Raspberry Pi as Access Point: Difference between revisions
Line 87: | Line 87: | ||
<del>net.ipv6.conf.all.disable_ipv6 = 1</del> | <del>net.ipv6.conf.all.disable_ipv6 = 1</del> | ||
Explanation: Disable [[IPv6]] (to [[KISS]]) and enable forwarding for [[IPv4]]<ref>Which is quite unnecessary ;), since we bridge at layer 2...</ref>. | Explanation: Disable [[IPv6]] (to [[KISS]]) and enable forwarding for [[IPv4]]<ref>Which is quite unnecessary ;), since we bridge at layer 2...</ref>. | ||
= Tell dhcpd to ignore our devices = | |||
vi /etc/dhcpcd.conf | |||
and set something like this: | |||
nohook wpa_supplicant | |||
denyinterfaces wlan0 | |||
Explanation: I omit <tt>/etc/wpa_supplicant/wpa_supplicant.conf</tt> for <tt>wlan0</tt>. It is essential that there remains only one layer3-active (meaning using IP) interface, and that is <tt>br0</tt>. Otherwise you get a routing mess. | |||
Since <tt>br0</tt> and <tt>eth0</tt> are not omitted (denied), they get [[IPA]]s from the [[DHCP]]-Server. That's necessary for <tt>br0</tt>, and not for <tt>eth0</tt> (but when I omitted <tt>eth0</tt>, the bridge didn't come up. So I removed the [[IPA]] later (see below). | |||
= Setup DHCP-Forwarding = | |||
vi /etc/default/dhcp-helper | |||
and set: | |||
DHCPHELPER_OPTS="-b eth0" | |||
Explanation: <tt>dhcp-helper</tt> will now forward all [[DHCP]]-related broadcasts to this interface (and none coming from there to the other interfaces). | |||
= mDNS-Forwarding = | |||
vi /etc/avahi/avahi-daemon.conf | |||
and set: | |||
[reflector] | |||
enable-reflector=yes | |||
Explanation: Enable mDNS relaying. | |||
= Check Bridge = | |||
As mentioned before, the <tt>br0</tt>-device is only tied to <tt>wlan0</tt>, so we must take care of this. You might want to do this with a script in <tt>/etc/network/if-up.d/</tt> like (WORK-IN-PROGRESS!): | |||
# only do it, if necessary | |||
/sbin/brctl show | /bin/grep eth0 && exit 0 | |||
/bin/sleep 1 | |||
# Remove IPA from eth0 | |||
ip addr flush dev eth0 | |||
=== Known issues === | |||
* After br0 is set up and this appears in the log: | |||
Feb 5 11:59:10 pi3 kernel: [ 46.256296] br0: port 2(eth0) entered blocking state | |||
Feb 5 11:59:10 pi3 kernel: [ 46.256321] br0: port 2(eth0) entered disabled state | |||
Feb 5 11:59:10 pi3 kernel: [ 46.257064] device eth0 entered promiscuous mode | |||
* [[DNS]]-lookups fail (and therefore everything else, like pings to external hosts or <tt>apt-get</tt>) | |||
* the [[Pi]] can't be reached by [[ssh]] or any other service | |||
Thinking out loud: <tt>br0</tt> linkes <tt>eth0</tt> and <tt>wlan0</tt> on layer 2. Thus can't have an [[IPA]]. But <tt>br0</tt> can. I hope. :-) | |||
[SOLVED] - The reason was the [[IPA]] on eth0, which is no layer3 interface anymore. Removing the [[IPA]] did the trick. | |||
=== Notes === | |||
Since you use a [[DHCP]] server and you manually set [[IPA]]s, you might want to reserve those [[IPA]]s in your [[DHCP]]-server configuration. | |||
This might become handy: | |||
systemd-resolve --status | |||
Displays your [[DNS]]-setup | |||
nslookup www.wurst-wasser.net | |||
Displays queried servers and queries (really!) | |||
brctl showstp br0 | |||
Shows forwarding state | |||
brctl showmacs br0 | |||
Shows all [[MAC]]s displays something like <tt>arp -a</tt> does, the [[MAC]]s of the machines using the bridge. | |||
= Footer = | |||
* Footnotes | |||
<references/> | |||
= Enable and Configure Access Point = | = Enable and Configure Access Point = |
Revision as of 17:55, 19 May 2024
💡 | Note to self: Check collective for more details! |
💡 | If this interests you, maybe Raspberry Pi as Standalone Access Point or T60 as Pi Ethernet-WiFi-Bridge or Raspberry as Pi Ethernet-WiFi-Bridge does also? |
About
I was out of access points with external antennas, so I tried to use a Raspberry Pi 3 with an USB-Wifi-Stick as an access point.
Setup
- Download the latest OS for your Pi: https://www.raspberrypi.com/software/
- Insert your SD-Card while watching
dmesg -w
or usefdisk -l
to find your device. In my case it's/dev/sda
- Copy the image to the SD-card:
dd if=2024-03-15-raspios-bookworm-arm64-lite.img of=/dev/sda bs=1M
- Insert into the pi, power it up
- Complete basic setup: Choose keyboard layout, create user, enable sshd a.s.o. (
raspi-config
) apt-get update && apt-get upgrade
apt-get install hostapd dnsutils traceroute bridge-utils dhcp-helper
Connecting WiFi-Stick
First try connecting the stick
dmesg -w
should show something like this:
[ 132.306961] usb 1-1.2: new high-speed USB device number 6 using dwc_otg [ 132.407915] usb 1-1.2: New USB device found, idVendor=0bda, idProduct=8812, bcdDevice= 0.00 [ 132.407939] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.407948] usb 1-1.2: Product: 802.11n NIC [ 132.407954] usb 1-1.2: Manufacturer: Realtek [ 132.407960] usb 1-1.2: SerialNumber: 123456
lsusb | grep WLAN
should show something like this:
Bus 001 Device 008: ID 0bda:8812 Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
You might want to check apt-get install firmware-realtek
(depends on device model)
Realtek 8812 model
I seem to have a Realtek 8812-knockoff, so they pointed me to https://github.com/aircrack-ng/rtl8812au
# apt-get install git dkms $ mkdir dev &6 cd dev $ git clone -b v5.6.4.2 https://github.com/aircrack-ng/rtl8812au.git $ cd rtl* # make dkms_install mkdir: created directory '/usr/src/8812au-5.6.4.2_35491.20191025' cp -r * /usr/src/8812au-5.6.4.2_35491.20191025 dkms add -m 8812au -v 5.6.4.2_35491.20191025 Creating symlink /var/lib/dkms/8812au/5.6.4.2_35491.20191025/source -> /usr/src/8812au-5.6.4.2_35491.20191025 dkms build -m 8812au -v 5.6.4.2_35491.20191025 Sign command: /lib/modules/6.6.20+rpt-rpi-v8/build/scripts/sign-file Signing key: /var/lib/dkms/mok.key Public certificate (MOK): /var/lib/dkms/mok.pub Certificate or key are missing, generating self signed certificate for MOK... Building module: Cleaning build area... 'make' -j4 KVER=6.6.20+rpt-rpi-v8 KSRC=/lib/modules/6.6.20+rpt-rpi-v8/build....................................................................................................................................................................................................................... Signing module /var/lib/dkms/8812au/5.6.4.2_35491.20191025/build/88XXau.ko Cleaning build area... dkms install -m 8812au -v 5.6.4.2_35491.20191025 88XXau.ko.xz: Running module version sanity check. - Original module - No original module exists within this kernel - Installation - Installing to /lib/modules/6.6.20+rpt-rpi-v8/updates/dkms/ depmod..... dkms status -m 8812au 8812au/5.6.4.2_35491.20191025, 6.6.20+rpt-rpi-v8, aarch64: installed
Connect the Stick (again)
[ 1239.507525] usb 1-1.2: new high-speed USB device number 6 using dwc_otg [ 1239.608748] usb 1-1.2: New USB device found, idVendor=0bda, idProduct=8812, bcdDevice= 0.00 [ 1239.608781] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1239.608797] usb 1-1.2: Product: 802.11n NIC [ 1239.608809] usb 1-1.2: Manufacturer: Realtek [ 1239.608820] usb 1-1.2: SerialNumber: 123456 [ 1240.283354] 88XXau: loading out-of-tree module taints kernel. [ 1240.530118] usb 1-1.2: 88XXau 24:05:0f:f7:30:99 hw_info[d7] [ 1240.534494] usbcore: registered new interface driver rtl88XXau
The last three lines are new.
ip addr
is now showing the new interface:
4: wlan1: <NO-CARRIER,BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2312 qdisc mq state DORMANT group default qlen 1000 link/ether 24:05:0f:f7:30:99 brd ff:ff:ff:ff:ff:ff
Enable Forwarding
vi /etc/sysctl.conf
and set
net.ipv4.ip_forward=1net.ipv6.conf.all.disable_ipv6 = 1
Explanation: Disable IPv6 (to KISS) and enable forwarding for IPv4[1].
Tell dhcpd to ignore our devices
vi /etc/dhcpcd.conf
and set something like this:
nohook wpa_supplicant denyinterfaces wlan0
Explanation: I omit /etc/wpa_supplicant/wpa_supplicant.conf for wlan0. It is essential that there remains only one layer3-active (meaning using IP) interface, and that is br0. Otherwise you get a routing mess. Since br0 and eth0 are not omitted (denied), they get IPAs from the DHCP-Server. That's necessary for br0, and not for eth0 (but when I omitted eth0, the bridge didn't come up. So I removed the IPA later (see below).
Setup DHCP-Forwarding
vi /etc/default/dhcp-helper
and set:
DHCPHELPER_OPTS="-b eth0"
Explanation: dhcp-helper will now forward all DHCP-related broadcasts to this interface (and none coming from there to the other interfaces).
mDNS-Forwarding
vi /etc/avahi/avahi-daemon.conf
and set:
[reflector] enable-reflector=yes
Explanation: Enable mDNS relaying.
Check Bridge
As mentioned before, the br0-device is only tied to wlan0, so we must take care of this. You might want to do this with a script in /etc/network/if-up.d/ like (WORK-IN-PROGRESS!): # only do it, if necessary /sbin/brctl show | /bin/grep eth0 && exit 0 /bin/sleep 1 # Remove IPA from eth0 ip addr flush dev eth0
Known issues
- After br0 is set up and this appears in the log:
Feb 5 11:59:10 pi3 kernel: [ 46.256296] br0: port 2(eth0) entered blocking state Feb 5 11:59:10 pi3 kernel: [ 46.256321] br0: port 2(eth0) entered disabled state Feb 5 11:59:10 pi3 kernel: [ 46.257064] device eth0 entered promiscuous mode
- DNS-lookups fail (and therefore everything else, like pings to external hosts or apt-get)
- the Pi can't be reached by ssh or any other service
Thinking out loud: br0 linkes eth0 and wlan0 on layer 2. Thus can't have an IPA. But br0 can. I hope. :-)
[SOLVED] - The reason was the IPA on eth0, which is no layer3 interface anymore. Removing the IPA did the trick.
Notes
Since you use a DHCP server and you manually set IPAs, you might want to reserve those IPAs in your DHCP-server configuration. This might become handy:
systemd-resolve --status
Displays your DNS-setup
nslookup www.wurst-wasser.net
Displays queried servers and queries (really!)
brctl showstp br0
Shows forwarding state
brctl showmacs br0
Shows all MACs displays something like arp -a does, the MACs of the machines using the bridge.
- Footnotes
- ↑ Which is quite unnecessary ;), since we bridge at layer 2...
Enable and Configure Access Point
vi /etc/hostapd/hostapd.conf
and set something like this:
interface=wlan1 hw_mode=g channel=7 ieee80211n=1 wmm_enabled=1 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=3 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP ssid=HMSCamdenLock wpa_passphrase=42_42_42_42 country_code=DE
Enable it
vi /etc/default/hostapd
…and comment this and set path:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
# systemctl unmask hostapd Removed "/etc/systemd/system/hostapd.service". # systemctl start hostapd