Difference between revisions of "Rapberry PI Wifi Router"

From wiki
(Created page with "== Prerequisite == For this guide, you will need * A '''Raspberry Pi 3''': It can work on previous generations but you will need a WiFi USB card plus eventually manually insta...")
 
(Access point)
Line 14: Line 14:
 
dhcpcd is the default [https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol DHCP] client in Raspbian. You need to disable it for the <code>wlan0</code> interface to avoid conflicts with the rest of the setup.
 
dhcpcd is the default [https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol DHCP] client in Raspbian. You need to disable it for the <code>wlan0</code> interface to avoid conflicts with the rest of the setup.
  
Edit file <code>/etc/dhcpcd.conf</code> an add the following line at the end<syntaxhighlight lang="text">
+
Edit file <code>/etc/dhcpcd.conf</code> an add the following line at the end<syntaxhighlight lang="nginx">
 
denyinterfaces wlan0
 
denyinterfaces wlan0
 
</syntaxhighlight>{{Warning|msg=}}This must be above any <code>interface</code> lines you may have added
 
</syntaxhighlight>{{Warning|msg=}}This must be above any <code>interface</code> lines you may have added
Line 25: Line 25:
 
The second step is to configure the interface with a static IP address.
 
The second step is to configure the interface with a static IP address.
  
Edit the file <code>/etc/network/interfaces</code> and replace the block related to <code>wlan0</code> by<syntaxhighlight lang="text">
+
Edit the file <code>/etc/network/interfaces</code> and replace the block related to <code>wlan0</code> by<syntaxhighlight lang="ini">
 
allow-hotplug wlan0   
 
allow-hotplug wlan0   
 
iface wlan0 inet static   
 
iface wlan0 inet static   
Line 40: Line 40:
 
== Configure Access Point ==
 
== Configure Access Point ==
 
{{WIP}}
 
{{WIP}}
 +
First create the default config file using<syntaxhighlight lang="console">
 +
$ zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz | sudo tee /etc/hostapd/hostapd.conf > /dev/null
 +
</syntaxhighlight>Then edit the file and change the following<syntaxhighlight lang="properties">
 +
# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
 +
# management frames); ath0 for madwifi
 +
interface=wlan0
 +
 +
# Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd);
 +
# default: hostap). nl80211 is used with all Linux mac80211 drivers.
 +
# Use driver=none if building hostapd as a standalone RADIUS server that does
 +
# not control any wireless/wired driver.
 +
driver=nl80211
 +
 +
# SSID to be used in IEEE 802.11 management frames
 +
ssid=MyWiFiNetworkName
 +
 +
# Country code (ISO/IEC 3166-1). Used to set regulatory domain.
 +
# Set as needed to indicate country in which device is operating.
 +
# This can limit available channels and transmit power.
 +
country_code=CH
 +
 +
# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
 +
# channels and transmit power levels based on the regulatory limits. The
 +
# country_code setting must be configured with the correct country for
 +
# IEEE 802.11d functions.
 +
# (default: 0 = disabled)
 +
ieee80211d=1
 +
 +
# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
 +
# ad = IEEE 802.11ad (60 GHz); a/g options are used with IEEE 802.11n, too, to
 +
# specify band)
 +
# Default: IEEE 802.11b
 +
hw_mode=g
 +
 +
# Channel number (IEEE 802.11)
 +
# (default: 0, i.e., not set)
 +
# Please note that some drivers do not use this value from hostapd and the
 +
# channel will need to be configured separately with iwconfig.
 +
#
 +
# If CONFIG_ACS build option is enabled, the channel can be selected
 +
# automatically at run time by setting channel=acs_survey or channel=0, both of
 +
# which will enable the ACS survey based algorithm.
 +
channel=11
 +
 +
# Enable WPA. Setting this variable configures the AP to require WPA (either
 +
# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
 +
# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
 +
# Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice.
 +
# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
 +
# RADIUS authentication server must be configured, and WPA-EAP must be included
 +
# in wpa_key_mgmt.
 +
# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
 +
# and/or WPA2 (full IEEE 802.11i/RSN):
 +
# bit0 = WPA
 +
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
 +
wpa=2
 +
 +
# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
 +
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
 +
# (8..63 characters) that will be converted to PSK. This conversion uses SSID
 +
# so the PSK changes when ASCII passphrase is used and the SSID is changed.
 +
# wpa_psk (dot11RSNAConfigPSKValue)
 +
# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
 +
#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
 +
wpa_passphrase=MySecretWiFiNetworkKey
 +
 +
# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
 +
# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
 +
# added to enable SHA256-based stronger algorithms.
 +
# (dot11RSNAConfigAuthenticationSuitesTable)
 +
wpa_key_mgmt=WPA-PSK-SHA256
 +
 +
# Set of accepted cipher suites (encryption algorithms) for pairwise keys
 +
# (unicast packets). This is a space separated list of algorithms:
 +
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
 +
# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
 +
# Group cipher suite (encryption algorithm for broadcast and multicast frames)
 +
# is automatically selected based on this configuration. If only CCMP is
 +
# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
 +
# TKIP will be used as the group cipher.
 +
# (dot11RSNAConfigPairwiseCiphersTable)
 +
# Pairwise cipher for WPA (v1) (default: TKIP)
 +
#wpa_pairwise=TKIP CCMP
 +
# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
 +
rsn_pairwise=CCMP
 +
 +
 +
</syntaxhighlight>
  
 
== Configure DHCP ==
 
== Configure DHCP ==

Revision as of 15:00, 23 December 2016

Prerequisite

For this guide, you will need

  • A Raspberry Pi 3: It can work on previous generations but you will need a WiFi USB card plus eventually manually install drivers.
  • Raspbian: This guide is written for Raspbian.

Install

$ sudo apt install hostapd

Configure Interface

dhcpcd

dhcpcd is the default DHCP client in Raspbian. You need to disable it for the wlan0 interface to avoid conflicts with the rest of the setup.

Edit file /etc/dhcpcd.conf an add the following line at the end

denyinterfaces wlan0

Warning Warning: This must be above any interface lines you may have added

And restart dhcpcd using

$ sudo systemctl restart dhcpcd.service

Interface

The second step is to configure the interface with a static IP address.

Edit the file /etc/network/interfaces and replace the block related to wlan0 by

allow-hotplug wlan0  
iface wlan0 inet static  
    address 10.18.16.1
    netmask 255.255.255.0
    network 10.18.16.0
    broadcast 10.18.16.255
#   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

And apply the configuration using

$ sudo ifdown wlan0
$ sudo ifup wlan0

Configure Access Point

Warning Warning: This page is a work in progress and is not completed. Important informations might be missing or wrong.

First create the default config file using

$ zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz | sudo tee /etc/hostapd/hostapd.conf > /dev/null

Then edit the file and change the following

# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for
# management frames); ath0 for madwifi
interface=wlan0

# Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd);
# default: hostap). nl80211 is used with all Linux mac80211 drivers.
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
driver=nl80211

# SSID to be used in IEEE 802.11 management frames
ssid=MyWiFiNetworkName

# Country code (ISO/IEC 3166-1). Used to set regulatory domain.
# Set as needed to indicate country in which device is operating.
# This can limit available channels and transmit power.
country_code=CH

# Enable IEEE 802.11d. This advertises the country_code and the set of allowed
# channels and transmit power levels based on the regulatory limits. The
# country_code setting must be configured with the correct country for
# IEEE 802.11d functions.
# (default: 0 = disabled)
ieee80211d=1

# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g,
# ad = IEEE 802.11ad (60 GHz); a/g options are used with IEEE 802.11n, too, to
# specify band)
# Default: IEEE 802.11b
hw_mode=g

# Channel number (IEEE 802.11)
# (default: 0, i.e., not set)
# Please note that some drivers do not use this value from hostapd and the
# channel will need to be configured separately with iwconfig.
#
# If CONFIG_ACS build option is enabled, the channel can be selected
# automatically at run time by setting channel=acs_survey or channel=0, both of
# which will enable the ACS survey based algorithm.
channel=11

# Enable WPA. Setting this variable configures the AP to require WPA (either
# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either
# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK.
# Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice.
# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys),
# RADIUS authentication server must be configured, and WPA-EAP must be included
# in wpa_key_mgmt.
# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
# and/or WPA2 (full IEEE 802.11i/RSN):
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
wpa=2

# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
# (8..63 characters) that will be converted to PSK. This conversion uses SSID
# so the PSK changes when ASCII passphrase is used and the SSID is changed.
# wpa_psk (dot11RSNAConfigPSKValue)
# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
wpa_passphrase=MySecretWiFiNetworkKey

# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The
# entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be
# added to enable SHA256-based stronger algorithms.
# (dot11RSNAConfigAuthenticationSuitesTable)
wpa_key_mgmt=WPA-PSK-SHA256

# Set of accepted cipher suites (encryption algorithms) for pairwise keys
# (unicast packets). This is a space separated list of algorithms:
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]
# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
# Group cipher suite (encryption algorithm for broadcast and multicast frames)
# is automatically selected based on this configuration. If only CCMP is
# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise,
# TKIP will be used as the group cipher.
# (dot11RSNAConfigPairwiseCiphersTable)
# Pairwise cipher for WPA (v1) (default: TKIP)
#wpa_pairwise=TKIP CCMP
# Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value)
rsn_pairwise=CCMP

Configure DHCP

Warning Warning: This page is a work in progress and is not completed. Important informations might be missing or wrong.

Configure IP Routing

Warning Warning: This page is a work in progress and is not completed. Important informations might be missing or wrong.