Jump to content
Hak5 Forums


  • Content count

  • Joined

  • Last visited

About codename_duchess

  • Rank
  1. I'm not sure if this is the right place for this, but I'm going to ask anyway and hope for some direction. I've been trying to find a way to use my unlocked/rooted moto g osprey on metro pcs as a USB modem for my pi3 that is acting as a wireless AP. I started with these two guides: https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/ and https://pimylifeup.com/raspberry-pi-wireless-access-point/ They didn't work. So I did some digging and modified a few of the steps to this: # Add usb0 to /etc/network/interfaces sudo nano /etc/network/interfaces # Add allow-hotplug usb0 iface usb0 inet dhcp # Install openvpn sudo apt-get install openvpn # Using PIA wget https://www.privateinternetaccess.com/openvpn/openvpn.zip unzip openvpn.zip -d openvpn # Copy certs sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/ sudo cp openvpn/US New York.ovpn /etc/openvpn/US.conf # Create login file sudo nano /etc/openvpn/login username password # Point config to right location sudo nano /etc/openvpn/US.conf # Change: auth-user-pass to auth-user-pass /etc/openvpn/login # Change: ca ca.rsa.2048.crt to ca /etc/openvpn/ca.rsa.2048.crt # Change: crl-verify crl.rsa.2048.pem to crl-verify /etc/openvpn/crl.rsa.2048.pem # Reboot sudo reboot # Test VPN sudo openvpn --config /etc/openvpn/US.conf # Ctrl+C to exit # Enable at boot sudo systemctl enable openvpn@US # Enable forwarading sudo nano /etc/sysctl.conf # Uncomment net.ipv4.ip_forward=1 # Enable service sudo sysctl -p # Edit IPTables rules(paste commands into command line) sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT sudo iptables -I INPUT -i usb0 -m comment --comment "In from LAN" -j ACCEPT sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT sudo iptables -A OUTPUT -o usb0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT sudo iptables -A OUTPUT -o usb0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT sudo iptables -A OUTPUT -o usb0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT sudo iptables -A FORWARD -i tun+ -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i usb0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE # Make IPTables rules persistent sudo apt-gt install iptables-persistent # Answer yes to both questions # Apply everything to startup sudo systemctl enable netfilter-persistent # Install packages to turn pi3 into hotspot sudo apt-get install hostapd sudo apt-get install dnsmasq # Stop anything else from using wlan0 sudo nano /etc/dhcpcd.conf #Add to bottom of file, but above any other interfaces in file denyinterfaces wlan0 # Configure static ip sudo nano /etc/network/interfaces #Change wlan0 entry to: allow-hotplug wlan0 iface wlan0 inet static address netmask network broadcast # wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf # Restart dhcpd sudo service dhcpcd restart sudo ifdown wlan0; sudo ifup wlan0 # Configure hostapd(ssid and wpa_passphrase can be whatever you want) sudo nano /etc/hostapd/hostapd.conf interface=wlan0 driver=nl80211 hw_mode=g channel=6 ieee80211n=1 wmm_enabled=1 ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] macaddr_acl=0 ignore_broadcast_ssid=0 # Use WPA2 auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP # This is the name of the network ssid=Pi3-AP # The network passphrase wpa_passphrase=raspberry # Tell hostapd where to find config sudo nano /etc/default/hostapd # Change #DAEMON_CONF="" to DAEMON_CONF="/etc/hostapd/hostapd.conf" # Again tell hostapd where to find config sudo nano /etc/init.d/hostapd # Change DAEMON_CONF= to DAEMON_CONF=/etc/hostapd/hostapd.conf # Backup dnsmasq.conf sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig # Create new dnsmasq.conf sudo nano /etc/dnsmasq.conf # Add interface=wlan0 # Use interface wlan0 listen-address= # Specify the address to listen on bind-interfaces # Bind to the interface server= # Use Google DNS domain-needed # Don't forward short names -priv # Drop the non-routed address spaces. dhcp-range=,,12h # IP range and lease time # Activate forwarding sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" # More IPTables rules(paste into command line) sudo iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE sudo iptables -A FORWARD -i usb0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o usb0 -j ACCEPT # Save new rules sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" # Load rules at boot sudo nano /etc/rc/local # Find "exit 0" at bottom of file and above that line add iptables-restore < /etc/iptables.ipv4.nat # Start services sudo service hostapd start sudo service dnsmasq start # Reboot sudo reboot It still doesn't work. I end up not being able to load the page or getting redirected to a metropcs.com page telling me that my plan doesn't support tethering. I have everything working using my phone as a wifi hotspot, firing up openvpn connect, and then using vpn tether from the google playstore, but my DNS leaks and I end up going through tmobile DNS servers rather than my VPNs. The phone as a hotspot does what I need it to, but I've spent so much time trying to get the pi to do what I want that I don't want to give up.