Merge pull request #5 from jerryryle/jryle/use-dhcpcd

Jryle/use dhcpcd

debian/changelog

@@ -1,3 +1,15 @@
+rogueportal (1.2) buster; urgency=medium
+
+  * Updated configuration to use dhcpcd instead of /etc/network/interfaces
+  * Configuration no longer requires a bridge, so bridge-utils is no longer a
+    package dependency.
+  * The rogue portal is now configured for wlan0 only, allowing it to work
+    alongside another network connection. So, for example, you can now have the
+    rogue portal running on wlan0 and still ssh into the pi via a wired
+    connection.
+
+ -- Jerry Ryle <jerry@ryle.io>  Thu, 13 May 2021 21:56:00 -0800
+
 rogueportal (1.1) buster; urgency=medium
 
   * Fixed fastboot package that contained a hard-coded partition UUID in the

debian/roguefastboot.postinst

@@ -49,7 +49,6 @@ case "$1" in
 		sed -i '1 s/$/ quiet/' /boot/cmdline.txt
 
 		# Disable services not needed for the rogue captive portal
-		systemctl disable dhcpcd.service
 		systemctl disable systemd-timesyncd.service
 		systemctl disable keyboard-setup.service
     ;;

debian/roguefastboot.postrm

@@ -32,7 +32,6 @@ case "$1" in
 
 		# Enable services that were disabled because they were not needed 
 		# for the rogue captive portal
-		systemctl enable dhcpcd.service
 		systemctl enable systemd-timesyncd.service
 		systemctl enable keyboard-setup.service
     ;;

debian/rogueportal.displace

@@ -1,7 +1,7 @@
+/etc/dhcpcd.conf.rogueportal
 /etc/dnsmasq.conf.rogueportal
+/etc/default/dnsmasq.rogueportal
 /etc/sysctl.conf.rogueportal
 /etc/iptables/rules.v4.rogueportal
-/etc/network/interfaces.rogueportal
-/etc/wpa_supplicant/wpa_supplicant.conf.rogueportal
 /etc/nginx/nginx.conf.rogueportal
 /etc/nginx/sites-available/default.rogueportal

debian/rogueportal.postinst

@@ -29,7 +29,7 @@ case "$1" in
     configure)
         db_get rogueportal/ssid || true
         # SSID will be in $RET after above
-        sed -i -- "s/ssid=.*$/ssid=\"${RET}\"/g" /etc/wpa_supplicant/wpa_supplicant.conf.rogueportal
+        sed -i -- "s/ssid=.*$/ssid=\"${RET}\"/g" /etc/wpa_supplicant/wpa_supplicant_rogueportal.conf
 
 		systemctl enable dnsmasq
 

debian/rogueportal.postrm

@@ -22,7 +22,6 @@ set -e
 case "$1" in
     purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
         systemctl enable wpa_supplicant
-		update-rc.d dhcpcd enable
     ;;
 
     *)

debian/rogueportal.preinst

@@ -16,7 +16,6 @@ set -e
 
 case "$1" in
     install|upgrade)
-		update-rc.d dhcpcd disable
         systemctl disable wpa_supplicant
     ;;
 

files/rogueportal/etc/default/dnsmasq.rogueportal

@@ -0,0 +1,36 @@
+# This file has five functions:
+# 1) to completely disable starting dnsmasq,
+# 2) to set DOMAIN_SUFFIX by running `dnsdomainname`
+# 3) to select an alternative config file
+#    by setting DNSMASQ_OPTS to --conf-file=<file>
+# 4) to tell dnsmasq to read the files in /etc/dnsmasq.d for
+#    more configuration variables.
+# 5) to stop the resolvconf package from controlling dnsmasq's
+#    idea of which upstream nameservers to use.
+# For upgraders from very old versions, all the shell variables set
+# here in previous versions are still honored by the init script
+# so if you just keep your old version of this file nothing will break.
+
+#DOMAIN_SUFFIX=`dnsdomainname`
+#DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt"
+
+# Whether or not to run the dnsmasq daemon; set to 0 to disable.
+ENABLED=1
+
+# By default search this drop directory for configuration options.
+# Libvirt leaves a file here to make the system dnsmasq play nice.
+# Comment out this line if you don't want this. The dpkg-* are file
+# endings which cause dnsmasq to skip that file. This avoids pulling
+# in backups made by dpkg.
+CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new
+
+# If the resolvconf package is installed, dnsmasq will use its output
+# rather than the contents of /etc/resolv.conf to find upstream
+# nameservers. Uncommenting this line inhibits this behaviour.
+# Note that including a "resolv-file=<filename>" line in
+# /etc/dnsmasq.conf is not enough to override resolvconf if it is
+# installed: the line below must be uncommented.
+#IGNORE_RESOLVCONF=yes
+
+# Do not run dnsmasq on the loopback interface
+DNSMASQ_EXCEPT=lo

files/rogueportal/etc/dhcpcd.conf.rogueportal

@@ -0,0 +1,63 @@
+# A sample configuration for dhcpcd.
+# See dhcpcd.conf(5) for details.
+
+# Allow users of this group to interact with dhcpcd via the control socket.
+#controlgroup wheel
+
+# Inform the DHCP server of our hostname for DDNS.
+hostname
+
+# Use the hardware address of the interface for the Client ID.
+clientid
+# or
+# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
+# Some non-RFC compliant DHCP servers do not reply with this set.
+# In this case, comment out duid and enable clientid above.
+#duid
+
+# Persist interface configuration when dhcpcd exits.
+persistent
+
+# Rapid commit support.
+# Safe to enable by default because it requires the equivalent option set
+# on the server to actually work.
+option rapid_commit
+
+# A list of options to request from the DHCP server.
+option domain_name_servers, domain_name, domain_search, host_name
+option classless_static_routes
+# Respect the network MTU. This is applied to DHCP routes.
+option interface_mtu
+
+# Most distributions have NTP support.
+#option ntp_servers
+
+# A ServerID is required by RFC2131.
+require dhcp_server_identifier
+
+# Generate SLAAC address using the Hardware Address of the interface
+#slaac hwaddr
+# OR generate Stable Private IPv6 Addresses based from the DUID
+slaac private
+
+# Example static IP configuration:
+#interface eth0
+#static ip_address=192.168.0.10/24
+#static ip6_address=fd51:42f8:caae:d92e::ff/64
+#static routers=192.168.0.1
+#static domain_name_servers=192.168.0.1 8.8.8.8 fd51:42f8:caae:d92e::1
+
+# It is possible to fall back to a static IP if DHCP fails:
+# define static profile
+#profile static_eth0
+#static ip_address=192.168.1.23/24
+#static routers=192.168.1.1
+#static domain_name_servers=192.168.1.1
+
+# fallback to static profile on eth0
+#interface eth0
+#fallback static_eth0
+
+env wpa_supplicant_conf=/etc/wpa_supplicant/wpa_supplicant_rogueportal.conf
+interface wlan0
+static ip_address=10.1.1.1/24

files/rogueportal/etc/dnsmasq.conf.rogueportal

@@ -1,4 +1,3 @@
-interface=br0
 listen-address=10.1.1.1
 no-hosts
 dhcp-range=10.1.1.2,10.1.1.254,72h

files/rogueportal/etc/iptables/rules.v4.rogueportal

@@ -1,15 +1,21 @@
-*nat
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
--A PREROUTING -i br0 -p udp -m udp --dport 53 -j DNAT --to-destination 10.1.1.1:53
--A PREROUTING -i br0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.1.1.1:80
--A PREROUTING -i br0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.1.1.1:80
--A POSTROUTING -j MASQUERADE
-COMMIT
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
+
+# Accept incoming packets on existing connections on wlan0
+-A INPUT -i wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+# Allow incoming DNS requests on wlan0
+-A INPUT -i wlan0 -p udp --dport 53 -j ACCEPT
+
+# Allow incoming DHCP requests on wlan0
+-A INPUT -i wlan0 -p udp --dport 67 -j ACCEPT
+
+# Allow incoming HTTP requests on wlan0
+-A INPUT -i wlan0 -p tcp --dport 80 -j ACCEPT
+
+# Drop all other incoming requests on wlan0
+-A INPUT -i wlan0 -j REJECT
+
 COMMIT