Wednesday, February 21, 2024

Setup tunneled hotspot on Bookworm Raspberrypi using Wireguard, Network Manager and DNSmasq plugin

This blog post is an update to the original post from 2019 for Debian buster and bullseye.

 In this tutorial we use eth0 as our main internet, wireguard uses eth0 to connect to the server and created a tunneled connection which is used for hotspot by wlan0.

NetworkManager GUI Interface makes our work easy. No need to setup a dhcp server like isc-dhcp-server since NetworkManager has built-in dnsmasq-basic package installed and uses it for DHCP.

To setup hotspot, use Network icon in Raspberrypi to setup a wireless hotspot. For wireguard, you need to edit the hotspot connection and set MTU to 1420. Also, enable auto connect in General tab. Disable IPv6 in IPv6 tab if you are not using it. Set the range for your DHCP clients in IPv4 tab to 10.0.1.1 with mask 255.255.255.0 and gateway 10.0.1.1

To disable WPA Personal and force at least WPA2 Personal authentication use the following command:

nmcli device wifi list

nmcli con modify "Wi-Fi Hot" 802-11-wireless-security.proto rsn

then set a separate routing table for the hotspot ip range which is 10.0.1.0/24:

echo 200 INET2 >> /etc/iproute2/rt_tables
and setup wireguard to route the ip range from your hotspot through itself.

[Interface]
PrivateKey = YOUR.PRIVATE.KEY
Address = 10.10.0.6/24
PostUp = iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE; ip rule add from 10.0.1.0/24 table INET2; ip route add default via 10.10.0.1 dev wg0 table INET2; ip route add 8.8.8.8/32 dev wg0; ip route add 8.8.4.4/32 dev wg0; ip route flush cache
PreDown = iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE; ip rule del from 10.0.1.0/24 table INET2; ip route del default via 10.10.0.1 dev wg0 table INET2; ip route del 8.8.8.8/32 dev wg0; ip route del 8.8.4.4/32 dev wg0; ip route flush cache
Table = off
MTU = 1420

[Peer]
PublicKey = SERVER.PUBKEY
AllowedIPs = 0.0.0.0/0

Endpoint = IP:Port
PersistentKeepalive = 25

set net.ipv4.ip_forward=1 in /etc/sysctl.conf

Edit your upstream Network connections and set their DNS to 8.8.8.8,1.1.1.1 

This way, after a reboot your /etc/resolv.conf is correctly set to the above name servers by NetworkManager.

NetworkManager has a built-in dnsmasq-base package installed and we need to set it to use google name servers for our dhcp clients:

echo -e "dhcp-option=option:dns-server,8.8.8.8,8.8.4.4" > /etc/NetworkManager/dnsmasq-shared.d/dns.conf

Restart your raspberrypi to apply changes.

You can see a list of connected clients in /var/lib/NetworkManager/dnsmasq-wlan0.leases


ps aux | grep dnsmasq 

shows the dnsmasq and its parameters which is running by NetworkManager. 

How to resolve repeating keys issue on WayVNC bookworm

 When you connect to your bookworm 12 wayvnc VNC server from another country, there might be repeating key's issue if there is a packetloss in the connection. If the packet containing the key-release event gets dropped, it will be retransmitted and this will cause it to be delayed, perhaps enough to trigger the repeat.

 To resolve this issue, you can set kb_repeat_rate to 0 in wayfire config as explained here

edit /etc/wayfire/defaults.ini add 

kb_repeat_rate = 0

under [input] section in the file

then restart  your raspberrypi os to apply the new setting. 

Saturday, February 10, 2024

How to take a screenshot using ssh on Wayland Desktop

On debian 11 for raspberrypi and older versions, we can take a screenshot of the active desktop from SSH by using scrot package and setting DISPLAY environment variable to the display number which is 0.0 by default:

        DISPLAY=:0.0 scrot -o screenshot.jpg

or in python:

        os.environ["DISPLAY"] = ":0.0"

        os.system("scrot -o {}".format(picfile))

On Debian 12  for raspberrypi and later versions, Wayland is the default window manager and scrot won't work. grim package can be used which is installed by default. A similar method can be used to access the default wayland desktop by setting WAYLAND_DISPLAY and XDG_RUNTIME_DIR environment variables :

WAYLAND_DISPLAY=wayland-1 XDG_RUNTIME_DIR=/run/user/1000 grim screenshot.png

os.environ["WAYLAND_DISPLAY"] = "wayland-1"

os.environ["XDG_RUNTIME_DIR"] = "/run/user/1000"

os.system("grim {}".format(pngfile))

To find the correct values for these environment variables, use env command in your main desktop to find which values are set for these. without setting proper values, you get the following error when trying to get a screenshot on a non-active tty:

failed to create display

Thursday, February 8, 2024

How to set the default route on Debian 12 bookworm

 /etc/dhcpcd.conf file is missing on debian 12 bookworm OS for Raspberrypi.

To find the current metrics, use route -n

To find the network interface names use nmcli connection show

Then use the connection name of the connection you want to make the default route and set its connection metric to a higher number than others:

nmcli connection edit "Wired connection 1"

set ipv4.route-metric 102

save

quit


How to export Apple Health / Google Fit training activity to TCX format

  I own a Xiaomi Smart Band 7, and recently, my Mi Fitness app stopped syncing running activities to Strava. Mi Fitness supports syncing dat...