Pi Wi-Fi Access Point

I searched the web for instructions on how to set up a RPi as an access point using a Wi-Fi adapter, and found some very good material. Dave Conroy has a how to that is the basis of this post. As with most situations there were some tweaks to fit my needs. So I thought I would offer up my experience on how to build a wireless router with an RPi.

Update: Feb 17, 2015 – I repeated this with my raspberry pi 2 and nothing needed to be changed. 🙂

There are a few caveats.

  • The range of a Wi-Fi dongle is not that great
  • The Wi-Fi package was not plug and play
  • You don’t have the cool GUI interface that commercial Wi-Fi AP’s have for configuration
  • The RPi is not cheaper than most low-end Wireless routers – I just bought an ASUS unit for $39, and about a month before that I picked up a Netgear for $29.

But that’s not the point. The point is a RPi is a teaching tool. So with that in mind, this little project was certainly a learning experience. Please keep that in mind as you try this project.

The Goods

This is the hardware I used for this project:

  • Raspberry Pi Model B
  • Edimax Nano USB EW-7811Un (RTL8188CUS chipset)
  • 4GB SD card

These are the software packages I used during the project:

  • hostapd
  • special drivers for the RTL8188CUS
  • apache2
  • isc-dhcp-server

There are thousands of web pages on how to get an RPi up and running. I won’t go through all that here, but here are the cliff notes:

  • I started with a 4GB SD card so I could create a reasonably small shareable image
  • I used SDFormatter to properly clean up the SD card
  • I downloaded Raspbian Linux using a link on raspberrypi.org
  • I flashed the Raspbian O/S onto the SD card with Win32Diskimager

Once booted, I ran through the raspi-config utility and

  • updated the config tool
  • expanded the filesystem to the 4GB max
  • set the locale, time zone, and keyboard to my needs
  • enabled SSH
  • set a host name
  • overclocked slightly to 800Mhz (not necessary)

Feel free to change your password, if you plan to make your RPi visible to the Internet

So enough with the chit chat – log into your Pi and lets get to it!

Get the Web Server up – Install Apache

The first part is pretty easy. Run the following command from the shell to install Apache.

sudo apt-get install apache2

The location of the Apache configuration file is…

/etc/apache2/apache2.conf

You should not need to edit this file, as the defaults are fine for most purposes.

Install Wireless Support – hostapd

To be able to access this new web server over a WiFi Hotspot running on the same Raspberry Pi, we need to install hostapd.

sudo apt-get install hostapd

Patching hostapd for Edimax Wi-Fi adapter (Thanks Dave Conroy!!)

The following steps are only for people who have WiFi adapters with the RTL8188CUS Chipset. If you have a different chipset please skip ahead to the section titled “Configuring hostapd”.

Download and replace the installed binary version of hostapd you just installed and issue the following commands at the console:

wget http://www.daveconroy.com/wp3/wp-content/uploads/2013/07/hostapd.zip

unzip hostapd.zip

sudo mv /usr/sbin/hostapd /usr/sbin/hostapd.bak

sudo mv hostapd /usr/sbin/hostapd.edimax

sudo ln -sf /usr/sbin/hostapd.edimax /usr/sbin/hostapd

sudo chown root.root /usr/sbin/hostapd

sudo chmod 755 /usr/sbin/hostapd

Configuring hostapd

Now that you have updated the binary copy of hostapd, you need to configure it. Start by creating the following file

sudo nano /etc/hostapd/hostapd.conf

with the following contents (updated 9/6/14 to include 802.11g/n options):

interface=wlan0

driver=rtl871xdrv

ssid=PiNetwork

channel=1

hw_mode=g

wmm_enabled=1

ieee80211n=1

ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][SHORT-GI-20][MAX-AMSDU-7935]

wpa=3

wpa_passphrase=0000000000

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP

rsn_pairwise=CCMP

auth_algs=1

macaddr_acl=0

Change the ssid and wpa_passphrase values to something appropriate for your network. Be sure to use a passphrase that is at least 8 characters long.

Networking Configuration

The wireless card and RPi need to handle the routing and DHCP services, so you need to define a subnet for the wireless card.

sudo nano /etc/network/interfaces

Change the file to read as shown below (commenting out the client-specific configuration commands)

# loopback interface

auto lo

iface lo inet loopback

# wired interface

iface eth0 inet dhcp

# wireless interface for use as AP (no gateway value required)

allow-hotplug wlan0

iface wlan0 inet static

address 192.168.10.1

netmask 255.255.255.0

# commented three lines used when the Pi is a DHCP client, not a server

#iface wlan0 inet manual

#wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

#iface default inet dhcp

Now you need to enable DHCP services on the RPi for the network the Wi-Fi adapter is running on, so that other Wi-Fi devices can connect and get an IP address.

sudo apt-get install isc-dhcp-server

 The DHCP server will try to startup during the installation, and it will fail – that’s normal because you need to configure the subnet information.

sudo nano /etc/dhcp/dhcpd.conf

 Make sure the following lines are enabled by removing any comment tag (#). They are spread out a bit throughout the file.

authoritative; #be careful with this setting

ddns-update-style none;

default-lease-time 600;

max-lease-time 7200;

log-facility local7;

Add these lines to the end of the file. You can change the subnet to something else if you have a conflict. Also, if you need a bigger range of addresses, you can change the starting and ending address in the range definition. The Google DNS servers could be replaced with others, or you can simply add more servers to the list. If you intend to install a second Ethernet interface for a wired client you will have to add another subnet block to the list. For now just use this to support the wireless interface clients:

# for the wireless network on wlan0

subnet 192.168.10.0 netmask 255.255.255.0 {

range 192.168.10.25 192.168.10.50;

option domain-name-servers 8.8.8.8, 8.8.4.4;

option routers 192.168.10.1;

}

 To keep your DHCP server from conflicting with other DHCP servers that are visible on other interfaces, you need to specify the wlan0 interface in the DHCP server default values used at boot time.

sudo nano /etc/default/isc-dhcp-server

Edit the line INTERFACES=””; to instruct DHCP server to only offer to wlan0 users. If you intend to install a second Ethernet interface for a wired client you will have to add “eth1” to the list. For now just use this to support the wireless interface clients:

INTERFACES=”wlan0″

At this point you should reboot to test HostAPD and DHCP.

sudo reboot

 After the RPi comes back up, start hostapd in the background, then restart the DHCP service

sudo hostapd -B /etc/hostapd/hostapd.conf

sudo /etc/init.d/isc-dhcp-server restart

At this point you should be able to join the wireless network, get an IP, and also hit the local apache web server. You can watch the Wi-Fi processes actively while connecting a wireless device using the following command:

sudo hostapd -dd /etc/hostapd/hostapd.conf

If it connects, you will want to start this wireless access point on boot with the following commands…

sudo nano /etc/default/hostapd

… uncomment and update the following line

DAEMON_CONF=”/etc/hostapd/hostapd.conf”

So, if you have followed these steps correctly, you can now provide DHCP services to any client, and serve those clients your Apache web pages.

 Enable access beyond the WAP

The last step is to enable your clients who have connected to your access point reach networks beyond the RPi. You need to enable IP forwarding (routing).

Do not reboot until the end of this section or all future changes will be lost. Run these final commands as the root user.

sudo su

echo 1 > /proc/sys/net/ipv4/ip_forward

Update /etc/sysctl.conf…

nano /etc/sysctl.conf

and uncomment this line…

net.ipv4.ip_forward=1

… then save the file.

The final step is to allow Network Address Translation (NAT). Insert the following iptables rule to allow NAT (assuming that the eth0 interface is connected to the internet).

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -A FORWARD -i eth0 -o wlan0 -m state –state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

 We need to save these iptables settings so they are enabled every time you boot the RPi. To save these settings to a file, use the following command.

iptables-save > /etc/iptables.up.rules

To load them at boot time, we need add a line to the end of the /etc/network/interfaces file.

nano /etc/network/interfaces

Add the following at the end of the file:

iptables-restore < /etc/iptables.up.rules

Finishing up …

When you reboot your Raspberry Pi it should be working as an Access Point, a Web Server, a DHCP Server, and an Internet Ready Router!