How to use a Raspberry Pi to provide WiFi for Ethernet-only devices, and how to use stunnel as a SOCKS server ro provide indirect TLS support

0. WiFi for Ethernet-only devices via Raspberry Pi.md

What's this?

I love MSX computers. I have developed quite a few things for them, including a TCP/IP stack and some networking applications. Some other MSX nerds have developed networking hardware, so boom! Here it is, Internet access from MSX, a 1980s 8 bit machine. How cool is that?

However there are a few issues that prevent us the MSX users to reach the absolute networking happiness:

1. At the time of this writing, there isn't any solution for wireless Internet for MSX, only Ethernet hardware.
2. InterNestor Lite, the TCP/IP stack for MSX, doesn't support TLS. It's not that the developer (me!) is too lazy to implement it, it's just that a Z80 can't handle the required encryption algorythms. Trust me, I tried.

So after thinking about how to solve these issues and some work I came up with a solution. This set of documents will explain you:

1. How to use a Raspberry Pi to provide WiFi connectivity to an Ethernet-only device. This isn't (or shouldn't be, I haven't really tested it) MSX exclusive, this method should work for any Ethernet-only device.
2. How to use the SOCKS5 client capability of InterNestor Lite + a modified version of stunnel, running on the Raspberry Pi itself, to provide indirect TLS support for MSX computers.

Enjoy!

1. How to use a Raspberry Pi to provide WiFi for Ethernet-only devices.md

How to use a Raspberry Pi to provide WiFi for Ethernet-only devices

Here I'll explain how to configure a Raspberry Pi to act as a "WiFi dongle" for TCP/IP capable but Ethernet-only devices. For my tests I have used a Raspberry Pi Zero W with an OTG USB Ethernet adapter (4€ in eBay), but any other model of Pi should work as long as it has Ethernet and WiFi. You'll need a tool to connect to the Pi via SSH (I recommend MobaXTerm if you use Windows).

I'm sure that someone has done this before and has published it somewhere, but I weren't able to find it. What I did find was this article in Raspberry Pi HQ about how to turn a Pi into a WiFi router, but what this article explains is how to turn a Pi connected to the router via Ethernet into a WiFi access point for other devices; we need exactly the opposite, but I used the information in that article as a starting point, modifying what I needed.

Step 0: Configure the Pi

I'm assuming that your Raspberry Pi is up and running Raspbian, with the WiFi already configured. In order to configure my Pi Zero I followed this tutorial in Desertbot for headless setup using Windows, which can be summarized as:

1. Download the Raspbian image (Raspbian Lite is fine)

2. Flash the image file in the SD card using balena Etcher

3. Reinsert the SD card in your computer, Windows will create a few drive letters and tell you that all are unformatted but one. In that one create an empty file named ssh (withot any extension), and a file named wpa_supplicant.conf with the details of your WiFi access point as follows:

country=<ISO code of your country>
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
  scan_ssid=1
  ssid="<the name of your WiFi network>"
  psk="<the password for your WiFi network>"
}

4. Insert the SD card in your Pi and let it boot. Wait one minute or so.

5. If you install bonjour you'll be able to fin your Pi by the name raspberrypi.local. Otherwise you need to get the IP that the Pi got by using a network scanner (there are plenty for Android, for example).

6. If everything went well you should now be able to SSH to your Pi using pi as the user name and raspberry as the password. Hooray!

The next steps are to be done via the SSH prompt directly in the Pi. To edit files text you can use the pico editor by running sudo pico filename.

Step 1: Setup DHCP

First we need to configure the DHCP client so that the Ethernet port of the Pi gets a fixed IP address and network mask. Edit the /etc/dhcp/dhcpd.conf file and add the following content to it:

interface eth0
static ip_address=192.168.34.1/24

We'll use the 192.168.34.x as the IPs range for the network attached to the Ethernet port. And why the 34, you might ask? It's for important historical reasons.

Next, we need to configure a DHCP server so that the device connected to the Ethernet port gets its IP configuration by using itw oen DHCP client. First, install the DHCP server:

sudo apt-get install isc-dhcp-server

Then edit the /etc/dhcp/dhcpd.conf file by adding the following:

authoritative;
subnet 192.168.34.0 netmask 255.255.255.0 {
 range 192.168.34.10 192.168.34.250;
 option broadcast-address 192.168.34.255;
 option routers 192.168.34.1;
 default-lease-time 600;
 max-lease-time 7200;
 option domain-name "local-network";
 option domain-name-servers 8.8.8.8, 8.8.4.4;
}

Now edit the /etc/default/isc-dhcp-server file and add set the line starting with INTERFACESv4 as follows:

INTERFACESv4="eth0"

And with this, the DHCP configuration is finished. To start the DHCP server run this: service isc-dhcp-server start.

Step 2: configure IP forwarding

Now we need to configure IP forwarding: we want all the network traffic coming from the Ethernet port to be forwarded to the WiFi network, and viceversa. These commands will do the trick:

sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eht0 -o wlan0 -j ACCEPT

Also we need to add the following at the end of the /etc/sysctl.conf file in order to actually enable IP forwarding:

net.ipv4.ip_forward=1

Step 3: Set the WiFi network as the main route

A problem I had the first time I played around with my Pi + the Ethernet adapter is that Raspbian was using the Ethenet port for the default entry in the IP routing table. This of course doesn't work, since the outside world is visible in the WiFi network, not in the Ethernet port where there's just a poor MSX sitting.

Eventually I flashed Raspbian again to have a fresh start after having messed things around... and this time Raspbian had configured, correctly, the wlan0 interface as the one for the default entry in the IP routing table.

So just in case, run these commands. If the interface for the main entry is wlan0, nothing will happen; otherwise, wlan0 will be set as such:

DEFAULT_IFACE=`route -n | grep -E "^0.0.0.0 .+UG" | awk '{print $8}'`
if [ "$DEFAULT_IFACE" != "wlan0" ]
then
  GW=`route -n | grep -E "^0.0.0.0 .+UG .+wlan0$" | awk '{print $2}'`
  echo Setting default route to wlan0 via $GW
  sudo route del default $DEFAULT_IFACE
  sudo route add default gw $GW wlan0
fi

Step 4: Set everything at boot time

The last step is to set Raspbian to configure all of this automatically when the Pi boots. We'll do this with crontab.

First, create a new file named ~/router with the following contents (the echo statements aren't necessary, but may be useful for testing):

echo Starting DHCP server
service isc-dhcp-server start

echo Setting NAT routing
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eht0 -o wlan0 -j ACCEPT

DEFAULT_IFACE=`route -n | grep -E "^0.0.0.0 .+UG" | awk '{print $8}'`
if [ "$DEFAULT_IFACE" != "wlan0" ]
then
  GW=`route -n | grep -E "^0.0.0.0 .+UG .+wlan0$" | awk '{print $2}'`
  echo Setting default route to wlan0 via $GW
  route del default $DEFAULT_IFACE
  route add default gw $GW wlan0
fi

Don't forget to make the file executable with chmod +x ~/router after creating it.

Now run crontab -e and when the text editor opens add the following:

@reboot sudo /home/pi/router

Step 5: Try it!

Reboot your Pi and connect its Ethernet port to your Ethernet-only device. If everything goes as planned now your device has an IP address in the range 192.168.34.x and has Internet access thanks the Pi's WiFi interface. Celebrate and party!

2. How to use stunnel with SSL SOCKS support + InterNestor Lite.md

How to use stunnel with SSL SOCKS support + InterNestor Lite

The previous is document explains how to use a modified version of stunnel, combined with the SOCKS client support provided by InterNestor Lite, to perform TLS connections from a MSX computer using InterNestor Lite. This assumes that you have an MSX with an Ethernet card and InterNestor Lite, and a Raspberry Pi configured to provide Internet access via WiFi as explained in the previous document.

Step 1: get and configure stunnel

All the commands are to be executed from the Pi itself via a SSH connection.

Download stunnel with SSL SOCKS support (see the pull request to know how is that support implemented) with this command:

wget https://gist.github.com/Konamiman/110adcc485b372f1aff000b4180e2e10/raw/7949e57d9444ca72baf60745a747cdd8a75fbcd4/stunnel_arm -O stunnel
chmod +x stunnel

Now create a file named ~/stunnel.secrets with this content:

user:LasFloresDelCampoSonBuenasParaLaOreja

You can use any combination of <user>:<password>, actually; stunnel uses this internally only.

Now create a file named ~/stunnel.conf with this content:

[socks_ssl_server]
protocol = socks_ssl
accept = 1443
PSKsecrets = /home/pi/stunnel.secrets

Finally, let's instruct the Pi to run stunnel at boot. Run crontab -e and when the text editor appears add the following at the end:

@reboot /home/pi/stunnel /home/pi/stunnel.conf

Step 2: Configure InterNestor Lite

Once InterNestor Lite is installed, run the following in the MSX-DOS prompt to configure it as a SOCKS server, using the instance of stunnel running on the Pi as the server:

inl tcp x2 192.168.34.1 1443

Alternatively, if you create a text file named inl.cfg containing the line tcp x2 192.168.34.1 1443 and put it in the same directory of inl.com, this will be configured automatically when InterNestor is installed.

To test it, you can use HGET.COM:

hget https://www.konamiman.com /l:con

You will see the (very short) contents of the main page on Konamiman's site, retrieved using HTTPS.

Note: If you want to make further changes to stunnel by yourself, see "How to build stunnel for Raspberry Pi".

3. Or just download the image.md

...Or just download the image

Alternatively to performing all the configuration manually, you can just download a customized version of Raspbian that has it all:

RaspbianLiteWithEthernetToWifiRouter.zip

This is a Raspbian Lite image that has been configured as explained in "How to use a Raspberry Pi to provide WiFi for Ethernet-only devices", and that runs stunnel as explained in "How to use stunnel with SSL SOCKS support + InterNestor Lite". Just flash it in the SD card of your Pi, and you're all set.

Note that this image still has the default password for the pi user in Raspbian, you may want to change it and maybe perform other adjustments and optimizations; that's outside the scope of this documentation.

stunnel_arm

stunnel_x64

To set a static IP address on the eth0 interface you need to edit /etc/dhcpcd.conf, not /etc/dhcp/dhcpd.conf. Just a typo on your end im sure

Or is it maybe /etc/dhcp/dhclient.conf ?

Guys can you help me pls? I followed the tutorial, fixed the typo (/etc/dhcpcd.conf), everything works, but after reboot, DHCP server won't start automatically, I need to write "sudo service isc-dhcp-server start". I think there is a problem with authentication. Can you help me fix it? Thanks.

Guys can you help me pls? I followed the tutorial, fixed the typo (/etc/dhcpcd.conf), everything works, but after reboot, DHCP server won't start automatically, I need to write "sudo service isc-dhcp-server start". I think there is a problem with authentication. Can you help me fix it? Thanks.

Try to use

 systemctl isc-dhcp-server enable
 systemctl isc-dhcp-server start
 systemctl isc-dhcp-server status

I have an issue. This simply will not work for me, and I have even downloaded the IMG file. When plugging into an end device it says: unidentified no internet access.

For me it also doesn't work. I have tried settings things manually and using the image (but with altered IP address range) and whenever I try to nmap the RPI it says port closed even thought the port to the device on the RPI is open and forwarding is turned on.

sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

I am not using the dhcp server as I only have 1 device and it has a static ip.

Update: I have got the raspberry pi up and running at is working flawlessly. Here is what I did in layman's terms:

I issued a Sudo raspi-config and configured everything for the country that I am in (United States). It was previously configured for Europe.

Once I did that, I saved and rebooted.

I noticed that every time that I started up the machine, the DHCP service failed to initiate(I am not sure why). This is what was causing the issues for the PI not getting internet access. In order to fix this problem do:

Su root --> enter root password
Once you have elevated access do: service isc-dhcp-server start
Plug in your device that you want connected to ethernet and enjoy. You will now have internet access.

I've found a simple typo that when fixed, enabled my raspberryPi to work.

In Step 2, I changed
sudo iptables -A FORWARD -i eht0 -o wlan0 -j ACCEPT
to:
sudo iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

Same in Step 4 in ~/router. I changed:
iptables -A FORWARD -i eht0 -o wlan0 -j ACCEPT
to:
iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

I've found a simple typo that when fixed, enabled my raspberryPi to work.

In Step 2, I changed sudo iptables -A FORWARD -i eht0 -o wlan0 -j ACCEPT to: sudo iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

Same in Step 4 in ~/router. I changed: iptables -A FORWARD -i eht0 -o wlan0 -j ACCEPT to: iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

I had just caught that today. Its a bit confusing to me that it worked