now it works not creating wifi ap

This commit is contained in:
garywill 2018-08-31 18:41:06 +08:00 committed by garywill
parent 9cc0f40aa4
commit 0338291599
2 changed files with 472 additions and 252 deletions

194
Readme.md
View File

@ -1,28 +1,97 @@
# Linux-router
Share your Linux's Internet access to other devices.
This is a fork of [create_ap](https://github.com/oblique/create_ap).
Share your Linux's Internet access to other devices. Works on wired, wireless and virtual networks.
## Features
- Create Wifi hotspot and share Internet
- Transparent proxy (redsocks)
- DNS server and query log
- DHCP server
Basic features:
- Create a NATed sub-network
- Share Internet to the sub-network
- DHCP server
- DNS server
- Transparent proxy (redsocks) (with DNS proxy)
Creating Wifi hotspot:
- Channel selecting
- Choose encryptions: WPA2/WPA, WPA2, WPA, No encryption
- Hidden SSID
- Create AP on the same interface you are getting Internet (require same channel)
For many other features, see below CLI usage.
Useful in these situations:
```
Internet ----(eth0/wlan0)-Linux-(wlanX)AP
|
|----client
|
|----client
```
```
Internet
Wifi AP(no DHCP) |
| |
|----(wlan1)-Linux-(eth0/wlan0)------
| (DHCP)
|
|----client
|
|----client
```
```
Internet
Switch |
| |
|---(eth1)-Linux-(eth0/wlan0)--------
|
|----client
|
|----client
```
```
Internet ----(eth0/wlan0)-Linux-(eth1)--------Another PC
```
```
Internet ----(eth0/wlan0)-Linux-(virtual interface)-----VM guests/container guests
```
## Usage
### NAT Internet sharing
### Share Internet to an interface
```
# lnxrouter -i eth1
```
### Create Wifi hotspot
```
# lnxrouter --ap wlan0 MyAccessPoint --password MyPassPhrase
```
### Make a LAN without Internet
```
# lnxrouter -i eth1 -n
```
```
# lnxrouter --ap wlan0 MyAccessPoint --password MyPassPhrase -n
```
### Transparent proxy with tor
```
# lnxrouter --ap wlan0 MyAccessPoint --password MyPassPhrase --tp 9040 --dns-proxy 9053
# lnxrouter -i eth1 --tp 9040 --dns-proxy 9053
```
In `torrc`
@ -31,12 +100,115 @@ In `torrc`
TransPort 0.0.0.0:9040
DNSPort 0.0.0.0:9053
```
### Using with LXC
Create a bridge
```
# brctl addbr lxcbr1
```
In LXC container's `config`
```
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr1
lxc.network.hwaddr = xx:xx:xx:xx:xx:xx
```
```
# lnxrouter -i lxcbr1
```
### Using with VirtualBox
On VirtualBox's global settings, create a host-only network `vboxnet1` with DHCP disabled.
```
# lnxrouter -i vboxnet1
```
### CLI usage and other features
```
Usage: lnxrouter [options]
Options:
-h, --help Show this help
--version Print version number
-i <interface> Interface to share Internet to. An NATed subnet will be made on it.
To create Wifi hotspot use --ap instead
-n Disable Internet sharing
--tp <port> Transparent proxy (redsocks), redirect tcp and udp traffic to port.
Usually use with --dns-proxy
-g <gateway> Set Gateway IPv4 address, netmask is /24 (default: 192.168.18.1)
--dns-proxy <port> Redirect 53 port to DNS proxy port. dnsmasq DNS is disabled
--no-serve-dns dnsmasq DNS disabled
--no-dnsmasq Disable dnsmasq server completely (dhcp and dns)
--log-dns Show dnsmasq DNS server query log
--dhcp-dns <IP1[,IP2]>|no
Set DNS offered by DHCP, or no DNS offered (default: gateway as DNS)
-d DNS server will take into account /etc/hosts
-e <hosts_file> DNS server will take into account additional hosts file
--mac <MAC> Set MAC address
Wifi hotspot options:
--ap <wlan card interface> <access point name>
Create Wifi access point using wlan card, and set SSID
--password <passphrase> Wifi password
--hidden Make the Access Point hidden (do not broadcast the SSID)
--no-virt Do not create virtual interface.
Using this you can't use same wlan card as Internet and AP
-c <channel> Channel number (default: 1)
--country <code> Set two-letter country code for regularity (example: US)
--freq-band <GHz> Set frequency band. Valid inputs: 2.4, 5 (default: 2.4)
--driver Choose your WiFi adapter driver (default: nl80211)
-w <WPA version> Use 1 for WPA, use 2 for WPA2, use 1+2 for both (default: 1+2)
--psk Use 64 hex digits pre-shared-key instead of passphrase
--mac-filter Enable Wifi hotspot MAC address filtering
--mac-filter-accept Location of Wifi hotspot MAC address filter list (defaults to /etc/hostapd/hostapd.accept)
--hostapd-debug <level> With level between 1 and 2, passes arguments -d or -dd to hostapd for debugging.
--isolate-clients Disable communication between clients
--ieee80211n Enable IEEE 802.11n (HT)
--ieee80211ac Enable IEEE 802.11ac (VHT)
--ht_capab <HT> HT capabilities (default: [HT40+])
--vht_capab <VHT> VHT capabilities
--no-haveged Do not run 'haveged' automatically when needed
Instance managing:
--daemon Run lnxrouter in the background
--stop <id> Send stop command to an already running lnxrouter. For an <id>
you can put the PID of lnxrouter or interface. You can
get them with --list-running
--list-running Show the lnxrouter processes that are already running
--list-clients <id> List the clients connected to lnxrouter instance associated with <id>.
For an <id> you can put the PID of lnxrouter or interface.
If virtual WiFi interface was created, then use that one.
You can get them with --list-running
Tools:
--fix-unmanaged If NetworkManager shows your interface as unmanaged after you
close lnxrouter, then use this option to switch your interface
back to managed
```
### Ddependencies
- bash
- procps or procps-ng
- iproute2
- dnsmasq
- iptables
Wifi hotspot:
- hostapd
- iw
- iwconfig (you only need this if 'iw' can not recognize your adapter)
- haveged (optional)
## TODO
- Option to ban private network access
- IPv6 support
- Option to random MAC, IP, SSID, password
- Share Internet not creating Wifi hotspot
- Ban private network access
- IPv6 support
## Thanks
Many thanks to project [create_ap](https://github.com/oblique/create_ap).

530
lnxrouter
View File

@ -6,7 +6,7 @@
# iproute2
# dnsmasq
# iptables
# wifi ap:
# hostapd
# iw
# iwconfig (you only need this if 'iw' can not recognize your adapter)
@ -27,7 +27,8 @@ umask $SCRIPT_UMASK
usage() {
echo "$PROGNAME $VERSION (https://github.com/garywill/linux-router)"
echo "$PROGNAME is a fork of create_ap(https://github.com/oblique/create_ap)"
echo "Share your Linux's Internet access to other devices. "
echo "Work on wired, wireless and virtual networks."
echo
echo "Usage: "$PROGNAME" [options] "
echo
@ -41,6 +42,8 @@ usage() {
#echo " Use: 'nat' for NAT (default)"
#echo " 'redsocks' for transparent proxy. Usually use with --dns-proxy"
#echo " 'none' for no Internet sharing (equivalent to -n)"
echo " -i <interface> Interface to share Internet to. An NATed subnet will be made on it."
echo " To create Wifi hotspot use --ap instead"
echo " -n Disable Internet sharing"
echo " --tp <port> Transparent proxy (redsocks), redirect tcp and udp traffic to port."
echo " Usually use with --dns-proxy"
@ -80,9 +83,6 @@ usage() {
echo " --ht_capab <HT> HT capabilities (default: [HT40+])"
echo " --vht_capab <VHT> VHT capabilities"
echo " --no-haveged Do not run 'haveged' automatically when needed"
echo " --fix-unmanaged If NetworkManager shows your interface as unmanaged after you"
echo " close lnxrouter, then use this option to switch your interface"
echo " back to managed"
echo
echo " Instance managing:"
echo " --daemon Run lnxrouter in the background"
@ -94,17 +94,21 @@ usage() {
echo " For an <id> you can put the PID of lnxrouter or interface."
echo " If virtual WiFi interface was created, then use that one."
echo " You can get them with --list-running"
echo
echo " Tools:"
echo " --fix-unmanaged If NetworkManager shows your interface as unmanaged after you"
echo " close lnxrouter, then use this option to switch your interface"
echo " back to managed"
echo
echo
echo "Examples:"
echo " "$PROGNAME" -i eth1"
echo " "$PROGNAME" --ap wlan0 MyAccessPoint --password MyPassPhrase"
echo " "$PROGNAME" --ap wlan0 MyAccessPoint"
echo " "$PROGNAME" -n --ap wlan0 MyAccessPoint --password MyPassPhrase"
echo " "$PROGNAME" --driver rtl871xdrv --ap wlan0 MyAccessPoint --password MyPassPhrase"
echo " "$PROGNAME" --daemon --ap wlan0 MyAccessPoint --password MyPassPhrase"
echo " "$PROGNAME" --stop wlan0"
echo " "$PROGNAME" --ap wlan0 MyAccessPoint --password MyPassPhrase --tp <transparent-proxy> --dns-proxy <dns-proxy>"
echo " "$PROGNAME" -i eth1 --tp <transparent-proxy> --dns-proxy <dns-proxy>"
}
if [[ "$1" == "" ]]; then
@ -121,6 +125,7 @@ SHOW_DNS_QUERY=0
ETC_HOSTS=0
ADDN_HOSTS=
SUBNET_IFACE=
CONN_IFACE=
ISOLATE_CLIENTS=0
SHARE_METHOD=nat
@ -170,6 +175,11 @@ while [[ -n "$1" ]]; do
echo $VERSION
exit 0
;;
-i)
shift
CONN_IFACE="$1"
shift
;;
-n)
shift
SHARE_METHOD=none
@ -504,7 +514,7 @@ is_wifi_interface() {
get_phy_device() {
get_phy_device() { # only for wifi interface
local x
for x in /sys/class/ieee80211/*; do
[[ ! -e "$x" ]] && continue
@ -523,7 +533,7 @@ get_phy_device() {
return 1
}
get_adapter_info() {
get_adapter_info() { # only for wifi interface
local PHY
PHY=$(get_phy_device "$1")
[[ $? -ne 0 ]] && return 1
@ -630,7 +640,7 @@ get_macaddr() {
}
alloc_new_iface() {
alloc_new_iface() { # only for wifi
local i=0
local v_iface_name=
mutex_lock
@ -839,7 +849,12 @@ networkmanager_fix_unmanaged() {
}
networkmanager_rm_unmanaged_if_needed() {
[[ $ADDED_UNMANAGED =~ .*\ ${1}\ .* ]] && networkmanager_rm_unmanaged $1 $2
if [[ $ADDED_UNMANAGED =~ .*\ ${1}\ .* ]]; then
echo "$1 needs to remove unmanaged"
networkmanager_rm_unmanaged $1 $2
else
echo "$1 doesn't need to remove unmanaged"
fi
}
networkmanager_wait_until_unmanaged() {
@ -977,17 +992,18 @@ _cleanup() {
echo "Exiting: This is NOT the only running instance"
fi
ip link set down dev ${AP_IFACE}
ip addr flush ${AP_IFACE}
if [[ $NO_VIRT -eq 0 ]]; then
ip addr flush ${SUBNET_IFACE}
if [[ $WIFI_IFACE && $NO_VIRT -eq 0 ]]; then
ip link set down dev ${AP_IFACE}
networkmanager_rm_unmanaged_if_needed ${VWIFI_IFACE} ${OLD_MACADDR}
iw dev ${VWIFI_IFACE} del
dealloc_iface $VWIFI_IFACE
else
if [[ -n "$NEW_MACADDR" ]]; then
ip link set dev ${WIFI_IFACE} address ${OLD_MACADDR}
ip link set dev ${TARGET_IFACE} address ${OLD_MACADDR} && echo "Restore ${TARGET_IFACE} to old MAC address ${OLD_MACADDR}"
fi
networkmanager_rm_unmanaged_if_needed ${WIFI_IFACE} ${OLD_MACADDR}
networkmanager_rm_unmanaged_if_needed ${TARGET_IFACE} ${OLD_MACADDR}
fi
mutex_unlock
@ -1214,6 +1230,9 @@ trap "clean_exit" SIGINT SIGUSR1
# if we get USR2 signal then run die().
trap "die" SIGUSR2
## ========================================================
## ========================================================
if [[ $TP_PORT ]]; then
SHARE_METHOD=redsocks
fi
@ -1261,64 +1280,90 @@ if [[ $DAEMONIZE -eq 1 && $RUNNING_AS_DAEMON -eq 0 ]]; then
exit 0
fi
if [[ $FREQ_BAND != 2.4 && $FREQ_BAND != 5 ]]; then
echo "ERROR: Invalid frequency band" >&2
exit 1
fi
if [[ $WIFI_IFACE ]]; then
if [[ $CHANNEL == default ]]; then
if [[ $FREQ_BAND == 2.4 ]]; then
CHANNEL=1
else
CHANNEL=36
fi
fi
if [[ $FREQ_BAND != 5 && $CHANNEL -gt 14 ]]; then
echo "Channel number is greater than 14, assuming 5GHz frequency band"
FREQ_BAND=5
fi
if ! is_wifi_interface ${WIFI_IFACE}; then
echo "ERROR: '${WIFI_IFACE}' is not a WiFi interface" >&2
exit 1
fi
if ! can_be_ap ${WIFI_IFACE}; then
echo "ERROR: Your adapter does not support AP (master) mode" >&2
exit 1
fi
if ! can_be_sta_and_ap ${WIFI_IFACE}; then
if is_wifi_connected ${WIFI_IFACE}; then
echo "ERROR: Your adapter can not be a station (i.e. be connected) and an AP at the same time" >&2
exit 1
elif [[ $NO_VIRT -eq 0 ]]; then
echo "WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt" >&2
NO_VIRT=1
fi
fi
HOSTAPD=$(which hostapd)
if [[ ! -x "$HOSTAPD" ]]; then
echo "ERROR: hostapd not found." >&2
exit 1
fi
if [[ $(get_adapter_kernel_module ${WIFI_IFACE}) =~ ^(8192[cd][ue]|8723a[sue])$ ]]; then
if ! strings "$HOSTAPD" | grep -m1 rtl871xdrv > /dev/null 2>&1; then
echo "ERROR: You need to patch your hostapd with rtl871xdrv patches." >&2
if [[ $FREQ_BAND != 2.4 && $FREQ_BAND != 5 ]]; then
echo "ERROR: Invalid frequency band" >&2
exit 1
fi
if [[ $DRIVER != "rtl871xdrv" ]]; then
echo "WARN: Your adapter needs rtl871xdrv, enabling --driver=rtl871xdrv" >&2
DRIVER=rtl871xdrv
if [[ $CHANNEL == default ]]; then
if [[ $FREQ_BAND == 2.4 ]]; then
CHANNEL=1
else
CHANNEL=36
fi
fi
fi
if [[ $FREQ_BAND != 5 && $CHANNEL -gt 14 ]]; then
echo "Channel number is greater than 14, assuming 5GHz frequency band"
FREQ_BAND=5
fi
if ! is_wifi_interface ${WIFI_IFACE}; then
echo "ERROR: '${WIFI_IFACE}' is not a WiFi interface" >&2
exit 1
fi
if ! can_be_ap ${WIFI_IFACE}; then
echo "ERROR: Your adapter does not support AP (master) mode" >&2
exit 1
fi
if ! can_be_sta_and_ap ${WIFI_IFACE}; then
if is_wifi_connected ${WIFI_IFACE}; then
echo "ERROR: Your adapter can not be a station (i.e. be connected) and an AP at the same time" >&2
exit 1
elif [[ $NO_VIRT -eq 0 ]]; then
echo "WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt" >&2
NO_VIRT=1
fi
fi
HOSTAPD=$(which hostapd)
if [[ ! -x "$HOSTAPD" ]]; then
echo "ERROR: hostapd not found." >&2
exit 1
fi
if [[ $(get_adapter_kernel_module ${WIFI_IFACE}) =~ ^(8192[cd][ue]|8723a[sue])$ ]]; then
if ! strings "$HOSTAPD" | grep -m1 rtl871xdrv > /dev/null 2>&1; then
echo "ERROR: You need to patch your hostapd with rtl871xdrv patches." >&2
exit 1
fi
if [[ $DRIVER != "rtl871xdrv" ]]; then
echo "WARN: Your adapter needs rtl871xdrv, enabling --driver=rtl871xdrv" >&2
DRIVER=rtl871xdrv
fi
fi
if [[ ${#SSID} -lt 1 || ${#SSID} -gt 32 ]]; then
echo "ERROR: Invalid SSID length ${#SSID} (expected 1..32)" >&2
exit 1
fi
if [[ $USE_PSK -eq 0 ]]; then
if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then
echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2
exit 1
fi
elif [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -ne 64 ]]; then
echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2
exit 1
fi
if [[ $(get_adapter_kernel_module ${WIFI_IFACE}) =~ ^rtl[0-9].*$ ]]; then
if [[ -n "$PASSPHRASE" ]]; then
echo "WARN: Realtek drivers usually have problems with WPA1, enabling -w 2" >&2
WPA_VERSION=2
fi
echo "WARN: If AP doesn't work, please read: howto/realtek.md" >&2
fi
fi
if [[ -n "$NEW_MACADDR" ]]; then
if ! is_macaddr "$NEW_MACADDR"; then
@ -1336,35 +1381,21 @@ if [[ -n "$NEW_MACADDR" ]]; then
fi
fi
if [[ ${#SSID} -lt 1 || ${#SSID} -gt 32 ]]; then
echo "ERROR: Invalid SSID length ${#SSID} (expected 1..32)" >&2
exit 1
## ========================================================
## ========================================================
TARGET_IFACE= # This is the existing physical interface to use
if [[ $CONN_IFACE ]]; then
TARGET_IFACE=$CONN_IFACE
elif [[ $WIFI_IFACE ]]; then
TARGET_IFACE=$WIFI_IFACE
else
die "No target interface specified"
fi
if [[ $USE_PSK -eq 0 ]]; then
if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then
echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2
exit 1
fi
elif [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -ne 64 ]]; then
echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2
exit 1
fi
if [[ $(get_adapter_kernel_module ${WIFI_IFACE}) =~ ^rtl[0-9].*$ ]]; then
if [[ -n "$PASSPHRASE" ]]; then
echo "WARN: Realtek drivers usually have problems with WPA1, enabling -w 2" >&2
WPA_VERSION=2
fi
echo "WARN: If AP doesn't work, please read: howto/realtek.md" >&2
fi
echo "Target interface is ${TARGET_IFACE}"
mutex_lock
trap "cleanup" EXIT
CONFDIR=$(mktemp -d /tmp/lnxrouter.${WIFI_IFACE}.conf.XXXXXXXX)
CONFDIR=$(mktemp -d /tmp/lnxrouter.${TARGET_IFACE}.conf.XXXXXXXX)
echo "Config dir: $CONFDIR"
echo "PID: $$"
echo $$ > $CONFDIR/pid
@ -1381,94 +1412,93 @@ cp -n /proc/sys/net/ipv4/ip_forward $COMMON_CONFDIR
mutex_unlock
if [[ $WIFI_IFACE ]]; then
if [[ $USE_IWCONFIG -eq 0 ]]; then
iw dev ${WIFI_IFACE} set power_save off
fi
if [[ $NO_VIRT -eq 0 ]]; then
VWIFI_IFACE=$(alloc_new_iface)
# in NetworkManager 0.9.9 and above we can set the interface as unmanaged without
# the need of MAC address, so we set it before we create the virtual interface.
if networkmanager_is_running && [[ $NM_OLDER_VERSION -eq 0 ]]; then
echo -n "Network Manager found, set ${VWIFI_IFACE} as unmanaged device... "
networkmanager_add_unmanaged ${VWIFI_IFACE}
# do not call networkmanager_wait_until_unmanaged because interface does not
# exist yet
fi
if is_wifi_connected ${WIFI_IFACE}; then
WIFI_IFACE_FREQ=$(iw dev ${WIFI_IFACE} link | grep -i freq | awk '{print $2}')
WIFI_IFACE_CHANNEL=$(ieee80211_frequency_to_channel ${WIFI_IFACE_FREQ})
echo -n "${WIFI_IFACE} is already associated with channel ${WIFI_IFACE_CHANNEL} (${WIFI_IFACE_FREQ} MHz)"
if is_5ghz_frequency $WIFI_IFACE_FREQ; then
FREQ_BAND=5
else
FREQ_BAND=2.4
fi
if [[ $WIFI_IFACE_CHANNEL -ne $CHANNEL ]]; then
echo ", fallback to channel ${WIFI_IFACE_CHANNEL}"
CHANNEL=$WIFI_IFACE_CHANNEL
else
echo
fi
fi
VIRTDIEMSG="Maybe your WiFi adapter does not fully support virtual interfaces.
Try again with --no-virt."
echo -n "Creating a virtual WiFi interface... "
if iw dev ${WIFI_IFACE} interface add ${VWIFI_IFACE} type __ap; then
# now we can call networkmanager_wait_until_unmanaged
networkmanager_is_running && [[ $NM_OLDER_VERSION -eq 0 ]] && networkmanager_wait_until_unmanaged ${VWIFI_IFACE}
echo "${VWIFI_IFACE} created."
else
VWIFI_IFACE=
die "$VIRTDIEMSG"
fi
OLD_MACADDR=$(get_macaddr ${VWIFI_IFACE})
if [[ -z "$NEW_MACADDR" && $(get_all_macaddrs | grep -c ${OLD_MACADDR}) -ne 1 ]]; then
NEW_MACADDR=$(get_new_macaddr ${VWIFI_IFACE})
fi
AP_IFACE=${VWIFI_IFACE}
else
OLD_MACADDR=$(get_macaddr ${WIFI_IFACE})
AP_IFACE=${WIFI_IFACE}
fi
if [[ $USE_IWCONFIG -eq 0 ]]; then
iw dev ${WIFI_IFACE} set power_save off
fi
if [[ $NO_VIRT -eq 0 ]]; then
VWIFI_IFACE=$(alloc_new_iface)
# in NetworkManager 0.9.9 and above we can set the interface as unmanaged without
# the need of MAC address, so we set it before we create the virtual interface.
if networkmanager_is_running && [[ $NM_OLDER_VERSION -eq 0 ]]; then
echo -n "Network Manager found, set ${VWIFI_IFACE} as unmanaged device... "
networkmanager_add_unmanaged ${VWIFI_IFACE}
# do not call networkmanager_wait_until_unmanaged because interface does not
# exist yet
echo "DONE"
fi
if is_wifi_connected ${WIFI_IFACE}; then
WIFI_IFACE_FREQ=$(iw dev ${WIFI_IFACE} link | grep -i freq | awk '{print $2}')
WIFI_IFACE_CHANNEL=$(ieee80211_frequency_to_channel ${WIFI_IFACE_FREQ})
echo -n "${WIFI_IFACE} is already associated with channel ${WIFI_IFACE_CHANNEL} (${WIFI_IFACE_FREQ} MHz)"
if is_5ghz_frequency $WIFI_IFACE_FREQ; then
FREQ_BAND=5
else
FREQ_BAND=2.4
fi
if [[ $WIFI_IFACE_CHANNEL -ne $CHANNEL ]]; then
echo ", fallback to channel ${WIFI_IFACE_CHANNEL}"
CHANNEL=$WIFI_IFACE_CHANNEL
else
echo
fi
fi
VIRTDIEMSG="Maybe your WiFi adapter does not fully support virtual interfaces.
Try again with --no-virt."
echo -n "Creating a virtual WiFi interface... "
if iw dev ${WIFI_IFACE} interface add ${VWIFI_IFACE} type __ap; then
# now we can call networkmanager_wait_until_unmanaged
networkmanager_is_running && [[ $NM_OLDER_VERSION -eq 0 ]] && networkmanager_wait_until_unmanaged ${VWIFI_IFACE}
echo "${VWIFI_IFACE} created."
else
VWIFI_IFACE=
die "$VIRTDIEMSG"
fi
OLD_MACADDR=$(get_macaddr ${VWIFI_IFACE})
if [[ -z "$NEW_MACADDR" && $(get_all_macaddrs | grep -c ${OLD_MACADDR}) -ne 1 ]]; then
NEW_MACADDR=$(get_new_macaddr ${VWIFI_IFACE})
fi
AP_IFACE=${VWIFI_IFACE}
if [[ $WIFI_IFACE ]]; then
SUBNET_IFACE=${AP_IFACE}
else
OLD_MACADDR=$(get_macaddr ${WIFI_IFACE})
AP_IFACE=${WIFI_IFACE}
SUBNET_IFACE=${TARGET_IFACE}
fi
mutex_lock
echo $AP_IFACE > $CONFDIR/subn_iface
echo $SUBNET_IFACE > $CONFDIR/subn_iface
chmod 444 $CONFDIR/subn_iface
mutex_unlock
if [[ -n "$COUNTRY" && $USE_IWCONFIG -eq 0 ]]; then
iw reg set "$COUNTRY"
fi
if [[ $WIFI_IFACE ]]; then
can_transmit_to_channel ${AP_IFACE} ${CHANNEL} || die "Your adapter can not transmit to channel ${CHANNEL}, frequency band ${FREQ_BAND}GHz."
if networkmanager_exists && ! networkmanager_iface_is_unmanaged ${AP_IFACE}; then
echo -n "Network Manager found, set ${AP_IFACE} as unmanaged device... "
networkmanager_add_unmanaged ${AP_IFACE}
if networkmanager_is_running; then
networkmanager_wait_until_unmanaged ${AP_IFACE}
if [[ -n "$COUNTRY" && $USE_IWCONFIG -eq 0 ]]; then
iw reg set "$COUNTRY"
fi
echo "DONE"
fi
can_transmit_to_channel ${AP_IFACE} ${CHANNEL} || die "Your adapter can not transmit to channel ${CHANNEL}, frequency band ${FREQ_BAND}GHz."
[[ $HIDDEN -eq 1 ]] && echo "Access Point's SSID is hidden!"
[[ $MAC_FILTER -eq 1 ]] && echo "MAC address filtering is enabled!"
[[ $HIDDEN -eq 1 ]] && echo "Access Point's SSID is hidden!"
[[ $ISOLATE_CLIENTS -eq 1 ]] && echo "Access Point's clients will be isolated!"
[[ $MAC_FILTER -eq 1 ]] && echo "MAC address filtering is enabled!"
# hostapd config
cat << EOF > $CONFDIR/hostapd.conf
[[ $ISOLATE_CLIENTS -eq 1 ]] && echo "Access Point's clients will be isolated!"
# hostapd config
cat << EOF > $CONFDIR/hostapd.conf
beacon_int=100
ssid=${SSID}
interface=${AP_IFACE}
@ -1480,64 +1510,78 @@ ignore_broadcast_ssid=$HIDDEN
ap_isolate=$ISOLATE_CLIENTS
EOF
if [[ -n "$COUNTRY" ]]; then
cat << EOF >> $CONFDIR/hostapd.conf
if [[ -n "$COUNTRY" ]]; then
cat << EOF >> $CONFDIR/hostapd.conf
country_code=${COUNTRY}
ieee80211d=1
EOF
fi
fi
if [[ $FREQ_BAND == 2.4 ]]; then
echo "hw_mode=g" >> $CONFDIR/hostapd.conf
else
echo "hw_mode=a" >> $CONFDIR/hostapd.conf
fi
if [[ $FREQ_BAND == 2.4 ]]; then
echo "hw_mode=g" >> $CONFDIR/hostapd.conf
else
echo "hw_mode=a" >> $CONFDIR/hostapd.conf
fi
if [[ $MAC_FILTER -eq 1 ]]; then
cat << EOF >> $CONFDIR/hostapd.conf
if [[ $MAC_FILTER -eq 1 ]]; then
cat << EOF >> $CONFDIR/hostapd.conf
macaddr_acl=${MAC_FILTER}
accept_mac_file=${MAC_FILTER_ACCEPT}
EOF
fi
fi
if [[ $IEEE80211N -eq 1 ]]; then
cat << EOF >> $CONFDIR/hostapd.conf
if [[ $IEEE80211N -eq 1 ]]; then
cat << EOF >> $CONFDIR/hostapd.conf
ieee80211n=1
ht_capab=${HT_CAPAB}
EOF
fi
if [[ $IEEE80211AC -eq 1 ]]; then
echo "ieee80211ac=1" >> $CONFDIR/hostapd.conf
fi
if [[ -n "$VHT_CAPAB" ]]; then
echo "vht_capab=${VHT_CAPAB}" >> $CONFDIR/hostapd.conf
fi
if [[ $IEEE80211N -eq 1 ]] || [[ $IEEE80211AC -eq 1 ]]; then
echo "wmm_enabled=1" >> $CONFDIR/hostapd.conf
fi
if [[ -n "$PASSPHRASE" ]]; then
[[ "$WPA_VERSION" == "1+2" ]] && WPA_VERSION=3
if [[ $USE_PSK -eq 0 ]]; then
WPA_KEY_TYPE=passphrase
else
WPA_KEY_TYPE=psk
fi
cat << EOF >> $CONFDIR/hostapd.conf
if [[ $IEEE80211AC -eq 1 ]]; then
echo "ieee80211ac=1" >> $CONFDIR/hostapd.conf
fi
if [[ -n "$VHT_CAPAB" ]]; then
echo "vht_capab=${VHT_CAPAB}" >> $CONFDIR/hostapd.conf
fi
if [[ $IEEE80211N -eq 1 ]] || [[ $IEEE80211AC -eq 1 ]]; then
echo "wmm_enabled=1" >> $CONFDIR/hostapd.conf
fi
if [[ -n "$PASSPHRASE" ]]; then
[[ "$WPA_VERSION" == "1+2" ]] && WPA_VERSION=3
if [[ $USE_PSK -eq 0 ]]; then
WPA_KEY_TYPE=passphrase
else
WPA_KEY_TYPE=psk
fi
cat << EOF >> $CONFDIR/hostapd.conf
wpa=${WPA_VERSION}
wpa_${WPA_KEY_TYPE}=${PASSPHRASE}
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP
EOF
else
echo "Warning: Wifi is not protected by password" >&2
else
echo "Warning: Wifi is not protected by password" >&2
fi
fi
SUBNET_IFACE=${AP_IFACE}
#===================================================
#===================================================
if networkmanager_exists && ! networkmanager_iface_is_unmanaged ${SUBNET_IFACE}; then
echo -n "Network Manager found, set ${SUBNET_IFACE} as unmanaged device... "
networkmanager_add_unmanaged ${SUBNET_IFACE}
if networkmanager_is_running; then
networkmanager_wait_until_unmanaged ${SUBNET_IFACE}
fi
echo "Successfully set to unmanaged"
fi
if [[ $NO_DNSMASQ -eq 0 ]]; then
# dnsmasq config (dhcp + dns)
@ -1585,21 +1629,19 @@ EOF
fi
fi
# initialize WiFi interface
if [[ $NO_VIRT -eq 0 && -n "$NEW_MACADDR" ]]; then
ip link set dev ${AP_IFACE} address ${NEW_MACADDR} || die "$VIRTDIEMSG"
#===========================
# initialize subnet interface
if [[ -n "$NEW_MACADDR" ]]; then
ip link set dev ${SUBNET_IFACE} address ${NEW_MACADDR} || die "Failed setting new MAC address"
fi
ip link set down dev ${AP_IFACE} || die "$VIRTDIEMSG"
ip addr flush ${AP_IFACE} || die "$VIRTDIEMSG"
if [[ $NO_VIRT -eq 1 && -n "$NEW_MACADDR" ]]; then
ip link set dev ${AP_IFACE} address ${NEW_MACADDR} || die
fi
ip link set down dev ${SUBNET_IFACE} || die "Failed setting ${SUBNET_IFACE} down"
ip addr flush ${SUBNET_IFACE} || die "Failed flush ${SUBNET_IFACE} IP"
ip link set up dev ${AP_IFACE} || die "$VIRTDIEMSG"
ip addr add ${GATEWAY}/24 broadcast ${GATEWAY%.*}.255 dev ${AP_IFACE} || die "$VIRTDIEMSG"
ip link set up dev ${SUBNET_IFACE} || die "Failed bringing ${SUBNET_IFACE} up"
ip addr add ${GATEWAY}/24 broadcast ${GATEWAY%.*}.255 dev ${SUBNET_IFACE} || die "Failed setting ${SUBNET_IFACE} IP"
# enable Internet sharing
@ -1644,37 +1686,43 @@ if [[ $NO_DNSMASQ -eq 0 ]]; then
umask $SCRIPT_UMASK
fi
if [[ $WIFI_IFACE ]]; then
# start access point
echo "hostapd command-line interface: hostapd_cli -p $CONFDIR/hostapd_ctrl"
if [[ $NO_HAVEGED -eq 0 ]]; then
haveged_watchdog &
HAVEGED_WATCHDOG_PID=$!
fi
# start hostapd (use stdbuf when available for no delayed output in programs that redirect stdout)
STDBUF_PATH=`which stdbuf`
if [ $? -eq 0 ]; then
STDBUF_PATH=$STDBUF_PATH" -oL"
fi
$STDBUF_PATH $HOSTAPD $HOSTAPD_DEBUG_ARGS $CONFDIR/hostapd.conf &
HOSTAPD_PID=$!
echo $HOSTAPD_PID > $CONFDIR/hostapd.pid
if ! wait $HOSTAPD_PID; then
echo -e "\nError: Failed to run hostapd, maybe a program is interfering." >&2
if networkmanager_is_running; then
echo "If an error like 'n80211: Could not configure driver mode' was thrown" >&2
echo "try running the following before starting lnxrouter:" >&2
if [[ $NM_OLDER_VERSION -eq 1 ]]; then
echo " nmcli nm wifi off" >&2
else
echo " nmcli r wifi off" >&2
fi
echo " rfkill unblock wlan" >&2
if [[ $NO_HAVEGED -eq 0 ]]; then
haveged_watchdog &
HAVEGED_WATCHDOG_PID=$!
fi
die
# start access point
echo "hostapd command-line interface: hostapd_cli -p $CONFDIR/hostapd_ctrl"
# start hostapd (use stdbuf when available for no delayed output in programs that redirect stdout)
STDBUF_PATH=`which stdbuf`
if [ $? -eq 0 ]; then
STDBUF_PATH=$STDBUF_PATH" -oL"
fi
$STDBUF_PATH $HOSTAPD $HOSTAPD_DEBUG_ARGS $CONFDIR/hostapd.conf &
HOSTAPD_PID=$!
echo $HOSTAPD_PID > $CONFDIR/hostapd.pid
if ! wait $HOSTAPD_PID; then
echo -e "\nError: Failed to run hostapd, maybe a program is interfering." >&2
if networkmanager_is_running; then
echo "If an error like 'n80211: Could not configure driver mode' was thrown" >&2
echo "try running the following before starting lnxrouter:" >&2
if [[ $NM_OLDER_VERSION -eq 1 ]]; then
echo " nmcli nm wifi off" >&2
else
echo " nmcli r wifi off" >&2
fi
echo " rfkill unblock wlan" >&2
fi
die
fi
else
# need loop to keep this script running
while :; do
sleep 9999
done
fi
clean_exit