The is a collection of files that I used to create a Wireless access point that tunnels
traffic through a socks5 proxy using tun2socks, hostapd, dnsmasq. This was done on a debian
system, specifically Proxmox VE. The underlying hardware is an Intel Nuc. The wireless card
currently only handles wireless G traffic. Testing "a" wireless resulted in the wireless interface not coming up. This could be merely user error. More information on setting hg_mode in hostapd.conf
This took approximately two days to setup corretly. The tutorials that address how-to create an access point, as well as how-to use tun2socks varied considerably. I was finally able to cobble together a working prototype that is able to tunnel traffic from my wireless access point through any SSH connection that can enable socks5 proxy.
This setup allows wireless device, such as Android, iPhone, iPad and other devices to get an external IP address of the SSH exit server. This isn't a guarantee against snooping. It merely allows TCP traffic to be passed from the Access point into a socks5 proxy.
Install all dependencies with install_support_libs.sh. Configure your ~/.ssh/config to make it very simple to call ssh myhost without needing to specify details like port, etc. See the sample ssh config below. Download the setup scripts into user home directory. You really only need setup_iptables_texas.sh which is a terrible name but pointed to one of my socks5 servers. Move hostapd.conf into /etc/hostapd/hostapd.conf. Move the dnsmasq.conf file to /etc/dnsmasq.conf be sure to update to the name of your interfaces. My interface for the wireless is wlp58s0.
Now that we have hostapd configured and dnsmasq setup. It's time to update the interfaces. On debian systems, be sure to set hostapd /etc/hostapd/hostapd.conf under your wireless interface.
It's possible to test that the access point is working, without having to worry about the complexity of the tun2socks transport layer. The setup_iptables.sh will route traffic from logical name wlp58s0 to vmbr0. Be sure to update this setup script if your interface names are different.
When you're sure that the wireless access point is working and your can get an ip address, in this case 192.168.5.9 and reach the open internet. I typically test with the website https://ifconfig.co
To route traffic from the Wireless access point to tun2socks, I found I needed the rules laid out in setup_iptables_texas.sh. I like this script, which is heavily borrowed from a forum noted below. I've added a few lines to handle starting a proxy on 127.0.0.1:8123 and then tearing it down after tun2socks is closed. This accompanies some nice cleanup for the routing tables. This results in the access point being able to switch between local gateway and socks5 and continue to get a valid ip address and reach the open internet.
lshw -c networkiw list
- https://github.com/ambrop72/badvpn/wiki/Tun2socks
- https://unix.stackexchange.com/questions/144562/redirect-all-packets-from-eth1-eth2-through-a-socks-proxy
- https://nims11.wordpress.com/2013/05/22/using-hostapd-with-dnsmasq-to-create-virtual-wifi-access-point-in-linux/
- https://help.ubuntu.com/community/WifiDocs/WirelessAccessPoint
- https://ifconfig.co/
- https://www.cyberciti.biz/faq/debian-ubuntu-linux-setting-wireless-access-point/
- https://michaelfranzl.com/2014/06/08/debian-linux-howto-briding-wlan-ethernet-access-point-infrastructure-mode-android-phones/
- https://wiki.gentoo.org/wiki/Hostapd