How to change Hotspot IP of armbian

e.g. To change ip range of access point to 10.9.1.x/24

1. edit /etc/network/interface.d/armbian.ap.nat


2. edit /etc/dnsmasq.conf


How to forward hostapd (access point) traffics to VPN

/usr/sbin/ip route add default dev [dev.vpn] table []
/usr/sbin/ip rule add iif [dev.ap] table []

[dev.vpn] is a vpn device name. (e.g. tun0)
[dev.ap] is an access point (wlan) device name. (e.g. wlan0)
[] is a desired table number which is not reserved, and can be replaced by string name if you add one in /etc/iproute2/rt_tables

to disable VPN forwarding,

/usr/sbin/ip route flush table []

Systemctl enabling of OpenVPN

1. config file is in /etc/openvpn

sudo systemctl start/stop/status/enable/disable openvpn@[config]

2. config file is in /etc/openvpn/client

sudo systemctl start/stop/status/enable/disable openvpn-client@[config]

3. config file is in /etc/openvpn/server

sudo systemctl start/stop/status/enable/disable openvpn-server@[config]

extension of config should be .conf not .ovpn

Turn on/off mobile hotspot on windows 10 via powershell

To turn on mobile hotspot:
PS C:\> [Windows.Networking.NetworkOperators.NetworkOperatorTetheringManager,Windows.Networking.NetworkOperators,ContentType=WindowsRuntime]::CreateFromConnectionProfile([Windows.Networking.Connectivity.NetworkInformation,Windows.Networking.Connectivity,ContentType=WindowsRuntime]::GetInternetConnectionProfile()).StartTetheringAsync()↵

To turn off mobile hotspot:
PS C:\> [Windows.Networking.NetworkOperators.NetworkOperatorTetheringManager,Windows.Networking.NetworkOperators,ContentType=WindowsRuntime]::CreateFromConnectionProfile([Windows.Networking.Connectivity.NetworkInformation,Windows.Networking.Connectivity,ContentType=WindowsRuntime]::GetInternetConnectionProfile()).StopTetheringAsync()↵

NanoPi R2S network configuration (armbian)

# add following line in /etc/sysctl.conf

# Forward all traffic with masquerading ip from lan0 to eth0 (internet share)
/sbin/iptables -t nat -A POSTROUTING -j MASQUERADE

# Forward incoming connection from eth0 or tun0 to lan0 (port forwarding)
/sbin/iptables -t nat -A PREROUTING -i tun0 -p tcp –dport 3389 -j DNAT –to-destination
/sbin/iptables -t nat -A PREROUTING -i tun0 -p tcp –dport 22 -j DNAT –to-destination
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 24800 -j DNAT –to-destination

# disabling tx offload on the USB ethernet
/usr/sbin/ethtool -K lan0 tx off

Accessing LANs behind OpenVPN client/server not on gateway

1. Expanding the scope of the VPN to include additional machines on either the client or server subnet.
2. Accessing LAN resources when OpenVPN is not LAN’s GW
3. Lans behind OpenVPN
4. NAT-hack

OpenVPN configuration should be set properly before setting routing.

Windows 10
1. Ip Forwarding. (equivalant to ‘net.ipv4.ip_forward = 1’ on linux box)
In regedit, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
Change IpEnableRouter to 1.

2. Ip Masquerading. (equivalnt to ‘iptables MASQUERADE’ on linux box)
In regedit, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters
Change ScopeAddress and ScopeAddressBackup to 10.8.0.x(tun ip).
And turn on ICS.

After reboot the computer, ICS doesn’t work properly.
(fixed at windows 2004?)
Windows 10 Internet Connection Sharing(ICS) Reboot Fix

Please refer to Reference 2.