Bobubble1

bobubble1 is a homebrew WiFi hotspot built out of an old Kogan Agora laptop running Debian Jessie GNU/Linux.

It also has a 120GB SSD SATA storage device in place of the original 160GB WD1600BEVT disk drive.

It offers a Wireless Access Point (WAP) using the internal USB WiFi interface (148f:2573 Ralink Technology, Corp. RT2501/RT2573 Wireless Adapter), and a wired Ethernet uplink using the internal eth0 interface (PCI Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 01)).

When an external USB WiFi dongle is plugged in (eg. 2001:3c1a D-Link Corp. DWA-160 802.11abgn Xtreme N Dual Band Adapter(rev.B2) [Ralink RT5572]), NetworkManager will attempt to join a known WiFi network within range. If an external Mobile Broadband modem is plugged in (specifically, a ZTE MF823, aka Telstra Pre-paid 4G USB Modem) then it can be used as the uplink.

Setup

Encrypted file system

Debian Jessie installed with whole drive encryption enabled (basically, using cryptsetup-luks).

The whole-drive encryption is then managed with Logical Volume Management (LVM).

Closed Lid operation

The laptop needs to stay running even when the lid is closed for transportation. In /etc/systemd/logind.conf, change HandleLidSwitch to ignore:

[Login]
...
HandleLidSwitch=ignore

Wireless Access Point

An Ethernet Bridge (br0) is setup with a fixed IPv4 address (172.30.0.1) and wlan0 is made a device of br0 with the following lines added to /etc/network/interfaces:

auto wlan0
iface wlan0 inet manual

auto br0
iface br0 inet static
	bridge-ports wlan0
	bridge-fd 0
	address 172.30.0.1
	netmask 255.255.255.0
	network 172.30.0.0
	broadcast 172.30.0.255
	up /etc/network/rc.firewall

NetworkManager is configured to ignore wlan0, the internal Ralink adaptor, with the following in /etc/NetworkManager/nm-system-settings.conf:

[main]
plugins=ifupdown,keyfile

[ifupdown]
managed=false

[keyfile]
unmanaged-devices=mac:00:e0:4c:73:2a:72

hostapd is used to authenticate clients to the hotspot using Wi-Fi Protected Access II (WPA2) encryption, with the following lines in /etc/hostapd/hostapd.conf:

interface=wlan0
bridge=br0
driver=nl80211
country_code=AU
ssid=bobubble1
hw_mode=g
channel=1
wpa=2
wpa_passphrase=<the passphrase>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
auth_algs=1
macaddr_acl=0

(mostly derived from Debian / Ubuntu Linux: Setup Wireless Access Point (WAP) with Hostapd)

DHCP and DNS proxying is made available using dnsmasq.

Squid and Privoxy

HTTP etc. requests are transparently sent through to Squid on port 3128, which then forwards them onto Privoxy on port 8118.

The following line is added to the end of /etc/squid3/squid.conf:

cache_peer localhost parent 8118 7 no-digest no-query

GUI-less operation

Although bobkogan has a GUI, it is not started at boot time to save battery power (reduces number of running processes and frees up some memory). To provide just command line login on a Virtual Terminal and stop the display manager:

$ cat /etc/X11/default-display-manager 
/usr/sbin/none

The GUI can then be entered after normal login with startx.