Happy New Year to everyone! Although this is not my first entry of this year I forgot to wish you the best for 2020 in my previous article, sorry about that, let’s start with this new topic.
This entry is going to cover my particular setup to configure Raspberry Pi 3 as WiFi access point, although I have an APU.1D4 as my personal router due to a problem with one of its ports I can’t install a Wifi card, and I bought a D-Link DWA 171 to be used with my RB3 I decided to use LAN access point, so here is my setup.
Installing required software packages
# apt update && apt upgrade # apt -y install hostapd dnsmasq # systemctl stop hostapd # systemctl stop dnsmasq
Set up static IP address
In my case I only going to use static IP configuration so I don’t need dhcpcd service running, although the same configuration could be done using dhcpcd.conf file, but I’m trying to follow KISS principle here:
# systemctl disable dhcpcd # systemctl mask dhcpcd Created symlink /etc/systemd/system/dhcpcd.service → /dev/null. # systemctl status dhcpcd ● dhcpcd.service Loaded: masked (Reason: Unit dhcpcd.service is masked.) Active: inactive (dead)
To set up my static IP configuration I’m going to create a file inside interfaces.d directory:
# vim /etc/network/interfaces.d/mylan auto eth0 iface eth0 inet static address 10.111.1.2 netmask 255.255.255.0 gateway 10.111.1.1 auto wlan0 iface wlan0 inet static address 10.111.11.1 netmask 255.255.255.0 # systemctl restart networking # ip route default via 10.111.1.1 dev eth0 onlink 10.111.1.0/24 dev eth0 proto kernel scope link src 10.111.1.2 10.111.11.0/24 dev wlan0 proto kernel scope link src 10.111.11.1
Edit the settings file with the following content:
# vim /etc/hostapd/hostapd.conf interface=wlan0 driver=nl80211 ssid=miap hw_mode=g channel=6 country_code=ES ieee80211n=1 wmm_enabled=1 ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_key_mgmt=WPA-PSK wpa_passphrase=<YOUR_PASSWORD_HERE> rsn_pairwise=CCMP
Please pay attention to an unusual configuration line country_code=ES, until I don’t setup this line I always receive the following log entries when I try to connect with my AP:
hostapd: wlan0: Could not connect to kernel driver ... hostapd: wlan0: STA bc:a8:a6:ce:29:94 IEEE 802.11: disassociated
This hint was found in the raspberry forum, it seems that this config line makes your AP compiles local radio rules (whatever does mean 😀 ): https://www.raspberrypi.org/forums/viewtopic.php?t=141807#p938323
If you check hostapd start up log you could see something like this, no more Could not connect to kernel driver error message anymore:
... Jan 08 11:27:29 raspberrypi hostapd: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE Jan 08 11:27:29 raspberrypi systemd: Started Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator. ...
It’s needed to edit an additional configuration file and modify this
# vim /etc/default/hostapd DAEMON_CONF="/etc/hostapd/hostapd.conf"
We are going to use dnsmasq service as DHCP server to our access point:
# mv /etc/dnsmasq.conf /etc/dnsmasq.conf.ORIG # vim /etc/dnsmasq.conf interface=wlan0 listen-address=10.111.11.1 bind-interfaces server=184.108.40.206 bogus-priv dhcp-range=10.111.11.120,10.111.11.135,255.255.255.0,24h local=220.127.116.11
Test our WiFi configuration
Let’s start our services
# systemctl start dnsmasq # systemctl start hostapd
And this is how is logged a successful WiFi connection to our access point when I connect to my miap network:
Jan 8 11:27:45 raspberrypi hostapd: wlan0: STA bc:a8:a6:ce:29:94 IEEE 802.11: associated Jan 8 11:27:45 raspberrypi hostapd: wlan0: STA bc:a8:a6:ce:29:94 RADIUS: starting accounting session 33D3C0E7942D9F7B Jan 8 11:27:45 raspberrypi hostapd: wlan0: STA bc:a8:a6:ce:29:94 WPA: pairwise key handshake completed (RSN) Jan 8 11:27:45 raspberrypi dnsmasq-dhcp: DHCPREQUEST(wlan0) 10.111.11.135 bc:a8:a6:ce:29:94 Jan 8 11:27:45 raspberrypi dnsmasq-dhcp: DHCPACK(wlan0) 10.111.11.135 bc:a8:a6:ce:29:94 fisher3
Enabling packet forwarding
As you could before when we setup our IP configuration this approach is not using a bridge interface because we’re going to setup iptables to forward packets between our Ethernet NIC and our WiFi interface, first of all let’s enable NAT (Network Address Translation) uncommenting the following line:
# vim /etc/sysctl.conf net.ipv4.ip_forward=1
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT # iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT # sh -c "iptables-save > /etc/iptables.ipv4.nat" # vim /etc/rc.local ... iptables-restore < /etc/iptables.ipv4.nat exit 0
Test it out.
Restart our RB, and when you see in available networks the name assigned to the access point connect to it and try to web browse, hopefully all should work like a charm:
That’s all Folks!!!
“If you cannot do great things, do small things in a great way”
— Napoleon Hill