01/26/2016 at 22:00 •
This has been back-burner'd for a while. Work and school come first and all. But progress has been made very recently. Some time ago, I gave up on the TP Link pocket router and went with a Raspberry Pi 2, inspired by other projects on here and around the web. That ended up making things much easier for me as there's a much larger support base and community for the Pi than the MR2030. At least for one with my level of skill. Some of this may be easy for those of you who have years of experience with Linux and whatnot. I have had a very basic understanding of Linux but I'm going all in. I've taken it all apart and built it back up and here it is.
The current iteration has two identical Alfa AWUS036NH wireless adapters and a BU-353S4 GPS receiver. It creates an access point on WLAN0 and connects to an open access point with WLAN1. WLAN1 passes traffic to WLAN0 and ETH0. My thanks to the folks at Realies for providing the walkthrough for setting up the Pi. There were a great many sites on the internet that contributed but theirs was the most comprehensive and the only walkthrough that used WPA2. Additionally, they have some information on getting this setup working with the little Edimax adapters that are so popular with the Pi.
After wiping the micro SD card on my setup about a hundred times, I decided I was tired of going through the configuration over and over. I have also recently decided to learn bash scripting. So, for the last few weeks I've been schooling up on Bash and Git and Github. I've linked my repo in the project links section, feel free to use it or contribute to make it better. The ap.sh script will set up your Pi as an access point if you've got the same components as I do. Really, it should work with anything that uses the nl80211 driver.
My current configuration also includes GPS using a BU-353S4 receiver which uses serial over USB. There's been some issues with Raspbian Jessie and this S4 model. I haven't seen anybody having issues with a standard BU-353 (discontinued) or Rasbian Wheezy. The fix was just to update the default config file with the same commands that one would normally pass when running gpsd. I've made a script for that too, because I'd rather spend six hours learning how to do something in ten seconds than spend sixty seconds each time I have to wipe the card and rebuild.
Next steps, I want to set up the Pi to automatically establish a VPN tunnel to my home server so that any connected clients have all traffic pass through the tunnel and there is no worry of leaks. I also would have the Raspberry Pi report it's position and other nearby access points to my server, like a wardriving rig.
Additional considerations may include setting up something like a Piratebox on it's own SSID and removable drive, bluetooth connectivity, an SDR server with rtl_tcp, and maybe a camera. I really don't think the Pi can handle all these things at once but maybe a second Pi could be in the same enclosure, connected via ETH0, handling the extra hardware and the first just does the access point and GPS. Super bonus idea: maybe add directional antennas on rotating mounts with servos or stepper motors and have an additional setup in my truck that keeps an antenna aimed at me while I'm out and about and another antenna aimed at whitelisted access points.
Still looking for help, if anyone can or wants to contribute.
06/22/2015 at 15:28 •
So, what happens when I have a good idea? Nobody else has ever done it and I don't know how to do it and I have to learn all new things and then when I'm ready to give up, I find out people have been doing this all along and I don't even know how to Google, apparently.
The other week, I decided the little TP-Link MR3020 couldn't handle what I was tasking it to do so I bought a Raspberry Pi 2. After a week of fooling around and finding similar projects (https://hackaday.io/project/2040-web-security-everywhere) I decided I'd just follow someone else's instructions. I ended up going with https://realiesone.wordpress.com/2015/03/11/the-raspberry-pi-as-an-internet-pass-through-web-server-using-two-wireless-adapters/ for starters and currently have the device operational with the Edimax adapters. I'll test it out with the captive portal at work tomorrow night.
I still plan to tinker with this and maybe try some other builds but I'm gonna call this one done. Thank you everyone for all your support and I'll keep you posted if things happen.
02/06/2015 at 06:05 •
It's been a minute but I have news. Firstly, apologies for the delay. I'm in school and have to give priority to it as this is the whole reason I got back in college. Here's what went down in an easy to digest format:
- Wiped Windows XP from an old machine and installed FreeBSD 10.1.
- Configured SSH daemon on FreeBSD machine.
- Setup port forwarding.
As previously mentioned, I'm making sure I know how to accomplish my goals on my laptop before I apply it all to the bhackpack project. So I went back to square one on the VPN because I was previously running OpenVPN on the XP machine. XP was a problem. So I have the SSH tunnel active now and am able to tunnel select ports. I started with my external router's remote administration port so now remote admin is disabled but I can still access the web GUI internally from the tunnel, and telnet in the same way. Having access to this and being SSH'd into my server at home while at work during downtime should help move this along faster (studies permitting).
- Establish VPN system-wide on remote machine.
- Apply all necessary configuration to TP-Link pocket router.
- Verify all traffic will route through tunnel.
- Write script to continuously monitor for open access points and connect
- If necessary, agree to terms of service or alert me action is needed.
07/20/2014 at 05:52 •
I (finally) started an OpenVPN server and configured my home network for VPN and IP Passthrough. Testing with my laptop, I got confirmation of a successful connection but for all my testing it appeared dead. No internet, no network visible. I had to revert network configuration before leaving for work this evening due to an as yet unexplained loss of connectivity on other network devices. After enabling remote administration, I was able to make another attempt during downtime at work however my employer appears to be blocking VPN. Port 1194 is a common port registered to OpenVPN so after running netstat -b I found an active TCP port used by chrome and since they apparently weren't blocking that port, I edited the OpenVPN configuration to connect to that port on my remote network, then configured port forwarding so that any incoming requests on that port were sent to the VPN server's address and port.
Having talked myself through this just now, I wonder if, instead of pointing requests on that port number to the server-assigned IP, I should have pointed those requests back to the gateway's internal 192.168.1.1 IP and let the firmware handle the request from there as I had told DD-WRT the required information for the OpenVPN server.
06/08/2014 at 07:10 •
I dug an older PC and a few routers out and I will be setting up OpenVPN this week. Once the server is running, I'll start by making my laptop a client for testing. To be clear, I want the pocket router in my backpack to ultimately be the client and my trusted devices stay connected to the router.
The workspace you see tends to explode out of the backpack on the right for now but the final solution will stay in the backpack 24/7. Read: tidy.
edit: This was my lunch break, please excuse the food at my desk.
I'm also looking into giving the router it's own 3G/4G connection via Sprint but Sprint is such fail in my community that I may just cross that bridge further down the line.
04/03/2014 at 07:49 •
So here's the deal. Up until this point I've flashed the firmware to OpenWRT, added ExtRoot to put the filesystem on an attached USB drive formatted to ext4, and added support for the ALFA adapter as Radio1. I've tried to keep a journal via readme.txt in the folder on my computer where I store all the firmware backups which I make every time I change ANYTHING. I got it to connect to my home network via Radio1 as a client, and pipe data through to Radio0 as a master. It stayed alive indefinitely and all was good. But at work, where we have guest WiFi, it only stays alive for a few minutes and then becomes unresponsive. Part of that problem (I think) is in the Guest WiFi because my phone has similar problems where it will remain connected to the AP but no data passes through.
If anyone here has exhaustive experience with OpenWRT, I'd love to hear from you for your insight and ideas.