Some things can just be bizarre at times…
I was looking at a different thing, wrangling with MicroSoft over why my LAN connection is marked as an untrusted public network and how can I make it “home”… ( I think that’s why turning on samba on the Dongle Pi didn’t get the files seen… while using wireless did). Well, one thing leads to another, and I “disable” the interface (in the hope that when re-enabling it, I can say “that one is home too!”… which it doesn’t let me do after all…)
But along the way ANOTHER interface shows up. It’s named “oddly” and being perpetually worried about potential exposures, think maybe it’s someone inserting an interface. Some exploration follows…
Turns out it’s a Microsoft 1/2 a feature… Something not “done” yet, but still working… I can turn my laptop into an Access Point and then “share” my internet connection (even if a wireless one…) out that access point. Yes, the ONE wireless interface acting as both my internet connection AND an access point for others…
This would, for example, let me extend the range of an Access Point by connecting with my laptop and then sharing it on to the range of my laptop. Or in the hotel I could “sign up” with the laptop, then share with other devices in the room or even with friends next door. (When in the Motel 6 at Disneyland and they wanted some nuisance fee to use the internet, like $3 for the day, and I just wanted to do a 4 minute mail check, I could instead “share it out” to the rest of the family including the kids in the next room over and thus justify the cost, since they use it more than I do.)
It also means that folks with the necessary equipment and software release can become an improvised sharing point for private group communications fairly easily. Since “file sharing” is allowed by default, you can easily have file passing. (Rather like we saw here: https://chiefio.wordpress.com/2013/05/09/small-group-communications-wo-internet/ )
So to test it, I decided to just use the Dongle Pi and connect back to the laptop wireless and then on out to the internet. And it worked… Though not without some problems along the way (mostly in Microsoft Land…)
First off, realize that this software “has issues” as it is a 1/2 done project that got cancelled, so you don’t turn it on with a nice GUI interface. It’s from the command line with Administrator Privs turned on. It also is not very robust to “change” and it required some changes to the DonglePi config to adapt to that.
First off, how to do it:
You need particular levels of M.S. Windows and a WiFi connection that works.
http://www.wi-fiplanet.com/tutorials/article.php/3849841 lists the details.
By Eric Geier
November 24, 2009
The wireless Hosted Network feature in Windows 7 lets anyone with a supported Wi-Fi adapter and driver become a wireless AP for other Wi-Fi users, while also having the ability to connect to another wireless network.
So this has been kicking around for at least 3+ years.
Back in 2002, the research department at Microsoft started experimenting with the virtualization of 802.11 wireless adapters under the project code name VirtualWiFi. They discovered a way to make a single physical Wi-Fi adapter look like multiple adapters in Windows.
VirtualWiFi lets users simultaneously connect to multiple wireless networks with only one wireless card. They hoped this technology could be used in a variety of applications, including wireless diagnosis and troubleshooting, Wi-Fi mesh networking, virtual access points, and wireless repeating.
What is a wireless Hosted Network?
Though the VirtualWiFi project disbanded before the feature was fully implemented, Microsoft has included some of the underlying functionality in Windows 7 and Windows Server 2008 R2. Microsoft coined the name, wireless Hosted Network, for this new feature.
The wireless Hosted Network feature uses the VirtualWiFi technology along with a software-based access point (AP) feature. Thus, it lets anyone with a supported Wi-Fi adapter and driver to become a wireless AP for other Wi-Fi users, while also having the ability to connect to another wireless network. It also includes a DHCP server, so users automatically receive an IP address.
OK, skipping some stuff, the “How To”:
There’s some caveats in that article, like it WILL be an encrypted link WPA2-PSK, and anyone with the pass phrase gets to see any stuff you are sharing…
It is set up via a “Administrator command shell”. Seems that being in the Admin group isn’t enough. You must do a special kabuki dance to get admin privs when doing a command line. OK, some more searching turned up how. http://www.mydigitallife.info/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/ There are a couple of ways, but the quickest is “Yet Another Right Click Hidden Trick”… You right click on the Command Prompt menu item rather than the regular click.. Ok…
Now you get to start doing Admin Command Lines…
netsh wlan set hostednetwork mode=allow ssid=YourVirtualNetworkName key=YourNetworkPassword
So, for example, you could give it the name “LaptopShared” and the password needs to be more than 8 and less than 64 characters, so PasswordForMyFriends would work….
Now you need to turn on ICS (as we saw in the Dongle Pi article). This presented a problem as I had already turned it on, and I’d hard assigned that number block to the laptop / Dongle Pi ethernet. (when you share your network interface with internet to the other interface, you can only share it to ONE of them, and it WILL be forced to the IP M.S. likes.) As I’d already set that subnet to be used on the hard wire, it balked. OK, I got to redo the IP range used by the Dongle Pi ( I just turned 192.168.137.x into 192.168.37.x …) and restart it all. Now, turning on ICS let me assign the sharing to the Virtual WiFi interface.
So get ICS running shared to that interface. It shows up as “Microsoft Virtual WiFi Miniport”.
Once sharing is on, and the wlan is configured, you get to “start” it. Since it doesn’t auto start or survive “sleep”, or shutdowns, you get to do this every time you want to use it…
netsh wlan start hostednetwork
There is also a “stop” command: netsh wlan stop hostednetwork
and one to see what’s happening: netsh wlan show hostednetwork
And one for changing the password / passphrase:
netsh wlan refresh hostednetwork YourNewNetworkPassword
The article repeatedly stresses that “Sharing isn’t blocked” so you will want to keep this limited to folks you trust, or only run on a laptop with nothing of interest… (though it’s a little unclear just what sharing isn’t blocked…)
The Dongle Pi
Meanwhile, back at the Dongle Pi, I was having some issues. While some of them were related to the various number shiftings, part was from the ICS not being up so Domain Resolution was failing. I added some more DNS servers to the DHCP ‘prepend” list, then figured out that ICS had evaporated when I’d done the interface musical chairs… which lead back to that IP conflict that needed resolving up above. Got all that sorted out…
Then found that the WLAN Config program was not happy; having picked up state with one IP number, it was unhappy with the changes to the WLAN IP (as it swapped from the original to the ICS mandated one). Moral of story: It’s best to do all the changes first, THEN test it…
A reboot of the Dongle Pi reset everything (though likely just a service stop / start would have been enough). Then the WiFi Config found “LaptopSharepoint” (what I named it) just fine, put in the pass phrase, and proceeded to launch a web browser… that worked…
Now just tracing where the packets go in this mess is a bit interesting…
So I’m typing on my laptop keyboard and watching the laptop screen. They are connected via VNC to the Dongle Pi over the built in hard wire ethernet. The Dongle Pi running Linux puts that into a browser, that it sends to “the internet” via that Wireless WiFi Dongle, that connects back to the Laptop WiFi being shared out on one set of IP numbers.
The Laptop, acting as an Access Point Router, repackages those bits, puts them into a new IP network, and sends them back out the WiFi connection to the Access point of the house, that sends them on to the Telco.
So it will appear with exactly which MAC address where? I have no idea… I suspect it shows up as the MAC address of the WiFi dongle on the Dongle Pi (as that’s what is originating network packets), yet it passes through the laptop as a WiFi HotSpot.. and eventually comes out my home router ot the internet (so a trace route ought to find my boundary router to the telco, but it’s doing NAT, so the stuff behind it is hidden)
Frankly, I think one would need to put packet sniffers on things to figure out what is actually in the packet headers as they leave the laptop for the internet…
I don’t see much reason to actually use the Dongle Pi on the Virtual Wlan of the laptop that is hosting it via wired ethernet. Yet it is a strange thing, and strange has the opportunity to confuse attackers. (Frankly, I’d not want to be on the stand trying to explain that tortured path to a jury and get a conviction based on my testimony that I knew it was “that machine”… when they would not even be able to keep strait what all machines were in use…)
I’m much more likely to keep the idea of a Laptop-Access-Point somewhere handy. Yes, it needs better characterization as to “what is shared”, but frankly, someday this box will be “uninteresting” and due for replacement. At that point having it be an ‘ersatz hotspot and file server’ is a great ‘reuse’. Even now, simply by leaving my personal data inside the encrypted containers, it’s safe. (Not much chance of pulling down a 100 GB file and not being noticed. Fractional parts are useless. It can’t be cracked anyway…) So I’d be more than happy to use it as a “Family share point” on trips, just leaving my stuff in the crypto vault.
Well, having now sunk several hours into this peculiar backwater of tech, I’m still stuck with a LAN interface that shows up as “unidentified network, public access” with the park bench icon… and still don’t see how to turn it into a ‘home network’ so I can see if “Samba To The Dongle” works with network discovery. I may have to turn on wide open access on “public networks” to test it, then back it out later. I’d like to have Samba to the Dongle Pi, just so I can get “stuff” from the Dongle Pi to the Laptop at ‘end of sessions’. Making checkpoint / restart easy. But not at the expense of leaving the laptop open and visible…
For some unknown reason, it is insisting on keeping the LAN interface “public”. Oh Well… that will have to wait for tomorrow. For now, it’s time to wrap up for the day. But at least I got a “Share the hotspot” AP feature out of it all…