Challenge: Travel Pi Router with Security for Start-Up

Desert-Donkey · January 16, 2021

Budget (including currency):

No more then $300

Country:

All

Games, programs or workloads that it will be used for:

Protecting IP traffic while traveling.

Other details (existing parts lists, whether any peripherals are needed, what you're upgrading from, when you're going to buy, what resolution and refresh rate you want to play at, etc):

Owned
- Raspberry Pi 4 4gb ram
- Pi Case
- Micro SD Card - Currently have overkill 256gb
- Yubikey Nano - Want to the the PKI feature
Needed Parts?
- TPM for the Pi? I have looked at:
  - Zymbit - I like the battery backup - $~43
  - LetsTrust TPM for Raspberry Pi - $~23
  - Question - What is the better one to use with Yubikey for full disk encrypting the pi on boot up to protect the VPNs.
- USB WiFi adapter
  - This would be for the connect to the open WiFi as it would have a better antenna then then built in WiFi on the Pi.
  - Recommendations that don't need additional power?

Concept: You travel to public WiFi areas and would like to connect a computer or phone or both. A travel Pi router would be a small device that would allow you to connect to the WiFi and then pass through the internet protected to your preferred VPN or TOR.

Requirements:

Pi must use USB WiFi adapter to connect to the open WiFi.
One Pi needs to have different gateways for connections to different VPNs or TOR or Unencrypted Internet.
- Examples
  - Default Gateway A - is the unprotected WiFi to connect to the host captive portal (i.e. Starbucks or Hotel)
  - Gateway B takes you through TOR
  - Gateway C takes you through VPN X in Country Y
  - Gateway D takes you through VPN A in Country C
  - IP B is the Pi Captive Portal for Changes
  - etc.
- IP routing should be used for the different connections.
Pi must be full disk encrypted that if you are not there to turn it on AND put the Yubikey in, it will not fully boot.
Yubikey needs to do PKI

Questions:

Is a TPM required for this build?
A raspbian os, OpenWRT, or different OS?
Recommendations on USB addapters for WiFi
What other security protections do you think would be needed?

Please help... I have been trying to look this up but have found little too no documentation on how to do the WiFi router with the way to use the router for the host captive portal. Then add full disk encryption.... and multiple VPNs or TOR.... This turns into a project no one has ever thought of on the internet. (If someone has and posted it.... Then I can't find it.) Please help. I can mod code and thumb through it but as this is a mix and mash, I don't feel comfortable trying this without weeks of work on the project. With some direction I could get this down to a week project. I think is this be a great video and would be willing to send the equipment for the video if I can get it back in return. (Of course I would wife it all for my protection.)

Biomecanoid · January 16, 2021

32 minutes ago, Desert-Donkey said:

Budget (including currency):

No more then $300

Country:

All

Games, programs or workloads that it will be used for:

Protecting IP traffic while traveling.

Other details (existing parts lists, whether any peripherals are needed, what you're upgrading from, when you're going to buy, what resolution and refresh rate you want to play at, etc):

Owned

Raspberry Pi 4 4gb ram

Pi Case

Micro SD Card - Currently have overkill 256gb

Yubikey Nano - Want to the the PKI feature

Needed Parts?

TPM for the Pi? I have looked at:

Zymbit - I like the battery backup - $~43

LetsTrust TPM for Raspberry Pi - $~23

Question - What is the better one to use with Yubikey for full disk encrypting the pi on boot up to protect the VPNs.

USB WiFi adapter

This would be for the connect to the open WiFi as it would have a better antenna then then built in WiFi on the Pi.

Recommendations that don't need additional power?

Concept: You travel to public WiFi areas and would like to connect a computer or phone or both. A travel Pi router would be a small device that would allow you to connect to the WiFi and then pass through the internet protected to your preferred VPN or TOR.

Requirements:

Pi must use USB WiFi adapter to connect to the open WiFi.

One Pi needs to have different gateways for connections to different VPNs or TOR or Unencrypted Internet.

Examples

Default Gateway A - is the unprotected WiFi to connect to the host captive portal (i.e. Starbucks or Hotel)

Gateway B takes you through TOR

Gateway C takes you through VPN X in Country Y

Gateway D takes you through VPN A in Country C

IP B is the Pi Captive Portal for Changes

etc.

IP routing should be used for the different connections.

Pi must be full disk encrypted that if you are not there to turn it on AND put the Yubikey in, it will not fully boot.

Yubikey needs to do PKI

Questions:

Is a TPM required for this build?

A raspbian os, OpenWRT, or different OS?

Recommendations on USB addapters for WiFi

What other security protections do you think would be needed?

Please help... I have been trying to look this up but have found little too no documentation on how to do the WiFi router with the way to use the router for the host captive portal. Then add full disk encryption.... and multiple VPNs or TOR.... This turns into a project no one has ever thought of on the internet. (If someone has and posted it.... Then I can't find it.) Please help. I can mod code and thumb through it but as this is a mix and mash, I don't feel comfortable trying this without weeks of work on the project. With some direction I could get this down to a week project. I think is this be a great video and would be willing to send the equipment for the video if I can get it back in return. (Of course I would wife it all for my protection.)

Yes you can use the Pi for a router but its not ideal. You need a board with more than 1 ethernet ( ideally 3 ) and mini-pcie for WiFi. Using USB for ethernet and WiFi on a router is not a good choice.

Also there are already products from Mikrotik and Ubiquity that can do like 80% of what you want.