Use Your Raspberry Pi as an WiFi AccessPoint or Bridge, with just 10 minutes of work. Here is exactly how it works:
Usage: Bridge or AccessPoint?
The main task is to run a WLAN station, so that clients (notebooks, smartphones…) can connect to it and use the existing cable network.
To achieve this, We have to do 2 things:
- Run a WLAN Station
- Redirect the wireless traffic to the existing network (via iptables or a bridge)
Generally, a simple Bridge is sufficient and what regular users are looking for: Wireless Clients are in the same IP range as the existing network.
The AccessPoint (from now on called AP) is used for large networks, the clients are in a different IP range than the existing network’s clients.
Firstly, we’re going to set up a bridge. After this, I will also explain how to set up an AP. You’ll know which steps you should follow by its headings. They say whether the instructions are for a bridge, AP or both of them.
- Raspberry Pi Modell B
- Ethernet Cable (to connect to an existing network)
- WLAN-Stick (USB)
- Power Supply (e.g. your mobile phone’s)
IMPORTANT: This tutorial is written and tested against the stock Raspbian image. In other distributions, the nl80211 driver may be missing!
Note: In this tutorial, I provide a sample config. These are the settings I use in my network. These are my network’s characteristics:
- Router: 192.168.178.2
- Networkmask: 255.255.255.0
- IP-Address for the Raspberry Pi (eth0): 192.168.178.3
You should adapt these details to Your own network.
Raspbian should be installed on an SD-Card plugged into the Raspberry Pi. The ethernet cable and WiFi-stick should be connected to the Pi before you finally connect it to Your power supply and boot it up.
If that is your first boot from that image, make sure to change the users’s password, expand the root file system and maybe change locales. Reboot the Raspberry Pi after doing this.
Now we’re ready to go: I’ll use SSH to control the Pi, because this way, I don’t have to connect it up to a display. It doesn’t matter if You use SSH or direct input with a keyboard. SSH just has the disadvantage that restarting the network on the Pi takes very long (the session has to time out).
We also make sure that our system is up-to-date, so run the following:
Important: This command can be very time-consuming, especially on its first run.
sudo apt-get update && sudo apt-get upgrade
Now run iw list and look for the AP capability. If it shows up, everything should work. If iw is not installed or just spits out errors, google them. Probably, a driver is missing or perhaps your power supply is too weak for your wireless interface to function.
Install and configure hostapd (Bridge + AP)
We will use hostapd to broadcast a wireless network and iw to configure the WLAN interface. Install the packets with the following command:
sudo apt-get install hostapd iw
After this, We’ll need a configuration for hostapd. I’ll provide my sample config here, which is a minimal config to work in most cases. For special settings, please read through the hostapd documentation.
The following will be saved as /etc/hostapd/hostapd.conf:
# Only for bridges, place a # before the next line for AP mode! bridge=br0 # Interface and Driver interface=wlan0 driver=nl80211 # WLAN-Settings ssid=RaspberryAPi channel=1 # ESSID visible ignore_broadcast_ssid=0 # Country-specific settings country_code=US ieee80211d=1 # Transfer Mode hw_mode=g # Optional # supported_rates=10 20 55 110 60 90 120 180 240 360 480 540 # uncomment the following to enable 802.11 Draft n # ieee80211n=1 # Enable WMM for Draft-N # wmm_enabled=1 # Use iw list to see which ht capabilities your wifi card has # ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40] # Beacons beacon_int=100 dtim_period=2 # Don't use MAC auth macaddr_acl=0 # Max Clients max_num_sta=20 # Limit size of Datapackets rts_threshold=2347 fragm_threshold=2346 # hostapd Log settings logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 # temp files dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=0 # Authentification auth_algs=3 # Encryption: WPA2 !!Don't use WEP! wpa=2 rsn_preauth=1 rsn_preauth_interfaces=wlan0 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP # Key scheduling wpa_group_rekey=600 wpa_ptk_rekey=600 wpa_gmk_rekey=86400 # Change this, it's the network's key wpa_passphrase=SuperS3cuRePa$$w0rD
As mentioned in the first line, You will only need “bridge=br0” if you want to use a bridge (recommended). When using the AP-Method, comment this line by placing a # in the first place. You should adjust ssid, wpa_passphrase, region, channel and other settings to meet your criteria, hardware specs and country limitations for wireless networks.
Configure the interfaces (Bridge)
We already configured our bridge to be br0 in line 2 of hostapd.conf, so we have to create the bridge now. The packet bridge-utils will help us create the bridge and with /etc/network/interfaces, all interfaces are configured when booting up.
auto lo iface lo inet loopback iface default inet dhcp # Existing network (ethernet) iface eth0 inet static address 192.168.178.3 netmask 255.255.255.0 broadcast 192.168.178.255 gateway 192.168.178.2 dns-nameservers 192.168.178.2 # WLAN Interface allow-hotplug wlan0 iface wlan0 inet manual # Bridge auto br0 iface br0 inet static address 192.168.178.4 netmask 255.255.255.0 broadcast 192.168.178.255 gateway 192.168.178.2 dns-nameservers 192.168.178.2 bridge_ports eth0 wlan0 bridge_fd 0 bridge_stp no #Save the config above as /etc/network/interfaces, #You'll need root permissions to do so. #Run sudo nano /etc/network/interfaces to edit the file as root. #Then, install the bridge-utils: sudo apt-get install bridge-utils
The bridge should be in the IP range of the existing network and a valid gateway must be set. You can let DHCP configure eth0 and br0, but I prefer static adresses, at least for networking devices like routers, APs and so on. wlan0 doesn’t need an IP address.
Continue with “Test hostapd”.
Note: I haven’t set up a DNS/DHCP Server, as in most network scenarios, there already is one: Your router.
Configure interfaces (AP)
For the AP mode, We don’t use a bridge to redirect the traffic, but iptables. Also, we’ll need a DNS forwarder:
sudo apt-get install dnsmasq iptables
Now, We’ll configure iptables. Edit /etc/network/interfaces, here is my config:
auto lo iface lo inet loopback iface default inet dhcp # Existing network iface eth0 inet static address 192.168.178.3 netmask 255.255.255.0 broadcast 192.168.178.255 gateway 192.168.178.2 dns-nameservers 192.168.178.2 # WLAN Interface / AP address range allow-hotplug wlan0 auto wlan0 iface wlan0 inet static address 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 # reset existing rules and chains up /sbin/iptables -F up /sbin/iptables -X up /sbin/iptables -t nat -F # Mask for the interface, activate port-forwarding and NAT up iptables -A FORWARD -o eth0 -i wlan0 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT up iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE up sysctl -w net.ipv4.ip_forward=1 # restart hostapd and dnsmasq up /etc/init.d/hostapd restart up /etc/init.d/dnsmasq restart
You can use any IP for the wireless interface, set in line 18. All clients will associate with an IP in this range. You also have to change line 28 to match the IP address range.
Example: If you use wlan0 address 192.168.3.1, put -s 192.168.3.0/24 in line 28.
Now: configure dnsmasq by editing /etc/dnsmasq.conf
# DHCP-Server active for the wlan interface interface=wlan0 # DHCP-Server not active for the existing network no-dhcp-interface=eth0 # IP-Address range / Lease-Time dhcp-range=interface:wlan0,192.168.0.100,192.168.0.200,infinite
Dnsmasq is configured to run a DHCP-Server and DNS-forward. Also, We configured that clients will get an IP within the range from 192.168.0.100 to 192.168.0.200.
Test hostapd (AP + Bridge)
First, restart the Raspberry Pi using sudo reboot, so that all changes take effect. After the reboot, log in and run the following:
hostapd -dd /etc/hostapd/hostapd.conf
Hopefully, you won’t get any errors. The command runs hostapd with our previously saved config in debug mode. If any errors appear, please leave a comment and/or use google to determine why it occurs. If hostapd runs without errors, you can enable hostapd as a daemon to start when booting. Edit /etc/default/hostapd and append this:
When rebooting again, the daemon is automatically started booting up, making the AP or bridge available.
Our Raspberry Pi now functions as a connection between WLAN and Ethernet. You must:
- Secure all (ssh-)Logins with a secure password
- or disable ssh
- Use a strong network key
- And use WPA2
Otherwise your Pi functions as a Man-in-the-Middle device, making it easy for everyone on your network to eavesdrop on your traffic! Not good.
However, with the RasPi being secured, you can safely use it to analyse your traffic, or use it as a Shaping Router.
No matter what you intend to do with it, change the standard user’s password (raspbian uses ‘pi’ as username and ‘raspberry’ as password). Run passwd to change it. Also, never-ever use WEP! Its encryption is completely broken!
It’s rather easy to set up an Access Point or Bridge on the Raspberry Pi. There are some configs to do, but it’s only text files with some parameters set in it, no big deal. Don’t be afraid to play with the configs, adjust them for your network and tweak it.
If something doesn’t work, I’m pretty sure it’s either a driver, nl80211 is missing (use raspian!) or a config file has some bad parameters.
Watch out for 802.11n (Draft-N) mode: hostapd officially supports it, but very often, it just fails or doesn’t quite work. Also, hw_capabs in the hostapd.conf is a typical source of errors: use iw list to find out, what capabilities your network card has. You’ll at least need the AP-Mode capability. You don’t have to set it in hw_capabs, these are just for fine-tuning the network. It’s optional.
If You ran into problems, please leave a comment – I’ll try to help out. And as always: Please leave some feedback. Tell me if this tutorial was any good or bad, share it, link in…