Preface
In the last article "Raspberry pi Setting up Automatic Dial-up, Building Wireless Routing Environment", the author uses hostapd and udhcpd programs to create wireless hotspots, address allocation and DNS server settings. This article will improve the raspberry pie AP based on the environment of the previous article: using dnsmasq instead of udhcpd to implement DNS and address lease, and encapsulating AP function as a service
The hostapd and udhcpd used in the previous article have some shortcomings:
Start in command line mode, without encapsulating the startup itself as a fixed "service"
Three generations of raspberry school's built-in network card and the name of the external network card used by the author are wlan*, which may cause the number confusion when the system starts up.
In the configuration file of udhcpd service, the address of upstream DNS needs to be specified manually, which makes it inconvenient to adjust.
Because the Kali system used by the author is a newer Kali rolling system, like Debian 9, Ubuntu 16.04 and CentOS/RHEL 7.x, it has replaced init with system D. Therefore, in view of the first defect, the author uses system D to encapsulate the service for easy management.
systemd can not only manage the system services, but also manage the network. In view of the second defect, the author uses system d-networkd to rename the network card device, so as to avoid confusion with the name of the built-in network card.
For the third problem, udhcpd's static assignment of DNS, the author will use dnsmasq instead, so that AP clients can use raspberry pie's upstream DNS for name resolution.
Note: About init and systemd, will be elaborated in other blog articles. This paper focuses on practical application.
Modification of Network Card Name
In Debian whezzy version and CentOS/RHEL6.x, we use udev rules to modify the name of network card devices. Now we can use system d-networkd to modify the name of network card by writing. link files.
We need to query the hardware information we want through the following commands:
jc@kali:~$ sudo udevadm info -a -p /sys/class/net/wlan1
......
......
ATTR{address}=="00:11:22:33:44:55"
DRIVERS=="rt2800usb"
......
......Create A. link file under the / etc / system D / network directory, which reads as follows:
jc@kali:~$ sudo cat /etc/systemd/network/10-ethusb0.link [Match] MACAddress=00:11:22:33:44:55 [Link] Description=USB to Ethernet Adapter Name=ethusb0
Then restart the system d-networked service (if it has been started, you can ignore the above operation), and re-mount the network card driver. You can see with the ip command that the name of the network card has changed:
jc@kali:~$ sudo systemctl enable systemd-networkd.service jc@kali:~$ sudo systemctl start systemd-networkd.service jc@kali:~$ modprobe -r rt2800usb jc@kali:~$ modprobe rt2800usb jc@kali:~$ sudo ip l sh | grep ethusb0 6: ethusb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
After that, the configuration file of hostapd (the process of installation and configuration of hostapd, please see the previous blog article mentioned in the foreword) is modified. The contents after modification are as follows:
interface=ethusb0 ssid=raspberry_AP hw_mode=g channel=11 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=PASSWORD wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Installation and configuration of dnsmasq
Here's how to use dnsmasq, a lightweight application, to use raspberry pie as a DHCP server and a local DNS server. First, we briefly introduce dnsmasq. This is a lightweight tool for configuring DNS agents, DHCP and TFTP for small networks, often used in embedded systems, and the DHCP distribution function for virtual machine instances in Openstack is also accomplished by dnsmasq.
First, install dnsmasq
jc@kali:~$ sudo apt-get dnsmasq
Find out the introduction of dnsmasq and what is installed:
jc@kali:~$ dpkg-query -l dnsmasq Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-======================-================-================-================================================== ii dnsmasq 2.76-5 all Small caching DNS proxy and DHCP/TFTP server jc@kali:~$ dpkg-query -L dnsmasq /. /etc /etc/default /etc/default/dnsmasq /etc/dnsmasq.conf /etc/dnsmasq.d /etc/dnsmasq.d/README /etc/init.d /etc/init.d/dnsmasq /etc/insserv.conf.d /etc/insserv.conf.d/dnsmasq /etc/resolvconf /etc/resolvconf/update.d /etc/resolvconf/update.d/dnsmasq /lib /lib/systemd /lib/systemd/system /lib/systemd/system/dnsmasq.service /usr /usr/lib /usr/lib/resolvconf /usr/lib/resolvconf/dpkg-event.d /usr/lib/resolvconf/dpkg-event.d/dnsmasq /usr/share /usr/share/dnsmasq /usr/share/dnsmasq/installed-marker /usr/share/doc /usr/share/doc/dnsmasq jc@kali:~$ sudo dpkg-query -L dnsmasq-base /. /etc /etc/dbus-1 /etc/dbus-1/system.d /etc/dbus-1/system.d/dnsmasq.conf /usr /usr/sbin /usr/sbin/dnsmasq /usr/share /usr/share/dnsmasq-base /usr/share/dnsmasq-base/trust-anchors.conf /usr/share/doc /usr/share/doc/dnsmasq-base /usr/share/doc/dnsmasq-base/DBus-interface.gz /usr/share/doc/dnsmasq-base/FAQ.gz /usr/share/doc/dnsmasq-base/README.Debian /usr/share/doc/dnsmasq-base/changelog.Debian.gz /usr/share/doc/dnsmasq-base/changelog.archive.gz /usr/share/doc/dnsmasq-base/changelog.gz /usr/share/doc/dnsmasq-base/copyright /usr/share/doc/dnsmasq-base/doc.html /usr/share/doc/dnsmasq-base/examples /usr/share/doc/dnsmasq-base/examples/dnsmasq.conf.example /usr/share/doc/dnsmasq-base/setup.html /usr/share/locale /usr/share/locale/de /usr/share/locale/de/LC_MESSAGES /usr/share/locale/de/LC_MESSAGES/dnsmasq.mo /usr/share/locale/es /usr/share/locale/es/LC_MESSAGES /usr/share/locale/es/LC_MESSAGES/dnsmasq.mo /usr/share/locale/fi /usr/share/locale/fi/LC_MESSAGES /usr/share/locale/fi/LC_MESSAGES/dnsmasq.mo /usr/share/locale/fr /usr/share/locale/fr/LC_MESSAGES /usr/share/locale/fr/LC_MESSAGES/dnsmasq.mo /usr/share/locale/id /usr/share/locale/id/LC_MESSAGES /usr/share/locale/id/LC_MESSAGES/dnsmasq.mo /usr/share/locale/it /usr/share/locale/it/LC_MESSAGES /usr/share/locale/it/LC_MESSAGES/dnsmasq.mo /usr/share/locale/no /usr/share/locale/no/LC_MESSAGES /usr/share/locale/no/LC_MESSAGES/dnsmasq.mo /usr/share/locale/pl /usr/share/locale/pl/LC_MESSAGES /usr/share/locale/pl/LC_MESSAGES/dnsmasq.mo /usr/share/locale/pt_BR /usr/share/locale/pt_BR/LC_MESSAGES /usr/share/locale/pt_BR/LC_MESSAGES/dnsmasq.mo /usr/share/locale/ro /usr/share/locale/ro/LC_MESSAGES /usr/share/locale/ro/LC_MESSAGES/dnsmasq.mo /usr/share/man /usr/share/man/es /usr/share/man/es/man8 /usr/share/man/es/man8/dnsmasq.8.gz /usr/share/man/fr /usr/share/man/fr/man8 /usr/share/man/fr/man8/dnsmasq.8.gz /usr/share/man/man8 /usr/share/man/man8/dnsmasq.8.gz /var /var/lib /var/lib/misc
As can be seen from the above results, the main program is / usr/sbin/dnsmasq, the default configuration file is / etc/dnsmasq.conf, and there are also dnsmasq services under system D. But in this article, in order to encapsulate dnsmasq and hostapd as a unified new service, the default dnsmasq service installed in the package and the default configuration file are discarded. Edit the new configuration file as shown below. In the following configuration, the DNS server is passed to the client using dhcp-options to resolve the name of the raspberry pie itself 20.20.20.1, while the raspberry pie uses the / etc/resolv.conf file as the upstream DNS server. This / etc/resolv.conf file is automatically obtained when the pon dsl-provider dials.
jc@kali:~$ cat /etc/dnsmasq_AP.conf #DHCP listen-address=20.20.20.1,127.0.0.1 dhcp-range=20.20.20.2,20.20.20.20,12h dhcp-option=3,20.20.20.1 user=dnsmasq #DNS no-hosts cache-size=500 resolv-file=/etc/resolv.conf
service Packaging
After the above process is ready, the following is a unified encapsulation of hostapd and dnsmasq.
Create the / lib / system D / system / AP. service file, as shown below. Unit segment describes and configures service dependencies; Service segment configures service startup, including opening links, configuring IP addresses of network cards, opening hostapd services, and opening dnsmasq services; Install configuration segment specifies that the service uses multi-user.target, which corresponds to multi-user status.
[Unit] Description=AP Wants=network.target Before=network.target BindsTo=sys-subsystem-net-devices-ethusb0.device After=sys-subsystem-net-devices-ethusb0.device [Service] Type=oneshot RemainAfterExit=yes ExecStart=/sbin/ip link set dev ethusb0 up ExecStart=/sbin/ip addr add 20.20.20.1/24 broadcast 20.20.20.255 dev ethusb0 ExecStart=/usr/sbin/hostapd -B /etc/hostapd/hostapd.conf ExecStart=/usr/sbin/dnsmasq -C /etc/dnsmasq_AP.conf ExecStop=/sbin/ip addr flush dev ethusb0 ExecStop=/sbin/ip link set dev ethusb0 down [Install] WantedBy=multi-user.target
Activate the service by following commands and set it to boot automatically. Observe whether the ip address, hostapd service and dnsmasq service have been started:
jc@kali:~$ sudo systemctl enable AP.service jc@kali:~$ sudo systemctl start AP.service jc@kali:~$ ps -ef | grep -E ".*hostapd|.*dnsmasq" | grep -v grep root 1337 1 0 19:43 ? 00:00:12 /usr/sbin/hostapd -B /etc/hostapd/hostapd.conf dnsmasq 1340 1 0 19:43 ? 00:00:00 /usr/sbin/dnsmasq -C /etc/dnsmasq_AP.conf jc@kali:~$ ip a sh dev ethusb0 6: ethusb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether c8:3a:35:d3:1b:4e brd ff:ff:ff:ff:ff:ff inet 20.20.20.1/24 brd 20.20.20.255 scope global ethusb0 valid_lft forever preferred_lft forever inet6 fe80::ca3a:35ff:fed3:1b4e/64 scope link valid_lft forever preferred_lft forever
Using windows as the client, try to connect raspberry_AP. cygwin outputs the following information:
WLAN adapter Wireless Network Connection: Connect specific DNS Suffix . . . . . . . : //Description............. Realtek RTL8723AE Wireless LAN 802.11n PCI-E NIC //Physical address................. FF - FF - FF - FF - FF DHCP Enabled . . . . . . . . . . . : yes //Automatic configuration has been enabled............ Yes. //Local link IPv6 address.............. Fe80:: c011:2b50:411b:56b7%38 (preferred) IPv4 address . . . . . . . . . . . . : 20.20.20.8(Be the first choice) //Subnet mask............... 255.255.0 //Time to get the lease............... 14 May 2017 19:46:52 //The expiration date of the lease............... 15 May 2017 7 7:46:52 //Default gateway................................. 20.20.1 DHCP The server . . . . . . . . . . . : 20.20.20.1 DHCPv6 IAID . . . . . . . . . . . : 810821406 DHCPv6 Client DUID . . . . . . . : 00-01-00-01-1C-58-D9-FD-44-8A-5B-ED-33-CF DNS The server . . . . . . . . . . . : 20.20.20.1 TCPIP Upper NetBIOS . . . . . . . : Enabled
Try ping the great Baidu:
[jiangche00.jiangche00-PC] ping www.baidu.com Ping www.a.shifen.com [111.206.223.206] has 32 bytes of data: Response from 111.206.223.206: byte = 32 time = 7ms TTL=56 Response from 111.206.223.206: byte = 32 time = 13 MS TTL = 56 Response from 111.206.223.206: byte = 32 time = 12 ms TTL = 56 Response from 111.206.223.206: byte = 32 time = 9ms TTL=56 111.206.223.206 Ping statistics: Packet: Sended = 4, received = 4, lost = 0 (0%). Estimated time of round trip (in milliseconds): The shortest = 7ms, the longest = 13ms, the average = 10ms
So far, the raspberry pie AP has been transformed!