Instead the easiest option is to bridge the connection with a dedicated PPPoA modem - however there are not many around that support this - the Draytec Vigor 120 and D-Link DSL-320B both do what we need.
I chose the D-Link since you can pick these up fairly cheaply from Amazon.
The first hurdle was working out which settings need to be configured on the DSL-320B - although this might differ slightly from ISP to ISP - below are the settings I used on the device to get it running correctly in bridging mode:
Firstly go to the web-based configuration portal and hit: Setup >> ADSL Setup
Manual ADSL Connection = Bridge Mode
Bridge Mode / Connection Type = 1483 Bridged IP LLC (VC-Mux didn't work for me.)
VPI: 0 (may differ)
VCI: 38 (may differ)
Virtual Circuit = Enable
Service Category = UBR
Now we want to configure a PPP connection on our Raspberry Pi - I'm using CentOS 7 on mine - however the instructions are pretty generic.
We'll need to firstly install the ppp client etc:
sudo yum -y install rp-pppoe pppd
To get us up and running quick we can run 'pppoe-setup' from the terminal (as root) and we will be prompted for PPPoA username and password among other options.
For the firewall choice we will typically want Option 2 / MASQUERADE - however we will be tweaking the rules in a bit.
All of the ppp configuration is stored under /etc/ppp - there are a few noteworthy files:
chap-secrets: This holds your PPPoA username / password
pap-secrets: Again, holds your PPPoA username / password
firewall-masq: The firewall script (if you chose option 2 during thr setup wizard)
/etc/sysconfig/network-scripts/ifcfg-pppX: The interface configuration script
Before bringing up the connection we will need to modify the firewall rules - since they are not setup very well for a general purpose home router. You will need to add some extra lines into the firewall script (that gets executed when the pppX interface comes up) - this is because existing firewall rules are flushed:
vi /etc/ppp/firewall-masq
# Allow incoming SSH
iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
# Allow established connections inbound
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow all traffic on localhost
iptables -A INPUT -i lo -j ACCEPT
Now let's attempt to bring the ppp connection up with:
sudo ifup ppp0
and review the connection with:
ip link ppp0
With any luck you will see it's come up and now assigned an IP.
The next step is to setup a local DHCP server that will serve our LAN:
sudo yum install dhcpd
and configure like follows (replacing where necessary):
# name server(s)
option domain-name-servers 8.8.8.8;
# default lease time
default-lease-time 600;
# max lease time
max-lease-time 7200;
# this DHCP server to be declared valid
authoritative;
# specify network address and subnet mask
subnet 10.11.12.0 netmask 255.255.255.0 {
# specify the range of lease IP address
range dynamic-bootp 10.11.12.10 10.11.12.254;
# specify broadcast address
option broadcast-address 10.11.12.255;
# specify default gateway
option routers 10.11.12.1;
}
Now I also want wireless clients to be able to connect to my network - so I ended up purchasing a high gain USB NIC (RTL8188CUS to be precise).
We will need to install the following packages:
sudo yum -y install hostapd iw bridge-utils openssl-devel libnl-devel
and the build tools:
yum groupinstall "Development Tools"
Unfortunately the CentOS ARM repo's don't currently have a package for hostapd - so we'll need to compile this from source:
cd /tmp
yum install git
git clone git://w1.fi/srv/git/hostap.git
cd ~/hostap/hostapd
git checkout hostap_2_3
cp defconfig .config
We will also need to apply a patch in order to get hostapd working with the RTL8188CUS chipset from: https://github.com/pritambaral/hostapd-rtl871xdrv
cd to the parent directory (the one with the src and hostapd folders) and run the patch e.g.:
patch -Np1 -i /path/to/rtlxdrv.patch
We will now need to tweak the .config file a little - ensure the following are set:
CONFIG_DRIVER_NL80211=y # enable netlink interface
CONFIG_IEEE80211N=y # enable 802.1n
CONFIG_IEEE80211AC=y # enable 802.1ac
CONFIG_ACS=y # enable automatic channel selection
CONFIG_DRIVER_RTW=y # enable RTL8188CUS support
make && make install
and then create a configuration file for it:
mkdir /etc/hostapd
vi /etc/hostapd/hostapd.conf
and add something like the following:
driver=rtl871xdrv
device_name=RTL8192CU
manufacturer=Realtek
interface=wlan0 # the interface used by the AP
hw_mode=g # g simply means 2.4GHz band
channel=10 # the channel to use
ieee80211d=1 # limit the frequencies used to those allowed in the country
country_code=GB # the country code
ieee80211n=1 # 802.11n support
wmm_enabled=1 # QoS support
ssid=somename # the name of the AP
auth_algs=1 # 1=wpa, 2=wep, 3=both
wpa=2 # WPA2 only
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=somepassword
We will also ensure that the wlan0 interface is excluded from control by the Network Manager:
vim /etc/NetworkManager/NetworkManager.conf
and adding:
[keyfile]
unmanaged-devices=mac:<wlan0-mac-address>
And turn of wifi with:
nmcli radio wifi off
sudo rfkill unblock wlan
and start / test it with:
hostapd /etc/hostapd/hostapd.conf
Everything seemed to look OK initially until I attempted to connected to the AP - and I got the following error message on the console:
wlan0: STA 11:22:33:44:55:66 IEEE 802.11: deauthenticated due to local deauth request
This turns out to be due to lack of entropy so we can install haveged to overcome this - however - again it's not readily available as a package so we'll need to compile it from source:
cd /tmp
wget https://netix.dl.sourceforge.net/project/haveged/haveged-1.9.1.tar.gz
tar zxvf hav*
cd haveged*
./configure
make && make install
and retry with:
hostapd /etc/hostapd/hostapd.conf
Note: When starting hostapd it wipes the IP configuration on wlan0! So we will need to manually configure the interface after it's started and also restart the DHCP service - I wrote the following up (very quickly):
#!/bin/bash
echo Killing of any existing hostapd instances...
pkill hostapd
echo
echo Ensuring wifi is turned off
# make sure wlan interface is offline
nmcli radio wifi off
echo
echo Starting hostapd...
nohup /usr/local/bin/hostapd /etc/hostapd/hostapd.conf >/dev/null 2>&1 &
echo
echo Assiging ip address to wlan interface
# assign ip address to interface
ip addr add 10.55.55.1/24 dev wlan0
echo
echo Restarting the DHCP service
# restart dhcp server
systemctl restart dhcpd
echo
Ideally (when I get the time) I will create it's own service unit for systemctl - but for now the above will do!
Sources:
Hostapd on CentOS 6: http://jasonmaur.com/hostapd-centos-6/
No comments:
Post a Comment