Configure P1 Server for off-grid operation

Owned by Charles Twist
Aug 06, 2024
4 min read

This article describes how to set up IP addressing and DNS resolution for a P1 Server which is to be used entirely off-grid. It assumes the P1 Server will be connected to a WiFi network without any access to the internet and that the P1 Server will be defining all the IP addresses for the system.

Prerequisites

While P1 Server is connected to the internet, download and install dnsmasq program which is used for both a DHCP server and local DNS resolution. DHCP is used to assign IP addresses to the DN radios and DNS is used to translate names to IP addresses or vice versa. The key thing for this application is that the DN radios will attempt to verify that the server address is valid and thus allow secure connections.

To install dnsmasq use command (from root ssh login on the P1 server)

apt install dnsmasq

Information Needed

IP Address for Server - in this example it is 10.213.71.160 but replace with your own

Optional IP address for Server Host - in this example it is 10.213.71.161 but replace with your own

Address range for DN radios - in this example it is 10.213.71.162-10.213.71.190 but replace with your own

Name of server (indicated on the command prompt) - in this example it is debian2 but replace with your own.

Configuration

Set static IP address for P1 Server

Log on to P1 Server and change to root using su command

Change to /etc/network and then edit file interfaces

# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

allow-hotplug enp0s3

iface enp0s3 inet static

address 10.213.71.160

Set address to your required IP address for the server

Configure hosts file

Change to /etc and edit file called hosts

127.0.0.1 localhost

127.0.1.1 debian2

10.213.71.160 debian2

# The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

Change name debian2 to server name and IP address to server address to suit requirements

Configure dnsmasq

Change to /etc directory and edit file dnsmasq.conf

Locate the following sections and set the addresses and values accordingly

Don’t attempt to find any other DNS servers

# If you don't want dnsmasq to read /etc/resolv.conf or any other

# file, getting its servers from this file instead (see below), then

# uncomment this.

no-resolv

Reverse DNS lookups

Make reverse lookups for the IP address of the server return the server name - note the first line is the reverse order for the first 3 numbers of the IP address

# Example of routing PTR queries to nameservers: this will send all

# address->name queries for 192.168.3/24 to nameserver 10.1.2.3

server=/71.213.10.in-addr.arpa/127.0.0.1

host-record=debian2,10.213.71.160

Don’t try and resolve entelpoc.net

# Add domains which you want to force to an IP address here.

# The example below send any host in double-click.net to a local

# web-server.

#address=/double-click.net/127.0.0.1

address=/entelpoc.net/127.0.0.1

Set DHCP range

Set these to the first and last address in the range that you want to assign to DN radios

# Uncomment this to enable the integrated DHCP server, you need

# to supply the range of addresses available for lease and optionally

# a lease time. If you have more than one network, you will need to

# repeat this for each network on which you want to supply DHCP

# service.

dhcp-range=10.213.71.162,10.213.71.190,12h

Set P1 server to be DNS server for the radios

# Send options to hosts which ask for a DHCP lease.

# See RFC 2132 for details of available options.

# Common options can be given to dnsmasq by name:

# run "dnsmasq --help dhcp" to get a list.

# Note that all the common settings, such as netmask and

# broadcast address, DNS server and default route, are given

# sane defaults by dnsmasq. You very likely will not need

# any dhcp-options. If you use Windows clients and Samba, there

# are some options which are recommended, they are detailed at the

# end of this section.

dhcp-option=6,10.213.71.162

Set DHCP Authoritative Mode

# Set the DHCP server to authoritative mode. In this mode it will barge in

# and take over the lease for any client which broadcasts on the network,

# whether it has a record of the lease or not. This avoids long timeouts

# when a machine wakes up on a new network. DO NOT enable this if there's

# the slightest chance that you might end up accidentally configuring a DHCP

# server for your campus/company accidentally. The ISC server uses

# the same option, and this URL provides more information:

# http://www.isc.org/files/auth.html

dhcp-authoritative

Now save the dnsmasq file. Do not restart server yet.

Intercept attempts to access network DNS Server

Devices on the network may attempt to access the well known DNS server address 8.8.8.8. This is intercepted and sent to the P1 server using IP Tables rule that is run on startup

From root prompt execute the command

crontab -e

Add or alter a line that says

@reboot /sbin/iptables -t nat -A PREROUTING -d 8.8.8.8 -j DNAT --to-destination 10.213.71.160

And then save the file

Set Host Address if required

Optionally go into Windows Settings on the host and set static IP address for Ethernet to

10.213.71.161

Restart

Finally Restart Server and check that it is all working as expected