

Geospoofing with the Raspberry Pi - mwmanning
http://mwmanning.com/2013/02/11/Geospoofing-with-the-Raspberry-Pi.html

======
subway
Anyone else sick of the "%s on Raspberry Pi" Howtos. In the vast majority of
them, there is nothing specific to the Raspberry Pi, they're simply "How to do
%s with a linux box".

~~~
IheartApplesDix
On top of that, all these ARM Cortex based boards have a closed hypervisior on
them. It's pretty silly to run this as a router when you have no idea what's
running in the hypervisior. I haven't been able to find any information on
what it's actually running except some sources say that it might be running a
port of Xen for ARM.

Using them to program your robot plant-watering robot is fine but using it for
any kind of internet connected device more complicated than that is probably a
bad idea.

~~~
subway
I was unaware of a a hypervisor sitting on the ARM Cortex. Do you have any
links to additional information? (I've been using the RPi to prototype a
product for the service industry (Cheap linux box with exposed gpio), and
while I don't intend to use them in prod, I'm curious of the potential
implications for my beta users.

~~~
IheartApplesDix
"In practice, since the specific implementation details of TrustZone are
proprietary and have not been publicly disclosed for review, it is unclear
what level of assurance is provided for a given threat model."

Let me know if you have a better "source".

------
bahman2000
Great guide, thanks!

I do this with an old Acer Aspire One.

I wish the author explained some parts a little, like dev tun vs tun0.

~~~
mwmanning
Thanks for the suggestion. I'll add more explanation for that.

------
newman314
This is a nice setup but I wish he would have touched upon a roadwarrior
configuration too.

I'm having trouble finding/defining iptables rules that can forward IPSec
traffic from a dd-wrt to a server acting as a VPN endpoint.

~~~
mwmanning
Do you take an AppleTV or anything with you while travelling? If you're on the
road with a laptop you can just run a VPN client on there directly, you don't
really need a separate networking device.

~~~
newman314
The setup I'm looking for is to be able to set up an IPSec tunnel to a home
machine to be able to a) access machines and b) watch videos.

dd-wrt does not support IPSec (not without recompiling and having to fiddle
with a bunch of stuff) so that's why I was thinking about terminating in a
server acting as VPN endpoint.

PS. PPTP is not a consideration due to its security flaws.

------
guyzero
This is great, but I'm not sure if it's actually any less complicated than
installing DD-WRT or Tomato.

~~~
bgentry
It may not be, but I guess it depends on what you have handy. But most of the
info will still be useful no matter what hardware you use :)

I did this with an old Mac Mini that was acting mostly as a media server. My
router wasn't compatible with TomatoUSB, so I went with what I had. The
toolchain was a bit different since OSX uses the BSD networking toolchain
rather than the Linux iptables & such.

Edit: s/GNU/Linux

~~~
i_are_crd
IPTables isn't part of GNU. It was developed by the Netfilter team. Indeed,
very few of the networking utilites that are common in Linux distributions are
part of the GNU project.

