state --state RELATED,ESTABLISHED –j ACCEPTSave these settings for the next reboot:$ sudo sh –c “iptables-save > /etc/iptables.restore” $ echo “up iptables-restore < /etc/iptables.restore” | sudo tee --append /etc/network/interfaces
