Flash an image on to an SD card. Use the latest Jessie at least.
Using these instructions (copied, from here https://gist.github.com/gbaman/975e2db164b3ca2b51ae11e45e8fd40a , for convenience), get access to the pi via the USB OTG ethernet device:
Setting up Pi Zero OTG - The quick way (No USB keyboard, mouse, HDMI monitor needed)
More details - http://blog.gbaman.info/?p=791
For this method, alongside your Pi Zero, MicroUSB cable and MicroSD card, only an additional computer is required, which can be running Windows (with Bonjour, iTunes or Quicktime installed), Mac OS or Linux (with Avahi Daemon installed, for example Ubuntu has it built in).
1. Flash Raspbian Jessie full or Raspbian Jessie Lite onto the SD card.
2. Once Raspbian is flashed, open up the boot partition (in Windows Explorer, Finder etc) and add to the bottom of theconfig.txt
filedtoverlay=dwc2
on a new line, then save the file.
3. If using a recent release of Jessie (Dec 2016 onwards), then create a new file simply calledssh
in the SD card as well. By default SSH is now disabled so this is required to enable it. Remember - Make sure your file doesn't have an extension (like .txt etc)!
4. Finally, open up thecmdline.txt
. Be careful with this file, it is very picky with its formatting! Each parameter is seperated by a single space (it does not use newlines). Insertmodules-load=dwc2,g_ether
afterrootwait
. To compare, an edited version of thecmdline.txt
file at the time of writing, can be found here.
5. That's it, eject the SD card from your computer, put it in your Raspberry Pi Zero and connect it via USB to your computer. It will take up to 90s to boot up (shorter on subsequent boots). It should then appear as a USB Ethernet device. You can SSH into it usingraspberrypi.local
as the address.
sudo passwd pi
sudo su
passwd
# boot into multi-user mode (disable GUI on boot)
sudo systemctl set-default multi-user.target
# disable HDMI
sudo nano /etc/rc.local
# add `/usr/bin/tvservice -o` before the `exit 0`
sudo hostname onionpizw
sudo sh -c "echo onionpizw > /etc/hostname"
sudo vim /etc/hosts
# replace "raspberrypi" with "onionpizw"
Set up wifi access to the internet and update the image (essentially from https://davidmaitland.me/2015/12/raspberry-pi-zero-headless-setup/ , step 3):
$ sudo nano /etc/network/interfaces
# comment out existing wlan1 configuration:
#allow-hotplug wlan1
#iface wlan1 inet manual
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# and update it to have:
auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
iw phy phy0 interface add wlan0_ap type __ap
ifconfig wlan0_ap 192.168.42.1
And now
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
and make it look like:
network={
ssid="my network name"
psk="my network password"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP
auth_alg=OPEN
}
Then, make sure it connects:
sudo ifdown wlan0
sudo ifup wlan0
ping www.yahoo.com
sudo apt-get update
sudo apt-get install aptitude vim
sudo aptitude safe-upgrade
(from https://learn.adafruit.com/setting-up-a-raspberry-pi-as-a-wifi-access-point/ )
sudo aptitude install hostapd isc-dhcp-server
sudo aptitude install iptables-persistent # say "yes" to both config screens
Update /etc/dhcp/dhcpd.conf
:
Comment out lines:
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
Uncomment line:
#authoritative
FIXME use something other than google nameservers?
Add the following lines at the bottom:
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.50;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
And update the DHCP server default config to listen on the new wlan0_ap interface:
sudo vim /etc/default/isc-dhcp-server
# set
#INTERFACES=""
# to
INTERFACES="wlan0_ap"
And restart:
sudo systemctl enable isc-dhcp-server
sudo service isc-dhcp-server restart
FIXME: do we need to run on the same channel as wlan0? Create a new hostapd configuration file:
sudo vim /etc/hostapd/hostapd.conf
# add the following:
interface=wlan0_ap
ssid=<your SSID>
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=<your passphrase>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
Configure the hostapd start script to use your configuration file:
sudo vim /etc/default/hostapd
# change
#DAEMON_CONF=""
# to
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Test with:
sudo hostapd /etc/hostapd/hostapd.conf
You may see:
random: Cannot read from /dev/random: Resource temporarily unavailable
random: Only 0/20 bytes of strong dandom data available from /dev/random.
random: Not enough entropy pool available for secure operations
To remedy this:
sudo aptitude install haveged
Then set hostapd to start on startup
sudo systemctl enable hostapd
Now reboot, the access point should be up and you should be able to connect to it and get an IP address.
sudo aptitude install tor
Now here's Adafruit again:
Edit the tor config file by running
sudo vim /etc/tor/torrc
and copy and paste the text into the top of the file, right below the the FAQ notice.
Log notice file /var/log/tor/notices.log VirtualAddrNetwork 10.192.0.0/10 AutomapHostsSuffixes .onion,.exit AutomapHostsOnResolve 1 TransPort 9040 TransListenAddress 192.168.42.1 DNSPort 9053 DNSListenAddress 192.168.42.1
...
> Next we'll create our log file (handy for debugging) with
> ```
> sudo -u debian-tor touch /var/log/tor/notices.log
Check it with
ls -l /var/log/tor
Start the tor service manually
sudo service tor start
Check its really running (you can run this whenever you're not sure, it something is wrong you'll see a big FAIL notice
sudo service tor status
Finally, make tor start on boot:
sudo systemctl enable tor
I like to use this, on another raspberry pi, for my VPN at home: https://hub.docker.com/r/evolvedm/openvpn-rpi/
Here are the lightning instructions:
curl -sSL https://getdocker.com | sh
export OVPN_DATA="ovpn-data"
export CLIENT_NAME=onionpizw
# create the data volume container (which will persist)
docker run --name $OVPN_DATA -v /etc/openvpn hypriot/armhf-busybox
# initialize the data container
docker run --volumes-from $OVPN_DATA --rm evolvedm/openvpn-rpi ovpn_genconfig -u udp://**VPN.SERVERNAME.COM**
docker run --volumes-from $OVPN_DATA --rm -it evolvedm/openvpn-rpi ovpn_initpki
# start the server
docker run --volumes-from $OVPN_DATA --cap-add=NET_ADMIN -p 1194:1194/udp --net=host --restart=always --name openvpn_server evolvedm/openvpn-rpi
# generate passphraseless client certificate
docker run --volumes-from $OVPN_DATA --rm -it evolvedm/openvpn-rpi easyrsa build-client-full $CLIENT_NAME nopass
# retrieve the client config with embedded certificates
docker run --volumes-from $OVPN_DATA --rm evolvedm/openvpn-rpi ovpn_getclient $CLIENT_NAME > $CLIENTNAME.ovpn
# copy the client config to the OnionPiWZ:
scp $CLIENTNAME.ovpn pi@onionpizw.local
sudo aptitude install openvpn
# try it out
sudo openvpn onionpizw.ovpn
sudo mv onionpizw.ovpn /etc/openvpn/client.conf
# set it up as a service
sudo vim /etc/default/openvpn
# uncomment
#AUTOSTART="all"
# to
AUTOSTART="all"
# reload the config and test it
sudo systemctl daemon-reload
sudo service openvpn start
ps aux | grep openvpn # see if it's running
ifconfig # look for tun0 device
sudo aptitude install iptables-persistent
sudo iptables -t nat -A PREROUTING -i wlan0_ap -p udp --dport 53 -j REDIRECT --to-port 9053
sudo iptables -t nat -A PREROUTING -i wlan0_ap -p tcp --syn -j REDIRECT --to-ports 9040
sudo iptables -t nat -A PREROUTING -i wlan0_ap -p tcp --dport 22 -j REDIRECT --to-ports 22
sudo sh -c "iptables-save > /etc/iptables/rules.v4.tor"