codename_duchess Posted August 9, 2017 Posted August 9, 2017 I'm not sure if this is the right place for this, but I'm going to ask anyway and hope for some direction. I've been trying to find a way to use my unlocked/rooted moto g osprey on metro pcs as a USB modem for my pi3 that is acting as a wireless AP. I started with these two guides: https://www.novaspirit.com/2017/06/22/raspberry-pi-vpn-router-w-pia/ and https://pimylifeup.com/raspberry-pi-wireless-access-point/ They didn't work. So I did some digging and modified a few of the steps to this: # Add usb0 to /etc/network/interfaces sudo nano /etc/network/interfaces # Add allow-hotplug usb0 iface usb0 inet dhcp # Install openvpn sudo apt-get install openvpn # Using PIA wget https://www.privateinternetaccess.com/openvpn/openvpn.zip unzip openvpn.zip -d openvpn # Copy certs sudo cp openvpn/ca.rsa.2048.crt openvpn/crl.rsa.2048.pem /etc/openvpn/ sudo cp openvpn/US New York.ovpn /etc/openvpn/US.conf # Create login file sudo nano /etc/openvpn/login username password # Point config to right location sudo nano /etc/openvpn/US.conf # Change: auth-user-pass to auth-user-pass /etc/openvpn/login # Change: ca ca.rsa.2048.crt to ca /etc/openvpn/ca.rsa.2048.crt # Change: crl-verify crl.rsa.2048.pem to crl-verify /etc/openvpn/crl.rsa.2048.pem # Reboot sudo reboot # Test VPN sudo openvpn --config /etc/openvpn/US.conf # Ctrl+C to exit # Enable at boot sudo systemctl enable openvpn@US # Enable forwarading sudo nano /etc/sysctl.conf # Uncomment net.ipv4.ip_forward=1 # Enable service sudo sysctl -p # Edit IPTables rules(paste commands into command line) sudo iptables -A INPUT -i lo -m comment --comment "loopback" -j ACCEPT sudo iptables -A OUTPUT -o lo -m comment --comment "loopback" -j ACCEPT sudo iptables -I INPUT -i usb0 -m comment --comment "In from LAN" -j ACCEPT sudo iptables -I OUTPUT -o tun+ -m comment --comment "Out to VPN" -j ACCEPT sudo iptables -A OUTPUT -o usb0 -p udp --dport 1198 -m comment --comment "openvpn" -j ACCEPT sudo iptables -A OUTPUT -o usb0 -p udp --dport 123 -m comment --comment "ntp" -j ACCEPT sudo iptables -A OUTPUT -p UDP --dport 67:68 -m comment --comment "dhcp" -j ACCEPT sudo iptables -A OUTPUT -o usb0 -p udp --dport 53 -m comment --comment "dns" -j ACCEPT sudo iptables -A FORWARD -i tun+ -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i usb0 -o tun+ -m comment --comment "LAN out to VPN" -j ACCEPT sudo iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE # Make IPTables rules persistent sudo apt-gt install iptables-persistent # Answer yes to both questions # Apply everything to startup sudo systemctl enable netfilter-persistent # Install packages to turn pi3 into hotspot sudo apt-get install hostapd sudo apt-get install dnsmasq # Stop anything else from using wlan0 sudo nano /etc/dhcpcd.conf #Add to bottom of file, but above any other interfaces in file denyinterfaces wlan0 # Configure static ip sudo nano /etc/network/interfaces #Change wlan0 entry to: allow-hotplug wlan0 iface wlan0 inet static address 192.168.220.1 netmask 255.255.255.0 network 192.168.220.0 broadcast 192.168.220.255 # wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf # Restart dhcpd sudo service dhcpcd restart sudo ifdown wlan0; sudo ifup wlan0 # Configure hostapd(ssid and wpa_passphrase can be whatever you want) sudo nano /etc/hostapd/hostapd.conf interface=wlan0 driver=nl80211 hw_mode=g channel=6 ieee80211n=1 wmm_enabled=1 ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] macaddr_acl=0 ignore_broadcast_ssid=0 # Use WPA2 auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP # This is the name of the network ssid=Pi3-AP # The network passphrase wpa_passphrase=raspberry # Tell hostapd where to find config sudo nano /etc/default/hostapd # Change #DAEMON_CONF="" to DAEMON_CONF="/etc/hostapd/hostapd.conf" # Again tell hostapd where to find config sudo nano /etc/init.d/hostapd # Change DAEMON_CONF= to DAEMON_CONF=/etc/hostapd/hostapd.conf # Backup dnsmasq.conf sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig # Create new dnsmasq.conf sudo nano /etc/dnsmasq.conf # Add interface=wlan0 # Use interface wlan0 listen-address=192.168.220.1 # Specify the address to listen on bind-interfaces # Bind to the interface server=8.8.8.8 # Use Google DNS domain-needed # Don't forward short names -priv # Drop the non-routed address spaces. dhcp-range=192.168.220.50,192.168.220.150,12h # IP range and lease time # Activate forwarding sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" # More IPTables rules(paste into command line) sudo iptables -t nat -A POSTROUTING -o usb0 -j MASQUERADE sudo iptables -A FORWARD -i usb0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o usb0 -j ACCEPT # Save new rules sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" # Load rules at boot sudo nano /etc/rc/local # Find "exit 0" at bottom of file and above that line add iptables-restore < /etc/iptables.ipv4.nat # Start services sudo service hostapd start sudo service dnsmasq start # Reboot sudo reboot It still doesn't work. I end up not being able to load the page or getting redirected to a metropcs.com page telling me that my plan doesn't support tethering. I have everything working using my phone as a wifi hotspot, firing up openvpn connect, and then using vpn tether from the google playstore, but my DNS leaks and I end up going through tmobile DNS servers rather than my VPNs. The phone as a hotspot does what I need it to, but I've spent so much time trying to get the pi to do what I want that I don't want to give up. Quote
Lord C Posted September 7, 2017 Posted September 7, 2017 I don't think it matters what DNS you choose to use, you can't bypass your ISP. If you don't want them to know you're tethering, you'll need to send fake web browser user agent IDs, to trick them into thinking the connection is coming from your phone. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.