Here I am going to explain how to build a Wireguard-enabled Wi-Fi hotspot from OrangePi Zero. Why do you need it? It is nice to have a VPN router when you travel. You can use a ready solutions, but mine router burned out when I tried to connect my Pixel6 as a USB upstream to share LTE data.
I am tried to build it using OpenWrt, but OpenWrt on this board doesn’t support Wi-Fi. Therefore I downloaded and flashed an armbian image
apt install -yq dnsmasq hostapd wireguard
/etc/wiregurad/wg0.conf
[Interface]
Address = 10.0.42.2/24
ListenPort = 51820
DNS = 1.1.1.1
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o %i -j MASQUERADE
[Peer]
...
/etc/dnsmasq.conf
interface=wlan0
bind-interfaces
#listen-address=192.168.42.1
dhcp-range=192.168.42.2,192.168.42.20,255.255.255.0,24h
dhcp-option=option:router,192.168.42.1
dhcp-authoritative
/etc/hostapd.conf
interface=wlan0
hw_mode=g
channel=10
ieee80211d=1
country_code=US
ieee80211n=1
wmm_enabled=1
# First AP
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ssid=WorkFromHome-VPN
wpa_passphrase=12345678
/etc/systemd/network/eth0.network
[Match]
Name=eth0
[Network]
DHCP=yes
/etc/systemd/network/wlan0.network
DHCP=yes
root@orangepizero:~# cat /etc/systemd/network/wlan0.network
[Match]
Name=wlan0
[Network]
Address=192.168.42.1/24
/usr/lib/systemd/system/hostapd.service
[Unit]
Description=hostapd service
[Service]
ExecStart=/usr/sbin/hostapd /etc/hostapd.conf
[Install]
WantedBy=multi-user.target
systemctl unmask systemd-networkd
systemctl enable --now systemd-networkd
systemctl disable --now NetworkManager
systemctl enable --now wg-quick@wg0.service
It is nice to connect your board using mDNS, like ssh root@orangepizero.local
. For that you we need to have avahi-daemon
service confiured and running
apt install -yq avahi-daemon
curl "https://raw.githubusercontent.com/lathiat/avahi/master/avahi-daemon/ssh.service" > /etc/avahi/services/ssh.service
systemctl enable --now avahi-daemon