Recently I have bought a Christmas present for myself from GearBest, costing only $49,21 USD. It includes Raspberry Pi 3 single board computer along with 2.5A power supply, case and several heat sinks. Pi3 is the latest and the most powerful Raspberry model, equipped with 1.2GZ 64-bit ARM processor, 1GB RAM and integrated 10/100 Ethernet port and Wifi 802.11n. Although I can simply use it as a cheap desktop computer, I have different goal in my mind.
Six years ago, I built my own SOHO router/switch base on Intel Pentium III - 733Mhz. It was working great but to save electricity consumption I have never used it in production. However, I have never completely given up idea to build and use my own router. It comes true thanks to Raspberry Pi3 computer as it consumes maximum 1.34 A or 6.7 W under stress when peripherals and WiFi are connected.
Picture1 - Raspberry Pi 3 Model B
Source: http://fosssig.com/tinkerers/1-raspberry-pi-and-kodi/
To shorten the story, I have built a wifi router that runs piCore 9.0.3 on Raspberry PI3. The clients are connected via wireless network to the router that runs hostapd. The hostapd is configured for WPA2 authentication and AES encryption. The router is running DHCP server on the interface wlan0 (IP address 192.168.230.1), providing IP addresses for wireless clients from the subnet 192.168.230.0/24 along with IP address of the default gateway 192.168.230.1.
DHCP also assigns IP address of DNS sever - 192.168.230.1. Both DNS and DHCP are implemented by dnsmasq extension. Router's eth0 interface is connected to ISP network and it gets the IP address from ISP's DHCP server. I have built ppp extension so the router can also connect to ISP using PPPoE protocol. In case the advanced routing is neeeded (OSPF, BGP, etc), FRrouting extension is also available. Of course, to connect WLAN network to the public Internet, NAT is done either on eth0 or ppp0 interfaces. It is implemented by extension iptables using NAT table.
Picture 2 - Raspberry PI Router Connected in Home Network
Thanks to its small size, the router can be used as portable secure wifi router sharing Ethernet connection with other devices inside your room. Moreover, you can load the router with TOR client or any other extensions if needed. Before you leave the room, you can easily destroyed any digital evidence removing the SD card from the router. PiCore will keep working as it runs entirely in RAM. In case you don't need router anymore, you just write another image to SD card and boot your Raspberry from this image.
Note: Although the IPv6 module is loaded in piCore kernel, IPv6 protocol is not tested. For this reason, consider the router as IPv4 based only.
1. Image and Configuration Files
Download the zip file, extract the image and copy it to your SD card with dd command. The router image is a copy of the 4GB SD card thus the card with the equal capacity or bigger is needed. Read this guide for reference.
Core-9.0.3-router0.1.1.zip [2,2 GB]
Core-9.0.3-router0.1.1.img.md5.txt [63B]
Core-9.0.3-router0.1.zip [2,2 GB]
Core-9.0.3-router0.1.img.md5.txt [61B]
Although the router is fully operational, I have also attached the configuration guide and files for reference below.
PiCore OS configuration files:
/opt/.filetool.lst [556B]
/opt/bootsync.sh [492B]
/opt/bootlocal.sh [995B]
The router is loaded with the following extensions.
2. After Install Tasks
Although router is operational once the image is copied to SD card, we should do some basic after install steps. They include changing the default SSID and wpa_passphrase, setting new password for user tc and configuring and hardening network connection to ISP. For this purpose I prepared the after initial scripts that you can run after the first boot. The scripts are located in the directory /home/tc/.
- passwdconf.sh [550B]
- pppoeconf.sh [5.1KB]
- wificonf.sh [2,4K]
- iptablesconf.sh [1.4KB]
2.1 Changing password for user tc
The default password for user tc is piCore. I strongly recommend to change it immediately.
$ sudo /home/tc/passwdconf.sh
Picture 3 - Changing Password for User 'tc'
2.2 Configuring connection to ISP
By default, the router is working as a typical wifi router with IP address assigned from ISP on its Ethernet port. However, if PPPoE is required to establish connection to ISP, additional configuration is needed. It includes enabling pppd daemon, changing default credentials and NAT reconfiguration. Luckily, the script pppoeconf.sh takes care of this job. In order to connect to ISP using PPPoE and CHAP protocol, issue the command below.
$ sudo /home/tc/pppoeconf.sh
Picture 4 - Changing Credentials for PPPoE Connection and Enabling pppd Daemon
Note: To avoid routing issues after PPPoE configuration, it's recommended to reboot your router.
2.3 Wireless network configuration
Although, the wireless network is operational once the router is booted, the WLAN is using the default SSID piCore and WPA passphrase raspberry. Use the script wificonf.sh to changed them.
$ sudo /home/tc/pppoeconf.sh
Picture 5 - Changing WPA Passphrase for WLAN
Below are shown the network interfaces for reference.
Picture 6 - List of Network Interfaces
2.4 Enabling Firewall
We need to prevent attackers from the Internet to connect to the router. Below is the list of open TCP ports that were found by nmap from the PC located in the Internet, before enabling firewall.
Picture 7 - Opened TCP Ports
The script iptablesconf.sh configures iptables to allow only established connection on Ethernet port. Connection from the Internet to the router that is not initialized from WLAN network is dropped. The script also allows input traffic from WLAN network to reach the router's interfaces.
Picture 8 - Enabling Firewall
3. Testing
In case you need to know more about the speed of the integrated Ethernet port and Wifi check this article. My findings are that download speed (28.7Mbps) achieved by Raspberry piCore router is worse than the speed of Belkin router (33.5 Mbps).
Picture 9 - Network Statistics Achieved by Raspberry Pi3 piCore Router
However, jitter 1ms achieved by Raspberry is significantly less that jitter 62ms, measured when Belkin router is used. My user experience also also confirms this finding .
Picture 10 - Network Statistics Achieved by Belkin Router
The high jitter value might be caused by interference of Wifi signal from other nearby WLANs or it might indicate problem with Belkin router itself.