1

I have a Raspberry Pi 2 with the latest Raspberry Pi OS Lite 32-bit. I want to use my Raspberry Pi as a Hotspot, providing its own WLAN with AdGuard DNS and consuming the internet via Ethernet. I want to use vanilla OS on Raspberry Pi, and the WLAN clients should be behind NAT. DHCP/DNS on the Raspberry Pi must not collide with the existing Ethernet network.

Side Note: Why so complicated? My Router from ISP does not support custom DNS values and does not support disabling the DHCP server. So I will host a 2nd WLAN with AdGuard, and the Router WLAN will stay as is.

A similar question is here related to RaspAP, I am trying to use the native technology only.

I already tried dozens of various config combinations and step-by-step guides, my problem seems to be that all the guidelines on the Internet are outdated, as NetworkManager kind replaced the dnsmasq and hostapd.

AdGuard can be installed as a Docker container or directly. I am trying both approaches. I am fine to use AdGuard DHCP, or use DHCP on the host Raspberry Pi OS, important is, DHCP does not collide with the Ethernet network.

I tried the following strategies:

  • using hostapd and dnsmasq: this fails because NetworkManager is already preinstalled and in use.
  • using nmcli and nmtui (NetworkManager): I can set up a Hotspot, but the Hotspot collides with AdGuard, as both are binding port 53.

I believe the strategy using NetworkManager is the correct way. I have so far this:

  • sudo nmcli dev wifi hotspot ssid YourSSID password YourPassword creates a WiFi AP with NAT, and connected clients can use the Internet and DNS from Ethernet, so far so good.
    • In order to use custom DNS, I have to use nmcli con mod "Hotspot" ipv4.dns "adguard IP", but this is forbidden in mode=shared
  • In case Hotspot is running, AdGuard cannot be started as port 53 is blocked. In case AdGuard is running, Hotspot cannot be started as port 53 is blocked.
    • I configured AdGuard to bind DNS on the Ethernet IP only instead of 0.0.0.0 - in that case, I can start both AdGuard and Hotspot, but the DNS resolution does not work on WLAN clients.
  • via nmtui I can configure on the Wired Ethernet network custom DNS IP pointing to AdGuard, which indeed works for traffic on Raspberry, dig google.com on Raspberry Pi creates DNS queries in AdGuard, but it does not work for clients of the Wireless Hotspot.

It looks like I am 99% complete, but I am missing some details on how to configure the symbiosis of AdGuard and NetworkManager Hotspot/Wired Ethernet to work together as expected.

Can you help point me in the right direction? Should I rethink the whole approach, or am I missing just some magic config detail that will make it work?

Lukas K
  • 111

1 Answers1

0

I found two solutions:

  1. Configure custom DNS on the upstream eth0:

    • enable net.ipv4.ip_forward=1 in /etc/sysctl.conf
    • Configure AdGuard to bind DNS port 53 on its eth0 IP address (default is 0.0.0.0, which would collide with NetworkManager)
    • Configure via nmtui custom DNS on the wired eth0 device (using the IP of the AdGuard)
    • With that configuration, it works, but AdGuard cannot distinguish clients - all have the same IP address.

  2. Override the DHCP configuration of NetworkManager

    • enable net.ipv4.ip_forward=1 in /etc/sysctl.conf
    # content of /etc/NetworkManager/dnsmasq-shared.d/redirect-dns.conf

    disable DNS feature
    

    port=0
    

    interface=wlan0
    

    provide custom DNS IP
    

    dhcp-option=6,10.42.0.1
    • This overrides DNS configuration of NetworkManager, which is not possible using nmcli or nmtui. NetworkManager uses dnsmasq behind the scenes.
    • And this way, AdGuard can distinguish all clients by their IP address assigned in the 10.42.0.1/24 network
    • Host AdGuard in Docker, which opens the incoming traffic on port 53
Lukas K
  • 111