How to set up Alpine as a wireless router: Difference between revisions
Rickyrockrat (talk | contribs) No edit summary |
Rickyrockrat (talk | contribs) No edit summary |
||
Line 14: | Line 14: | ||
* It is simple, short, and to the point. | * It is simple, short, and to the point. | ||
* The same tool provides *repo* level dependency reporting! | * The same tool provides *repo* level dependency reporting! | ||
* Install of single packages without repo signing (I never did get the signing correct). | * Install of single packages without repo signing (I never did get the signing correct, but I can install). | ||
=== Install === | === Install === | ||
* Find a microsd (or HDD) you can wipe. We will assume it is /dev/sdc. | * Find a microsd (or HDD) you can wipe. We will assume it is /dev/sdc. | ||
* make a 256M fat16 | * make a 256M fat16 partition (sudo mkfs.vfat -n ALPBOOT /dev/sdc1) | ||
* the rest of the device can be ext2 (ext3/4 on HDD) (sudo mke2fs -m1 -L alext3 /dev/sdc2). | * the rest of the device can be ext2 (ext3/4 on HDD) (sudo mke2fs -m1 -L alext3 /dev/sdc2). | ||
* untar the alpine-rpi-3.12.3-armhf.tar.gz and copy all files to the fat16 | * untar the alpine-rpi-3.12.3-armhf.tar.gz and copy all files to the fat16 partition which is good for up to 2G. | ||
* make sure you have all the packages from the package list below installed on the SD card. This will save you lots of time. | |||
* install openssh, openssh-server, openssh-client, openssh-server-common, | |||
* install dnsmasq, ethtool, hostapd*, busybox extras, iptables*, iw,net-tools, tree, wireless-tools. | |||
===== ssh config ===== | |||
The allowed users are not normal names since I want the names to be a little obfuscated. Not that it really matters, since this is a key driven setup<br> | |||
AddressFamily inet<br> | |||
ListenAddress 0.0.0.0<br> | |||
HostKey /etc/ssh/ssh_host_rsa_key<br> | |||
LogLevel INFO<br> | |||
LoginGraceTime 30<br> | |||
PermitRootLogin no<br> | |||
StrictModes yes<br> | |||
AllowUsers Som123X Extern4524User<br> | |||
PubkeyAuthentication yes<br> | |||
AuthorizedKeysFile /etc/ssh/authorized_keys<br> | |||
HostbasedAuthentication yes<br> | |||
IgnoreUserKnownHosts yes<br> | |||
IgnoreRhosts yes<br> | |||
PasswordAuthentication no<br> | |||
ChallengeResponseAuthentication no<br> | |||
AllowTcpForwarding yes<br> | |||
GatewayPorts yes<br> | |||
X11Forwarding no<br> | |||
==== References ==== | ==== References ==== | ||
Line 28: | Line 52: | ||
* Install a package: apk add iw OR apk add /path/to/iw-5.4-r0.apk | * Install a package: apk add iw OR apk add /path/to/iw-5.4-r0.apk | ||
* remove a package: apk del iw | * remove a package: apk del iw | ||
* | * repository lists are in: /etc/apk/repositories | ||
* Local URL: /media/mmcblk0p1/apks | * Local URL: /media/mmcblk0p1/apks | ||
* Remote URL: http://dl-cdn.alpinelinux.org/alpine/v3.12/main | * Remote URL: http://dl-cdn.alpinelinux.org/alpine/v3.12/main | ||
Line 44: | Line 68: | ||
[rsync://rsync.alpinelinux.org/alpine Alpine Repos]<br> | [rsync://rsync.alpinelinux.org/alpine Alpine Repos]<br> | ||
[https://stevessmarthomeguide.com/home-network-dns-dnsmasq Set Static DNS names]<br> | [https://stevessmarthomeguide.com/home-network-dns-dnsmasq Set Static DNS names]<br> | ||
[https://unix.stackexchange.com/questions/504100/how-to-create-ssh-reverse-tunnel-with-iptables-forwarding Reverse SSH tunnel]<br> | |||
===== Pi Specific ===== | ===== Pi Specific ===== | ||
[https://raspberrypi.stackexchange.com/questions/89803/access-point-as-wifi-router-repeater-optional-with-bridge/89804 Pi Wifi Repeater]<br> | [https://raspberrypi.stackexchange.com/questions/89803/access-point-as-wifi-router-repeater-optional-with-bridge/89804 Pi Wifi Repeater]<br> | ||
Line 54: | Line 79: | ||
[https://blog.thewalr.us/2017/09/26/raspberry-pi-zero-w-simultaneous-ap-and-managed-mode-wifi AP and Managed Mode]<br> | [https://blog.thewalr.us/2017/09/26/raspberry-pi-zero-w-simultaneous-ap-and-managed-mode-wifi AP and Managed Mode]<br> | ||
[https://www.instructables.com/Using-a-Raspberry-PI-Zero-W-As-an-Access-Point-and AP and MQTT]<br> | [https://www.instructables.com/Using-a-Raspberry-PI-Zero-W-As-an-Access-Point-and AP and MQTT]<br> | ||
==== Package List ==== | |||
Put these in the apks/armhf directory on the 256M Fat partition:<br> | |||
iptables-1.8.4-r2.apk openssh-8.3_p1-r1.apk | |||
iptables-openrc-1.8.4-r2.apk openssh-client-8.3_p1-r1.apk | |||
abuild-3.6.0-r1.apk iw-5.4-r0.apk openssh-keygen-8.3_p1-r1.apk | |||
alpine-base-3.12.3-r0.apk kbd-bkeymaps-2.2.0-r2.apk openssh-server-8.3_p1-r1.apk | |||
alpine-baselayout-3.2.0-r7.apk libacl-2.2.53-r0.apk openssh-server-common-8.3_p1-r1.apk | |||
alpine-conf-3.9.0-r1.apk libattr-2.4.48-r0.apk openssh-sftp-server-8.3_p1-r1.apk | |||
alpine-keys-2.2-r0.apk libblkid-2.35.2-r0.apk openssl-1.1.1i-r0.apk | |||
alpine-mirrors-3.5.10-r0.apk libc-utils-0.7.2-r3.apk patch-2.7.6-r6.apk | |||
apk-tools-2.10.5-r1.apk libcap-2.27-r0.apk pcsc-lite-libs-1.8.26-r0.apk | |||
attr-2.4.48-r0.apk libcom_err-1.45.6-r0.apk pkgconf-1.7.2-r0.apk | |||
bash-5.0.17-r0.apk libcrypto1.1-1.1.1i-r0.apk ppp-atm-2.4.8-r2.apk | |||
bash-completion-2.10-r0.apk libcurl-7.69.1-r3.apk ppp-chat-2.4.8-r2.apk | |||
bonding-2.6-r4.apk libedit-20191231.3.1-r0.apk ppp-daemon-2.4.8-r2.apk | |||
bridge-1.5-r4.apk libev-4.33-r0.apk ppp-l2tp-2.4.8-r2.apk | |||
bridge-utils-1.6-r0.apk libgcc-9.3.0-r2.apk ppp-minconn-2.4.8-r2.apk | |||
busybox-1.31.1-r19.apk libmnl-1.0.4-r0.apk ppp-passprompt-2.4.8-r2.apk | |||
busybox-extras-1.31.1-r19.apk libnftnl-1.1.6-r0.apk ppp-passwordfd-2.4.8-r2.apk | |||
busybox-initscripts-3.2-r2.apk libnftnl-libs-1.1.6-r0.apk ppp-pppoe-2.4.8-r2.apk | |||
busybox-suid-1.31.1-r19.apk libnl3-3.5.0-r0.apk ppp-radius-2.4.8-r2.apk | |||
c-ares-1.16.1-r0.apk libpcap-1.9.1-r2.apk ppp-winbind-2.4.8-r2.apk | |||
ca-certificates-20191127-r4.apk libssl1.1-1.1.1i-r0.apk readline-8.0.4-r0.apk | |||
ca-certificates-bundle-20191127-r4.apk libstdc++-9.3.0-r2.apk scanelf-1.2.6-r0.apk | |||
chrony-3.5.1-r0.apk libtls-standalone-2.9.1-r1.apk signature.tar.gz | |||
chrony-openrc-3.5.1-r0.apk libusb-1.0.23-r0.apk ssl_client-1.31.1-r19.apk | |||
curl-7.69.1-r3.apk libuuid-2.35.2-r0.apk tar-1.32-r1.apk | |||
dbus-libs-1.12.18-r0.apk lzip-1.21-r0.apk tcpdump-4.9.3-r2.apk | |||
dnsmasq-2.81-r0.apk mii-tool-1.60_git20140218-r2.apk tree-1.8.0-r0.apk | |||
e2fsprogs-1.45.6-r0.apk musl-1.1.24-r10.apk tzdata-2020c-r1.apk | |||
e2fsprogs-libs-1.45.6-r0.apk musl-utils-1.1.24-r10.apk usb-modeswitch-2.6.0-r1.apk | |||
ethtool-5.6-r0.apk ncurses-libs-6.2_p20200523-r0.apk vlan-2.2-r0.apk | |||
ez-ipupdate-3.0.10-r9.apk ncurses-terminfo-base-6.2_p20200523-r0.apk wireless-tools-30_pre9-r1.apk | |||
fakeroot-1.24-r0.apk net-tools-1.60_git20140218-r2.apk wpa_supplicant-2.9-r5.apk | |||
haveged-1.9.8-r1.apk network-extras-1.2-r0.apk wpa_supplicant-openrc-2.9-r5.apk | |||
haveged-openrc-1.9.8-r1.apk nghttp2-1.41.0-r0.apk zlib-1.2.11-r3.apk | |||
hostapd-2.9-r2.apk nghttp2-libs-1.41.0-r0.apk | |||
hostapd-openrc-2.9-r2.apk openrc-0.42.1-r11.apk |
Revision as of 12:43, 3 January 2021
Pi Zero W Wireless Router
This is a page to describe building a Wireless Access Point with two wired ethernet ports for building a home router that connects to the internet with one wired port, and internal Lan with the second wired port and the on-board WiFi.
The intent is to provide this:
|<-->eth1 <-->| Internet <--> eth0 <-->FireWall<-->br0 Internal<--> ssh,bind,dhcp, with ssh reverse ssh connections. |<-->wlan0<-->|
Overview
I generally run Debian and when forced by Red Hot Irons, Red Hat. This is my first foray into Alpine. So far I am very impressed. I mirrored the 3.12 armhf repos so I had things local when I needed them. Word to the wise. That is 13G of apk files.
One *really* nice feature of Alpine is apk, the yum/apt replacement:
- It is simple, short, and to the point.
- The same tool provides *repo* level dependency reporting!
- Install of single packages without repo signing (I never did get the signing correct, but I can install).
Install
- Find a microsd (or HDD) you can wipe. We will assume it is /dev/sdc.
- make a 256M fat16 partition (sudo mkfs.vfat -n ALPBOOT /dev/sdc1)
- the rest of the device can be ext2 (ext3/4 on HDD) (sudo mke2fs -m1 -L alext3 /dev/sdc2).
- untar the alpine-rpi-3.12.3-armhf.tar.gz and copy all files to the fat16 partition which is good for up to 2G.
- make sure you have all the packages from the package list below installed on the SD card. This will save you lots of time.
- install openssh, openssh-server, openssh-client, openssh-server-common,
- install dnsmasq, ethtool, hostapd*, busybox extras, iptables*, iw,net-tools, tree, wireless-tools.
ssh config
The allowed users are not normal names since I want the names to be a little obfuscated. Not that it really matters, since this is a key driven setup
AddressFamily inet
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_rsa_key
LogLevel INFO
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
AllowUsers Som123X Extern4524User
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys
HostbasedAuthentication yes
IgnoreUserKnownHosts yes
IgnoreRhosts yes
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding no
References
apk notes:
- Create and index and check dependencies on a list of apk files: apk index -o APKINDEX.unsigned.tar.gz *.apk
- Install a package: apk add iw OR apk add /path/to/iw-5.4-r0.apk
- remove a package: apk del iw
- repository lists are in: /etc/apk/repositories
* Local URL: /media/mmcblk0p1/apks * Remote URL: http://dl-cdn.alpinelinux.org/alpine/v3.12/main
FAT16/32 limits
udhcpc
ez-ipupdate
Dynamic_DNS
Alpine Linux Bridge
Connect to wireless AP
dnsmasq listen restrictions
Disable IPV6
dnsmasq Docs
HostApd Docs
[rsync://rsync.alpinelinux.org/alpine Alpine Repos]
Set Static DNS names
Reverse SSH tunnel
Pi Specific
Pi Wifi Repeater
WiFi Bridge
Alpine Install
PiZeroW Install
Classic Sys Install on Pi
Not Related, but Interesting
AP and Managed Mode
AP and MQTT
Package List
Put these in the apks/armhf directory on the 256M Fat partition:
iptables-1.8.4-r2.apk openssh-8.3_p1-r1.apk iptables-openrc-1.8.4-r2.apk openssh-client-8.3_p1-r1.apk abuild-3.6.0-r1.apk iw-5.4-r0.apk openssh-keygen-8.3_p1-r1.apk alpine-base-3.12.3-r0.apk kbd-bkeymaps-2.2.0-r2.apk openssh-server-8.3_p1-r1.apk alpine-baselayout-3.2.0-r7.apk libacl-2.2.53-r0.apk openssh-server-common-8.3_p1-r1.apk alpine-conf-3.9.0-r1.apk libattr-2.4.48-r0.apk openssh-sftp-server-8.3_p1-r1.apk alpine-keys-2.2-r0.apk libblkid-2.35.2-r0.apk openssl-1.1.1i-r0.apk alpine-mirrors-3.5.10-r0.apk libc-utils-0.7.2-r3.apk patch-2.7.6-r6.apk apk-tools-2.10.5-r1.apk libcap-2.27-r0.apk pcsc-lite-libs-1.8.26-r0.apk attr-2.4.48-r0.apk libcom_err-1.45.6-r0.apk pkgconf-1.7.2-r0.apk bash-5.0.17-r0.apk libcrypto1.1-1.1.1i-r0.apk ppp-atm-2.4.8-r2.apk bash-completion-2.10-r0.apk libcurl-7.69.1-r3.apk ppp-chat-2.4.8-r2.apk bonding-2.6-r4.apk libedit-20191231.3.1-r0.apk ppp-daemon-2.4.8-r2.apk bridge-1.5-r4.apk libev-4.33-r0.apk ppp-l2tp-2.4.8-r2.apk bridge-utils-1.6-r0.apk libgcc-9.3.0-r2.apk ppp-minconn-2.4.8-r2.apk busybox-1.31.1-r19.apk libmnl-1.0.4-r0.apk ppp-passprompt-2.4.8-r2.apk busybox-extras-1.31.1-r19.apk libnftnl-1.1.6-r0.apk ppp-passwordfd-2.4.8-r2.apk busybox-initscripts-3.2-r2.apk libnftnl-libs-1.1.6-r0.apk ppp-pppoe-2.4.8-r2.apk busybox-suid-1.31.1-r19.apk libnl3-3.5.0-r0.apk ppp-radius-2.4.8-r2.apk c-ares-1.16.1-r0.apk libpcap-1.9.1-r2.apk ppp-winbind-2.4.8-r2.apk ca-certificates-20191127-r4.apk libssl1.1-1.1.1i-r0.apk readline-8.0.4-r0.apk ca-certificates-bundle-20191127-r4.apk libstdc++-9.3.0-r2.apk scanelf-1.2.6-r0.apk chrony-3.5.1-r0.apk libtls-standalone-2.9.1-r1.apk signature.tar.gz chrony-openrc-3.5.1-r0.apk libusb-1.0.23-r0.apk ssl_client-1.31.1-r19.apk curl-7.69.1-r3.apk libuuid-2.35.2-r0.apk tar-1.32-r1.apk dbus-libs-1.12.18-r0.apk lzip-1.21-r0.apk tcpdump-4.9.3-r2.apk dnsmasq-2.81-r0.apk mii-tool-1.60_git20140218-r2.apk tree-1.8.0-r0.apk e2fsprogs-1.45.6-r0.apk musl-1.1.24-r10.apk tzdata-2020c-r1.apk e2fsprogs-libs-1.45.6-r0.apk musl-utils-1.1.24-r10.apk usb-modeswitch-2.6.0-r1.apk ethtool-5.6-r0.apk ncurses-libs-6.2_p20200523-r0.apk vlan-2.2-r0.apk ez-ipupdate-3.0.10-r9.apk ncurses-terminfo-base-6.2_p20200523-r0.apk wireless-tools-30_pre9-r1.apk fakeroot-1.24-r0.apk net-tools-1.60_git20140218-r2.apk wpa_supplicant-2.9-r5.apk haveged-1.9.8-r1.apk network-extras-1.2-r0.apk wpa_supplicant-openrc-2.9-r5.apk haveged-openrc-1.9.8-r1.apk nghttp2-1.41.0-r0.apk zlib-1.2.11-r3.apk hostapd-2.9-r2.apk nghttp2-libs-1.41.0-r0.apk hostapd-openrc-2.9-r2.apk openrc-0.42.1-r11.apk