Difference between revisions of "How to set up Alpine as a wireless router"

From Alpine Linux
Jump to: navigation, search
Line 14: Line 14:
 
* It is simple, short, and to the point.
 
* It is simple, short, and to the point.
 
* The same tool provides *repo* level dependency reporting!
 
* The same tool provides *repo* level dependency reporting!
* Install of single packages without repo signing (I never did get the signing correct).
+
* Install of single packages without repo signing (I never did get the signing correct, but I can install).
  
 
=== Install ===
 
=== Install ===
 
* Find a microsd (or HDD) you can wipe. We will assume it is /dev/sdc.
 
* Find a microsd (or HDD) you can wipe. We will assume it is /dev/sdc.
* make a 256M fat16/fat23 partition (sudo mkfs.vfat -n ALPBOOT /dev/sdc1)
+
* make a 256M fat16 partition (sudo mkfs.vfat -n ALPBOOT /dev/sdc1)
 
* the rest of the device can be ext2 (ext3/4 on HDD) (sudo mke2fs -m1 -L alext3 /dev/sdc2).
 
* the rest of the device can be ext2 (ext3/4 on HDD) (sudo mke2fs -m1 -L alext3 /dev/sdc2).
* untar the alpine-rpi-3.12.3-armhf.tar.gz and copy all files to the fat16/32 partition 16 is good for up 2 2G.  
+
* untar the alpine-rpi-3.12.3-armhf.tar.gz and copy all files to the fat16 partition which is good for up to 2G.  
 +
* make sure you have all the packages from the package list below installed on the SD card. This will save you lots of time.
 +
* install openssh, openssh-server, openssh-client, openssh-server-common,
 +
* install dnsmasq, ethtool, hostapd*, busybox extras, iptables*, iw,net-tools, tree, wireless-tools.
 +
 
 +
===== ssh config =====
 +
The allowed users are not normal names since I want the names to be a little obfuscated. Not that it really matters, since this is a key driven setup<br>
 +
AddressFamily inet<br>
 +
ListenAddress 0.0.0.0<br>
 +
HostKey /etc/ssh/ssh_host_rsa_key<br>
 +
LogLevel INFO<br>
 +
LoginGraceTime 30<br>
 +
PermitRootLogin no<br>
 +
StrictModes yes<br>
 +
AllowUsers Som123X Extern4524User<br>
 +
PubkeyAuthentication yes<br>
 +
AuthorizedKeysFile /etc/ssh/authorized_keys<br>
 +
HostbasedAuthentication yes<br>
 +
IgnoreUserKnownHosts yes<br>
 +
IgnoreRhosts yes<br>
 +
PasswordAuthentication no<br>
 +
ChallengeResponseAuthentication no<br>
 +
AllowTcpForwarding yes<br>
 +
GatewayPorts yes<br>
 +
X11Forwarding no<br>
  
 
==== References ====
 
==== References ====
Line 28: Line 52:
 
* Install a package: apk add iw OR apk add /path/to/iw-5.4-r0.apk
 
* Install a package: apk add iw OR apk add /path/to/iw-5.4-r0.apk
 
* remove a package: apk del iw
 
* remove a package: apk del iw
* repositories are in: /etc/apk/repositories
+
* repository lists are in: /etc/apk/repositories
 
   * Local URL: /media/mmcblk0p1/apks
 
   * Local URL: /media/mmcblk0p1/apks
 
   * Remote URL: http://dl-cdn.alpinelinux.org/alpine/v3.12/main
 
   * Remote URL: http://dl-cdn.alpinelinux.org/alpine/v3.12/main
Line 44: Line 68:
 
[rsync://rsync.alpinelinux.org/alpine Alpine Repos]<br>
 
[rsync://rsync.alpinelinux.org/alpine Alpine Repos]<br>
 
[https://stevessmarthomeguide.com/home-network-dns-dnsmasq Set Static DNS names]<br>
 
[https://stevessmarthomeguide.com/home-network-dns-dnsmasq Set Static DNS names]<br>
 +
[https://unix.stackexchange.com/questions/504100/how-to-create-ssh-reverse-tunnel-with-iptables-forwarding Reverse SSH tunnel]<br>
 
===== Pi Specific =====
 
===== Pi Specific =====
 
[https://raspberrypi.stackexchange.com/questions/89803/access-point-as-wifi-router-repeater-optional-with-bridge/89804 Pi Wifi Repeater]<br>
 
[https://raspberrypi.stackexchange.com/questions/89803/access-point-as-wifi-router-repeater-optional-with-bridge/89804 Pi Wifi Repeater]<br>
Line 54: Line 79:
 
[https://blog.thewalr.us/2017/09/26/raspberry-pi-zero-w-simultaneous-ap-and-managed-mode-wifi AP and Managed Mode]<br>
 
[https://blog.thewalr.us/2017/09/26/raspberry-pi-zero-w-simultaneous-ap-and-managed-mode-wifi AP and Managed Mode]<br>
 
[https://www.instructables.com/Using-a-Raspberry-PI-Zero-W-As-an-Access-Point-and AP and MQTT]<br>
 
[https://www.instructables.com/Using-a-Raspberry-PI-Zero-W-As-an-Access-Point-and AP and MQTT]<br>
 +
 +
==== Package List ====
 +
Put these in the apks/armhf directory on the 256M Fat partition:<br>
 +
 +
iptables-1.8.4-r2.apk                      openssh-8.3_p1-r1.apk
 +
iptables-openrc-1.8.4-r2.apk                openssh-client-8.3_p1-r1.apk
 +
abuild-3.6.0-r1.apk                        iw-5.4-r0.apk                              openssh-keygen-8.3_p1-r1.apk
 +
alpine-base-3.12.3-r0.apk                  kbd-bkeymaps-2.2.0-r2.apk                  openssh-server-8.3_p1-r1.apk
 +
alpine-baselayout-3.2.0-r7.apk              libacl-2.2.53-r0.apk                        openssh-server-common-8.3_p1-r1.apk
 +
alpine-conf-3.9.0-r1.apk                    libattr-2.4.48-r0.apk                      openssh-sftp-server-8.3_p1-r1.apk
 +
alpine-keys-2.2-r0.apk                      libblkid-2.35.2-r0.apk                      openssl-1.1.1i-r0.apk
 +
alpine-mirrors-3.5.10-r0.apk                libc-utils-0.7.2-r3.apk                    patch-2.7.6-r6.apk
 +
apk-tools-2.10.5-r1.apk                    libcap-2.27-r0.apk                          pcsc-lite-libs-1.8.26-r0.apk
 +
attr-2.4.48-r0.apk                          libcom_err-1.45.6-r0.apk                    pkgconf-1.7.2-r0.apk
 +
bash-5.0.17-r0.apk                          libcrypto1.1-1.1.1i-r0.apk                  ppp-atm-2.4.8-r2.apk
 +
bash-completion-2.10-r0.apk                libcurl-7.69.1-r3.apk                      ppp-chat-2.4.8-r2.apk
 +
bonding-2.6-r4.apk                          libedit-20191231.3.1-r0.apk                ppp-daemon-2.4.8-r2.apk
 +
bridge-1.5-r4.apk                          libev-4.33-r0.apk                          ppp-l2tp-2.4.8-r2.apk
 +
bridge-utils-1.6-r0.apk                    libgcc-9.3.0-r2.apk                        ppp-minconn-2.4.8-r2.apk
 +
busybox-1.31.1-r19.apk                      libmnl-1.0.4-r0.apk                        ppp-passprompt-2.4.8-r2.apk
 +
busybox-extras-1.31.1-r19.apk              libnftnl-1.1.6-r0.apk                      ppp-passwordfd-2.4.8-r2.apk
 +
busybox-initscripts-3.2-r2.apk              libnftnl-libs-1.1.6-r0.apk                  ppp-pppoe-2.4.8-r2.apk
 +
busybox-suid-1.31.1-r19.apk                libnl3-3.5.0-r0.apk                        ppp-radius-2.4.8-r2.apk
 +
c-ares-1.16.1-r0.apk                        libpcap-1.9.1-r2.apk                        ppp-winbind-2.4.8-r2.apk
 +
ca-certificates-20191127-r4.apk            libssl1.1-1.1.1i-r0.apk                    readline-8.0.4-r0.apk
 +
ca-certificates-bundle-20191127-r4.apk      libstdc++-9.3.0-r2.apk                      scanelf-1.2.6-r0.apk
 +
chrony-3.5.1-r0.apk                        libtls-standalone-2.9.1-r1.apk              signature.tar.gz
 +
chrony-openrc-3.5.1-r0.apk                  libusb-1.0.23-r0.apk                        ssl_client-1.31.1-r19.apk
 +
curl-7.69.1-r3.apk                          libuuid-2.35.2-r0.apk                      tar-1.32-r1.apk
 +
dbus-libs-1.12.18-r0.apk                    lzip-1.21-r0.apk                            tcpdump-4.9.3-r2.apk
 +
dnsmasq-2.81-r0.apk                        mii-tool-1.60_git20140218-r2.apk            tree-1.8.0-r0.apk
 +
e2fsprogs-1.45.6-r0.apk                    musl-1.1.24-r10.apk                        tzdata-2020c-r1.apk
 +
e2fsprogs-libs-1.45.6-r0.apk                musl-utils-1.1.24-r10.apk                  usb-modeswitch-2.6.0-r1.apk
 +
ethtool-5.6-r0.apk                          ncurses-libs-6.2_p20200523-r0.apk          vlan-2.2-r0.apk
 +
ez-ipupdate-3.0.10-r9.apk                  ncurses-terminfo-base-6.2_p20200523-r0.apk  wireless-tools-30_pre9-r1.apk
 +
fakeroot-1.24-r0.apk                        net-tools-1.60_git20140218-r2.apk          wpa_supplicant-2.9-r5.apk
 +
haveged-1.9.8-r1.apk                        network-extras-1.2-r0.apk                  wpa_supplicant-openrc-2.9-r5.apk
 +
haveged-openrc-1.9.8-r1.apk                nghttp2-1.41.0-r0.apk                      zlib-1.2.11-r3.apk
 +
hostapd-2.9-r2.apk                          nghttp2-libs-1.41.0-r0.apk
 +
hostapd-openrc-2.9-r2.apk                  openrc-0.42.1-r11.apk

Revision as of 12:43, 3 January 2021

Pi Zero W Wireless Router

This is a page to describe building a Wireless Access Point with two wired ethernet ports for building a home router that connects to the internet with one wired port, and internal Lan with the second wired port and the on-board WiFi.

The intent is to provide this:

                                    |<-->eth1 <-->| 
Internet <--> eth0 <-->FireWall<-->br0           Internal<--> ssh,bind,dhcp, with ssh reverse ssh connections.
                                    |<-->wlan0<-->|

Overview

I generally run Debian and when forced by Red Hot Irons, Red Hat. This is my first foray into Alpine. So far I am very impressed. I mirrored the 3.12 armhf repos so I had things local when I needed them. Word to the wise. That is 13G of apk files.
One *really* nice feature of Alpine is apk, the yum/apt replacement:

  • It is simple, short, and to the point.
  • The same tool provides *repo* level dependency reporting!
  • Install of single packages without repo signing (I never did get the signing correct, but I can install).

Install

  • Find a microsd (or HDD) you can wipe. We will assume it is /dev/sdc.
  • make a 256M fat16 partition (sudo mkfs.vfat -n ALPBOOT /dev/sdc1)
  • the rest of the device can be ext2 (ext3/4 on HDD) (sudo mke2fs -m1 -L alext3 /dev/sdc2).
  • untar the alpine-rpi-3.12.3-armhf.tar.gz and copy all files to the fat16 partition which is good for up to 2G.
  • make sure you have all the packages from the package list below installed on the SD card. This will save you lots of time.
  • install openssh, openssh-server, openssh-client, openssh-server-common,
  • install dnsmasq, ethtool, hostapd*, busybox extras, iptables*, iw,net-tools, tree, wireless-tools.
ssh config

The allowed users are not normal names since I want the names to be a little obfuscated. Not that it really matters, since this is a key driven setup
AddressFamily inet
ListenAddress 0.0.0.0
HostKey /etc/ssh/ssh_host_rsa_key
LogLevel INFO
LoginGraceTime 30
PermitRootLogin no
StrictModes yes
AllowUsers Som123X Extern4524User
PubkeyAuthentication yes
AuthorizedKeysFile /etc/ssh/authorized_keys
HostbasedAuthentication yes
IgnoreUserKnownHosts yes
IgnoreRhosts yes
PasswordAuthentication no
ChallengeResponseAuthentication no
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding no

References

apk notes:

  • Create and index and check dependencies on a list of apk files: apk index -o APKINDEX.unsigned.tar.gz *.apk
  • Install a package: apk add iw OR apk add /path/to/iw-5.4-r0.apk
  • remove a package: apk del iw
  • repository lists are in: /etc/apk/repositories
 * Local URL: /media/mmcblk0p1/apks
 * Remote URL: http://dl-cdn.alpinelinux.org/alpine/v3.12/main

FAT16/32 limits
udhcpc
ez-ipupdate
Dynamic_DNS
Alpine Linux Bridge
Connect to wireless AP
dnsmasq listen restrictions
Disable IPV6
dnsmasq Docs
HostApd Docs
[rsync://rsync.alpinelinux.org/alpine Alpine Repos]
Set Static DNS names
Reverse SSH tunnel

Pi Specific

Pi Wifi Repeater
WiFi Bridge
Alpine Install
PiZeroW Install
Classic Sys Install on Pi

Not Related, but Interesting

AP and Managed Mode
AP and MQTT

Package List

Put these in the apks/armhf directory on the 256M Fat partition:

iptables-1.8.4-r2.apk openssh-8.3_p1-r1.apk iptables-openrc-1.8.4-r2.apk openssh-client-8.3_p1-r1.apk abuild-3.6.0-r1.apk iw-5.4-r0.apk openssh-keygen-8.3_p1-r1.apk alpine-base-3.12.3-r0.apk kbd-bkeymaps-2.2.0-r2.apk openssh-server-8.3_p1-r1.apk alpine-baselayout-3.2.0-r7.apk libacl-2.2.53-r0.apk openssh-server-common-8.3_p1-r1.apk alpine-conf-3.9.0-r1.apk libattr-2.4.48-r0.apk openssh-sftp-server-8.3_p1-r1.apk alpine-keys-2.2-r0.apk libblkid-2.35.2-r0.apk openssl-1.1.1i-r0.apk alpine-mirrors-3.5.10-r0.apk libc-utils-0.7.2-r3.apk patch-2.7.6-r6.apk apk-tools-2.10.5-r1.apk libcap-2.27-r0.apk pcsc-lite-libs-1.8.26-r0.apk attr-2.4.48-r0.apk libcom_err-1.45.6-r0.apk pkgconf-1.7.2-r0.apk bash-5.0.17-r0.apk libcrypto1.1-1.1.1i-r0.apk ppp-atm-2.4.8-r2.apk bash-completion-2.10-r0.apk libcurl-7.69.1-r3.apk ppp-chat-2.4.8-r2.apk bonding-2.6-r4.apk libedit-20191231.3.1-r0.apk ppp-daemon-2.4.8-r2.apk bridge-1.5-r4.apk libev-4.33-r0.apk ppp-l2tp-2.4.8-r2.apk bridge-utils-1.6-r0.apk libgcc-9.3.0-r2.apk ppp-minconn-2.4.8-r2.apk busybox-1.31.1-r19.apk libmnl-1.0.4-r0.apk ppp-passprompt-2.4.8-r2.apk busybox-extras-1.31.1-r19.apk libnftnl-1.1.6-r0.apk ppp-passwordfd-2.4.8-r2.apk busybox-initscripts-3.2-r2.apk libnftnl-libs-1.1.6-r0.apk ppp-pppoe-2.4.8-r2.apk busybox-suid-1.31.1-r19.apk libnl3-3.5.0-r0.apk ppp-radius-2.4.8-r2.apk c-ares-1.16.1-r0.apk libpcap-1.9.1-r2.apk ppp-winbind-2.4.8-r2.apk ca-certificates-20191127-r4.apk libssl1.1-1.1.1i-r0.apk readline-8.0.4-r0.apk ca-certificates-bundle-20191127-r4.apk libstdc++-9.3.0-r2.apk scanelf-1.2.6-r0.apk chrony-3.5.1-r0.apk libtls-standalone-2.9.1-r1.apk signature.tar.gz chrony-openrc-3.5.1-r0.apk libusb-1.0.23-r0.apk ssl_client-1.31.1-r19.apk curl-7.69.1-r3.apk libuuid-2.35.2-r0.apk tar-1.32-r1.apk dbus-libs-1.12.18-r0.apk lzip-1.21-r0.apk tcpdump-4.9.3-r2.apk dnsmasq-2.81-r0.apk mii-tool-1.60_git20140218-r2.apk tree-1.8.0-r0.apk e2fsprogs-1.45.6-r0.apk musl-1.1.24-r10.apk tzdata-2020c-r1.apk e2fsprogs-libs-1.45.6-r0.apk musl-utils-1.1.24-r10.apk usb-modeswitch-2.6.0-r1.apk ethtool-5.6-r0.apk ncurses-libs-6.2_p20200523-r0.apk vlan-2.2-r0.apk ez-ipupdate-3.0.10-r9.apk ncurses-terminfo-base-6.2_p20200523-r0.apk wireless-tools-30_pre9-r1.apk fakeroot-1.24-r0.apk net-tools-1.60_git20140218-r2.apk wpa_supplicant-2.9-r5.apk haveged-1.9.8-r1.apk network-extras-1.2-r0.apk wpa_supplicant-openrc-2.9-r5.apk haveged-openrc-1.9.8-r1.apk nghttp2-1.41.0-r0.apk zlib-1.2.11-r3.apk hostapd-2.9-r2.apk nghttp2-libs-1.41.0-r0.apk hostapd-openrc-2.9-r2.apk openrc-0.42.1-r11.apk