Raspberry pi + Windows machine experiments
Last updated
Last updated
The goal of this project is to allow a Windows machine (laptop) to access the capabilities of a headless raspberry pi (running Kali Linux in this example, but works for Raspberry Pi OS, Ubuntu, etc.), without an external monitor screen.
This can be achieved by connecting the Windows machine to the Raspberry Pi via an ethernet connection that provides internet access by routing all outbound traffic through the default interface. I will also be able to access a Linux shell from the Windows machine via a SSH connection.
Additionally, to allow my Windows machine to access the TryhackMe (https://help.tryhackme.com/en/articles/6611809-getting-started-with-openvpn) VPN servers, I will first setup an OpenVPN connection on my Raspberry pi, before performing appropriate networking configurations to route traffic through the VPN interface.
In other words, from the Windows machine point-of-view, the Raspberry pi will be acting as a "network gateway" to the internet, with the benefit of being able to access a Linux shell environment. This removes the need for an external monitor screen for the Raspberry Pi.
Raspberry Pi
Default ethernet interface (eth0): connected directly to the router via the LAN port
USB-A port (eth1): connected directly to the Windows machine (USB-A to ethernet)
Windows machine
USB-C port: connected directly to the Raspberry Pi (USB-C to ethernet)
Take note of the interface names (eth0 and eth1) for each connection.
Configure static IP address and DHCP server (dnsmasq) on the Raspberry pi
Note: The command given in this example (to configure a static IP address) only works for a Debian-based machine.
Assume we want the Raspberry Pi interface eth1 to have a static IP address value of 22.22.22.22. Additionally, the DHCP server will provide the addresses from 22.22.22.0 to 22.22.22.21 .
In the Raspberry Pi, add the following entries at the bottom of the /etc/network/interfaces and /etc/dnsmasq.conf files respectively:
Restart the networking.service and dnsmasq.service services:
Persist the configurations
-> the command above ensures that both services will be enabled on reboot.
Test the configurations
As of now, the Windows machine will have an IP address (within the configured DHCP range) assigned to its interface, but will not be able access the internet. Without further configurations, the traffic coming from the Windows machine will simply be received and dropped by the Raspberry Pi.
The following image shows the traffic through the eth1 interface (Raspberry Pi interface that is directly connected to the Windows machine), with the filter value ip.addr==146.190.62.39, when visiting the address http://146.190.62.39:80 (http://httpforever.com) on the browser.
The traffic displays the source address of 22.22.22.8, which happens to be the address assigned to the interface on the Windows machine (given by the DHCP server). The destination address is 146.190.62.39 . Notice that 3 consecutive TCP SYN requests were sent to the destination, with no reply. Subsequently a series of TCP retransmissions were initiated, with no replies too.
This behavior happens continuously.
Enable IPV4 forwarding and iptables masquerading
Enable IPV4 forwarding on the Raspberry pi:
Looking at the two commands listed below, the first enables the routing of traffic bound for the internet: from the Windows machine interface (eth1), to the default interface (eth0). The second commands works the same way, but routes traffic through the VPN interface (tun0) instead.
-> consequently, all traffic destined for the internet (from the Windows machine) will route through the Raspberry pi
At this point, the interface on the Windows machine should be automatically configured with an IP address from the DHCP server. However if it does not work for any reasons, an explicit DHCP query can be triggered with the following commands:
To better understand the configurations
Perform the following actions, and observe the changes (internet connection for the Windows machine should not work anymore):
a) Try disabling IPV4 forwarding
B) Try removing the IP masquerading rule
Persist the configurations
a) Persist the IPV4 forward rules
Add the line net.ipv4.ip_forward = 1 in /etc/sysctl.conf for persistence
b) Persist the iptables rules
Test the configurations
a) Try connecting to a random website from the Windows machine. The connection should succeed, similar to when the machine is directly connected to the router.
b) Try connecting to the TryHackMe's VPN server
Raspberry Pi
Windows machine
The following command should return the local IP address of our machine within the VPN server (10.x.x.x)
A script can be utilized to enable the openvpn connection on the Raspberry pi on startup, by creating a systemd service. Refer to the following documentation for more information:
Open a SSH session on the Raspberry pi from the Windows machine
Enable the SSH service on the Raspberry Pi:
Configure hostname resolution entries on the Linux machine via the /etc/hosts file
Configure the IP address of the Linux machine as a static DNS server entry on the Windows machine
Note: The first command shown below requires administrative privileges
View the current DNS server configurations
The records defined in /etc/hosts (on the Linux machine) should be resolvable from the Windows machine.
To remove the static DNS server entry on the Windows machine
Ensure Windows machine is not connected to any VPN or external network services
eth1 interface