Raspberry pi 2 wireless settings.

主要参考：

0.https://www.raspberrypi.org/forums/viewtopic.php?p=462982#p462982

1.https://www.maketecheasier.com/set-up-raspberry-pi-as-wireless-access-point/

2.http://www.jenssegers.be/43/Realtek-RTL8188-based-access-point-on-Raspberry-Pi

3.https://www.embbnux.com/2015/02/08/setup_raspberry_to_wifi_access_point_with_rtl8188/

4.http://www.christianix.de/linux-tutor/hostapd.html

5.http://www.cnblogs.com/zhuwenger/archive/2011/03/11/1980294.html

6.http://www.ren1.tk/2015/05/11/raspberry_router/

 

===============================================

part 1

 

准备：

1.Raspberry pi 2 一个

2.USB无法网卡一个(我这里用的是:TP-LINKTL-WN725N)

一、安装raspberry.(系统安装就不再累述)

二、安装驱动，主要参考：https://www.raspberrypi.org/forums/viewtopic.php?p=462982#p462982

　　下载对应的驱动安装即可。

三、安装isc-dhcp-server及配置

Edit “/etc/network/interfaces” and add the static IP address information for wlan0. You can learn about static IP addresses in our SSH and static IP address tutorial.

sudo vim /etc/network/interfaces

 

Place a “#” sign in front of all the lines which mention wlan0 and wpa, except for “allow hotplug wlan0“. Then add the following lines to the file:

iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
#gateway 192.168.1.1

 

The bottom half of the file will now look something like this:

allow-hotplug wlan0
#iface wlan0 inet manual
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
#gateway 192.168.1.1

Now reboot.

 

Install and configure a DHCP server

Install the DHCP server:

sudo apt-get install isc-dhcp-server

 

You can safely ignore any errors about not being able to start the DHCP server at this point. Now edit its configuration file:

sudo vim /etc/dhcp/dhcpd.conf

 

Add a “#” character in front of the “option domain-name” lines like this:

#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;

 

Remove the “#” sign in front of the “authoritative;” statement like this:

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

 

At the bottom of the file add the following lines:

subnet 192.168.42.0 netmask 255.255.255.0 {
    range 192.168.42.10 192.168.42.50;
    option broadcast-address 192.168.42.255;
    option routers 192.168.42.1;
    default-lease-time 600;
    max-lease-time 7200;
    option domain-name "local";
    option domain-name-servers 192.168.42.1, 8.8.8.8, 8.8.4.4;
}

 

Make the wireless adapter the default for the DHCP request:

sudo vim /etc/default/isc-dhcp-server

Change “INTERFACES=""” to “INTERFACES="wlan0"”

Restart the DHCP server:

sudo service isc-dhcp-server restart

 

四、安装hostapd, 参考:http://www.jenssegers.be/43/Realtek-RTL8188-based-access-point-on-Raspberry-Pi

Since we are building our own hostapd version, remove the original hostapd you might have installed:(如果没有可能需要先安装^_^)

sudo apt-get autoremove hostapd

 

On your Raspberry Pi, download and extract the source files from github:

wget https://github.com/jenssegers/RTL8188-hostapd/archive/v2.0.tar.gz
tar -zxvf v2.0.tar.gz

 

Now build hostapd:

cd RTL8188-hostapd-2.0/hostapd
sudo make

 

After a while, you should be given control back to the terminal.

sudo make install

 

This last step will move the created hostapd binary to /usr/local/bin, add a startup script and create a configuration file in /etc/hostapd/hostapd.conf. 

这是要说明一下，使用wpa加密方式，任何设置都无法连接，不知道为什么 ，使用wep加密方式可以正常连接

# Basic configuration

interface=wlan0
ssid=RPI　　#ssid名称
channel=1
#bridge=br0

# WPA and WPA2 configuration

macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
#wpa=3
#wpa_passphrase=houyanfang
#d66de42951c1475eef43b2cd230fc0ec145b3bea73b441259d1745fe3d0a00b1
#wpa_psk_file=/etc/hostapd-psk
#wpa_key_mgmt=WPA-PSK
#wpa_pairwise=TKIP
#rsn_pairwise=CCMP

# WEP
wep_default_key=0
wep_key0=1234567890
#wep_key1="vwxyz"
#wep_key2=0102030405060708090a0b0c0d
#wep_key3=".2.4.6.8.0.23"
#wep_key_len_broadcast=13
#wep_key_len_unicast=13
#wep_rekey_period=300

# Hardware configuration

#driver=nl80211
driver=rtl871xdrv
ieee80211n=1
hw_mode=g
device_name=RTL8192CU
manufacturer=Realtek

如果使用软件源安装的hostapd，请修改 /etc/default/hostapd，设置 conf 文件路径：

Tell hostapd where to find its configuration file by setting the default location:

sudo vim /etc/default/hostapd

 

Remove the “#” in front of “DAEMON_CONF” and alter the line to read:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

 

Edit this configuration file and start the hostapd service:

$ sudo service hostapd restart
[ ok ] Stopping advanced IEEE 802.11 management: hostapd.
[ ok ] Starting advanced IEEE 802.11 management: hostapd.

  

五、Configure IP routing between the wireless and Ethernet

Edit “/etc/sysctl.conf” to enable IP forwarding:

sudo vim /etc/sysctl.conf

 

Find the line which reads “Uncomment the next line to enable packet forwarding for IPv4” and uncomment the next line like this:

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

 

Run the following command to activate forwarding now:

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

 

Now turn the Pi into a router with the follow commands:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

 

And save the routing tables into the file “/etc/iptables.ipv4.nat”

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

 

Edit “/etc/network/interfaces“:

sudo vim /etc/network/interfaces

 

And add the following line to the end of the file. This line will restore the routing table whenever the Pi is booted:

pre-up iptables-restore < /etc/iptables.ipv4.nat

 

You should now reboot your Pi and test the wireless access using a laptop, smartphone, tablet or other Wi-Fi enabled device.

 

 ==========================================================

PART 2

 

0.http://liberize.me/tech/raspberry-pi-transparent-proxy.html

1.http://huahang.im/2014/12/27/shadowsocks-on-miwifi/

2.https://gist.github.com/wen-long/8644243

3.http://hbprotoss.github.io/posts/da-jian-zhi-neng-fan-qiang-lu-you-qi.html

4.http://itfish.net/article/28906.html

5.https://blog.minidump.info/2015/09/raspberry-pi-as-a-fucking-gfw-gateway/

 

 

ss-redir + chinadns + iptables

六、install shadowsocks-libev

cd /home/pi/Downloads/shadowsocks

wget https://github.com/shadowsocks/shadowsocks-libev/archive/v2.4.4.tar.gz

tar -zxvf v2.4.4.tar.gz

cd shadowsocks-libev

./configure && make

sudo make install

create shadowsocks config file

vim /etc/config.json

ss-redir -c /etc/config.json -f /tmp/ss.pid

如果执行configure 提示 OpenSSL haeder file not found, 请安装libssl-dev 

sudo apt-get install libssl-dev

config.json

{
        #vps ip address
        "server":"xxx.xxx.xxx.xxx", 
        "server_port":443,
        "password":"password",
        "local_address":"0.0.0.0", #127.0.0.1无法FQ
        "local_port":1080,
        "timeout":600,
        "method":"aes-256-cfb"
}

 

install chinadns

cd /home/pi/Downloads/ChinaDNS

wget https://github.com/shadowsocks/ChinaDNS/releases/download/1.3.2/chinadns-1.3.2.tar.gz

tar -zxvf chinadns-1.3.2.tar.gz

cd chinadns-1.3.2

./configure &&make 

sudo make install

 

sudo chinadns -m -c /var/local/share/chnroute.txt

 

用vim创建一个脚本：

vim firewall.sh

 

然后写入如下内容：

#!/usr/bin/env sh

iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
#iptables -A INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 1080 -m state --state NEW,ESTABLISHED -j ACCEPT

#dnat
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE

iptables -t nat -N SHADOWSOCKS
iptables -t nat -A SHADOWSOCKS -d a.b.c.d -j RETURN                # 这里请填写您服务器的外网IP地址
iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN              # 上一行、这一行和下面几行的作用
iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN             # 是让一些特定的网段流量不通过
iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN            # shadowsocks中转
iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN         #
iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN          #
iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN         #
iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN            #
iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN            #

  # 过滤中国ip地址(这里放国内的IP)，网上搜一下“中国ip段"
  iptables -t nat -A SHADOWSOCKS -d 58.14.0.0/15 -j RETURN
  iptables -t nat -A SHADOWSOCKS -d 58.16.0.0/13 -j RETURN
  iptables -t nat -A SHADOWSOCKS -d 58.24.0.0/15 -j RETURN

# 所有其他的ip，都提交给shadowsocks
iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 1080 # 这里填写上一步配置的"local_port"

#使用SHADOWSOCKS链，其他设备走PREROUTING链
iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS
#使用SS链，树莓派自己走OUTPUT链
iptables -t nat -A OUTPUT -p tcp -j SHADOWSOCKS

 中间有一段中国IP地址的，有个叫chnroute的项目，简单的做法就只有一条命令：

curl http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest | grep 'apnic|CN|ipv4' | awk -F\| '{ printf("iptables -t nat -A SHADOWSOCKS -d %s/%d -j RETURN\n", $4, 32-log($5)/log(2)) }' > firewall_china.sh

然后把所得到内容放在上面中国ip地址的位置，如果放在后面单独执行firewall_china.sh好像没有效果。

 

最后赋予他可执行的权限，并且执行之：

chmod a+x firewall.sh
./firewall.sh

 

 以上用到的部分文件：

RTL8188-hostapd-2.0.tar.gz

shadowsocks-libev-2.4.4.tar.gz

chinadns-1.3.2.tar.gz

8188eu-v7-20150914.tar.gz

8188eu-v7-20151028.tar.gz 

8188eu-v7-20151113.tar.gz 

firewall_new.sh