Comment faire un routeur Wi-Fi DIY connecté à Tor avec un Raspberry Pi
#!/bin/bash
# Based on Adafruit Learning Technologies Onion Pi project
# More info: http://learn.adafruit.com/onion-pi
if (( $EUID != 0 )); then
echo "This must be run as root. Try 'sudo bash $0'."
exit 1
fi
echo "
$(tput setaf 2) .~~. .~~.
$(tput setaf 6) / $(tput setaf 2)'. \ ' ' / .'$(tput setaf 6) \
$(tput setaf 6) | / $(tput setaf 1).~ .~~~..~.$(tput setaf 6) \ |
$(tput setaf 6) | | / $(tput setaf 1) : .~.'~'.~. :$(tput setaf 6) \ | |
$(tput setaf 6)| | | $(tput setaf 1)~ ( ) ( ) ~$(tput setaf 6) | | |
$(tput setaf 6)| | | $(tput setaf 1)( : '~'.~.'~' : )$(tput setaf 6) | | |
$(tput setaf 6)| | | $(tput setaf 1)~ .~ ( ) ~. ~ $(tput setaf 6) | | |
$(tput setaf 6) | | \ $(tput setaf 1)( : '~' : )$(tput setaf 6) / | |
$(tput setaf 6) | \ $(tput setaf 1)'~ .~~~. ~'$(tput setaf 6) / |
$(tput setaf 6) \ $(tput setaf 1)'~'$(tput setaf 6) /
$(tput bold ; tput setaf 4) Raspberry PiFi$(tput sgr0)
"
echo "$(tput setaf 6)This script will configure your Raspberry Pi as a wireless access point.$(tput sgr0)"
read -p "$(tput bold ; tput setaf 2)Press [Enter] to begin, [Ctrl-C] to abort...$(tput sgr0)"
echo "$(tput setaf 6)Updating packages...$(tput sgr0)"
apt-get update -q -y
echo "$(tput setaf 6)Installing hostapd...$(tput sgr0)"
apt-get install hostapd
echo "$(tput setaf 6)Installing ISC DHCP server...$(tput sgr0)"
apt-get install isc-dhcp-server
echo "$(tput setaf 6)Configuring ISC DHCP server...$(tput sgr0)"
cp /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.bak
sed -i -e 's/option domain-name "example.org"/# option domain-name "example.org"/g' /etc/dhcp/dhcpd.conf
sed -i -e 's/option domain-name-servers ns1.example.org/# option domain-name-servers ns1.example.org/g' /etc/dhcp/dhcpd.conf
sed -i -e 's/#authoritative;/authoritative;/g' /etc/dhcp/dhcpd.conf
echo -e "subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.50;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name \042local\042;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}" >> /etc/dhcp/dhcpd.conf
cp /etc/default/isc-dhcp-server /etc/default/isc-dhcp-server.bak
sed -i -e 's/INTERFACES=""/INTERFACES="wlan0"/g' /etc/default/isc-dhcp-server
echo "$(tput setaf 6)Turning off wlan0 if active...$(tput sgr0)"
ifdown wlan0
echo "$(tput setaf 6)Updating network interfaces...$(tput sgr0)"
mv /etc/network/interfaces /etc/network/interfaces.bak
echo "auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
" > /etc/network/interfaces
echo "$(tput setaf 6)Assigning static IP address 192.168.42.1...$(tput sgr0)"
ifconfig wlan0 192.168.42.1
echo "$(tput setaf 6)Configuring hostapd...$(tput sgr0)"
echo "$(tput bold ; tput setaf 2)Type a 1-32 character SSID (name) for your PiFi network, then press [ENTER]:$(tput sgr0)"
read ssid
echo "$(tput setaf 6)PiFi network SSID set to $(tput bold)$ssid$(tput sgr0 ; tput setaf 6). Edit /etc/hostapd/hostapd.conf to change.$(tput sgr0)"
pwd1="0"
pwd2="1"
until [ $pwd1 == $pwd2 ]; do
echo "$(tput bold ; tput setaf 2)Type a password to access your PiFi network, then press [ENTER]:$(tput sgr0)"
read -s pwd1
echo "$(tput bold ; tput setaf 2)Verify password to access your PiFi network, then press [ENTER]:$(tput sgr0)"
read -s pwd2
done
if [ $pwd1 == $pwd2 ]; then
echo "$(tput setaf 6)Password set. Edit /etc/hostapd/hostapd.conf to change.$(tput sgr0)"
fi
echo "interface=wlan0
driver=rtl871xdrv
ssid=$ssid
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=$pwd1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP" > /etc/hostapd/hostapd.conf
echo "$(tput setaf 6)Setting hostapd to run at system boot...$(tput sgr0)"
cp /etc/default/hostapd /etc/default/hostapd.bak
sed -i -e 's/#DAEMON_CONF=""/DAEMON_CONF="\/etc\/hostapd\/hostapd.conf"/g' /etc/default/hostapd
echo "$(tput setaf 6)Setting IP forwarding to start at system boot...$(tput sgr0)"
cp /etc/sysctl.conf /etc/sysctl.bak
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
echo "up iptables-restore < /etc/iptables.ipv4.nat" >> /etc/network/interfaces
echo "$(tput setaf 6)Activating IP forwarding...$(tput sgr0)"
sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
echo "$(tput setaf 6)Setting up IP tables to interconnect ports...$(tput sgr0)"
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
echo "$(tput setaf 6)Saving IP tables...$(tput sgr0)"
sh -c "iptables-save > /etc/iptables.ipv4.nat"
echo "$(tput setaf 6)Fetching Adafruit's updated access point software...$(tput sgr0)"
wget http://www.adafruit.com/downloads/adafruit_hostapd.zip
echo "$(tput setaf 6)Decompressing adafruit_hostapd.zip...$(tput sgr0)"
unzip adafruit_hostapd.zip
echo "$(tput setaf 6)Updating hostapd...$(tput sgr0)"
mv /usr/sbin/hostapd /usr/sbin/hostapd.ORIG
mv hostapd /usr/sbin
chmod 755 /usr/sbin/hostapd
echo "$(tput setaf 6)Cleaning up...$(tput sgr0)"
rm adafruit_hostapd.zip
echo "$(tput setaf 6)Starting hostapd service...$(tput sgr0)"
service hostapd start
echo "$(tput setaf 6)Starting ISC DHCP server...$(tput sgr0)"
service isc-dhcp-server start
echo "$(tput setaf 6)Checking hostapd status...$(tput sgr0)"
service hostapd status
hostapd_result=$?
#if [ $hostapd_result == 3 ]; then
# echo "ERROR: hostapd start failed."
# exit 1
#fi
echo "$(tput setaf 6)Checking ISC DHCP server status...$(tput sgr0)"
service isc-dhcp-server status
dhcp_result=$?
#if [ $dhcp_result == 3 ]; then
# echo "ERROR: ISC DHCP server failed to start."
# exit 1
#fi
echo "$(tput setaf 6)Setting hostapd to start on system boot...$(tput sgr0)"
update-rc.d hostapd enable
echo "$(tput setaf 6)Setting ISC DHCP server to start on system boot...$(tput sgr0)"
update-rc.d isc-dhcp-server enable
echo "$(tput setaf 6)Removing WPASupplicant...$(tput sgr0)"
mv /usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service ~/
echo "$(tput setaf 6)Rebooting...$(tput sgr0)"
reboot
exit 0
#!/bin/bash
# Based on Adafruit Learning Technologies Onion Pi project
# More info: http://learn.adafruit.com/onion-pi
if (( $EUID != 0 )); then
echo "This must be run as root. Type in 'sudo bash $0' to run it as root."
exit 1
fi
echo "$(tput setaf 2)
..
,:
. ::
.: :2.
.:, 1L
.v: Z, ..::,
:k:N.Lv:
22ukL
JSYk.$(tput bold ; tput setaf 7)
,B@B@i
BO@@B@.
:B@L@Bv:@7
.PB@iBB@ .@Mi
.P@B@iE@@r . 7B@i
5@@B@:NB@1$(tput setaf 5) r ri:$(tput bold ; tput setaf 7)7@M
.@B@BG.OB@B$(tput setaf 5) ,.. .i, $(tput bold ; tput setaf 7)MB,
@B@BO.B@@B$(tput setaf 5) i7777, $(tput bold ; tput setaf 7)MB.
PB@B@.OB@BE$(tput setaf 5) LririL,.L. $(tput bold ; tput setaf 7)@P
B@B@5iB@B@i$(tput setaf 5) :77r7L, L7 $(tput bold ; tput setaf 7)O@
@B1B27@B@B,$(tput setaf 5) . .:ii. r7 $(tput bold ; tput setaf 7)BB
O@.@M:B@B@:$(tput setaf 5) v7: ::. $(tput bold ; tput setaf 7)BM
:Br7@L5B@BO$(tput setaf 5) irL: :v7L. $(tput bold ; tput setaf 7)P@,
7@,Y@UqB@B7$(tput setaf 5) ir ,L;r: $(tput bold ; tput setaf 7)u@7
r@LiBMBB@Bu$(tput setaf 5) rr:.$(tput bold ; tput setaf 7):B@i
FNL1NB@@@@: ;OBX
rLu2ZB@B@@XqG7$(tput sgr0 ; tput setaf 2)
. rJuv::
$(tput setaf 2)ONION PI
$(tput bold ; tput setaf 5)by adafruit$(tput sgr0)
"
echo "$(tput setaf 6)This script will auto-setup an Onion Pi Tor proxy for you.$(tput sgr0)"
read -p "$(tput bold ; tput setaf 2)Press [Enter] to begin, [Ctrl-C] to abort...$(tput sgr0)"
echo "$(tput setaf 6)Installing Tor...$(tput sgr0)"
apt-get install tor -y
echo "$(tput setaf 6)Configuring Tor...$(tput sgr0)"
cp /etc/tor/torrc /etc/tor/torrc.bak
echo "Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.42.1
DNSPort 53
DNSListenAddress 192.168.42.1" >> /etc/tor/torrc
echo "$(tput setaf 6)Flushing old IP tables...$(tput sgr0)"
iptables -F
iptables -t nat -F
echo "$(tput setaf 6)Establishing $(tput bold)ssh$(tput sgr0 ; tput setaf 6) exception on port 22...$(tput sgr0)"
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
echo "$(tput setaf 6)Rerouting DNS traffic...$(tput sgr0)"
iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
echo "$(tput setaf 6)Rerouting TCP traffic...$(tput sgr0)"
iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
echo "$(tput setaf 6)Saving IP tables...$(tput sgr0)"
sh -c "iptables-save > /etc/iptables.ipv4.nat"
echo "$(tput setaf 6)Setting up logging in /var/log/tor/notices.log...$(tput sgr0)"
touch /var/log/tor/notices.log
chown debian-tor /var/log/tor/notices.log
chmod 644 /var/log/tor/notices.log
echo "$(tput setaf 6)Starting Tor...$(tput sgr0)"
service tor start
echo "$(tput setaf 6)Setting Tor to start at boot...$(tput sgr0)"
update-rc.d tor enable
echo "$(tput setaf 6)Setup complete!
$(tput bold)Verify by visiting: $(tput setaf 3)https://check.torproject.org/$(tput sgr0)
$(tput setaf 6)Rebooting$(tput sgr0)..."
reboot
exit 0