Menu Close

Raspberry Pi Wireless Access Point

Access Point setup for Raspberry

Introduction

Imagine you have a raspberry pi and you wanted to make it as a secured router or you wanted to access the pi wirelessly with SSH. The projects we can make with the pi is endless.You can do this setup just using your command line on raspberry pi or headlessly connecting to your pi using SSH.

Prerequisite

  • Raspberry pi (3 or 4)
  • Internet access for Raspberry pi (Recommended via ethernet)
  • optional – Mouse , keyboard ,Monitor
  • OS – any recommended for Raspberry pi (make sure SSH is available)

Setup Procedure

For this setup we have used raspbian lite installed on Raspberry pi controlled headlessly with SSH.
Before we dwell into the setup , update your OS to the latest version

sudo apt-get update
sudo apt-get upgrade

This will take a little bit time and after this we need two packages to install.
Hostapd. – which will turn your wlan0 interface to act as Wireless Accesspoint.
Dnsmasq – It is DNS a forwarder and DHCP server for linux which will issue ip address and maintain network traffic to devices connecting to your network.

sudo apt-get install hostapd dnsmasq

This will install hostapd,dnsmasq and all its dependencies.

Assign a static ipv4 address to your Access point. For example here we take it as 192.168.1.2. Make sure the ipv4 address you are choosing doesn’t exists in your network , like your home routers or any others servers listening on this particuals static ipv4 address you are going to choose.If so , you really cant connect to your Access point while any other server or router is present.

Stop the interface wlan0 by changing the configuration of DHCPCD

sudo nano /etc/dhcpcd.conf

Copy and paste the text to the end of the file and save it-
“`denyinterfaces wlan0“`

Create a new file wlan0 in interfaces directory and assign static addresses.

sudo nano /etc/network/interfaces.d/wlan0

Paste these text in the file and save it.

allow-hotplug wlan0
iface wlan0 inet static
    address 192.168.1.2
    netmask 255.255.255.0
    network 192.168.1.0
    broadcast 192.168.1.255

Configure hostapd for Accesspoint configuration

sudo nano /etc/hostapd/hostapd.conf

Paste these text in the file and save it.

# The Wi-Fi interface configured for static IPv4 addresses
interface=wlan0

# Use the 802.11 Netlink interface driver
driver=nl80211

# The user-defined name of the network
ssid=LIFT-CONTROLLER

# Use the 2.4GHz band
hw_mode=g

# Use channel 6
channel=6

# Enable 802.11n
ieee80211n=1

# Enable WMM
wmm_enabled=1

# Enable 40MHz channels with 20ns guard interval
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]

# Accept all MAC addresses
macaddr_acl=0

# Use WPA authentication
auth_algs=1

# Require clients to know the network name
ignore_broadcast_ssid=0

# Use WPA2
wpa=2

# Use a pre-shared key
wpa_key_mgmt=WPA-PSK

# The network passphrase
wpa_passphrase=12345678

# Use AES, instead of TKIP
rsn_pairwise=CCMP

Note – change the ssid and wpa_passphrase according to your needs

open hostapd default configuration file

sudo nano /etc/default/hostapd

Uncomment and edit the following text

DAEMON_CONF="/etc/hostapd/hostapd.conf"

We shall create a service for hostapd , so that it run after boot everytime.

sudo systemctl unmask hostapd
sudo systemctl start hostapd
sudo nano /etc/systemd/system/hostapd.service

copy and paste these texts and save the file.

[Unit]
Description=Hostapd IEEE 802.11 Access Point
After=sys-subsystem-net-devices-wlan0.device
BindsTo=sys-subsystem-net-devices-wlan0.device

[Service]
Type=forking
PIDFile=/var/run/hostapd.pid
ExecStart=/usr/sbin/hostapd -B /etc/hostapd/hostapd.conf -P /var/run/hostapd.pid

[Install]
WantedBy=multi-user.target

open rc.local

sudo nano /etc/rc.local

add the line sudo service hostapd start before exit 0 line

Once hostapd is configured, the AP should be live (though without internet connectivity).To verify, reboot the RPi3B.

sudo reboot

Configure dnsmasq.For ease of configuration, if a default dnsmasq configuration file already exists on your system, make a backup and create a new one.

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

sudo nano /etc/dnsmasq.conf

copy and paste the following text

# The Wi-Fi interface configured for static IPv4 addresses
interface=wlan0

# Explicitly specify the address to listen on
listen-address=192.168.1.2

# Bind to the interface to make sure we aren't sending things elsewhere
bind-interfaces

# Forward DNS requests to the Google DNS
server=8.8.8.8

# Don't forward short names
domain-needed

# Never forward addresses in non-routed address spaces
bogus-priv

# Assign IP addresses between 192.168.1.50 and 192.168.1.150 with a 12 hour lease time
dhcp-range=192.168.1.50,192.168.1.150,12h

The listen address (the static address which you choose) is the address which the Access point runs on. Devices connecting to the Access point will talk to the pi using this address.And also they will be provided with dynamic address by the dhcp-range for a lease time of 12 hours.

Lets Enable ipv4 forwarding , so that the devices which connect to the Access point , can use the internet.

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding"

Open the /etc/sysctl.conf file

sudo nano /etc/sysctl.conf

Uncomment the IPv4 forwarding parameter and ensure it’s set to 1 net.ipv4.ip_forward=1

Configure NAT with iptables.These iptables are the firewall of linux, which will allow traffic to and from the raspberry pi.

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

Open the /etc/rc.local file

sudo nano /etc/rc.local

Add the following at the end of the file, before the exit 0 line and save it.

iptables-restore < /etc/iptables.ipv4.nat

What we are doing here is, telling the firewall to allow traffic from the Access point interface to the internet. So that devices connecting to our Access point can have internet.It forwards traffic to ethernet interface, where your main server is hosting on.The pi just acts as a wifi router which you have in your home or office.

verify the setup.

sudo reboot

Now your Access point should be working.If not ,check wether the above steps are done correctly.

The Automated setup

If in case you dont want to do the above steps to turn your pi into an Access point,we have simple script which does pretty much everything for you.

Pull our repository and change the directory to repository directory

git clone https://github.com/novitatlabs/raspberrypi-ap-setup.git

cd raspberrypi-ap-setup/

Run the shell script

sudo bash access-point-setup.sh

This will install all dependencies and configure your raspberry as Wifi Access-point.

Give your inputs while running the shell script when prompted , such as ssid,password,ip-address etc.

Reverting the changes

To revert the changes made by the shell script for configuration of Access point, run the shell script with --uninstall as option.

sudo bash access-point-setup.sh --uninstall

This will revert all the changes made for Access-point setup

Our repository

View this project in github : https://github.com/novitatlabs/raspberrypi-ap-setup/

Leave a Reply

Your email address will not be published. Required fields are marked *