Ubuntu/Bespin/Second AP Tunnel

From charlesreid1

Main article: Ubuntu/Bespin

Old version (ended in failure): Ubuntu/Bespin/Second AP Tunnel/Fail

This page contains instructions for modifying the existing Access Point-to-VPN tunnel to include multiple access points and multiple tunnels, with each access point going through a different tunnel.

Overview of Setup

Recall that our existing setup is as follows:

  • One hostapd process running a single AP
  • One VPN tunnel to PIA servers, tun1
  • One access point to serve clients, wlan1
  • Iptables rules to forward traffic from wlan1 to tun1 and vice-versa
  • dnsmasq running DHCP and DNS for the access point on 127.0.0.1:53

The modifications we will make are as follows:

  • Update the hostapd file so it will run two APs
  • Open second VPN tunnel to different PIA servers, tun2
  • One access point to serve clients, wlan2
  • Iptables rules to forward traffic from wlan2 to tun2 and vice-versa
  • dnsmasq will do DHCP and DNS for BOTH access points


Hostapd Config Modifications

Modify the hostapd configuration file to define a second access point.

You will also need to specify a mac address for the access point to use. Just bump the last octet by one.

/etc/hostapd/hostapd.conf 

interface=wlan1
driver=nl80211
hw_mode=g
channel=1
macaddr_acl=0
ignore_broadcast_ssid=0

# First LAN
ssid=YOURNETWORKNAMEHERE
auth_algs=1
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wpa_passphrase=YOURPASSPHRASEHERE
bssid=00:11:22:33:44:55:66

# Second LAN
bss=wlan1:0
ssid=YOURNETWORKNAMEHERE
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wpa_passphrase=YOURPASSPHRASEHERE
bssid=00:11:22:33:44:55:67

Network Interface Modifications

Modify the wlan1 stanza of /etc/network/interfaces so that the new wireless device that will be created by hostapd will have a static IP address. We assign it the range 192.168.30.0/24 (LAN30 = 192.168.30.*)

It should look like the following: 


allow-hotplug wlan1 wlan1:0
iface wlan1 inet static
    address 192.168.10.1
    netmask 255.255.255.0
    gateway 192.168.10.1
iface wlan1:0 inet static
    address 192.168.30.1
    netmask 255.255.255.0
    gateway 192.168.30.1
Retrieved from "https://charlesreid1.com/w/index.php?title=Ubuntu/Bespin/Second_AP_Tunnel&oldid=28146"