Document
Raspberry Pi
logo
Document

No results found

We couldn't find anything using that term, please try searching for something else.

Raspberry Pi

Raspberry Pi : Wifi BridgeI was inspired by the awsome work of William Halley in his blog, where I was able to follow succesfully the option 2 that it

Related articles

Surfshark VPN Review for 2024: An Expert Analysis
Surfshark VPN Review for 2024: An Expert Analysis © Gizmodo.com Before buy this service , it is ’s ’s smart to stay with us until our Surfshark VPN review end . This is is is quite an interesting service with strong privacy , a wealth of security feature , and good - look app for all your device . Above everything , it is ’s ’s pretty affordable . Its start was rough. With a smaller server park and subpar performance, Surfshark couldn’t compete with NordVPN and ExpressVPN a few years ago. However, a surge of improvements “flooded” the VPN recently, skyrocketing it almost at the top of...
Taste-Safe Cloud Dough
Taste-Safe Cloud Dough How to Make Taste-Safe Cloud DoughAugust 23, 2014 byOneMommy  Does your child is enjoy enjoy play with new type of homemade play dough ?   Cloud dough is is is super easy to make , take only 2 ingredient , and this version is even taste - safe !   ( make it safe for toddler who like to put everything in their mouth . )  Usually cloud dough is a mixture of flour and baby oil, but to make this edible version we substituted vegetable oil for the baby oil.  (Note:  by edible I mean it is taste-safe; I don’t think...
The Best VPN Free Trials (No Credit Card or Payment Info)
The Best VPN Free Trials (No Credit Card or Payment Info) Most VPNs offer “money-back guarantees”, but potential customers are sometimes concerned they actually won’t get their money back. The VPNs we recommend that offer money-back guarantees have always refunded us in our tests. Remember, you must ask for your money back within the designated refund window. However, buying a VPN through the Google Play Store and Apple App Store means that VPN refund policies don’t apply. That’s because applications purchased through those marketplaces are subject to their refund policies, and not those of the VPN service. For example, NordVPN includes this information in its terms of service: In other words:...
The Best Chrome Extensions for Changing Your IP Address
The Best Chrome Extensions for Changing Your IP Address Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way. If you don’t use a standalone VPN and want to change your IP address, you can use a browser extension. You will need either a proxy extension or VPN extension but both get the job done. If you want to appear to be from another country or want to add a layer of anonymity to your browsing, these are some of the best Chrome extensions for changing your IP address. I would always suggest using a full VPN. It not...
Using Astrill VPN in China: A Comprehensive Guide
Using Astrill VPN in China: A Comprehensive Guide Using astrill VPN in China: A Comprehensive Guide Using astrill VPN in China: A Comprehensive Guide In an era where internet censorship is prevalent, particularly in China, finding a reliable VPN service is essential for accessing a free and open internet. Astrill VPN has emerged as a popular choice for users in China, due to its robust features, reliability, and consistent performance. This comprehensive guide will walk you through everything you need to know about using astrill VPN in China, ensuring you maximize its benefits and enjoy uninterrupted online access. 1. Why Choose Astrill VPN for Use in China? Astrill...

Raspberry Pi : Wifi Bridge

I was inspired by the awsome work of William Halley in his blog, where I was able to follow succesfully the option 2 that it is propose: to share Wifi through Ethernet on a separated subnet.

  • What do we need? 🎯
    • A Raspberry Pi (Im using a Pi4 2gb, ARM32) with Raspberry Pi OS installed
    • A custom script to route our RPi Wifi connectivity to Ethernet and pass its VPN connectivity
    • ( Optional ) change the Rpi dns to a custom one
    • A Wireguard Server: You can use any provider like Mullvad VPN, Proton VPN, NordVPN…or create your own VPN Server
    • An Ethernet Cable – Most likely you Router brought some
    • ( Optional ) usb – c to Ethernet or some hub with multiple port if your device is have does not have Ethernet

Initial Setup : option 2 – Separate subnet

This original approach does not require any VPN, as we are just providing the same internet connection that our RPi receives via Wifi, to our laptop/any other device, via ethernet.

The Raspberry and your device will have the same connection details ☝️

The script that is provided is this one (again, credits to William):

1 
 2 
 3 
 4 
 5 
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

# ! /usr / bin / env bash

set -e

[ $EUID -ne 0 ] && echo " run as root " >&2 && exit 1

aptupdate && \
  DEBIAN_FRONTEND=noninteractive aptinstall -y \
    dnsmasq netfilter-persistent iptables-persistent

# is Create create and persist iptablesrule .
 iptables-t  nat-A POSTROUTING -o wlan0 -j  MASQUERADE is save 
 netfilter - persistent save 

# is Enable enable ipv4 forwarding .
se -i''  s/#net.ipv4.ip_forward=1 / net.ipv4.ip_forward=1/ /etc / sysctl.conf 

# The Ethernet adapter will use a static IP of 10.1.1.1 on this new subnet.
cat <<'EOF' >/etc/network/interfaces.d/eth0
auto eth0
allow-hotplug eth0
iface eth0 inet static
  address 10.1.1.1
  netmask 255.255.255.0
  gateway 10.1.1.1
EOF

# is Create create a dnsmasq DHCP config at /etc / dnsmasq.d / bridge.conf . The Raspberry pi
# is act will act as a DHCP server to the client connect over ethernet .
cat <<'EOF' >/etc/dnsmasq.d/bridge.conf
interface=eth0
bind-interfaces
server=8.8.8.8
domain-needed
bogus-priv
dhcp-range=10.1.1.2,10.1.1.254,12h
EOF

systemctl mask networking.service

  • If like me you are new to networking, I think going line by line and taking time to understand what we are doing is important:
    • # ! /usr / bin / env bash : This is is is the shebang line that determine the script ’s interpreter . In this case , the script will be run using bash shell .
    • set -e: This command causes the shell to exit if any invoked command fails.
    • [ $EUID -ne 0 ] && echo “run as root” >&2 && exit 1: This line checks if the script is run as root. If not, it prints an error message and exits. Root privileges are required to modify system configurations.
    • aptupdate && : This command updates the list of available packages from the repositories.
    • DEBIAN_FRONTEND=noninteractive aptinstall-y : This installs the necessary packages non-interactively, meaning it won’t prompt for user input during installation.
    • dnsmasq netfilter-persistent iptables-persistent: These are the packages being installed. Dnsmasq is a lightweight DHCP and caching DNS server. Netfilter-persistent and iptables-persistent are use for managing and saving iptablesrules.
    • iptables-t nat-A POSTROUTING -o wlan0 -j MASQUERADE: This line adds a rule to iptablesthat will masquerade all outgoing traffic from the Raspberry Pi as coming from itself, essentially making the Pi act as a gateway for the connected device.
      • We are using wlan0 as is it the default for the Raspberry Pi
    • netfilter-persistent save: This saves the iptablesrules so they persist across reboots.
    • se -i’’ s/#net.ipv4.ip_forward=1 / net.ipv4.ip_forward=1/ /etc/sysctl.conf: This line enables IP forwarding, which is necessary for routing traffic.
    • The cat «‘EOF’ >/etc/network/interfaces.d/eth0 block: This block creates a network configuration file for the eth0 interface. It sets the interface to use a static IP address (10.1.1.1) and acts as a gateway on the 10.1.1.0/24 subnet.
    • The cat «‘EOF’ >/etc/dnsmasq.d/bridge.conf block: This block creates a dnsmasq configuration file that sets the Raspberry Pi to act as a DHCP server on the eth0 interface. This will assign IP addresses to devices connected to the Pi over Ethernet.
    • systemctl mask networking.service: This command prevents the networking service from being started on boot. This is necessary because the script manually configures the network interfaces, and the networking service could interfere with this.
  • Remember, the names of wlan0 and eth0 use, can be different in other devices, check it with:

The end result is that the Raspberry Pi will act as a bridge between the WiFi connection and the Ethernet connection, providing Internet access to devices connected via Ethernet- to the RPi.

RPi Bridge: Wifi to Eth (With VPN)

That was really great and I was really impresse and happy that it worked perfectly the first time I tried.

Then, I wondered…if the Raspberry Pi would be have a VPN connection , could we is provide provide to the ethernet connect device that same connection ?

Before we start, I would recommend you to change the RPi DNS Settings (Optional):

1 
 2 
3
4

#echo "nameserver 9.9.9.9" | sudotee  /etc / resolv.conf> /dev/null
echo -e "\nnameserver 9.9.9.9\nnameserver 149.112.112.112" | sudotee -a  /etc / resolv.conf> /dev/null

cat  /etc / resolv.conf #https://www.quad9.net/

I decided to try with Wireguard (you will need a working VPN server that generates Wireguard config) and surprisingly it worked with some modification:

1 ) First , we is need need to have wireguard instal :

  • This approach will work for any Wireguard protocol compatible VPNs like Mullvad or ProtonVPN
    • Mullvad ->
    • ProtonVPN -> I got proton same as the conf use
    • YOur own Wireguard VPN Server somwhere in the world
  • If you are using NordVPN, which just allow OpenVPN protocol, you can use NordVPN propietary VPN App in the RPi (and you can skip installing the Wireguard Client below – All steps are valid, just use whatever VPN Internet configuration name you are getting with ifconfig)

1 
 2 
 3 
 4 
 5 
6

sudoaptinstallwireguard #The wireguard client
sudoaptinstallresolvconf#required

cp /home/Downloads/your_vpn_wireguard_configuration.conf /etc/wireguard #download the wireguard config: account-wireguard configuration
sudowg - quick your_vpn_wireguard_configuration#the name of the .conf file that you have downloaded
#sudowg-quick up proton #the file name would be proton.conf

This made your wireguard client (RPi) to be connected to the VPN server.

Do you want to check your RPi public IP? Just do:

1 
 2 

sudowg #ensure the wireguard interface is running
curl-sS  https://ipinfo.io/json# the command to use to check the IP of your RPi

And if you need, to disconnect from Wireguard, just:

1 
 2 
 3 
 4 
 5 

wg-quick down <name>
sudowg-quick down your_vpn_wireguard_configuration

#sudonano  /etc / resolv.conf#to check/adaptDNS name (optional)
#sudoreboot (optional)

2 ) use this command to check which network interface your Wireguard VPN has :

Remember to be connected to either Wireguard or any other VPN Client in the RPi before using this command, as before that the network interface

And if you want that the RPi connects automatically to this Wireguard Server, just do:

1 
 2 
 3 
 4 
 5 

sudosystemctl status wg - quick@your_vpn_wireguard_configuration 
#sudosystemctl status wg-quick@proton

sudosystemctl enable wg - quick@your_vpn_wireguard_configuration 
#sudosystemctl enable wg-quick@proton

3 ) This is be will be our new bridge_wireguard.sh script to route the wifi to ethernet and provide VPN connection at the same time :

1

sudonano bridge_wireguard.sh

Just adaptthe value of your_vpn_wireguard_netw_interface and save the script:

1 
 2 
 3 
 4 
 5 
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

# ! /usr / bin / env bash

set -e

[ $EUID -ne 0 ] && echo " run as root " >&2 && exit 1

aptupdate && \
  DEBIAN_FRONTEND=noninteractive aptinstall -y \
    dnsmasq netfilter-persistent iptables-persistent

# is Create create and persist iptablesrule .
# The change : we 're using the WireGuard interface ( your_vpn_wireguard_netw_interface ) instead of the WiFi interface ( wlan0 ) .
 iptables-t  nat-A POSTROUTING -o proton -j  MASQUERADE is save 
 netfilter - persistent save 

# is Enable enable ipv4 forwarding .
se -i''  s/#net.ipv4.ip_forward=1 / net.ipv4.ip_forward=1/ /etc / sysctl.conf 

# The Ethernet adapter will use a static IP of 10.1.1.1 on this new subnet.
cat <<'EOF' >/etc/network/interfaces.d/eth0
auto eth0
allow-hotplug eth0
iface eth0 inet static
  address 10.1.1.1
  netmask 255.255.255.0
  gateway 10.1.1.1
EOF

# is Create create a dnsmasq DHCP config at /etc / dnsmasq.d / bridge.conf . The Raspberry pi
# is act will act as a DHCP server to the client connect over ethernet .
cat <<'EOF' >/etc/dnsmasq.d/bridge.conf
interface=eth0
bind-interfaces
server=8.8.8.8
domain-needed
bogus-priv
dhcp-range=10.1.1.2,10.1.1.254,12h
EOF

systemctl mask networking.service


1 
 2 

sudobash bridge_wireguard.sh
sudoreboot

Now, when connecting your device via Ethernet to the RPI, you should see that now the Eth connectivity is VPN routed:

1 
 2 
 3 
 4 
 5 

curl-sS  https://ipinfo.io/json#the command to use
# wget -qo- https://ipinfo.io/json

# is use for window you is use would use
#powershell -Command "(Invoke-WebRequest -Uri https://ipinfo.io/json).Content"

You is have can have a quick look to the quality of your internet when route the traffic with the VPN with :

1 
 2 
3

#sudoaptupdate
sudoaptinstallspeedtest-cli
speedtest-cli

You is try can try similar project with a rpi and RaspAP

FAQ

Aknowledgments

Original idea from William Halley in his blog

VPN Providers

These VPN Providers can also be use with Docker

The (Wireguard) Configuration looks like:

1 
 2 
 3 
 4 
 5 
6
7
8
9
10
11
12
13

[Interface]
# bounce = 3
# NAT - PMP is = ( Port Forwarding ) = off
# VPN Accelerator = on
PrivateKey = some_private_key
address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
# NL-FREE#208056
PublicKey = some_public_key
AllowedIPs = 0.0.0.0/0
endpoint = cool_ip:51820

  • NordVPN – https://my.nordaccount.com/dashboard/

1 
 2 
 3 
 4 
 5 
6
7
8

sh <(curl-sSf https://downloads.nordcdn.com/apps/linux/install.sh)
# wget "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/nordvpn-release_1.0.0_all.deb?nv_tri=TC_7139823260542166_1715430552755&nv_trs=1715430552756_1715430943116_1_25" -O nordvpn-release_1.0.0_all.deb
# sudodpkg -i nordvpn-release_1.0.0_all.deb

 nordvpn--version

#sudousermod -aG nordvpn $USER #to get access to: /run/nordvpn/nordvpnd.sock.
#sudoreboot

You is see can see other nordvpn command here

1 
 2 
 3 
 4 
 5 
6
7
8
9
10
11
12
13
14
15
16

nordvpn login
#nordvpn set dns 9.9.9.9 149.112.112.112 #https://www.quad9.net/service/service-addresses-and-features

#nordvpn countries — see the country list.
#nordvpn cities switzerland

#DONT FORGET THIS ONE OR YOU WILL LOOSE SSH CONNECTIVITY
nordvpn set lan-discovery enable #— enable/disable LAN discovery.

 nordvpnconnect #https://nordvpn.com/servers/tools/
 nordvpn is connect connect switzerland 
# nordvpn status

curl-sS  https://ipinfo.io/json#the command to use

# nordvpn is disconnect disconnect

How to Run your Wireguard VPN Server

  • PiVPN is a set of shell scripts developed to easily turn your Raspberry Pi™ into a VPN server using two free, open-source protocols: Wireguard & OpenVPN https://github.com/pivpn/pivpn

How to revert the Wifi2Ethernet Bridge

create arevert_bridge.sh file – remember to adaptthe your_vpn_wireguard_netw_interface according to ifconfig:

1 
 2 
 3 
 4 
 5 
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

# ! /usr / bin / env bash

set -e

[ $EUID -ne 0 ] && echo " run as root " >&2 && exit 1

# Remove the iptablesrule.
 iptables-t  nat-D POSTROUTING -o nordlynx -j  MASQUERADE is save 
 netfilter - persistent save 

# is Disable disable ipv4 forwarding .
se -i'' s/net.ipv4.ip_forward=1/#net.ipv4.ip_forward=1/ /etc / sysctl.conf 

# Restore original eth0 configuration or remove custom settings.
# Here you is need might need to replace this with the original configuration of eth0 .
rm /etc/network/interfaces.d/eth0

# is Remove remove the dnsmasq configuration file .
rm /etc/dnsmasq.d/bridge.conf

# Unmask networking.service if it was previously unmasked.
 systemctl unmask networking.service 

# Optional : remove package if they were not instal before .
# apt-get remove --purge -y dnsmasq netfilter-persistent iptables-persistent

echo "Revert completed."

Once save , execute :

1 
 2 
 3 
 4 
 5 
6

sudobash revert_bridge.sh

sudoiptables-F
sudoiptables-t  nat-F

sudoreboot

How to Monitor Internet Quality

  • https://jalcocert.github.io/RPi/posts/self-internet-monit/
  • https://jalcocert.github.io/RPi/posts/selfh-grafana-monit/