Raspberry Pi as Access Point: Difference between revisions
Line 225: | Line 225: | ||
= This is how it should look like = | = This is how it should look like = | ||
<syntaxhighlight="bash"> | <syntaxhighlight lang="bash"> | ||
root@pi36:/home/pi# ip addr | root@pi36:/home/pi# ip addr | ||
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 | 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 |
Revision as of 18:18, 19 May 2024
💡 | Note to self: Check collective for more details! |
💡 | If this interests you, maybe Raspberry Pi as Standalone Access Point or T60 as Pi Ethernet-WiFi-Bridge or Raspberry as Pi Ethernet-WiFi-Bridge does also? |
About
I was out of access points with external antennas, so I tried to use a Raspberry Pi 3 with an USB-Wifi-Stick as an access point.
Setup
- Download the latest OS for your Pi: https://www.raspberrypi.com/software/
- Insert your SD-Card while watching
dmesg -w
or usefdisk -l
to find your device. In my case it's/dev/sda
- Copy the image to the SD-card:
dd if=2024-03-15-raspios-bookworm-arm64-lite.img of=/dev/sda bs=1M
- Insert into the pi, power it up
- Complete basic setup: Choose keyboard layout, create user, enable sshd a.s.o. (
raspi-config
) apt-get update && apt-get upgrade
apt-get install hostapd dnsutils traceroute bridge-utils dhcp-helper
- hostapd: A daemon that sets up your WiFi as a access point, so anyone can join. Please note, that this means WiFi only. No DHCP, and therefore no DNS.
- bridge-utils: These provide the bridging you need to "connect" the ethernet and WiFi interfaces.
- dhcp-helper: DHCP uses a broadcast to the network (address) to reach the DHCP-server. Since broadcasts stay in the broadcast-domain with a TTL of 1, they won't get bridged. This is where dhcp-helper comes in. It forwards the broadcasts in all other nets (except the one specified with -b, obviously because there is the dhcp-server...).
- dnsutils: Just to do a nslookup from time to time. You can test your DNS-setup as well as lookup with nslookup[1]
- traceroute: Might come in handy if you have networking problems (and you WILL have :) )
Connecting WiFi-Stick
First try connecting the stick
dmesg -w
should show something like this:
[ 132.306961] usb 1-1.2: new high-speed USB device number 6 using dwc_otg [ 132.407915] usb 1-1.2: New USB device found, idVendor=0bda, idProduct=8812, bcdDevice= 0.00 [ 132.407939] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.407948] usb 1-1.2: Product: 802.11n NIC [ 132.407954] usb 1-1.2: Manufacturer: Realtek [ 132.407960] usb 1-1.2: SerialNumber: 123456
lsusb | grep WLAN
should show something like this:
Bus 001 Device 008: ID 0bda:8812 Realtek Semiconductor Corp. RTL8812AU 802.11a/b/g/n/ac 2T2R DB WLAN Adapter
You might want to check apt-get install firmware-realtek
(depends on device model)
Realtek 8812 model
I seem to have a Realtek 8812-knockoff, so they pointed me to https://github.com/aircrack-ng/rtl8812au
# apt-get install git dkms $ mkdir dev &6 cd dev $ git clone -b v5.6.4.2 https://github.com/aircrack-ng/rtl8812au.git $ cd rtl* # make dkms_install mkdir: created directory '/usr/src/8812au-5.6.4.2_35491.20191025' cp -r * /usr/src/8812au-5.6.4.2_35491.20191025 dkms add -m 8812au -v 5.6.4.2_35491.20191025 Creating symlink /var/lib/dkms/8812au/5.6.4.2_35491.20191025/source -> /usr/src/8812au-5.6.4.2_35491.20191025 dkms build -m 8812au -v 5.6.4.2_35491.20191025 Sign command: /lib/modules/6.6.20+rpt-rpi-v8/build/scripts/sign-file Signing key: /var/lib/dkms/mok.key Public certificate (MOK): /var/lib/dkms/mok.pub Certificate or key are missing, generating self signed certificate for MOK... Building module: Cleaning build area... 'make' -j4 KVER=6.6.20+rpt-rpi-v8 KSRC=/lib/modules/6.6.20+rpt-rpi-v8/build....................................................................................................................................................................................................................... Signing module /var/lib/dkms/8812au/5.6.4.2_35491.20191025/build/88XXau.ko Cleaning build area... dkms install -m 8812au -v 5.6.4.2_35491.20191025 88XXau.ko.xz: Running module version sanity check. - Original module - No original module exists within this kernel - Installation - Installing to /lib/modules/6.6.20+rpt-rpi-v8/updates/dkms/ depmod..... dkms status -m 8812au 8812au/5.6.4.2_35491.20191025, 6.6.20+rpt-rpi-v8, aarch64: installed
Connect the Stick (again)
[ 1239.507525] usb 1-1.2: new high-speed USB device number 6 using dwc_otg [ 1239.608748] usb 1-1.2: New USB device found, idVendor=0bda, idProduct=8812, bcdDevice= 0.00 [ 1239.608781] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1239.608797] usb 1-1.2: Product: 802.11n NIC [ 1239.608809] usb 1-1.2: Manufacturer: Realtek [ 1239.608820] usb 1-1.2: SerialNumber: 123456 [ 1240.283354] 88XXau: loading out-of-tree module taints kernel. [ 1240.530118] usb 1-1.2: 88XXau 24:05:0f:f7:30:99 hw_info[d7] [ 1240.534494] usbcore: registered new interface driver rtl88XXau
The last three lines are new.
ip addr
is now showing the new interface:
4: wlan1: <NO-CARRIER,BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2312 qdisc mq state DORMANT group default qlen 1000 link/ether 24:05:0f:f7:30:99 brd ff:ff:ff:ff:ff:ff
Enable Forwarding
vi /etc/sysctl.conf
and set
net.ipv4.ip_forward=1net.ipv6.conf.all.disable_ipv6 = 1
Explanation: Disable IPv6 (to KISS) and enable forwarding for IPv4[2].
Tell dhcpd to ignore our devices
vi /etc/dhcpcd.conf
and set something like this:
nohook wpa_supplicant denyinterfaces wlan0
Explanation: I omit /etc/wpa_supplicant/wpa_supplicant.conf for wlan0. It is essential that there remains only one layer3-active (meaning using IP) interface, and that is br0. Otherwise you get a routing mess. Since br0 and eth0 are not omitted (denied), they get IPAs from the DHCP-Server. That's necessary for br0, and not for eth0 (but when I omitted eth0, the bridge didn't come up. So I removed the IPA later (see below).
Setup DHCP-Forwarding
vi /etc/default/dhcp-helper
and set:
DHCPHELPER_OPTS="-b eth0"
Explanation: dhcp-helper will now forward all DHCP-related broadcasts to this interface (and none coming from there to the other interfaces).
mDNS-Forwarding
vi /etc/avahi/avahi-daemon.conf
and set:
[reflector] enable-reflector=yes
Explanation: Enable mDNS relaying.
Check Bridge
As mentioned before, the br0-device is only tied to wlan0, so we must take care of this. You might want to do this with a script in /etc/network/if-up.d/ like (WORK-IN-PROGRESS!): # only do it, if necessary /sbin/brctl show | /bin/grep eth0 && exit 0 /bin/sleep 1 # Remove IPA from eth0 ip addr flush dev eth0
Known issues
- After br0 is set up and this appears in the log:
Feb 5 11:59:10 pi3 kernel: [ 46.256296] br0: port 2(eth0) entered blocking state Feb 5 11:59:10 pi3 kernel: [ 46.256321] br0: port 2(eth0) entered disabled state Feb 5 11:59:10 pi3 kernel: [ 46.257064] device eth0 entered promiscuous mode
- DNS-lookups fail (and therefore everything else, like pings to external hosts or apt-get)
- the Pi can't be reached by ssh or any other service
Thinking out loud: br0 linkes eth0 and wlan0 on layer 2. Thus can't have an IPA. But br0 can. I hope. :-)
[SOLVED] - The reason was the IPA on eth0, which is no layer3 interface anymore. Removing the IPA did the trick.
Notes
Since you use a DHCP server and you manually set IPAs, you might want to reserve those IPAs in your DHCP-server configuration. This might become handy:
systemd-resolve --status
Displays your DNS-setup
nslookup www.wurst-wasser.net
Displays queried servers and queries (really!)
brctl showstp br0
Shows forwarding state
brctl showmacs br0
Shows all MACs displays something like arp -a does, the MACs of the machines using the bridge.
- Footnotes
Enable and Configure Access Point
vi /etc/hostapd/hostapd.conf
and set something like this:
interface=wlan1 driver=nl80211 bridge=br0 hw_mode=g channel=7 ieee80211n=1 wmm_enabled=1 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP ssid=HMSCamdenLock wpa_passphrase=42_42_42_42 country_code=DE
Enable it
vi /etc/default/hostapd
…and comment this and set path:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
# systemctl unmask hostapd Removed "/etc/systemd/system/hostapd.service". # systemctl start hostapd
enableBridge.sh
The bridge itself is setup by hostapd. But it is only linked to the WiFi-Interface. So this script is launched after hostapd:
#!/bin/bash DEVWIFI="wlan1" DEVETH="eth0" DEVBR="br0" # generated by hostapd # 0: Check whether hostapd is running yet /usr/sbin/service hostapd status | /bin/grep "Active:" | /bin/grep running > /dev/null 2>&1 if [ "$?" -ne 0 ]; then logger "hostapd is (not yet) running. Exiting." exit 0 fi # 1: give the Bridge an IPA /sbin/ifconfig $DEVBR | /bin/grep inet | /bin/grep 10.178 > /dev/null 2>&1 if [ "$?" -ne 0 ]; then /sbin/ifconfig br0 10.178.111.242 netmask 255.255.255.0 /sbin/route add default gw 10.178.111.1 logger "Added $DEVBR IPA." fi # 2: remove ethernet's IPA /sbin/ifconfig $DEVETH | /bin/grep inet | /bin/grep 10.178 > /dev/null 2>&1 if [ "$?" -eq 0 ]; then /sbin/ip addr flush dev $DEVETH logger "Flushed $DEVETH IPA." fi # 3: Add Ethernet to bridge /sbin/brctl show $DEVBR | /bin/grep $DEVETH > /dev/null 2>&1 if [ "$?" -ne 0 ]; then # do it echo "Adding ethernet to the bridge..." | logger /sbin/brctl addif $DEVBR $DEVETH /bin/sleep 1 fi
This is how it should look like
root@pi36:/home/pi# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether b8:27:eb:5e:d7:c9 brd ff:ff:ff:ff:ff:ff
inet6 fe80::31a8:a549:932:d9fb/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether b8:27:eb:0b:82:9c brd ff:ff:ff:ff:ff:ff
4: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2312 qdisc mq master br0 state UP group default qlen 1000
link/ether 24:05:0f:f7:30:99 brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 24:05:0f:f7:30:99 brd ff:ff:ff:ff:ff:ff
inet 10.178.111.242/24 brd 10.178.111.255 scope global br0
valid_lft forever preferred_lft forever
inet6 2a00:6020:4c14:fa00:2605:fff:fef7:3099/64 scope global dynamic mngtmpaddr
valid_lft 2714sec preferred_lft 2714sec
inet6 fe80::2605:fff:fef7:3099/64 scope link
valid_lft forever preferred_lft forever
root@pi36:/home/pi# brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.24050ff73099 no eth0
wlan1
root@pi36:/home/pi#