Saturday, 3 June 2017

Replacing your modem / router with a Raspberry Pi and a DSL-320B

One of the major draw backs to Linux (although by no fault of its own) is that there are so few PPPoA drivers available - largely due to the vast majority of them not being open sourced. However there a few Thompson model chip sets that work - but these are ancient.

Instead the easiest option is to bridge the connection with a dedicated PPPoA modem - however there are not many around that support this - the Draytec Vigor 120 and D-Link DSL-320B both do what we need.

I chose the D-Link since you can pick these up fairly cheaply from Amazon.

The first hurdle was working out which settings need to be configured on the DSL-320B - although this might differ slightly from ISP to ISP - below are the settings I used on the device to get it running correctly in bridging mode:

Firstly go to the web-based configuration portal and hit: Setup >> ADSL Setup

Manual ADSL Connection = Bridge Mode
Bridge Mode / Connection Type = 1483 Bridged IP LLC (VC-Mux didn't work for me.)
VPI: 0 (may differ)
VCI: 38 (may differ)
Virtual Circuit = Enable
Service Category = UBR


Now we want to configure a PPP connection on our Raspberry Pi - I'm using CentOS 7 on mine - however the instructions are pretty generic.

We'll need to firstly install the ppp client etc:

sudo yum -y install rp-pppoe pppd

To get us up and running quick we can run 'pppoe-setup' from the terminal (as root) and we will be prompted for PPPoA username and password among other options. 

For the firewall choice we will typically want Option 2 / MASQUERADE - however we will be tweaking the rules in a bit.

All of the ppp configuration is stored under /etc/ppp - there are a few noteworthy files:

chap-secrets: This holds your PPPoA username / password
pap-secrets: Again, holds your PPPoA username / password
firewall-masq: The firewall script (if you chose option 2 during thr setup wizard)
/etc/sysconfig/network-scripts/ifcfg-pppX: The interface configuration script

Before bringing up the connection we will need to modify the firewall rules - since they are not setup very well for a general purpose home router. You will need to add some extra lines into the firewall script (that gets executed when the pppX interface comes up) - this is because existing firewall rules are flushed:

vi /etc/ppp/firewall-masq

# Allow incoming SSH
iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

# Allow established connections inbound
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all traffic on localhost
iptables -A INPUT -i lo -j ACCEPT

Now let's attempt to bring the ppp connection up with:

sudo ifup ppp0

and review the connection with:

ip link ppp0

With any luck you will see it's come up and now assigned an IP.

The next step is to setup a local DHCP server that will serve our LAN:

sudo yum install dhcpd

and configure like follows (replacing where necessary):

# name server(s)
option domain-name-servers 8.8.8.8;

# default lease time
default-lease-time 600;

# max lease time
max-lease-time 7200;

# this DHCP server to be declared valid
authoritative;

# specify network address and subnet mask
subnet 10.11.12.0 netmask 255.255.255.0 {
    # specify the range of lease IP address
    range dynamic-bootp 10.11.12.10 10.11.12.254;
    # specify broadcast address
    option broadcast-address 10.11.12.255;
    # specify default gateway
    option routers 10.11.12.1;
}

Now I also want wireless clients to be able to connect to my network - so I ended up purchasing a high gain USB NIC (RTL8188CUS to be precise).

We will need to install the following packages:

sudo yum -y install hostapd iw bridge-utils openssl-devel libnl-devel

and the build tools:

yum groupinstall "Development Tools"

Unfortunately the CentOS ARM repo's don't currently have a package for hostapd - so we'll need to compile this from source:

cd /tmp
yum install git
git clone git://w1.fi/srv/git/hostap.git
cd ~/hostap/hostapd
git checkout hostap_2_3
cp defconfig .config

We will also need to apply a patch in order to get hostapd working with the RTL8188CUS chipset from: https://github.com/pritambaral/hostapd-rtl871xdrv

cd to the parent directory (the one with the src and hostapd folders) and run the patch e.g.:

patch -Np1 -i /path/to/rtlxdrv.patch

We will now need to tweak the .config file a little - ensure the following are set:

CONFIG_DRIVER_NL80211=y # enable netlink interface
CONFIG_IEEE80211N=y # enable 802.1n
CONFIG_IEEE80211AC=y # enable 802.1ac
CONFIG_ACS=y # enable automatic channel selection
CONFIG_DRIVER_RTW=y # enable RTL8188CUS support

make && make install

and then create a configuration file for it:

mkdir /etc/hostapd
vi /etc/hostapd/hostapd.conf

and add something like the following:

driver=rtl871xdrv
device_name=RTL8192CU
manufacturer=Realtek

interface=wlan0       # the interface used by the AP
hw_mode=g             # g simply means 2.4GHz band
channel=10            # the channel to use
ieee80211d=1          # limit the frequencies used to those allowed in the country
country_code=GB       # the country code
ieee80211n=1          # 802.11n support
wmm_enabled=1         # QoS support
ssid=somename         # the name of the AP
auth_algs=1           # 1=wpa, 2=wep, 3=both
wpa=2                 # WPA2 only
wpa_key_mgmt=WPA-PSK  
rsn_pairwise=CCMP
wpa_passphrase=somepassword

We will also ensure that the wlan0 interface is excluded from control by the Network Manager:

vim /etc/NetworkManager/NetworkManager.conf

and adding:

[keyfile]
unmanaged-devices=mac:<wlan0-mac-address>

And turn of wifi with:

nmcli radio wifi off
sudo rfkill unblock wlan

and start / test it with:

hostapd /etc/hostapd/hostapd.conf

Everything seemed to look OK initially until I attempted to connected to the AP - and I got the following error message on the console:

wlan0: STA 11:22:33:44:55:66 IEEE 802.11: deauthenticated due to local deauth request

This turns out to be due to lack of entropy so we can install haveged to overcome this - however - again it's not readily available as a package so we'll need to compile it from source:
cd /tmp
wget https://netix.dl.sourceforge.net/project/haveged/haveged-1.9.1.tar.gz
tar zxvf hav*
cd haveged*
./configure
make && make install

and retry with:

hostapd /etc/hostapd/hostapd.conf

Note: When starting hostapd it wipes the IP configuration on wlan0! So we will need to manually configure the interface after it's started and also restart the DHCP service - I wrote the following up (very quickly):

#!/bin/bash

echo Killing of any existing hostapd instances...
pkill hostapd
echo

echo Ensuring wifi is turned off
# make sure wlan interface is offline
nmcli radio wifi off
echo

echo Starting hostapd...
nohup /usr/local/bin/hostapd /etc/hostapd/hostapd.conf >/dev/null 2>&1 &
echo

echo Assiging ip address to wlan interface
# assign ip address to interface
ip addr add 10.55.55.1/24 dev wlan0
echo

echo Restarting the DHCP service
# restart dhcp server
systemctl restart dhcpd
echo

Ideally (when I get the time) I will create it's own service unit for systemctl - but for now the above will do!

Sources:

Hostapd on CentOS 6: http://jasonmaur.com/hostapd-centos-6/

0 comments:

Post a comment