|
|
@@ -0,0 +1,73 @@
|
|
|
+---
|
|
|
+title: Mobile Setup with VPN
|
|
|
+categories: [cheatsheets]
|
|
|
+tags: [networking, hotspot, mobile]
|
|
|
+---
|
|
|
+
|
|
|
+# Mobile Setup with VPN
|
|
|
+
|
|
|
+## Hotspot
|
|
|
+
|
|
|
+**Tools needed:**
|
|
|
+
|
|
|
+- hostapd
|
|
|
+- dnsmasq
|
|
|
+- iptables
|
|
|
+
|
|
|
+### Configure dnsmasq and hostapd
|
|
|
+
|
|
|
+* hostapd (`/etc/hostapd.conf`)
|
|
|
+```
|
|
|
+interface=wlan0
|
|
|
+driver=nl80211
|
|
|
+ssid=sectest
|
|
|
+# Set access point harware mode to 802.11n
|
|
|
+hw_mode=g
|
|
|
+ieee80211n=1
|
|
|
+channel=6
|
|
|
+```
|
|
|
+
|
|
|
+* DNSmasq (`/etc/dnsmasq.conf`)
|
|
|
+```
|
|
|
+# Bind to only one interface
|
|
|
+bind-interfaces
|
|
|
+interface=wlan0
|
|
|
+dhcp-range=192.168.150.2,192.168.150.10
|
|
|
+```
|
|
|
+
|
|
|
+### Setup Hotspot
|
|
|
+
|
|
|
+* run `hotspot.sh`
|
|
|
+```
|
|
|
+#!/bin/bash
|
|
|
+# Starting
|
|
|
+sudo service wpa_supplicant stop
|
|
|
+sudo pkill wpa_supplicant
|
|
|
+
|
|
|
+sudo ifconfig wlan0 192.168.150.1
|
|
|
+sudo service dnsmasq restart
|
|
|
+sudo sysctl net.ipv4.ip_forward=1
|
|
|
+sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
+sudo hostapd /etc/hostapd.conf
|
|
|
+
|
|
|
+# Stopping
|
|
|
+sudo iptables -D POSTROUTING -t nat -o eth0 -j MASQUERADE
|
|
|
+sudo sysctl net.ipv4.ip_forward=0
|
|
|
+sudo service dnsmasq stop
|
|
|
+sudo service hostapd stop
|
|
|
+sudo service wpa_supplicant start
|
|
|
+```
|
|
|
+
|
|
|
+* In case of **Failure**: `stop service wpa_supplicant && pkill wpa_supplicant`
|
|
|
+
|
|
|
+
|
|
|
+## Forwarding Traffic to VPN
|
|
|
+
|
|
|
+* Use the following iptables rules:
|
|
|
+```
|
|
|
+# wlan0 = AP interface
|
|
|
+# tun0 = VPN interface
|
|
|
+iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
|
|
|
+iptables -A FORWARD -i tun0 -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
|
+iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
|
|
|
+```
|
Marius Schwarz