SETUP PI AP
Configuring the Raspberry Pi
-- Enable shh, update Local info (keyboard)
sudo apt-get update
sudo apt-get upgrade
Install a few Dependancies
apt install curl wget git net-tools wireguard frr
Enable IP Forwarding on the Server
ENABLE KERNEL FORWARDING
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
Enable Networking daemon
systemctl enable networking
ADD YOUR VPN CONFIG TO WIREGUARD FILE
Use your own PrivateKey and allocated Tunnel IP:
Start your WG connection:
systemctl start firstname.lastname@example.org.
wg-quick up wg0
You can stop a wireguard instance by issuing:
wg-quick down /etc/wireguard/wg0.conf
Use systemd service to start WireGuard on load.
systemctl enable email@example.com
Check its status with the following command. Its status should be active (exited).
systemctl status firstname.lastname@example.org
Now WireGuard server is ready to accept client connections.
#Fixing WiFI Dropout Issues
If you find your external WiFi adapter kernel module 'drops out' from time to time,
you can fix it fairly easily with a command line fix (thanks perseus286!)
Create and edit a new file in /etc/modprobe.d/8192cu.conf
and paste the following in to Disable power saving
options 8192cu rtw_power_mgnt=0 rtw_enusbss=1 rtw_ips_mode=1
IF you have been given additional IP's allocated via the VPN Tunnel, and want to experiment with BGP; use below to connect!
Setup FRR. (For BGP connection)
Enable BGP Daemon:
(CHANGE bgpd TO YES)
sed -i 's/^bgpd=no/bgpd=yes/g’ /etc/frr/daemons
Disable Integrated config file
sed -i 's/^service/no service/g' /etc/frr/vtysh.conf
Enter FRR using "vtysh"
Save to update and create config files
wr memREMOVE COMBINDED FILE**
Remove Combined FRR File
rm -rf /etc/frr/frr.conf /etc/frr/frr.conf.sav
systemctl restart frr.service
Enable FRR to start on boot
systemctl enable frr.service
Enter Frr and paste your own config file
Edit below to ADD YOUR OWN ASN number allocated For tunnel :
I.E. Exchange 64515 with your own ASN# & change network IP from 184.108.40.206/29 to your own IP range
IF you have been given additional IP (other than tunnel IP) you can setup RaspAP to auto delegate IP's to other Wifi devices.
(agree to all prompts, except openvpn)
curl -sL https://install.raspap.com | bash
systemctl unmask hostapd
update-rc.d hostapd defaults
systemctl enable hostapd
systemctl start hostapd
systemctl status hostapd
Make sure the last "status" command returns no errors.
In browser goto the IP address of eth0 Using the Default username / password: admin / secret
Goto DHCP server.
Add the first IP from your allocated IP range. I.E if you have 220.127.116.11/29 ,
your first IP would be :
Add the starting DHCP OPTIONS address as the next available IP from VPN allocated IP’s… I.E. 18.104.22.168 - 134
Goto hotspot, > advanced > restart Hotspot stop then restart wlan0
COMMING SOON - adding External ETH1
Below not complete
config for enabling an second Ether port for connection to L2 switch and giving additional IP's to devices.
FOR BRIDGING ETHER
sudo apt-get install bridge-utils
Add an external Ethernet port to be able to bridge your wifi connection
EDIT NETWORK INTERFACES FILE**
Edit hostapd config
Add to bottom of config:
Edit DHCP config
Comment out #. RaspAP wlan0 configuration and below.
add: (Replace with the first Available IP in your static IP block and your Tunnel IP is in your static routers )
Change the 192.168.0.1 to the IP of the ETH0 port.
ip route add 22.214.171.124/32 via 192.168.0.1