RaspberryPi/Access Point: Difference between revisions
From charlesreid1
(Created page with "<!-- The steps for configuring the Raspberry Pi as a wireless access point are: Log in to the Raspberry Pi either directly or remotely. Use the apt-get install command to in...") |
No edit summary |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
Date: March 2016 | |||
=Configure RPi As Wireless Access Point= | |||
these instructions will walk you through setting up raspberry pi as wireless access point. | |||
==Installation== | |||
start by connecting to your pi via ssh. Install some software needed to turn the RPi into a router: | |||
<pre> | |||
$ apt-get install -y hostapd udhcpd iw | |||
</pre> | |||
Now pick out a wireless USB adapter that can act as an access point. | |||
<pre> | |||
$ iw list | grep "* AP" | |||
</pre> | |||
(If no results, try a different wireless card.) | |||
==Setting Up DHCP== | |||
View the name server (DNS) address stored in <code>/etc/resolve.conf</code> | |||
Now let's configure the DHCP server, which is responsible for handing out leases. | |||
Edit <code>/etc/udhcpd.conf</code>, use sample file below: | |||
<pre> | |||
# Sample udhcpd configuration file (/etc/udhcpd.conf) | # Sample udhcpd configuration file (/etc/udhcpd.conf) | ||
# The start and end of the IP lease block | # The start and end of the IP lease block | ||
start 192.168.0.20 #default: 192.168.0.20 | start 192.168.0.20 #default: 192.168.0.20 | ||
end 192.168.0.254 #default: 192.168.0.254 | end 192.168.0.254 #default: 192.168.0.254 | ||
# The interface that udhcpd will use | # The interface that udhcpd will use | ||
interface eth0 #default: eth0 | interface eth0 #default: eth0 | ||
# Settings | |||
# | |||
opt dns 192.168.2.1 | opt dns 192.168.2.1 | ||
option subnet 255.255.255.0 | option subnet 255.255.255.0 | ||
| Line 93: | Line 45: | ||
option domain local | option domain local | ||
option lease 864000 | option lease 864000 | ||
</pre> | |||
This assumes that the resolve.conf file contained <code>192.168.2.1</code>. | |||
Now edit one more file: <code>/etc/default/udhcpd</code> | |||
<pre> | |||
# Comment the following line to enable | # Comment the following line to enable | ||
DHCPD_ENABLED="no" | DHCPD_ENABLED="no" | ||
| Line 107: | Line 61: | ||
DHCPD_OPTS="-S" | DHCPD_OPTS="-S" | ||
</pre> | |||
Now you're ready to enable DHCP server, simply by commenting out <code>DHCPD_ENABLED="no"</code> | |||
Change it to <code>#DHCPD_ENABLED="no"</code> and you'll be ready to go. | |||
#DHCPD_ENABLED="no" | |||
==Setting Up Hostapd== | |||
Configure the hostapd server | |||
Configure the hostapd server by editing the file <code>/etc/hostapd/hostapd.conf</code> and adding the following contents: | |||
<pre> | |||
interface=wlan0 | interface=wlan0 | ||
ssid= | ssid=CIA_Surveillance_Van | ||
wpa_passphrase= | wpa_passphrase=ITSASECRET | ||
driver=nl80211 | driver=nl80211 | ||
hw_mode=g | hw_mode=g | ||
| Line 131: | Line 85: | ||
wpa_pairwise=TKIP | wpa_pairwise=TKIP | ||
rsn_pairwise=CCMP | rsn_pairwise=CCMP | ||
</pre> | |||
Now enable the hostapd service by creating a default file in <code>/etc/default/hostapd</code> | |||
<pre> | |||
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration | # Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration | ||
# file and hostapd will be started during system boot. An example configuration | # file and hostapd will be started during system boot. An example configuration | ||
| Line 168: | Line 118: | ||
# See sysctl.conf (5) for information. | # See sysctl.conf (5) for information. | ||
# | # | ||
</pre> | |||
==Enable IPv4 Packet Forwarding== | |||
To serve as a router that forwards traffic from a wireless network to a wired network connection, the Pi must be able to forward IPv4. | |||
Edit the kernel parameters file <code>/etc/sysctl.conf</code> | |||
Uncomment the line beginning with net.ipv4.ip_forward by removing the # from the beginning of the line. | Uncomment the line beginning with net.ipv4.ip_forward by removing the # from the beginning of the line. | ||
<pre> | |||
# Uncomment the next line to enable packet forwarding for IPv4 | # Uncomment the next line to enable packet forwarding for IPv4 | ||
net.ipv4.ip_forward=1 | net.ipv4.ip_forward=1 | ||
</pre> | |||
Enable post forwarding by using echo command to set kernel parameter <code>/proc/sys/net/ipv4/ip_forward</code> to 1: | |||
<pre> | |||
$ bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward' | |||
</pre> | |||
Now set up IP forwarding rules for postrouting, network address translation, and forwarding: | |||
<pre> | |||
$ iptables -t nat -A POSTROUTING –o eth0 –j MASQUERADE | |||
$ iptables -A FORWARD –i eth0 –o wlan0 -m state --state RELATED,ESTABLISHED –j ACCEPT | |||
$ iptables -A FORWARD –i wlan0 –o eth0 –j ACCEPT | |||
</pre> | |||
Next, we can save these iptables settings in a file for IPv4 NAT, and put that in the appropriate place for the system to use it next time it boots: | |||
<pre> | |||
$ iptables-save > iptables.ipv4.nat | |||
$ mv iptables.ipv4.nat /etc | |||
$ chown root:root /etc/iptables.ipv4.nat | |||
</pre> | |||
==Set IP== | |||
Now use ifconfig to give the wireless device the IP address specified above: | |||
<pre> | |||
$ ifconfig wlan0 192.168.0.1 | |||
</pre> | |||
Configure the network interface configuration so that these changes will be permanent. Edit <code>/etc/network/interfaces</code>: | |||
<pre> | |||
auto lo | auto lo | ||
iface lo inet loopback | iface lo inet loopback | ||
| Line 215: | Line 179: | ||
up iptables-restore < /etc/iptables.ipv4.nat | up iptables-restore < /etc/iptables.ipv4.nat | ||
</pre> | |||
==Enable AP== | |||
Now you are ready to enable the AP. Use the update-rc command to enable hostapd and udhcpd services: | |||
<pre> | |||
$ update-rc.d hostapd enable | |||
$ update-rc.d udhcp enable | |||
</pre> | |||
One last thing is to disable WPA supplicant - since you don't want to be connecting to wireless networks while you're acting as a hot spot! Move the services definition file for WPA supplicant, which is in <code>/usr/share/dbus-1/system-services</code>, to a temporary location. | |||
==Last Step: Reboot== | |||
Now, upon rebooting, your Raspberry Pi should be acting as a wireless hot spot with the details set in the hostapd configuration file. | |||
=Flags= | |||
{{KaliFlag}} | |||
{{WirelessFlag}} | |||
{{PiFlag}} | |||
<!-- | |||
Check the wireless USB adapter | |||
Not all wireless USB adapters support Access Point (AP) mode. The iw list command is used to list the wireless capabilities of any attached wireless devices. If AP mode is supported, it will be listed in the section Supported interface modes. | |||
The output of the iw list command is quite long. The grep command is used to filter the output of the iw list command. A pipe (|) is used to connect the output of the iw list command to the input of the grep command. The grep command limits the output of other commands using a regular expression filter ('^[[:blank:]]*\* A' – from the beginning of the line ^ any number of blanks [[:blank:]]* followed by an asterisk \* followed by a space and the capital letter A). | |||
If the wireless adapter is not compatible with hostapd, the iw list command will display the message "nl80211 not found." There may still be a chance for the adapter to work with hostapd; however, it requires recompiling hostapd with another driver (see references at the end of the chapter). | |||
Once the wireless adapter has been tested and shown to support AP mode, configuration of the Raspberry Pi continues. | |||
Configure the DHCP server by using udhcpd | |||
The Dynamic Host Configuration Protocol (DHCP) server (udhcpd) assigns client computers network configuration information; such as the address of a DNS nameserver, an IP address, and a default route (or gateway). When this recipe is complete, the Raspberry Pi will configure its wireless clients using DCHP. | |||
Three changes are made to the DHCP configuration file (/etc/udhcpd.conf): | |||
The wireless interface is selected (wlan0) | |||
The remaining flag is set to support embedded devices (for example, Raspberry Pi) | |||
The default network parameters are defined for wireless clients | |||
The default network parameters are: | |||
dns – the DNS nameserver to use. The system DNS nameserver is defined in /etc/resolv.conf and is displayed in Step 5. | |||
subnet – how many IP addresses are part of the same network subnet. The value 255.255.255.0 is a net mask that matches computers with the same numbers in the first three bytes of the IP address. | |||
router – the static IP address of the Raspberry Pi's wireless interface (192.168.0.1). | |||
domain – the name of the network (local). | |||
lease – how long a network address will be assigned to a specific computer (864000 seconds or 10 days). | |||
The start and end parameters at the top of the configuration file by default are set to the range of IP values from 192.168.0.20 to 192.168.0.254. | |||
If the Raspberry Pi will always be attached to a wired network that has a network timeserver, the remaining time flag does not need to be set. | |||
After udhcpd has been configured, its boot script parameter file (/etc/default/udhcpd) also needs to be changed. The parameter DHCP_ENABLED="no" needs to be commented out (by placing a # at the beginning of the line), so that the DHCP server (udhcpd) is enabled. | |||
Configure the Wireless Access Point server by using hostapd | |||
The Wireless Access Point server (hostapd) manages the wireless connection between other wireless devices and the Raspberry Pi. This includes establishing a secure connection using an encryption protocol like Wi-Fi Protect Access (WPA); and setting the Service Set ID (SSID) and the pre-shared key (PSK). | |||
The created hostapd configuration parameter file includes: | |||
interface – the wireless interface (wlan0) | |||
ssid – the network ID (Raspi_AP) | |||
wpa_passphrase – the passphrase or pre-shared key (Pr0t3ct3d) | |||
driver – the wireless device driver (nl80211) | |||
hw_mode – the hardware mode (g) | |||
channel – the radio frequency channel (6) | |||
macaddr_acl – access control list (0) | |||
auth_algs – the authorization algorithm to use (1 – open auth) | |||
ignore_broadcast_ssid – enable broadcasting the network ID (0 – don't ignore broadcasting) | |||
wpa – which version of WPA (2) | |||
wpa_key_mgmt – which key manages algorithm (WPA-PSK) | |||
wpa_pairwise – WPA v1 data encryption (TKIP) | |||
rsn_pairwise – WPA v2 data encryption (CCMP) | |||
After hostapd has been configured, its boot script parameter file (/etc/default/hostapd) also needs to be changed. The parameter DAEMON_CONF needs to be set to the location of the hostapd configuration file (/etc/hostapd/hostapd.conf), so that the Wireless Access Point server is enabled. | |||
Set up IP Forwarding | |||
IP Forwarding is used to pass (forward) network traffic between network interfaces. In this recipe, IP Forwarding is used to pass network traffic between the wireless network and the wired network. Using IP Forwarding, the Raspberry Pi connects the clients of the wireless network to the wired network. | |||
The first configuration step is to enable IP Forwarding in the Raspberry Pi's Linux kernel. The kernel parameters file (/etc/sysctl.conf) has an IP Forwarding entry (net.ipv4.ip_forward=1) that is by default commented out. Uncommenting this entry, by removing the # at the beginning of the line, enables IP Forwarding in the Linux kernel. | |||
After IP Forwarding is enabled, the iptables command is used to define the net filter rules that determine which network packets are allowed to cross the Linux kernel's internal firewall. The Linux kernel's firewall organizes its rules into tables that define how network packets pass through the kernel. The iptables command is used to manage the rules stored in these tables. | |||
The first Linux kernel firewall rule define in this step is appended to the postprocessing rules (-A POSTROUTING) of the network address translation table (-t nat). This rule masquerades network packets (MASQUERADE) as they are passed to the wired network (-o eth0). The IP addresses of wireless network clients are translated into the IP address of the Raspberry Pi's wired network connection as they are passed to the wired network. This is how the network packets from multiple wireless network clients are translated so they can pass through the Raspberry Pi's single wired network connection. | |||
The second rule is appended to the packet forwarding rules (-A FORWARD) of the filter table (the default table). This rule allows (-j ACCEPT) network packets to be forwarded (-A FORWARDED) from the wired network (-i eth0) to the wireless network (-o wlan0) when they are related to an established connection (-m state –state RELATED,ESTABLISHED). | |||
The last iptables command rule in this step is appended to the forwarding rules of the filter table (-A FORWARD). This rule allows packets to pass from the wireless network (-i wlan0) to the wired network (-o eth0). | |||
The next command, ifconfig wlan0, sets the IP address of the Raspberry Pi's wireless network connection to 192.168.0.1. | |||
Finally, the iptables-save command is used to save a copy of these rules in a configuration file (/etc/iptables.ipv4.nat) that can be used during boot. | |||
After this step is complete, the IP Forwarding rules have been defined and saved in a configuration file. The IP Forwarding rules are also active. | |||
Configure the boot parameters | |||
The network interfaces definitions used during boot are stored in a configuration file (/etc/network/interfaces). The file defines the network address, network mask, and the default route for each network interface. | |||
The configuration file used in this recipe defines three network interfaces: | |||
lo – the loopback network | |||
eth0 – the wired network | |||
wlan0 – the wireless network | |||
The loopback interface (lo) is loaded automatically (auto). | |||
The wired interface interface's (eth0) is configured dynamically using the DHCP protocol. | |||
The wireless interface (wlan0) has a static definition (static) – it is in this file. The wireless interface's IP address is defined to be 192.168.0.1. The interface's defined network mask (255.255.255.0) is big enough to support 256 unique addresses on the same subnet. | |||
After the network interfaces are brought up (up), the IP Forwarding definitions (/etc/iptables.ipv4.nat) are restored (iptables-restore) that were saved earlier in this recipe (using iptables-save). | |||
Once the network interface definitions have been saved, the network can be started. | |||
Start the wireless access point | |||
Now that the configuration files have been updated: | |||
wireless access point (/etc/hostapd/hostapd.conf) | |||
dynamic host configuration protocol (/etc/udhcpd.conf) | |||
network interfaces (/etc/network/interfaces) | |||
IP Forwarding definitions (/etc/iptables.ipv4.nat) | |||
The boot scripts for the wireless access point daemon (hostapd) and the dynamic host configuration protocol daemon (udhcp) can be enabled (update-rc.d enable). | |||
The Raspberry Pi will now become a wireless access point every time it boots! | |||
After the Raspberry Pi reboots, the wireless access point is ready to use! Wireless devices can now connect to the Raspberry Pi using your chosen SSID (Raspi_AP) and passphrase (Pr0t3ct3d). | |||
Create Bookmark | |||
There's more… | |||
Not all USB wireless adapters support AP mode | |||
There are a limited number of wireless USB adapters that can work with the Raspberry Pi and can also be configured as wireless access points. The links at the end of this chapter can be used to find current wireless USB adapters that can be used together with the Raspberry Pi to create a wireless access point (see Other Resources). | |||
Some wireless USB adapters consume more power than the Raspberry Pi can support consistently on a continual basis. Connecting the wireless USB adapter to the Raspberry Pi indirectly via a USB hub will lead to better performance and reduce the likelihood that other USB devices (like the onboard network card!) will be starved for power. | |||
Wireless firewall, file server, or web server | |||
This recipe works well when combined with other recipes in this book. | |||
Together with the file-sharing recipes in Chapter 4, File Sharing, the Raspberry Pi could become a file server for both wired and wireless devices connected to the local network – for exchanging document and media files; or for backup and storage. | |||
When combined with other advanced networking recipes in this chapter, the Raspberry Pi could become a network firewall, protecting wireless access to a wired network; a teaching or support tool with remote access to desktop devices; a communication tool that serves web pages; or a collaboration tool that hosts wiki pages. | |||
Within the Raspberry Pi and open source GNU Linux community, there are numerous other tools and applications that could be combined with this recipe to turn the Raspberry Pi into a dynamic network hub for wireless devices. | |||
hostapd (http://en.wikipedia.org/wiki/Hostapd): This Wikipedia article about hostapd describes the service in more detail. | |||
hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator (http://w1.fi/hostapd/): The hostapd website is a complete reference for the server. | |||
Debian Linux Kernel Handbook (http://kernel-handbook.alioth.debian.org/): The Debian Linux Kernel Handbook has more information about how iptables work. | |||
Linux wireless (http://linuxwireless.org/): The Linux Wireless website has more information on using wireless devices with Linux. | |||
RPI-Wireless-Hotspot (http://elinux.org/RPI-Wireless-Hotspot): This is an article about wireless hotspots on the Embedded Linux website. | |||
USB Wi-Fi Adapters (http://elinux.org/RPi_VerifiedPeripherals#USB_Wi-Fi_Adapters): This is an article about Wi-Fi adapters on the Embedded Linux Wiki. | |||
Raspberry Pi Wi-Fi adapter testing (http://www.element14.com/community/docs/DOC-44703/l/raspberry-pi-wifi-adapter-testing): This is an article about tested wireless adapters on the Element14 Community website. | |||
--> | --> | ||
Latest revision as of 05:08, 19 August 2020
Date: March 2016
Configure RPi As Wireless Access Point
these instructions will walk you through setting up raspberry pi as wireless access point.
Installation
start by connecting to your pi via ssh. Install some software needed to turn the RPi into a router:
$ apt-get install -y hostapd udhcpd iw
Now pick out a wireless USB adapter that can act as an access point.
$ iw list | grep "* AP"
(If no results, try a different wireless card.)
Setting Up DHCP
View the name server (DNS) address stored in /etc/resolve.conf
Now let's configure the DHCP server, which is responsible for handing out leases.
Edit /etc/udhcpd.conf, use sample file below:
# Sample udhcpd configuration file (/etc/udhcpd.conf) # The start and end of the IP lease block start 192.168.0.20 #default: 192.168.0.20 end 192.168.0.254 #default: 192.168.0.254 # The interface that udhcpd will use interface eth0 #default: eth0 # Settings opt dns 192.168.2.1 option subnet 255.255.255.0 opt router 192.168.0.1 option domain local option lease 864000
This assumes that the resolve.conf file contained 192.168.2.1.
Now edit one more file: /etc/default/udhcpd
# Comment the following line to enable DHCPD_ENABLED="no" # Options to pass to busybox' udhcpd. # # -S Log to syslog # -f run in foreground DHCPD_OPTS="-S"
Now you're ready to enable DHCP server, simply by commenting out DHCPD_ENABLED="no"
Change it to #DHCPD_ENABLED="no" and you'll be ready to go.
Setting Up Hostapd
Configure the hostapd server by editing the file /etc/hostapd/hostapd.conf and adding the following contents:
interface=wlan0 ssid=CIA_Surveillance_Van wpa_passphrase=ITSASECRET driver=nl80211 hw_mode=g channel=6 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Now enable the hostapd service by creating a default file in /etc/default/hostapd
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration # file and hostapd will be started during system boot. An example configuration # file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz # #DAEMON_CONF="" # Additional daemon options to be appended to hostapd command:- # -d show more debug messages (-dd for even more) # -K include key data in debug messages # -t include timestamps in some debug messages # # Note that -B (daemon mode) and -P (pidfile) options are automatically # configured by the init.d script and must not be added to DAEMON_OPTS. # #DAEMON_OPTS="" ~ "/etc/default/hostapd" 20 lines, 770 characters Replace the line beginning with #DAEMON_CONF with the line DAEMON_CONF="/etc/hostapd/hostapd.conf". DAEMON_CONF="/etc/hostapd/hostapd.conf" Save the file and exit the editor (:wq). Configure IP forwarding. Use the vi editor to enable IP forwarding by editing the kernel parameters file, /etc/sysctl.conf. pi@raspberrypi ~ $ sudo vi /etc/sysctl.conf The vi editor displays the contents of the configuration file. # # /etc/sysctl.conf - Configuration file for setting system variables # See /etc/sysctl.d/ for additonal system variables # See sysctl.conf (5) for information. #
Enable IPv4 Packet Forwarding
To serve as a router that forwards traffic from a wireless network to a wired network connection, the Pi must be able to forward IPv4.
Edit the kernel parameters file /etc/sysctl.conf
Uncomment the line beginning with net.ipv4.ip_forward by removing the # from the beginning of the line.
# Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
Enable post forwarding by using echo command to set kernel parameter /proc/sys/net/ipv4/ip_forward to 1:
$ bash -c 'echo "1" > /proc/sys/net/ipv4/ip_forward'
Now set up IP forwarding rules for postrouting, network address translation, and forwarding:
$ iptables -t nat -A POSTROUTING –o eth0 –j MASQUERADE $ iptables -A FORWARD –i eth0 –o wlan0 -m state --state RELATED,ESTABLISHED –j ACCEPT $ iptables -A FORWARD –i wlan0 –o eth0 –j ACCEPT
Next, we can save these iptables settings in a file for IPv4 NAT, and put that in the appropriate place for the system to use it next time it boots:
$ iptables-save > iptables.ipv4.nat $ mv iptables.ipv4.nat /etc $ chown root:root /etc/iptables.ipv4.nat
Set IP
Now use ifconfig to give the wireless device the IP address specified above:
$ ifconfig wlan0 192.168.0.1
Configure the network interface configuration so that these changes will be permanent. Edit /etc/network/interfaces:
auto lo
iface lo inet loopback
auto eth0
allow-hotplug eth0
iface eth0 inet manual
auto wlan0
iface wlan0 inet static
address 192.68.0.1
netmask 255.255.255.0
up iptables-restore < /etc/iptables.ipv4.nat
Enable AP
Now you are ready to enable the AP. Use the update-rc command to enable hostapd and udhcpd services:
$ update-rc.d hostapd enable $ update-rc.d udhcp enable
One last thing is to disable WPA supplicant - since you don't want to be connecting to wireless networks while you're acting as a hot spot! Move the services definition file for WPA supplicant, which is in /usr/share/dbus-1/system-services, to a temporary location.
Last Step: Reboot
Now, upon rebooting, your Raspberry Pi should be acting as a wireless hot spot with the details set in the hostapd configuration file.
Flags
 |
Wireless all things wireless.
Software:
|
