This is a blog mostly about techie things, what I am doing to my apartment network on the cheap, IOT, 3D Printing, Raspberry Pis, Arduinos, ESP32, ESP8266, Home Automation, Personal Weather Stations, Things That Go Bump in the Night, and some side issues that need discussing. Remember, sometimes the journey to an end is as much fun as the goal achieved!
Friday, January 30, 2015
Loaded OpenWRT onto an SD card for test in Reverse Router Mode
I just followed the instructions here to get an SD card image for OpenWRT. I am going to configure it much the same as what I have done with the dual wifi adapter setups. Then I plan to finagle some way of pushing a DMZ to the ethernet port. More later.
Configuration Files for Specialized Router for Work
I thought that I would record the configuration files that I used for the Specialized Router here, so that I would have something to reference in the future. The setup here assumes that I have a common SSID that I connect to both at home and at work. At home, I have a separate SSID that I have set up on my primary router and on the WAP that I have downstairs. The channel number is not the same in both places, but the RPi software looks for the SSID and does the connection. At work, I use a DIR-505L router which is set to wifi hotspot mode with the same SSID but is connected to the guest wifi SSID at work. Assuming that hostapd and isc-dhcp-server are installed, the configuration files are as follows:
(1) /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="CairParavelClone"
psk="p19dsndgyxhrh$AM"
proto=WPA
key_mgmt=WPA-PSK
pairwise=TKIP
auth_alg=OPEN
}
(2) /etc/default/isc-dhcp-server
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
DHCPD_CONF=/etc/dhcp/dhcpd_test.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
DHCPD_PID=/var/run/dhcpd_test.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="wlan1"
(3) /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
#iface default inet dhcp
allow-hotplug wlan1
#auto wlan1
iface wlan1 inet static
address 192.168.42.1
netmask 255.255.255.0
network 192.168.42.0
up iptables-restore < /etc/iptables.ipv4.nat
(4) /etc/hostapd/hostapd.conf
interface=wlan1
ssid=Pi_AP
hw_mode=g
channel=9
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=Raspberry
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
(5) /etc/dhcp/dhcpd_test.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.100 192.168.42.120;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
(6) /etc/iptables.ipv4.nat
# Generated by iptables-save v1.4.14 on Sat Jan 24 16:37:01 2015
*nat
:PREROUTING ACCEPT [217:54744]
:INPUT ACCEPT [4:751]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Sat Jan 24 16:37:01 2015
# Generated by iptables-save v1.4.14 on Sat Jan 24 16:37:01 2015
*filter
:INPUT ACCEPT [256:19656]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [136:13904]
-A FORWARD -i wlan0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan1 -o wlan0 -j ACCEPT
COMMIT
# Completed on Sat Jan 24 16:37:01 2015
That is about it for right now. Updates to follow when I get the Netgear G54/N150 nano adapters to be more stable.
(1) /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid="CairParavelClone"
psk="p19dsndgyxhrh$AM"
proto=WPA
key_mgmt=WPA-PSK
pairwise=TKIP
auth_alg=OPEN
}
(2) /etc/default/isc-dhcp-server
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
DHCPD_CONF=/etc/dhcp/dhcpd_test.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
DHCPD_PID=/var/run/dhcpd_test.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="wlan1"
(3) /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
#iface default inet dhcp
allow-hotplug wlan1
#auto wlan1
iface wlan1 inet static
address 192.168.42.1
netmask 255.255.255.0
network 192.168.42.0
up iptables-restore < /etc/iptables.ipv4.nat
(4) /etc/hostapd/hostapd.conf
interface=wlan1
ssid=Pi_AP
hw_mode=g
channel=9
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=Raspberry
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
(5) /etc/dhcp/dhcpd_test.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.100 192.168.42.120;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
(6) /etc/iptables.ipv4.nat
# Generated by iptables-save v1.4.14 on Sat Jan 24 16:37:01 2015
*nat
:PREROUTING ACCEPT [217:54744]
:INPUT ACCEPT [4:751]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Sat Jan 24 16:37:01 2015
# Generated by iptables-save v1.4.14 on Sat Jan 24 16:37:01 2015
*filter
:INPUT ACCEPT [256:19656]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [136:13904]
-A FORWARD -i wlan0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan1 -o wlan0 -j ACCEPT
COMMIT
# Completed on Sat Jan 24 16:37:01 2015
That is about it for right now. Updates to follow when I get the Netgear G54/N150 nano adapters to be more stable.
Wednesday, January 21, 2015
Setting Up a Specialized Wireless Hotspot/Bridge Combo for Work
Givens: So, where I work at has a number of separate networks. There is a corporate network which has a number of security setups which need to be kept pristine. There is also a guest network which uses a capture port wireless access. I have a copy of Kali Linux on my work laptop which runs in a VM. I want to keep this VM separate from the corporate network but still be able to use it in my job, which involves doing some checks against lab equipment. I also like to bring my RPis into the office to work on during lunch.
Project: What I want to do is use a Raspberry Pi to be the intermediary with two internal network connections at work with the following characteristics:
I think I might dub this one Reverse Router, because I can think of a couple of other things that I might do with it under the area of penetration testing.
Update (2015-01-25): I had problems getting the DHCP server to work correctly and consistently with the TP-Link adapters that I was using, they kept dropping out. I finally got a sufficiently consistent connection once I switched over to the Netgear adapters. I may end up having to buy additional adapters for other tests.
Update (2015-01-27): I changed the channel addresses so that the two Netgear wifi adapters would not be tromping on each other; for stability reasons. I found a website that tells me how to set up multiple SSIDs on the same interface using hostapd (Multiple_SSIDs_with_hostapd). Also finally got the basic wireless access point to work with a wireless connection to my DIR-505L router. So now I have a wireless coming in to a NAT firewall to a WAP with DHCP going out. Right now I am copying the microSD to put onto a different microSD so that I can implement multiple SSIDs. What I want to do there is to have three SSIDs: one accessing the house (house SSID and cert), one for guest access, and one for secure test access (TBD). Each of these SSIDs will be set up to appear if certain files have been touched. I have not fully determined if the Netgear G54/N150 can handle multiple SSIDs or not. I know that hostapd can.
Update (2015-01-28): Well I discovered that there are some issues with changing the mac address of a wifi adapter on the fly. I did the first part of the setup from the Multiple SSIDs with hostapd article and borked the connection. What I will probably find when I look into it is that the wifi mac address was stored somewhere and it's keeping the dhcp server from running on the WAP.
Update (2015-01-29): Nope, the Netgear G54/N150 is not capable of changing the wifi MAC address; at least from my experiments that is the case. I wish that were not true, maybe I will try the previous wifi adapters (based on the rtl8188cu chipset).
Update (2015-01-30): After reading a couple of things online, maybe what I have here is a driver problem for the Netgear G54/N150 nano adapters. What seems to give it away is the problems that I have when I try to use the "iw list" command, which always comes back with an error. In addition, the setup does not appear stable between reboots; sometimes the dhcp server comes up and sometimes it doesn't.
Project: What I want to do is use a Raspberry Pi to be the intermediary with two internal network connections at work with the following characteristics:
- EXT - provide connection to the guest wireless through a wifi adapter on the RPi; have it automatically log into the guest wireless capture page and obtain an IP; this should provide a semi-permanent connection for both internal networks.
- NET1 - provide a bridge to the Kali Linux VM through a USB to Ethernet adapter connected to the Ethernet port on the RPi and then to a USB port on the work laptop; have it provide the EXT IP directly to the Kali Linux VM.
- NET2 - provide a NAT firewall (opt. packet inspection) between the EXT and another wifi adapter which provides a DHCP server/Wireless Access Port with an SSID which is common to the home network. I might split this up into 3 separate SSIDs.
- TUN1 - provide an opt. ssh tunnel through the EXT from NET2 to the home network for vpn connection giving an external WAP connection to my home network.
I think I might dub this one Reverse Router, because I can think of a couple of other things that I might do with it under the area of penetration testing.
Update (2015-01-25): I had problems getting the DHCP server to work correctly and consistently with the TP-Link adapters that I was using, they kept dropping out. I finally got a sufficiently consistent connection once I switched over to the Netgear adapters. I may end up having to buy additional adapters for other tests.
Update (2015-01-27): I changed the channel addresses so that the two Netgear wifi adapters would not be tromping on each other; for stability reasons. I found a website that tells me how to set up multiple SSIDs on the same interface using hostapd (Multiple_SSIDs_with_hostapd). Also finally got the basic wireless access point to work with a wireless connection to my DIR-505L router. So now I have a wireless coming in to a NAT firewall to a WAP with DHCP going out. Right now I am copying the microSD to put onto a different microSD so that I can implement multiple SSIDs. What I want to do there is to have three SSIDs: one accessing the house (house SSID and cert), one for guest access, and one for secure test access (TBD). Each of these SSIDs will be set up to appear if certain files have been touched. I have not fully determined if the Netgear G54/N150 can handle multiple SSIDs or not. I know that hostapd can.
Update (2015-01-28): Well I discovered that there are some issues with changing the mac address of a wifi adapter on the fly. I did the first part of the setup from the Multiple SSIDs with hostapd article and borked the connection. What I will probably find when I look into it is that the wifi mac address was stored somewhere and it's keeping the dhcp server from running on the WAP.
Update (2015-01-29): Nope, the Netgear G54/N150 is not capable of changing the wifi MAC address; at least from my experiments that is the case. I wish that were not true, maybe I will try the previous wifi adapters (based on the rtl8188cu chipset).
Update (2015-01-30): After reading a couple of things online, maybe what I have here is a driver problem for the Netgear G54/N150 nano adapters. What seems to give it away is the problems that I have when I try to use the "iw list" command, which always comes back with an error. In addition, the setup does not appear stable between reboots; sometimes the dhcp server comes up and sometimes it doesn't.
Friday, January 9, 2015
Weather Station Project #13 - Thinking of a Different Way to Send Snow Related Weather Data
I am sitting in the Detroit airport waiting for my flight and it occurred to me that I might be able to complement my weather station with some additional data. What I would do is get the additional data, such as snow accumulations and do a surface extrapolation to find approximately what it should be near me. Then, I could use some laser scanning techniques to extract a free fall snow drift. I would need to shelter the area where I would determine the size from wind (so that it doesn't drift from other places, giving a false reading). By using a laser scanning technique, I could measure the height of the snow pile and thus the amount of snowfall. Before I send the information out in my normal weather stream, I could use the extrapolated point to determine if my findings are within the "ballpark" of a correct amount. This would give me some confidence in my findings. Again, this could be transmitted via a wifi link to my network to be combined with other weather information.
I should think about how I am going to interject the other three sensors with this type of thing.
Maybe I should think about opening up a blog on the Weather Underground to talk about DIY and Hobbyist Built Weather Stations.
I should think about how I am going to interject the other three sensors with this type of thing.
Maybe I should think about opening up a blog on the Weather Underground to talk about DIY and Hobbyist Built Weather Stations.
Subscribe to:
Posts (Atom)