reorganize, add arp proxy
This commit is contained in:
parent
1303c7974f
commit
350ff48e72
|
@ -1,5 +1,6 @@
|
||||||
.idea
|
.idea
|
||||||
config/config.sh
|
config/*.sh
|
||||||
|
!config/*.sh.example
|
||||||
|
|
||||||
# ---> Python
|
# ---> Python
|
||||||
# Byte-compiled / optimized / DLL files
|
# Byte-compiled / optimized / DLL files
|
||||||
|
|
|
@ -12,7 +12,7 @@ done
|
||||||
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
||||||
|
|
||||||
if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
|
if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
|
||||||
source "$DIR/../../config/nat-config.sh"
|
. "$DIR/../../config/nat-config.sh"
|
||||||
else
|
else
|
||||||
echo "$DIR/../../config/nat-config.sh missing!"
|
echo "$DIR/../../config/nat-config.sh missing!"
|
||||||
exit 1
|
exit 1
|
||||||
|
|
|
@ -13,10 +13,10 @@ while [ -L "$SOURCE" ]; do
|
||||||
done
|
done
|
||||||
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
||||||
|
|
||||||
if [[ -f "$DIR/config/config.sh" ]]; then
|
if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
|
||||||
source "$DIR/config/config.sh"
|
. "$DIR/../../config/nat-config.sh"
|
||||||
else
|
else
|
||||||
echo "$DIR/config/config.sh missing!"
|
echo "$DIR/../../config/nat-config.sh missing!"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ After=basic.target network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
SyslogIdentifier=wlan2eth
|
SyslogIdentifier=wlan2eth
|
||||||
ExecStart=/bin/bash /opt/wlan2eth/wlan2eth.sh
|
ExecStart=/bin/bash /opt/wlan2eth/bridge/nat/wlan2eth.sh
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=2
|
RestartSec=2
|
||||||
|
|
|
@ -11,10 +11,10 @@ while [ -L "$SOURCE" ]; do
|
||||||
done
|
done
|
||||||
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
||||||
|
|
||||||
if [[ -f "$DIR/config/config.sh" ]]; then
|
if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
|
||||||
source "$DIR/config/config.sh"
|
. "$DIR/../../config/nat-config.sh"
|
||||||
else
|
else
|
||||||
echo "config/config.sh missing!"
|
echo "$DIR/../../config/nat-config.sh missing!"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -0,0 +1,192 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
SOURCE=${BASH_SOURCE[0]}
|
||||||
|
while [ -L "$SOURCE" ]; do
|
||||||
|
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
||||||
|
SOURCE=$(readlink "$SOURCE")
|
||||||
|
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE
|
||||||
|
done
|
||||||
|
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
|
||||||
|
|
||||||
|
if [[ -f "$DIR/../../config/arp-config.sh" ]]; then
|
||||||
|
. "$DIR/../../config/arp-config.sh"
|
||||||
|
else
|
||||||
|
echo "$DIR/../../config/arp-config.sh missing!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$(id -u)" -ne 0 ]; then
|
||||||
|
echo 'This script must be run as root.' >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Setup
|
||||||
|
|
||||||
|
echo -e "# PREPARE ENVIRONMENT #"
|
||||||
|
|
||||||
|
# Reset interfaces
|
||||||
|
iptables -X
|
||||||
|
iptables -F
|
||||||
|
iptables -t nat -X
|
||||||
|
iptables -t nat -F
|
||||||
|
echo "Erased all iptables rules."
|
||||||
|
|
||||||
|
ifconfig $WLAN_IFACE down
|
||||||
|
ifconfig $WLAN_IFACE hw ether $(ethtool -P $WLAN_IFACE | awk '{print $3}')
|
||||||
|
ifconfig $WLAN_IFACE up
|
||||||
|
echo "Reset the $WLAN_IFACE WiFi interface."
|
||||||
|
|
||||||
|
while true; do
|
||||||
|
WLAN_IFACE_IP=$(ip -4 -br addr show $WLAN_IFACE | grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")
|
||||||
|
if [ -n "${WLAN_IFACE_IP}" ]; then
|
||||||
|
echo "Got it!"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
echo "Waiting for $WLAN_IFACE to get an IP..."
|
||||||
|
sleep 5
|
||||||
|
done
|
||||||
|
|
||||||
|
# We only need to get the $WLAN_IFACE IP address and will copy it over to $ETH_IFACE later
|
||||||
|
WLAN_NETMASK=$(ip addr show $WLAN_IFACE | grep -w inet | awk '{print $2}' | cut -d'/' -f2)
|
||||||
|
WLAN_NETMASK_CIDR=$(ip addr show $WLAN_IFACE | grep -w inet | awk '{print $2}' | cut -d'/' -f2)
|
||||||
|
|
||||||
|
if $NON_INTERACTIVE; then
|
||||||
|
NON_INTERACTIVE_APT="-y"
|
||||||
|
else
|
||||||
|
NON_INTERACTIVE_APT=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Install stuff
|
||||||
|
|
||||||
|
echo -e "\n# INSTALL THINGS #"
|
||||||
|
echo -e "Upgrading...\n"
|
||||||
|
|
||||||
|
apt-get update
|
||||||
|
apt-get upgrade $NON_INTERACTIVE_APT
|
||||||
|
|
||||||
|
echo -e "\n"
|
||||||
|
|
||||||
|
THINGS_TO_INSTALL="net-tools ethtool openssh-server parprouted dhcp-helper"
|
||||||
|
|
||||||
|
if ! $NON_INTERACTIVE; then
|
||||||
|
echo "Going to install: $THINGS_TO_INSTALL"
|
||||||
|
read -p "Press ENTER to continue or CTRL+C to cancel..."
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -e "\n"
|
||||||
|
|
||||||
|
apt-get install $NON_INTERACTIVE_APT $THINGS_TO_INSTALL
|
||||||
|
|
||||||
|
if ! $NON_INTERACTIVE; then
|
||||||
|
echo -e "\nGoing to replace networking with systemd-networkd."
|
||||||
|
read -p "Press ENTER to continue or CTRL+C to cancel..."
|
||||||
|
fi
|
||||||
|
|
||||||
|
systemctl stop dhcp-helper
|
||||||
|
|
||||||
|
apt-get autoremove --purge $NON_INTERACTIVE_APT ifupdown dhcpcd5 isc-dhcp-client isc-dhcp-common
|
||||||
|
|
||||||
|
echo -e "\n\nConnecting to WiFi..."
|
||||||
|
|
||||||
|
WPA_SUPP_FILE="/etc/wpa_supplicant/wpa_supplicant-$WLAN_IFACE.conf"
|
||||||
|
cat >"$WPA_SUPP_FILE" <<EOF
|
||||||
|
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
|
||||||
|
update_config=1
|
||||||
|
country=USifconfig $WLAN_IFACE
|
||||||
|
network={
|
||||||
|
ssid="$WIFI_SSID"
|
||||||
|
scan_ssid=1
|
||||||
|
key_mgmt=WPA-EAP
|
||||||
|
eap=PEAP
|
||||||
|
identity="$WIFI_USERNAME"
|
||||||
|
password="$WIFI_PWD"
|
||||||
|
phase1="peaplabel=0"
|
||||||
|
phase2="auth=MSCHAPV2"
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
chmod 600 "$WPA_SUPP_FILE"
|
||||||
|
echo "Created wpa_supplicant: $WPA_SUPP_FILE"
|
||||||
|
systemctl disable wpa_supplicant.service
|
||||||
|
systemctl stop wpa_supplicant.service
|
||||||
|
systemctl enable --now wpa_supplicant@$WLAN_IFACE.service
|
||||||
|
systemctl status --no-pager wpa_supplicant@$WLAN_IFACE.service
|
||||||
|
echo ""
|
||||||
|
ifconfig $WLAN_IFACE
|
||||||
|
|
||||||
|
echo -e "\n"
|
||||||
|
NET_CONF_FILE="/etc/systemd/network/08-$WLAN_IFACE.network"
|
||||||
|
cat >"$NET_CONF_FILE" <<EOF
|
||||||
|
[Match]
|
||||||
|
Name=$WLAN_IFACE
|
||||||
|
[Network]
|
||||||
|
IPForward=yes
|
||||||
|
DHCP=yes
|
||||||
|
EOF
|
||||||
|
echo "Created network config for the $WLAN_IFACE WiFi interface."
|
||||||
|
echo -e "Finishing systemd-networkd install...\n"
|
||||||
|
apt-get install $NON_INTERACTIVE_APT libnss-resolve
|
||||||
|
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
|
||||||
|
systemctl enable --now systemd-resolved.service
|
||||||
|
systemctl restart systemd-networkd.service
|
||||||
|
|
||||||
|
sed -i'' 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
|
||||||
|
sysctl -p /etc/sysctl.conf
|
||||||
|
echo "Set net.ipv4.ip_forward=1 in /etc/sysctl.conf"
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Configure
|
||||||
|
|
||||||
|
# Configure dhcp-helper.
|
||||||
|
DHCP_IPS=""
|
||||||
|
for ip in $DHCP_SERVERS; do
|
||||||
|
DHCP_IPS+=" -s $ip"
|
||||||
|
done
|
||||||
|
cat > /etc/default/dhcp-helper <<EOF
|
||||||
|
DHCPHELPER_OPTS="$DHCP_IPS"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
# Enable avahi reflector if it's not already enabled.
|
||||||
|
sed -i'' 's/#enable-reflector=no/enable-reflector=yes/' /etc/avahi/avahi-daemon.conf
|
||||||
|
grep '^enable-reflector=yes$' /etc/avahi/avahi-daemon.conf || {
|
||||||
|
printf "something went wrong...\n\n"
|
||||||
|
printf "Manually set 'enable-reflector=yes in /etc/avahi/avahi-daemon.conf'\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
cat > /etc/systemd/system/parprouted.service <<EOF
|
||||||
|
[Unit]
|
||||||
|
Description=proxy arp routing service
|
||||||
|
Documentation=https://raspberrypi.stackexchange.com/q/88954/79866
|
||||||
|
#Requires=sys-subsystem-net-devices-$WLAN_IFACE.device dhcpcd.service
|
||||||
|
#After=sys-subsystem-net-devices-$WLAN_IFACE.device dhcpcd.service
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
# Restart until $WLAN_IFACE gained carrier
|
||||||
|
Restart=on-failure
|
||||||
|
RestartSec=5
|
||||||
|
TimeoutStartSec=30
|
||||||
|
# clone the dhcp-allocated IP to $ETH_IFACE so dhcp-helper will relay for the correct subnet
|
||||||
|
ExecStartPre=/bin/bash -c '/sbin/ip addr add \$(/sbin/ip -4 -br addr show $WLAN_IFACE | /bin/grep -Po "\\\d+\\\.\\\d+\\\.\\\d+\\\.\\\d+")/32 dev $ETH_IFACE'
|
||||||
|
ExecStartPre=/sbin/ip link set dev $ETH_IFACE up
|
||||||
|
ExecStartPre=/sbin/ip link set $WLAN_IFACE promisc on
|
||||||
|
ExecStart=-/usr/sbin/parprouted $ETH_IFACE $WLAN_IFACE
|
||||||
|
ExecStopPost=/sbin/ip link set $WLAN_IFACE promisc off
|
||||||
|
ExecStopPost=/sbin/ip link set dev $ETH_IFACE down
|
||||||
|
ExecStopPost=/bin/bash -c '/sbin/ip addr del \$(/sbin/ip -4 -br addr show $WLAN_IFACE | /bin/grep -Po "\\\d+\\\.\\\d+\\\.\\\d+\\\.\\\d+")/32 dev $ETH_IFACE'
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=wpa_supplicant.service
|
||||||
|
EOF
|
||||||
|
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable --now parprouted dhcp-helper
|
||||||
|
systemctl restart parprouted dhcp-helper
|
||||||
|
|
||||||
|
systemctl status --no-pager dhcp-helper
|
||||||
|
systemctl status --no-pager parprouted
|
||||||
|
|
||||||
|
echo -e "\n==============\nDone!\nNow reboot!"
|
|
@ -0,0 +1,22 @@
|
||||||
|
# Name of the Ethernet interface that the bridged client will plug into.
|
||||||
|
# This will be your LAN port.
|
||||||
|
ETH_IFACE="enp0s31f6"
|
||||||
|
|
||||||
|
# Name of the WiFi interface that will connect to the wider network.
|
||||||
|
# This will be your WAN port.
|
||||||
|
WLAN_IFACE="wlxc8d7193710f4"
|
||||||
|
|
||||||
|
# Name of the WiFi network to connect to.
|
||||||
|
WIFI_SSID="Example-Network"
|
||||||
|
|
||||||
|
# "psk": WPA2-PSK auth.
|
||||||
|
# "peap": WPA2-Enterprise in PEAP mode. Make sure to fill out the RADIUS login details below.
|
||||||
|
# WIFI_AUTH_MODE="peap"
|
||||||
|
# TODO: implement psk mode
|
||||||
|
|
||||||
|
# RADIUS login
|
||||||
|
WIFI_USERNAME="username"
|
||||||
|
WIFI_PWD="password"
|
||||||
|
|
||||||
|
# Don't prompt the user for confirmation
|
||||||
|
NON_INTERACTIVE=false
|
Loading…
Reference in New Issue