A guide for homemade Secure Travel router (RaspAP)
Today, we awoke to yet more news concerning a security information leak from the German military. While many initially speculated about an inside job or high-level hacking, it turns out the explanation is far simpler: human error.
However, I hesitate to label it merely as human error; it’s more accurately described as a lack of cybersecurity culture. During a military event in South Asia, a high-ranking German military official conducted a private conference (classified information) using the hotel’s WiFi. It is still disconcerting that someone in such a position would make such a mistake, but in today’s world, we should not be surprised by the prevalent lack of awareness in cybersecurity.
Using this incident as a pretext, I am going to show you how to set up a personal router for your travels. While your secrets may not be of interest to the Russian army, your private details are always appealing to malicious actors who could exploit them to harm you.
Materials:
· Raspberry Pi + SD card
· WiFi dongle.
First, we need to install the OS in our SD card, for that we will use Pi imager. In the settings, we should specify our username, password, and other options. It’s crucial to activate the SSH function.
I chose Raspberry Pi 4 and Pi OS LITE 64-Bits in Pi Imager. In the settings, I configured the hostname, username, password, SSID-Password (my home network for the following steps), keyboard layout, etc. In the services tab, ensure that SSH is enabled.
After the SD has been written, the next step is to boot your raspi and access it using SSH and your terminal:
ssh pi@travel.local
where pi isthe user and travel.local is the hostname, it would also work if you do pi@your_IP_address. After access our Pi, we must update the system:
sudo apt-get update && sudo apt-get upgrade -y
sudo reboot
The next step involves accessing the RaspAP website (https://raspap.com/). In the Docs section, you’ll find this command:
curl -sL https://install.raspap.com | bash
Copy and paste the curl command into your terminal
lighttpd root: /var/www/html? [Y/n]: Y
Complete installation with these values? [Y/n]: Y
During the installation, say yes to the first two questions; the subsequent ones are optional, depending on whether you want adblock or OpenVPN,
I guess that if you are a militar in a hotel using WiFi you would like to tunnel your communications !
After the reboot, access the RasPi using a web browser by entering the Pi’s hostname in the address bar.
The default username is ‘admin,’ and the default password is ‘secret.’ In the control panel, go to “hotspot,” change the interface from wlan0 to wlan1, set PSK to ‘RaspPass,’ ensure your country code is correct, and save settings.
DO NOT REBOOT the Pi at this stage, or you’ll have to start over. Instead, go to the terminal and edit a few configurations:
sudo nano /etc/dhcpcd.conf
You need to delete all related with wlan0 then save. Basically control+k to delete line by line and then contol+x and yes.
Then do:
sudo rm /etc/NetworkManager/system-connections/preconfigured.nmconnection
and
sudo rm /etc/wpa_supplicant/wpa_supplicant.conf
After that you will not be able to SSH to you PI again by previous methods.
Connect to the new WiFi network: Raspi-webgui
In your webbrowser go to travel.local (or your hostname)
- IP address: 10.3.141.1
- Username: admin
- Password: secret
- DHCP range: 10.3.141.50–10.3.141.254
- SSID: raspi-webgui
- Password: RaspPass
After connecting to (in my case) travel.local, in the admin portal, click the WiFi-client option. All available WiFi networks will appear. If not connected, try Rescan or go to System and hit reboot.
This portal will show you all WiFi in range, you just have to choose the one that you want to connect and write the pass for this WiFi in the box, then click add and in the next window click connect. And…listo! You are connected to internet through your raspi as router setting a barrier between your computer and the dodgy network. Next step would be to configure VNP and etc…
This portal displays all WiFi networks in range. Choose the one you want to connect to, enter the password in the box, click add, and in the next window, click connect. And… you are connected to the internet through your Raspberry Pi as a router, setting a barrier between your computer and any dubious networks. The next step would be to configure VPN and so on.
By the way, this system may not work with many hotel WiFi networks that use portal systems, but it will work with plenty of hotels, cafes, and other places that still use the traditional Name + Pass system.
Refeences: