reorganize, add arp proxy

This commit is contained in:
Cyberes 2023-06-20 12:03:35 -06:00
parent 1303c7974f
commit 350ff48e72
7 changed files with 224 additions and 9 deletions

3
.gitignore vendored
View File

@ -1,5 +1,6 @@
.idea .idea
config/config.sh config/*.sh
!config/*.sh.example
# ---> Python # ---> Python
# Byte-compiled / optimized / DLL files # Byte-compiled / optimized / DLL files

View File

@ -12,7 +12,7 @@ done
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd) DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
if [[ -f "$DIR/../../config/nat-config.sh" ]]; then if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
source "$DIR/../../config/nat-config.sh" . "$DIR/../../config/nat-config.sh"
else else
echo "$DIR/../../config/nat-config.sh missing!" echo "$DIR/../../config/nat-config.sh missing!"
exit 1 exit 1

View File

@ -13,10 +13,10 @@ while [ -L "$SOURCE" ]; do
done done
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd) DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
if [[ -f "$DIR/config/config.sh" ]]; then if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
source "$DIR/config/config.sh" . "$DIR/../../config/nat-config.sh"
else else
echo "$DIR/config/config.sh missing!" echo "$DIR/../../config/nat-config.sh missing!"
exit 1 exit 1
fi fi

View File

@ -6,7 +6,7 @@ After=basic.target network.target
[Service] [Service]
SyslogIdentifier=wlan2eth SyslogIdentifier=wlan2eth
ExecStart=/bin/bash /opt/wlan2eth/wlan2eth.sh ExecStart=/bin/bash /opt/wlan2eth/bridge/nat/wlan2eth.sh
Restart=always Restart=always
RestartSec=2 RestartSec=2

View File

@ -11,10 +11,10 @@ while [ -L "$SOURCE" ]; do
done done
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd) DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
if [[ -f "$DIR/config/config.sh" ]]; then if [[ -f "$DIR/../../config/nat-config.sh" ]]; then
source "$DIR/config/config.sh" . "$DIR/../../config/nat-config.sh"
else else
echo "config/config.sh missing!" echo "$DIR/../../config/nat-config.sh missing!"
exit 1 exit 1
fi fi

192
bridge/proxyarp/arp-install.sh Executable file
View File

@ -0,0 +1,192 @@
#!/bin/bash
SOURCE=${BASH_SOURCE[0]}
while [ -L "$SOURCE" ]; do
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
SOURCE=$(readlink "$SOURCE")
[[ $SOURCE != /* ]] && SOURCE=$DIR/$SOURCE
done
DIR=$(cd -P "$(dirname "$SOURCE")" >/dev/null 2>&1 && pwd)
if [[ -f "$DIR/../../config/arp-config.sh" ]]; then
. "$DIR/../../config/arp-config.sh"
else
echo "$DIR/../../config/arp-config.sh missing!"
exit 1
fi
if [ "$(id -u)" -ne 0 ]; then
echo 'This script must be run as root.' >&2
exit 1
fi
# ==============================================================================
# Setup
echo -e "# PREPARE ENVIRONMENT #"
# Reset interfaces
iptables -X
iptables -F
iptables -t nat -X
iptables -t nat -F
echo "Erased all iptables rules."
ifconfig $WLAN_IFACE down
ifconfig $WLAN_IFACE hw ether $(ethtool -P $WLAN_IFACE | awk '{print $3}')
ifconfig $WLAN_IFACE up
echo "Reset the $WLAN_IFACE WiFi interface."
while true; do
WLAN_IFACE_IP=$(ip -4 -br addr show $WLAN_IFACE | grep -Po "\\d+\\.\\d+\\.\\d+\\.\\d+")
if [ -n "${WLAN_IFACE_IP}" ]; then
echo "Got it!"
break
fi
echo "Waiting for $WLAN_IFACE to get an IP..."
sleep 5
done
# We only need to get the $WLAN_IFACE IP address and will copy it over to $ETH_IFACE later
WLAN_NETMASK=$(ip addr show $WLAN_IFACE | grep -w inet | awk '{print $2}' | cut -d'/' -f2)
WLAN_NETMASK_CIDR=$(ip addr show $WLAN_IFACE | grep -w inet | awk '{print $2}' | cut -d'/' -f2)
if $NON_INTERACTIVE; then
NON_INTERACTIVE_APT="-y"
else
NON_INTERACTIVE_APT=""
fi
# ==============================================================================
# Install stuff
echo -e "\n# INSTALL THINGS #"
echo -e "Upgrading...\n"
apt-get update
apt-get upgrade $NON_INTERACTIVE_APT
echo -e "\n"
THINGS_TO_INSTALL="net-tools ethtool openssh-server parprouted dhcp-helper"
if ! $NON_INTERACTIVE; then
echo "Going to install: $THINGS_TO_INSTALL"
read -p "Press ENTER to continue or CTRL+C to cancel..."
fi
echo -e "\n"
apt-get install $NON_INTERACTIVE_APT $THINGS_TO_INSTALL
if ! $NON_INTERACTIVE; then
echo -e "\nGoing to replace networking with systemd-networkd."
read -p "Press ENTER to continue or CTRL+C to cancel..."
fi
systemctl stop dhcp-helper
apt-get autoremove --purge $NON_INTERACTIVE_APT ifupdown dhcpcd5 isc-dhcp-client isc-dhcp-common
echo -e "\n\nConnecting to WiFi..."
WPA_SUPP_FILE="/etc/wpa_supplicant/wpa_supplicant-$WLAN_IFACE.conf"
cat >"$WPA_SUPP_FILE" <<EOF
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=USifconfig $WLAN_IFACE
network={
ssid="$WIFI_SSID"
scan_ssid=1
key_mgmt=WPA-EAP
eap=PEAP
identity="$WIFI_USERNAME"
password="$WIFI_PWD"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
EOF
chmod 600 "$WPA_SUPP_FILE"
echo "Created wpa_supplicant: $WPA_SUPP_FILE"
systemctl disable wpa_supplicant.service
systemctl stop wpa_supplicant.service
systemctl enable --now wpa_supplicant@$WLAN_IFACE.service
systemctl status --no-pager wpa_supplicant@$WLAN_IFACE.service
echo ""
ifconfig $WLAN_IFACE
echo -e "\n"
NET_CONF_FILE="/etc/systemd/network/08-$WLAN_IFACE.network"
cat >"$NET_CONF_FILE" <<EOF
[Match]
Name=$WLAN_IFACE
[Network]
IPForward=yes
DHCP=yes
EOF
echo "Created network config for the $WLAN_IFACE WiFi interface."
echo -e "Finishing systemd-networkd install...\n"
apt-get install $NON_INTERACTIVE_APT libnss-resolve
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl enable --now systemd-resolved.service
systemctl restart systemd-networkd.service
sed -i'' 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
echo "Set net.ipv4.ip_forward=1 in /etc/sysctl.conf"
# ==============================================================================
# Configure
# Configure dhcp-helper.
DHCP_IPS=""
for ip in $DHCP_SERVERS; do
DHCP_IPS+=" -s $ip"
done
cat > /etc/default/dhcp-helper <<EOF
DHCPHELPER_OPTS="$DHCP_IPS"
EOF
# Enable avahi reflector if it's not already enabled.
sed -i'' 's/#enable-reflector=no/enable-reflector=yes/' /etc/avahi/avahi-daemon.conf
grep '^enable-reflector=yes$' /etc/avahi/avahi-daemon.conf || {
printf "something went wrong...\n\n"
printf "Manually set 'enable-reflector=yes in /etc/avahi/avahi-daemon.conf'\n"
}
cat > /etc/systemd/system/parprouted.service <<EOF
[Unit]
Description=proxy arp routing service
Documentation=https://raspberrypi.stackexchange.com/q/88954/79866
#Requires=sys-subsystem-net-devices-$WLAN_IFACE.device dhcpcd.service
#After=sys-subsystem-net-devices-$WLAN_IFACE.device dhcpcd.service
After=network.target
[Service]
Type=forking
# Restart until $WLAN_IFACE gained carrier
Restart=on-failure
RestartSec=5
TimeoutStartSec=30
# clone the dhcp-allocated IP to $ETH_IFACE so dhcp-helper will relay for the correct subnet
ExecStartPre=/bin/bash -c '/sbin/ip addr add \$(/sbin/ip -4 -br addr show $WLAN_IFACE | /bin/grep -Po "\\\d+\\\.\\\d+\\\.\\\d+\\\.\\\d+")/32 dev $ETH_IFACE'
ExecStartPre=/sbin/ip link set dev $ETH_IFACE up
ExecStartPre=/sbin/ip link set $WLAN_IFACE promisc on
ExecStart=-/usr/sbin/parprouted $ETH_IFACE $WLAN_IFACE
ExecStopPost=/sbin/ip link set $WLAN_IFACE promisc off
ExecStopPost=/sbin/ip link set dev $ETH_IFACE down
ExecStopPost=/bin/bash -c '/sbin/ip addr del \$(/sbin/ip -4 -br addr show $WLAN_IFACE | /bin/grep -Po "\\\d+\\\.\\\d+\\\.\\\d+\\\.\\\d+")/32 dev $ETH_IFACE'
[Install]
WantedBy=wpa_supplicant.service
EOF
systemctl daemon-reload
systemctl enable --now parprouted dhcp-helper
systemctl restart parprouted dhcp-helper
systemctl status --no-pager dhcp-helper
systemctl status --no-pager parprouted
echo -e "\n==============\nDone!\nNow reboot!"

View File

@ -0,0 +1,22 @@
# Name of the Ethernet interface that the bridged client will plug into.
# This will be your LAN port.
ETH_IFACE="enp0s31f6"
# Name of the WiFi interface that will connect to the wider network.
# This will be your WAN port.
WLAN_IFACE="wlxc8d7193710f4"
# Name of the WiFi network to connect to.
WIFI_SSID="Example-Network"
# "psk": WPA2-PSK auth.
# "peap": WPA2-Enterprise in PEAP mode. Make sure to fill out the RADIUS login details below.
# WIFI_AUTH_MODE="peap"
# TODO: implement psk mode
# RADIUS login
WIFI_USERNAME="username"
WIFI_PWD="password"
# Don't prompt the user for confirmation
NON_INTERACTIVE=false