Access Point setup for Raspberry
Imagine you have a raspberry pi and you wanted to make it as a secured router or you wanted to access the pi wirelessly with SSH. The projects we can make with the pi is endless.You can do this setup just using your command line on raspberry pi or headlessly connecting to your pi using SSH.
- Raspberry pi (3 or 4)
- Internet access for Raspberry pi (Recommended via ethernet)
- optional – Mouse , keyboard ,Monitor
- OS – any recommended for Raspberry pi (make sure SSH is available)
For this setup we have used raspbian lite installed on Raspberry pi controlled headlessly with SSH.
Before we dwell into the setup , update your OS to the latest version
sudo apt-get update
sudo apt-get upgrade
This will take a little bit time and after this we need two packages to install.
Hostapd. – which will turn your wlan0 interface to act as Wireless Accesspoint.
Dnsmasq – It is DNS a forwarder and DHCP server for linux which will issue ip address and maintain network traffic to devices connecting to your network.
sudo apt-get install hostapd dnsmasq
This will install hostapd,dnsmasq and all its dependencies.
Assign a static ipv4 address to your Access point. For example here we take it as
192.168.1.2. Make sure the ipv4 address you are choosing doesn’t exists in your network , like your home routers or any others servers listening on this particuals static ipv4 address you are going to choose.If so , you really cant connect to your Access point while any other server or router is present.
Stop the interface wlan0 by changing the configuration of DHCPCD
sudo nano /etc/dhcpcd.conf
Copy and paste the text to the end of the file and save it-
Create a new file wlan0 in interfaces directory and assign static addresses.
sudo nano /etc/network/interfaces.d/wlan0
Paste these text in the file and save it.
allow-hotplug wlan0 iface wlan0 inet static address 192.168.1.2 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255
Configure hostapd for Accesspoint configuration
sudo nano /etc/hostapd/hostapd.conf
Paste these text in the file and save it.
# The Wi-Fi interface configured for static IPv4 addresses interface=wlan0 # Use the 802.11 Netlink interface driver driver=nl80211 # The user-defined name of the network ssid=LIFT-CONTROLLER # Use the 2.4GHz band hw_mode=g # Use channel 6 channel=6 # Enable 802.11n ieee80211n=1 # Enable WMM wmm_enabled=1 # Enable 40MHz channels with 20ns guard interval ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] # Accept all MAC addresses macaddr_acl=0 # Use WPA authentication auth_algs=1 # Require clients to know the network name ignore_broadcast_ssid=0 # Use WPA2 wpa=2 # Use a pre-shared key wpa_key_mgmt=WPA-PSK # The network passphrase wpa_passphrase=12345678 # Use AES, instead of TKIP rsn_pairwise=CCMP
Note – change the ssid and wpa_passphrase according to your needs
open hostapd default configuration file
sudo nano /etc/default/hostapd
Uncomment and edit the following text
We shall create a service for hostapd , so that it run after boot everytime.
sudo systemctl unmask hostapd
sudo systemctl start hostapd
sudo nano /etc/systemd/system/hostapd.service
copy and paste these texts and save the file.
[Unit] Description=Hostapd IEEE 802.11 Access Point After=sys-subsystem-net-devices-wlan0.device BindsTo=sys-subsystem-net-devices-wlan0.device [Service] Type=forking PIDFile=/var/run/hostapd.pid ExecStart=/usr/sbin/hostapd -B /etc/hostapd/hostapd.conf -P /var/run/hostapd.pid [Install] WantedBy=multi-user.target
sudo nano /etc/rc.local
add the line
sudo service hostapd start before exit 0 line
Once hostapd is configured, the AP should be live (though without internet connectivity).To verify, reboot the RPi3B.
Configure dnsmasq.For ease of configuration, if a default dnsmasq configuration file already exists on your system, make a backup and create a new one.
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf
copy and paste the following text
# The Wi-Fi interface configured for static IPv4 addresses interface=wlan0 # Explicitly specify the address to listen on listen-address=192.168.1.2 # Bind to the interface to make sure we aren't sending things elsewhere bind-interfaces # Forward DNS requests to the Google DNS server=126.96.36.199 # Don't forward short names domain-needed # Never forward addresses in non-routed address spaces bogus-priv # Assign IP addresses between 192.168.1.50 and 192.168.1.150 with a 12 hour lease time dhcp-range=192.168.1.50,192.168.1.150,12h
The listen address (the static address which you choose) is the address which the Access point runs on. Devices connecting to the Access point will talk to the pi using this address.And also they will be provided with dynamic address by the dhcp-range for a lease time of 12 hours.
Lets Enable ipv4 forwarding , so that the devices which connect to the Access point , can use the internet.
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding"
sudo nano /etc/sysctl.conf
Uncomment the IPv4 forwarding parameter and ensure it’s set to 1
Configure NAT with iptables.These iptables are the firewall of linux, which will allow traffic to and from the raspberry pi.
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
sudo nano /etc/rc.local
Add the following at the end of the file, before the exit 0 line and save it.
iptables-restore < /etc/iptables.ipv4.nat
What we are doing here is, telling the firewall to allow traffic from the Access point interface to the internet. So that devices connecting to our Access point can have internet.It forwards traffic to ethernet interface, where your main server is hosting on.The pi just acts as a wifi router which you have in your home or office.
verify the setup.
Now your Access point should be working.If not ,check wether the above steps are done correctly.
The Automated setup
If in case you dont want to do the above steps to turn your pi into an Access point,we have simple script which does pretty much everything for you.
Pull our repository and change the directory to repository directory
git clone https://github.com/novitatlabs/raspberrypi-ap-setup.git
Run the shell script
sudo bash access-point-setup.sh
This will install all dependencies and configure your raspberry as Wifi Access-point.
Give your inputs while running the shell script when prompted , such as ssid,password,ip-address etc.
Reverting the changes
To revert the changes made by the shell script for configuration of Access point, run the shell script with
--uninstall as option.
sudo bash access-point-setup.sh --uninstall
This will revert all the changes made for Access-point setup
View this project in github : https://github.com/novitatlabs/raspberrypi-ap-setup/