SETUP PI AP

SETUP PI AP

Configuring the Raspberry Pi

sudo raspi-config

-- Enable shh, update Local info (keyboard)

sudo apt-get update

sudo apt-get upgrade

Install a few Dependancies

apt install curl wget git net-tools wireguard frr

reboot

 

Enable IP Forwarding on the Server

ENABLE KERNEL FORWARDING

sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf

Enable Networking daemon

systemctl enable networking

 

 

Setup Wireguard

mkdir /etc/wirguard/

touch /etc/wirguard/wg0.conf

nano /etc/wireguard/wg0.conf

 

  • ADD YOUR VPN CONFIG TO WIREGUARD FILE

    Use your own PrivateKey and allocated Tunnel IP:

Start your WG connection:

systemctl start wg-quick@wg0.service.

OR Simpler

wg-quick up wg0

You can stop a wireguard instance by issuing:

wg-quick down /etc/wireguard/wg0.conf

Use systemd service to start WireGuard on load.

systemctl enable wg-quick@wg0.service

Check its status with the following command. Its status should be active (exited).

systemctl status wg-quick@wg0.service

 

Now WireGuard server is ready to accept client connections.

 

#Fixing WiFI Dropout Issues

If you find your external WiFi adapter kernel module 'drops out' from time to time,

you can fix it fairly easily with a command line fix (thanks perseus286!)

Create and edit a new file in /etc/modprobe.d/8192cu.conf

nano /etc/modprobe.d/8192cu.conf

and paste the following in to Disable power saving

options 8192cu rtw_power_mgnt=0 rtw_enusbss=1 rtw_ips_mode=1

 

 

 

IF you have been given additional IP's allocated via the VPN Tunnel, and want to experiment with BGP; use below to connect!

 

 

 

Setup FRR. (For BGP connection)

Enable BGP Daemon:

(CHANGE bgpd TO YES)

sed -i 's/^bgpd=no/bgpd=yes/g’ /etc/frr/daemons

Disable Integrated config file

sed -i 's/^service/no service/g' /etc/frr/vtysh.conf

Enter FRR using "vtysh"

vtysh

Save to update and create config files

wr memREMOVE COMBINDED FILE**

Remove Combined FRR File

rm -rf /etc/frr/frr.conf /etc/frr/frr.conf.sav

Restart FRR

systemctl restart frr.service

Enable FRR to start on boot

systemctl enable frr.service

 

Enter Frr and paste your own config file

vtysh

 

Edit below to ADD YOUR OWN ASN number allocated For tunnel :
I.E. Exchange 64515 with your own ASN# & change network IP from 44.31.0.128/29 to your own IP range

 

 

 

IF you have been given additional IP (other than tunnel IP) you can setup RaspAP to auto delegate IP's to other Wifi devices.

 

Setup RaspAP

(agree to all prompts, except openvpn)

curl -sL https://install.raspap.com | bash

systemctl unmask hostapd

update-rc.d hostapd defaults

systemctl enable hostapd

systemctl start hostapd

systemctl status hostapd

 

Make sure the last "status" command returns no errors.

 

In browser goto the IP address of eth0 Using the Default username / password: admin / secret

Goto DHCP server.

Add the first IP from your allocated IP range. I.E if you have 44.31.0.128/29 ,

your first IP would be :

Add the starting DHCP OPTIONS address as the next available IP from VPN allocated IP’s… I.E. 44.31.0.130 - 134

https://www.davidc.net/sites/default/subnets/subnets.html

Goto hotspot, > advanced > restart Hotspot stop then restart wlan0

 

 

 

 

 

COMMING SOON - adding External ETH1

Below not complete

config for enabling an second Ether port for connection to L2 switch and giving additional IP's to devices.

 

FOR BRIDGING ETHER

sudo apt-get install bridge-utils

Add an external Ethernet port to be able to bridge your wifi connection

EDIT NETWORK INTERFACES FILE**

 

Edit hostapd config

nano /etc/hostapd/hostapd.conf

Add to bottom of config:

 

Edit DHCP config

nano /etc/dhcpcd.conf

Comment out #. RaspAP wlan0 configuration and below.

add: (Replace with the first Available IP in your static IP block and your Tunnel IP is in your static routers )

 

ADD ROUTES:

Change the 192.168.0.1 to the IP of the ETH0 port.

ip route add 66.248.232.142/32 via 192.168.0.1