RaspberryPi/July 2020: Difference between revisions
From charlesreid1
| Line 186: | Line 186: | ||
rsn_pairwise=CCMP | rsn_pairwise=CCMP | ||
</pre> | </pre> | ||
=Installing PiHole= | |||
This one is pretty easy. The one-liner, once you've inspected the code you're about to run (OF COURSE), is: | |||
<pre> | |||
curl -sSL https://install.pi-hole.net | sudo bash | |||
</pre> | |||
Normally it is bad practice to pipe to sudo bash, but this time around we make an exception. Ya know. Cuz we do like we do. You don't like it, you fuck off, you hear? | |||
=Related Pages= | =Related Pages= | ||
Revision as of 07:09, 16 July 2020
Startup
Wipe SD Cards
Wipe SD cards and install raspbian
Mount SD Cards
Mount the SD cards as a local filesystem on a Linux box
Now, if you want to modify the file /foo/bar, you can edit the file on the SD card at /media/ubuntu/rootfs/foo/bar
Enable SSH
Touch a file named ssh in the boot sector of the SD card to enable the service to start on boot:
touch /media/ubuntu/boot/ssh
Wifi
Set up wpa supplicant config file for your local wifi network
https://charlesreid1.com/wiki/Ubuntu/Bespin#Configure_WPA_Supplicant
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="YOURWIFINETWORK"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP TKIP
group=CCMP TKIP
psk="YOURWIFIPASSWORD"
}
Network Interfaces
Next set up the WPA supplicant service to automatically start for our wifi device
Update the contents of your network interfaces file to look like this:
/etc/network/interfaces
source-directory /etc/network/interfaces.d
allow-hotplug lo
iface lo inet loopback
allow-hotplug wlan0
iface wlan0 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
Power up the Pi
Next time you boot up the Pi you should see your wifi card light blinking.
Try running an nmap scan for port 22 before and after the pi is plugged in, from another computer on the same network:
nmap -p22 192.168.0.0/24 > nmap-before # plug in the pi, wait a few minutes nmap -p22 192.168.0.0/24 > nmap-after
assuming your home wifi is 192.168.0.0/24.
Troubleshooting
If you need to troubleshoot, power off the Pi and re-mount the SD card on a Linux box. Check the syslog at /media/ubuntu/rootfs/var/log/syslog and see what's going on.
PIA on Raspberry Pi
This sets up a VPN tunnel at tun0 that connects to a PIA VPN server.
Run these commands as sudo:
# install openvpn
apt-get -y install openvpn
# set up pia
cd /tmp
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
unzip -d openvpn openvpn.zip
cd openvpn
# pick a profile to install
mv 'US West.ovpn' 'West.ovpn'
PROFILE="West"
cp ca.rsa.2048.crt /etc/openvpn/.
cp crl.rsa.2048.pem /etc/openvpn/.
cp ${PROFILE}.ovpn /etc/openvpn/.
# set up login credentials for PIA
touch /etc/openvpn/login
echo "USERNAME" >> /etc/openvpn/login
echo "PASSWORD" >> /etc/openvpn/login
chown root:root /etc/openvpn/login
chmod 600 /etc/openvpn/login
# modify openvpn service to use .ovpn files intead of .conf files, and set absolute paths
sed -i 's+^auth-user-pass+& /etc/openvpn/login+' /etc/openvpn/${PROFILE}.ovpn
sed -i 's+^ca ca.rsa.2048.crt+& /etc/openvpn/ca.rsa.2048.crt+' /etc/openvpn/${PROFILE}.ovpn
sed -i 's+^crl-verif crl.rsa.2048.pem+& /etc/openvpn/crl.rsa.2048.pem+' /etc/openvpn/${PROFILE}.ovpn
sed -i 's+\.conf+.ovpn+' /lib/systemd/system/openvpn@.service
# start openvpn
openvpn --config /etc/openvpn/${PROFILE}.ovpn
Once you have verified it is working, cancel the openvpn process and run the openvpn service:
systemctl enable openvpn@${PROFILE}
systemctl start openvpn@${PROFILE}
Verify it is working:
curl -4 icanhazip.org
and verify it is working.
Connect to internet
At this point, you will need an internet connection, plus an unoccupied wifi device.
You can leave the first wifi card alone as it is, and plug in a second wifi card (wlan1).
Or, you can connect an ethernet cable (eth0) and use wlan0 to run the hostapd.
We use the first scenario.
Hostapd on Raspberry Pi
First allow the Pi to forward packets and act as a router by adding this line to your sysctl config:
/etc/sysctl.conf
net.ipv4.ip_forward=1
Reload the sysctl:
sudo sysctl --system
Install hostapd:
sudo apt-get -y install hostapd
Configure hostapd file:
/etc/hostapd/hostapd.conf
interface=wlan1 driver=nl80211 hw_mode=g channel=1 macaddr_acl=0 ignore_broadcast_ssid=0 # LAN10 ssid=LAN10 wpa_passphrase=cow-doctor-horse-building-5 auth_algs=1 wpa=3 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Installing PiHole
This one is pretty easy. The one-liner, once you've inspected the code you're about to run (OF COURSE), is:
curl -sSL https://install.pi-hole.net | sudo bash
Normally it is bad practice to pipe to sudo bash, but this time around we make an exception. Ya know. Cuz we do like we do. You don't like it, you fuck off, you hear?
Related Pages
Flags
