Bobubble1
bobubble1 is a homebrew WiFi hotspot built out of an old Kogan Agora laptop running Debian Jessie GNU/Linux.
It also has a 120GB SSD SATA storage device in place of the original 160GB WD1600BEVT disk drive.
It offers a Wireless Access Point (WAP) using the internal USB WiFi interface (148f:2573 Ralink Technology, Corp. RT2501/RT2573 Wireless Adapter), and a wired Ethernet uplink using the internal eth0 interface (PCI Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller (rev 01)).
When an external USB WiFi dongle is plugged in (eg. 2001:3c1a D-Link Corp. DWA-160 802.11abgn Xtreme N Dual Band Adapter(rev.B2) [Ralink RT5572]), NetworkManager will attempt to join a known WiFi network within range. If an external Mobile Broadband modem is plugged in (specifically, a ZTE MF823, aka Telstra Pre-paid 4G USB Modem) then it can be used as the uplink.
Contents |
Setup
Encrypted file system
Debian Jessie installed with whole drive encryption enabled (basically, using cryptsetup-luks).
The whole-drive encryption is then managed with Logical Volume Management (LVM).
Closed Lid operation
The laptop needs to stay running even when the lid is closed for transportation. In /etc/systemd/logind.conf, change HandleLidSwitch to ignore:
[Login] ... HandleLidSwitch=ignore
Wireless Access Point
An Ethernet Bridge (br0) is setup with a fixed IPv4 address (172.30.0.1) and wlan0 is made a device of br0 with the following lines added to /etc/network/interfaces:
auto wlan0 iface wlan0 inet manual auto br0 iface br0 inet static bridge-ports wlan0 bridge-fd 0 address 172.30.0.1 netmask 255.255.255.0 network 172.30.0.0 broadcast 172.30.0.255 up /etc/network/rc.firewall
NetworkManager is configured to ignore wlan0, the internal Ralink adaptor, with the following in /etc/NetworkManager/nm-system-settings.conf:
[main] plugins=ifupdown,keyfile [ifupdown] managed=false [keyfile] unmanaged-devices=mac:00:e0:4c:73:2a:72
hostapd is used to authenticate clients to the hotspot using Wi-Fi Protected Access II (WPA2) encryption, with the following lines in /etc/hostapd/hostapd.conf:
interface=wlan0 bridge=br0 driver=nl80211 country_code=AU ssid=bobubble1 hw_mode=g channel=1 wpa=2 wpa_passphrase=<the passphrase> wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP auth_algs=1 macaddr_acl=0
(mostly derived from Debian / Ubuntu Linux: Setup Wireless Access Point (WAP) with Hostapd)
DHCP and DNS proxying is made available using dnsmasq.
Squid and Privoxy
HTTP etc. requests are transparently sent through to Squid on port 3128, which then forwards them onto Privoxy on port 8118.
The following line is added to the end of /etc/squid3/squid.conf:
cache_peer localhost parent 8118 7 no-digest no-query
GUI-less operation
Although bobkogan has a GUI, it is not started at boot time to save battery power (reduces number of running processes and frees up some memory). To provide just command line login on a Virtual Terminal and stop the display manager:
$ cat /etc/X11/default-display-manager /usr/sbin/none
The GUI can then be entered after normal login with startx.