Tag Archives: raspbian

Use Your Raspberry Pi as Access Point

This post describes all required steps to make your Raspberry Pi to act as a Access Point.

Prerequisites:

  • A Raspberry Pi, model B.
  • A boot SD card for the Raspberry Pi.
  • A USB WiFi device that supports "Access Point" mode.
  • An Ethernet cable to connect to the local network.

IMPORTANT NOTES:

  • Please make sure you Wifi dongle supports Access Point or Master Mode.
  • This tutorial is written and tested against the stock Raspbian image. In other distributions, the nl80211 driver may be missing!
  • If you are using a Wifi dongle with Realtek chipset then you will have do an extra step which I'll describe it later.

1. Install and configure hostapd

[codesyntax lang="bash"]

sudo apt-get install hostapd iw
sudo vim /etc/hostapd/hostapd.conf

[/codesyntax]

---------------------------

# Interface and Driver
interface=wlan0
# If you have a Wifi dongle with Realtek chipset then comment the following line and uncomment the one after
driver=nl80211
#driver=rtl871xdrv

# WLAN-Settings
ssid=MyAP
channel=1

# ESSID visible
ignore_broadcast_ssid=0

# Country-specific settings
country_code=US
ieee80211d=1

# Transfer Mode
hw_mode=g

# Optional
# supported_rates=10 20 55 110 60 90 120 180 240 360 480 540

# uncomment the following to enable 802.11 Draft n
# ieee80211n=1

# Enable WMM for Draft-N
# wmm_enabled=1

# Use iw list to see which ht capabilities your wifi card has
# ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40]

# Beacons
beacon_int=100
dtim_period=2

# Don't use MAC auth
macaddr_acl=0

# Max Clients
max_num_sta=20

# Limit size of Datapackets
rts_threshold=2347
fragm_threshold=2346

# hostapd Log settings
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

# temp files
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

# Authentification
auth_algs=3

# Encryption: WPA2 !!Don't use WEP!
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

# Key scheduling
wpa_group_rekey=600
wpa_ptk_rekey=600
wpa_gmk_rekey=86400

# Change this, it's the network's key
wpa_passphrase=Very5ecretPass
---------------------------

You should adjust ssid, wpa_passphrase, region, channel and other settings to meet your criteria, hardware specs and country limitations for wireless networks.

2. Follow this step only if you have a Wifi dongle with Realtek chipset. Everyone else can skip this step!

First of all you need to download the  linux driver from realtek website (http://www.realtek.com.tw/downloads/downloadsView.aspx?Langid=1&PNid=21&PFid=48&Level=5&Conn=4&DownTypeID=3&GetDown=false&Downloads=true)

[codesyntax lang="bash"]

unzip RTL8192xC_USB_linux_v3.4.4_4749.20121105.zip
cd RTL8188C_8192C_USB_linux_v3.4.4_4749.20121105/wpa_supplicant_hostapd/
unzip wpa_supplicant_hostapd-0.8_rtw_20120803.zip
cd wpa_supplicant_hostapd-0.8/hostapd/
make

sudo mv /usr/sbin/hostapd /usr/sbin/hostapd.bak
sudo mv hostapd /usr/sbin/hostapd.edimax
sudo ln -sf /usr/sbin/hostapd.edimax /usr/sbin/hostapd
sudo chown root.root /usr/sbin/hostapd
sudo chmod 755 /usr/sbin/hostapd

cd

[/codesyntax]

3. To redirect traffic we will need iptables and dnsmasq

[codesyntax lang="bash"]

sudo apt-get install dnsmasq iptables
sudo vim /etc/network/interfaces

[/codesyntax]

---------------------------
auto lo
iface lo inet loopback

iface default inet dhcp

# Existing network
iface eth0 inet dhcp

# WLAN Interface / AP address range
allow-hotplug wlan0
auto wlan0
iface wlan0 inet static
address 192.168.99.1
netmask 255.255.255.0
broadcast 192.168.99.255

# reset existing rules and chains
up /sbin/iptables -F
up /sbin/iptables -X
up /sbin/iptables -t nat -F

# Mask for the interface, activate port-forwarding and NAT
up iptables -A FORWARD -o eth0 -i wlan0 -s 192.168.99.0/24 -m conntrack --ctstate NEW -j ACCEPT
up iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
up sysctl -w net.ipv4.ip_forward=1

# restart hostapd and dnsmasq
up /etc/init.d/hostapd restart
up /etc/init.d/dnsmasq restart
---------------------------

You can use any IP for the wireless interface, set in line 13. All clients will associate with an IP in this range. You also have to change line 28 to match the IP address range.
Example: If you use wlan0 address 192.168.3.1, put -s 192.168.3.0/23 in line 28.

4. Configure dnsmasq

[codesyntax lang="bash"]

sudo vim /etc/dnsmasq.conf

[/codesyntax]

---------------------------
# DHCP-Server active for the wlan interface
interface=wlan0

# DHCP-Server not active for the existing network
no-dhcp-interface=eth0

# IP-Address range / Lease-Time
dhcp-range=interface:wlan0,192.168.99.100,192.168.99.200,infinite
---------------------------

5. Enable hostapd as a daemon to start when booting

[codesyntax lang="bash"]

sudo vim /etc/default/hostapd

[/codesyntax]
---------------------------
DAEMON_CONF="/etc/hostapd/hostapd.conf"
RUN_DAEMON=yes
---------------------------