You are not logged in.

#1 2017-03-23 21:45:31

eMan
Member
From: Esfahan
Registered: 2010-08-16
Posts: 51

Problem with obtaining IP Address on Eth > AP | SOLVED

Hi there. My case is a little complicated so I decided to tell you my story from the beginning.

First: I live in Iran and due to filtering I have to use VPNs. So I decided to use my computer to unfilter the net. But how? I use my Ethernet to get the net, use OpenVPN to tunnel and then forward the unfiltered net (tun0) to my Wireless Card so other devices would enjoy free net. It was done through create_ap and works great.

But the wireless device is so weak it barely supports ten meters and my devices get disconnected every minute,

I have a spare TP-Link modem so I decided to do something else. I get the internet through my Wireless Card then tunnel it using OpenVPN and try to forward it by these commands:

sudo iptables -A FORWARD -o tun0 -i enp1s5 -s 192.168.2.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -F POSTROUTING
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Set TP-link modem into Access-point mode and disabling its DHCP function according to its manual so I can use it as an AP.

Connect the modem to my Ethernet and everything is ready. The I use my android device to connect to the AP (TP-Link modem). It tries to obtain an IP address but it fails every time.

I think I should do something with DHCP but I do not know how? I searched and saw tutorials for Ubuntu but they were useless for Archlinux.

I do not know if iptables rules (above) are functional or not. Or is it possible to forward tun0 (OpenVPN interface) to Ethernet or not. And how to give every device and IP automatically.

Any help and suggestion is appreciated.

Thank you.

Last edited by eMan (2017-03-27 07:47:47)

Offline

#2 2017-03-27 07:47:24

eMan
Member
From: Esfahan
Registered: 2010-08-16
Posts: 51

Re: Problem with obtaining IP Address on Eth > AP | SOLVED

Create_ap developer solves my problem with their script:

Here it is for whom seeking for solving the similar problem:

#!/bin/bash


INTERNET_IFACE=tun0
WIRED_IFACE=enp1s5
SUBNET=192.168.12


cleanup() {
    trap "" SIGINT
    iptables -D FORWARD -d ${SUBNET}.0/24 -i $INTERNET_IFACE -j ACCEPT
    iptables -D FORWARD -s ${SUBNET}.0/24 -i $WIRED_IFACE -j ACCEPT
    iptables -t nat -D POSTROUTING -o $INTERNET_IFACE -j MASQUERADE
    echo 0 > /proc/sys/net/ipv4/ip_forward
    ip link set dev $WIRED_IFACE down
    ip add flush $WIRED_IFACE
    exit 0
}


# setup clean up function
trap "cleanup" SIGINT


# initialize ethernet
ip link set dev $WIRED_IFACE up
ip add flush $WIRED_IFACE
ip addr add ${SUBNET}.1/24 broadcast ${SUBNET}.255 dev $WIRED_IFACE


# set iptables rules
iptables -I FORWARD -d ${SUBNET}.0/24 -i $INTERNET_IFACE -j ACCEPT
iptables -I FORWARD -s ${SUBNET}.0/24 -i $WIRED_IFACE -j ACCEPT
iptables -t nat -I POSTROUTING -o $INTERNET_IFACE -j MASQUERADE


# enable ipv4 routing
echo 1 > /proc/sys/net/ipv4/ip_forward


# run dnsmasq
dnsmasq --no-hosts --listen-address=${SUBNET}.1 --dhcp-range=${SUBNET}.1,${SUBNET}.254,255.255.255.0,24h --dhcp-option=option:router,${SUBNET}.1 -d


cleanup

Offline

Board footer

Powered by FluxBB