221 lines
7.1 KiB
Bash
221 lines
7.1 KiB
Bash
|
#!/bin/bash
|
||
|
# https://raspberrypi.stackexchange.com/questions/88954/workaround-for-a-wifi-bridge-on-a-raspberry-pi-with-proxy-arp
|
||
|
# https://www.willhaley.com/blog/raspberry-pi-wifi-ethernet-bridge/
|
||
|
|
||
|
# TODO: non-interactive install
|
||
|
|
||
|
# ==============================================================================
|
||
|
# Config
|
||
|
|
||
|
SOURCE=${BASH_SOURCE[0]}
|
||
|
while [ -L "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
|
||
|
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
|
||
|
SOURCE=$(readlink "$SOURCE")
|
||
|
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
|
||
|
done
|
||
|
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
|
||
|
|
||
|
if [[ -f "$DIR/config.sh" ]]; then
|
||
|
source "$DIR/config.sh"
|
||
|
else
|
||
|
echo "config.sh missing!"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# ==============================================================================
|
||
|
# Setup
|
||
|
|
||
|
# Must be run as root
|
||
|
if [ "$(id -u)" -ne 0 ]; then
|
||
|
echo 'This script must be run as root.' >&2
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# We only need to get the $WLAN_IFACE IP address and will copy it over to $ETH_IFACE later
|
||
|
WLAN_IFACE_IP=$(ip -4 -br addr show $WLAN_IFACE | grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")
|
||
|
|
||
|
# ==============================================================================
|
||
|
# Install stuff
|
||
|
|
||
|
echo "# INSTALL THINGS #"
|
||
|
|
||
|
THINGS_TO_INSTALL="parprouted dhcp-helper net-tools"
|
||
|
|
||
|
if ! $NON_INTERACTIVE; then
|
||
|
echo "Going to install: $THINGS_TO_INSTALL"
|
||
|
read -p "Press ENTER to continue or CTRL+C to cancel..."
|
||
|
fi
|
||
|
|
||
|
echo -e "\n"
|
||
|
|
||
|
apt-get install $THINGS_TO_INSTALL
|
||
|
|
||
|
echo -e "\n\nSetting up services...\n"
|
||
|
|
||
|
systemctl stop dhcp-helper
|
||
|
systemctl enable dhcp-helper
|
||
|
|
||
|
if ! $NON_INTERACTIVE; then
|
||
|
echo -e "\n\nGoing to replace networking with systemd-networkd."
|
||
|
read -p "Press ENTER to continue or CTRL+C to cancel..."
|
||
|
fi
|
||
|
|
||
|
echo -e "\n"
|
||
|
apt-get --autoremove -y purge ifupdown dhcpcd5 isc-dhcp-client isc-dhcp-common
|
||
|
|
||
|
echo -e "\n\nConnecting to WiFi..."
|
||
|
|
||
|
WPA_SUPP_FILE="/etc/wpa_supplicant/wpa_supplicant-$WLAN_IFACE.conf"
|
||
|
cat > "$WPA_SUPP_FILE" <<EOF
|
||
|
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
|
||
|
update_config=1
|
||
|
country=US
|
||
|
network={
|
||
|
ssid="$WIFI_SSID"
|
||
|
scan_ssid=1
|
||
|
key_mgmt=WPA-EAP
|
||
|
eap=PEAP
|
||
|
identity="$WIFI_USERNAME"
|
||
|
password="$WIFI_PWD"
|
||
|
phase1="peaplabel=0"
|
||
|
phase2="auth=MSCHAPV2"
|
||
|
}
|
||
|
EOF
|
||
|
chmod 600 "$WPA_SUPP_FILE"
|
||
|
echo "Created wpa_supplicant: $WPA_SUPP_FILE"
|
||
|
systemctl disable wpa_supplicant.service
|
||
|
systemctl stop wpa_supplicant.service
|
||
|
systemctl enable --now wpa_supplicant@$WLAN_IFACE.service
|
||
|
systemctl status --no-pager wpa_supplicant@$WLAN_IFACE.service
|
||
|
echo ""
|
||
|
ifconfig $WLAN_IFACE
|
||
|
|
||
|
|
||
|
echo -e "\n\n"https://raspberrypi.stackexchange.com/questions/88954/workaround-for-a-wifi-bridge-on-a-raspberry-pi-with-proxy-arp
|
||
|
|
||
|
NET_CONF_FILE="/etc/systemd/network/08-$WLAN_IFACE.network"
|
||
|
cat > "$NET_CONF_FILE" <<EOF
|
||
|
[Match]
|
||
|
Name=$WLAN_IFACE
|
||
|
[Network]
|
||
|
IPForward=yes
|
||
|
DHCP=yes
|
||
|
# for a static ip address, remove DHCP=yes and modify the following lines:
|
||
|
#Address=192.168.50.2/24
|
||
|
#Gateway=192.168.50.1
|
||
|
#DNS=84.200.69.80 1.1.1.1
|
||
|
EOF
|
||
|
echo "Created network config: $WLAN_IFACE"
|
||
|
echo -e "Finishing systemd-networkd install...\n\n"
|
||
|
apt-get install -y libnss-resolve
|
||
|
systemctl enable --now systemd-resolved.service
|
||
|
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
|
||
|
systemctl enable --now systemd-networkd.service
|
||
|
|
||
|
echo -e "\n\nInstall complete! Ignore any service errors for now..."
|
||
|
|
||
|
# ==============================================================================
|
||
|
# Create bridge interface
|
||
|
|
||
|
echo -e "\n# BRIDGE $WLAN_IFACE TO $ETH_IFACE #"
|
||
|
|
||
|
# brctl addbr br0
|
||
|
# brctl addif br0 $WLAN_IFACE
|
||
|
# brctl addif br0 $ETH_IFACE
|
||
|
# ip addr flush dev $WLAN_IFACE
|
||
|
# ip addr flush dev $ETH_IFACE
|
||
|
# ip link set dev br0 up
|
||
|
|
||
|
# IP="128.198.192.233"
|
||
|
# MAC="f0:1f:af:6d:fd:54"
|
||
|
# ebtables -F
|
||
|
# ebtables -F -t nat
|
||
|
# ebtables -t nat -A PREROUTING -i $WLAN_IFACE -j redirect --redirect-target ACCEPT
|
||
|
# ebtables -t nat -A PREROUTING -i $ETH_IFACE -j redirect --redirect-target ACCEPT
|
||
|
|
||
|
|
||
|
# This works but nat and is unreliable and breaks DHCP
|
||
|
# IP_OTHR="128.198.192.233"
|
||
|
# iptables -F
|
||
|
# iptables -F -t nat
|
||
|
# iptables -t nat -A PREROUTING -d $IP_OTHR -i $ETH_IFACE -j DNAT --to-destination $WLAN_IFACE_IP
|
||
|
# iptables -t nat -A PREROUTING -d $WLAN_IFACE_IP -i $WLAN_IFACE -j DNAT --to-destination $IP_OTHR
|
||
|
# iptables -t nat -A POSTROUTING -s $WLAN_IFACE_IP -j SNAT --to-source $IP_OTHR
|
||
|
# iptables -t nat -A POSTROUTING -s $IP_OTHR -j SNAT --to-source $WLAN_IFACE_IP
|
||
|
|
||
|
# ==============================================================================
|
||
|
# Set up configs
|
||
|
|
||
|
echo -e "\n# SET UP CONFIG FILES #"
|
||
|
|
||
|
sed -i'' 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
|
||
|
sudo sysctl -p /etc/sysctl.conf
|
||
|
echo "Set net.ipv4.ip_forward=1 in /etc/sysctl.conf"
|
||
|
|
||
|
DHCP_HELPER_CONF="/etc/default/dhcp-helper"
|
||
|
for ip in $DHCP_SERVERS; do
|
||
|
DHCP_SERVERS_CONF+=" -s $ip"
|
||
|
done
|
||
|
cat > "$DHCP_HELPER_CONF" <<EOF
|
||
|
# Relay DHCP requests as broadcast to $WLAN_IFACE
|
||
|
DHCPHELPER_OPTS="$DHCP_SERVERS_CONF"
|
||
|
EOF
|
||
|
echo "Created dhcp-helper config: $DHCP_HELPER_CONF"
|
||
|
|
||
|
# Enable IP forwarding for $WLAN_IFACE if it's not already enabled.
|
||
|
# grep '^option ip-forwarding 1$' /etc/dhcpcd.conf || printf "option ip-forwarding 1\n" >> /etc/dhcpcd.conf
|
||
|
|
||
|
# Disable dhcpcd control of $ETH_IFACE.
|
||
|
# grep "^denyinterfaces ${ETH_IFACE}\$" /etc/dhcpcd.conf || printf "denyinterfaces $ETH_IFACE\n" >> /etc/dhcpcd.conf
|
||
|
|
||
|
# Enable avahi reflector if it's not already enabled.
|
||
|
sed -i'' 's/#enable-reflector=no/enable-reflector=yes/' /etc/avahi/avahi-daemon.conf
|
||
|
grep '^enable-reflector=yes$' /etc/avahi/avahi-daemon.conf || {
|
||
|
printf "something went wrong...\n\n"
|
||
|
printf "Manually set 'enable-reflector=yes in /etc/avahi/avahi-daemon.conf'\n"
|
||
|
}
|
||
|
echo "Enabled avahi reflector."
|
||
|
|
||
|
PARPROUTED_SERVICE="/etc/systemd/system/parprouted.service"
|
||
|
cat > "$PARPROUTED_SERVICE" <<EOF
|
||
|
[Unit]
|
||
|
Description=proxy arp routing service
|
||
|
Documentation=https://raspberrypi.stackexchange.com/q/88954/79866
|
||
|
Requires=sys-subsystem-net-devices-$WLAN_IFACE.device
|
||
|
# dhcpcd.service
|
||
|
After=sys-subsystem-net-devices-$WLAN_IFACE.device
|
||
|
# dhcpcd.service
|
||
|
|
||
|
[Service]
|
||
|
Type=forking
|
||
|
# Restart until $WLAN_IFACE gained carrier
|
||
|
Restart=on-failure
|
||
|
RestartSec=5
|
||
|
TimeoutStartSec=30
|
||
|
# clone the dhcp-allocated IP to $ETH_IFACE so dhcp-helper will relay for the correct subnet
|
||
|
ExecStartPre=/bin/bash -c '/sbin/ip addr add $WLAN_IFACE_IP/32 dev $ETH_IFACE'
|
||
|
ExecStartPre=/sbin/ip link set dev $ETH_IFACE up
|
||
|
ExecStartPre=/sbin/ip link set $WLAN_IFACE promisc on
|
||
|
ExecStart=-/usr/sbin/parprouted $ETH_IFACE $WLAN_IFACE
|
||
|
ExecStopPost=/sbin/ip link set $WLAN_IFACE promisc off
|
||
|
ExecStopPost=/sbin/ip link set dev $ETH_IFACE down
|
||
|
ExecStopPost=/bin/bash -c '/sbin/ip addr del $WLAN_IFACE_IP/32 dev $ETH_IFACE'
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=wpa_supplicant.service
|
||
|
EOF
|
||
|
echo "Created systemd service: $PARPROUTED_SERVICE"
|
||
|
|
||
|
systemctl daemon-reload
|
||
|
systemctl enable --now parprouted dhcp-helper
|
||
|
systemctl restart parprouted dhcp-helper
|
||
|
echo -e "Enabled and started parprouted and dhcp-helper"
|
||
|
|
||
|
echo -e "Waiting 5 seconds...\n"
|
||
|
sleep 5
|
||
|
|
||
|
systemctl status --no-pager parprouted
|
||
|
systemctl status --no-pager dhcp-helper
|
||
|
|
||
|
echo -e "\n\n\n==============\nDone!\nNow reboot!"
|