wlan2eth/bridge-install.sh

221 lines
7.1 KiB
Bash
Raw Normal View History

2023-06-13 10:33:04 -06:00
#!/bin/bash
# https://raspberrypi.stackexchange.com/questions/88954/workaround-for-a-wifi-bridge-on-a-raspberry-pi-with-proxy-arp
# https://www.willhaley.com/blog/raspberry-pi-wifi-ethernet-bridge/
# TODO: non-interactive install
# ==============================================================================
# Config
SOURCE=${BASH_SOURCE[0]}
while [ -L "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
SOURCE=$(readlink "$SOURCE")
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
DIR=$( cd -P "$( dirname "$SOURCE" )" >/dev/null 2>&1 && pwd )
if [[ -f "$DIR/config.sh" ]]; then
source "$DIR/config.sh"
else
echo "config.sh missing!"
exit 1
fi
# ==============================================================================
# Setup
# Must be run as root
if [ "$(id -u)" -ne 0 ]; then
echo 'This script must be run as root.' >&2
exit 1
fi
# We only need to get the $WLAN_IFACE IP address and will copy it over to $ETH_IFACE later
WLAN_IFACE_IP=$(ip -4 -br addr show $WLAN_IFACE | grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")
# ==============================================================================
# Install stuff
echo "# INSTALL THINGS #"
THINGS_TO_INSTALL="parprouted dhcp-helper net-tools"
if ! $NON_INTERACTIVE; then
echo "Going to install: $THINGS_TO_INSTALL"
read -p "Press ENTER to continue or CTRL+C to cancel..."
fi
echo -e "\n"
apt-get install $THINGS_TO_INSTALL
echo -e "\n\nSetting up services...\n"
systemctl stop dhcp-helper
systemctl enable dhcp-helper
if ! $NON_INTERACTIVE; then
echo -e "\n\nGoing to replace networking with systemd-networkd."
read -p "Press ENTER to continue or CTRL+C to cancel..."
fi
echo -e "\n"
apt-get --autoremove -y purge ifupdown dhcpcd5 isc-dhcp-client isc-dhcp-common
echo -e "\n\nConnecting to WiFi..."
WPA_SUPP_FILE="/etc/wpa_supplicant/wpa_supplicant-$WLAN_IFACE.conf"
cat > "$WPA_SUPP_FILE" <<EOF
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=US
network={
ssid="$WIFI_SSID"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="$WIFI_USERNAME"
password="$WIFI_PWD"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
EOF
chmod 600 "$WPA_SUPP_FILE"
echo "Created wpa_supplicant: $WPA_SUPP_FILE"
systemctl disable wpa_supplicant.service
systemctl stop wpa_supplicant.service
systemctl enable --now wpa_supplicant@$WLAN_IFACE.service
systemctl status --no-pager wpa_supplicant@$WLAN_IFACE.service
echo ""
ifconfig $WLAN_IFACE
echo -e "\n\n"https://raspberrypi.stackexchange.com/questions/88954/workaround-for-a-wifi-bridge-on-a-raspberry-pi-with-proxy-arp
NET_CONF_FILE="/etc/systemd/network/08-$WLAN_IFACE.network"
cat > "$NET_CONF_FILE" <<EOF
[Match]
Name=$WLAN_IFACE
[Network]
IPForward=yes
DHCP=yes
# for a static ip address, remove DHCP=yes and modify the following lines:
#Address=192.168.50.2/24
#Gateway=192.168.50.1
#DNS=84.200.69.80 1.1.1.1
EOF
echo "Created network config: $WLAN_IFACE"
echo -e "Finishing systemd-networkd install...\n\n"
apt-get install -y libnss-resolve
systemctl enable --now systemd-resolved.service
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl enable --now systemd-networkd.service
echo -e "\n\nInstall complete! Ignore any service errors for now..."
# ==============================================================================
# Create bridge interface
echo -e "\n# BRIDGE $WLAN_IFACE TO $ETH_IFACE #"
# brctl addbr br0
# brctl addif br0 $WLAN_IFACE
# brctl addif br0 $ETH_IFACE
# ip addr flush dev $WLAN_IFACE
# ip addr flush dev $ETH_IFACE
# ip link set dev br0 up
# IP="128.198.192.233"
# MAC="f0:1f:af:6d:fd:54"
# ebtables -F
# ebtables -F -t nat
# ebtables -t nat -A PREROUTING -i $WLAN_IFACE -j redirect --redirect-target ACCEPT
# ebtables -t nat -A PREROUTING -i $ETH_IFACE -j redirect --redirect-target ACCEPT
# This works but nat and is unreliable and breaks DHCP
# IP_OTHR="128.198.192.233"
# iptables -F
# iptables -F -t nat
# iptables -t nat -A PREROUTING -d $IP_OTHR -i $ETH_IFACE -j DNAT --to-destination $WLAN_IFACE_IP
# iptables -t nat -A PREROUTING -d $WLAN_IFACE_IP -i $WLAN_IFACE -j DNAT --to-destination $IP_OTHR
# iptables -t nat -A POSTROUTING -s $WLAN_IFACE_IP -j SNAT --to-source $IP_OTHR
# iptables -t nat -A POSTROUTING -s $IP_OTHR -j SNAT --to-source $WLAN_IFACE_IP
# ==============================================================================
# Set up configs
echo -e "\n# SET UP CONFIG FILES #"
sed -i'' 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
echo "Set net.ipv4.ip_forward=1 in /etc/sysctl.conf"
DHCP_HELPER_CONF="/etc/default/dhcp-helper"
for ip in $DHCP_SERVERS; do
DHCP_SERVERS_CONF+=" -s $ip"
done
cat > "$DHCP_HELPER_CONF" <<EOF
# Relay DHCP requests as broadcast to $WLAN_IFACE
DHCPHELPER_OPTS="$DHCP_SERVERS_CONF"
EOF
echo "Created dhcp-helper config: $DHCP_HELPER_CONF"
# Enable IP forwarding for $WLAN_IFACE if it's not already enabled.
# grep '^option ip-forwarding 1$' /etc/dhcpcd.conf || printf "option ip-forwarding 1\n" >> /etc/dhcpcd.conf
# Disable dhcpcd control of $ETH_IFACE.
# grep "^denyinterfaces ${ETH_IFACE}\$" /etc/dhcpcd.conf || printf "denyinterfaces $ETH_IFACE\n" >> /etc/dhcpcd.conf
# Enable avahi reflector if it's not already enabled.
sed -i'' 's/#enable-reflector=no/enable-reflector=yes/' /etc/avahi/avahi-daemon.conf
grep '^enable-reflector=yes$' /etc/avahi/avahi-daemon.conf || {
printf "something went wrong...\n\n"
printf "Manually set 'enable-reflector=yes in /etc/avahi/avahi-daemon.conf'\n"
}
echo "Enabled avahi reflector."
PARPROUTED_SERVICE="/etc/systemd/system/parprouted.service"
cat > "$PARPROUTED_SERVICE" <<EOF
[Unit]
Description=proxy arp routing service
Documentation=https://raspberrypi.stackexchange.com/q/88954/79866
Requires=sys-subsystem-net-devices-$WLAN_IFACE.device
# dhcpcd.service
After=sys-subsystem-net-devices-$WLAN_IFACE.device
# dhcpcd.service
[Service]
Type=forking
# Restart until $WLAN_IFACE gained carrier
Restart=on-failure
RestartSec=5
TimeoutStartSec=30
# clone the dhcp-allocated IP to $ETH_IFACE so dhcp-helper will relay for the correct subnet
ExecStartPre=/bin/bash -c '/sbin/ip addr add $WLAN_IFACE_IP/32 dev $ETH_IFACE'
ExecStartPre=/sbin/ip link set dev $ETH_IFACE up
ExecStartPre=/sbin/ip link set $WLAN_IFACE promisc on
ExecStart=-/usr/sbin/parprouted $ETH_IFACE $WLAN_IFACE
ExecStopPost=/sbin/ip link set $WLAN_IFACE promisc off
ExecStopPost=/sbin/ip link set dev $ETH_IFACE down
ExecStopPost=/bin/bash -c '/sbin/ip addr del $WLAN_IFACE_IP/32 dev $ETH_IFACE'
[Install]
WantedBy=wpa_supplicant.service
EOF
echo "Created systemd service: $PARPROUTED_SERVICE"
systemctl daemon-reload
systemctl enable --now parprouted dhcp-helper
systemctl restart parprouted dhcp-helper
echo -e "Enabled and started parprouted and dhcp-helper"
echo -e "Waiting 5 seconds...\n"
sleep 5
systemctl status --no-pager parprouted
systemctl status --no-pager dhcp-helper
echo -e "\n\n\n==============\nDone!\nNow reboot!"