RPI3 as WiFi Router/Access Point

There are so many links in the internet which explains on how to convert your development board (in this case Raspberry PI3) into a WiFi router. I am going to explain my version of the same and with few additional details particularly for providing IPv6 addresses
to the clients who wants to connect to this router.

pi@raspberrypi:~ $ uname -a

Linux raspberrypi 4.11.0-rc6-v8+ #1 SMP PREEMPT Tue Apr 11 11:47:17 IST 2017 aarch64 GNU/Linux

Yes, Am still running my custom build 64-bit kernel on the RPI3. Pls note am using SSH to access my RPI3 as I don’t have serial access to it.

Hostapd

hostapd is a user space daemon for access point and authentication servers. It is designed to be a “daemon” program that runs in the background and acts as the backend component controlling authentication.It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server.

Package installation – hostapd

pi@raspberrypi:~ $ sudo apt-get install hostapd

Dnsmasq

Dnsmasq is a Dynamic Host Configuration Protocol (DHCP) server and Domain Name System (DNS) forwarder for small computer networks particularly much useful in embedded devices as it has low system requirements. Its DHCP server supports static and dynamic DHCP leases, multiple networks and IP address ranges.It supports modern Internet standards such as IPv6 and DNSSEC. The default config has so many options which can be very much useful while configuring dnsmasq.

Package installation – dnsmasq

pi@raspberrypi:~ $ sudo apt-get install dnsmasq

Configure the current network setup

To make sure wlan0 doesn’t get IP address using DHCP we need to edit the “/etc/dhcpcd.conf” file.

pi@raspberrypi:~ $ sudo vi /etc/dhcpcd.conf

We need to add the below line at the top of this config file:

denyinterfaces wlan0

This disables DHCP for the wlan0 interface.

Add static IPv4 and IPv6 address to the WLAN interface:

pi@raspberrypi:~ $ sudo vi /etc/network/interfaces

Now add these below entries into the above file:

allow-hotplug wlan0
iface wlan0 inet static
address 192.168.20.1
netmask 255.255.255.0
network 192.168.20.0
broadcast 192.168.20.255
iface wlan0 inet6 static
address 2001:db8::101/64
#iface wlan0 inet manual
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

The above entries make sure that the wlan0 interface is statically assigned with these addresses on each cold boot/warm boot.

Restart the dhcpd service so that above changes reflect before proceeding further.
pi@raspberrypi:~ $ sudo service dhcpcd restart

pi@raspberrypi:~ $ sudo ifdown wlan0 

pi@raspberrypi:~ $ sudo ifup wlan0

Now check the ip address of the wlan0 interface with ifconfig

pi@raspberrypi:~ $ ifconfig wlan0 

wlan0 Link encap:Ethernet HWaddr b8:27:eb:ae:08:cb

inet addr:192.168.20.1 Bcast:192.168.20.255 Mask:255.255.255.0

inet6 addr: 2001:db8::101/64 Scope:Global

inet6 addr: fe80::ba27:ebff:feae:8cb/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:17 errors:0 dropped:1 overruns:0 frame:0

TX packets:62 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:1997 (1.9 KiB) TX bytes:11138 (10.8 KiB)

pi@raspberrypi:~ $

Time to set up hostapd and dnsmasq

These two services are the actual work horses behind running RPI3 as WiFi router and then assigning IP addresses to the clients who wants to connect to it.

Configure Hostapd

Pls create the below file if it does not exist and then add the details as given.

pi@raspberrypi:~ $ sudo vi /etc/hostapd/hostapd.conf

interface=wlan0 # WiFI interface name
driver=nl80211
ssid=RPI3 # SSID name – This can be chosen as per our wish
wpa_passphrase=012345678 # Password for the this network
hw_mode=g # Default mode 802.11g
channel=6 # This can also be chosen depending upon the channel availability
macaddr_acl=0 # Accept all MAC addresses
ignore_broadcast_ssid=0
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
# 802.11n related configs and it ain’t mandatory.
ieee80211n=1 # Enables 802.11n
wmm_enabled=1
# Enables 40MHz channel support and Short GI of 400ns at 20MHz
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]

To give more clarity on the configs, i have shared the details as comments. It is not needed to understand all the entries but some idea will be good enough. To make sure that this file is chosen as the default config file for hostapd we need to modify the “/etc/default/hostapd” file and add the below line into that file:

pi@raspberrypi:~ $ sudo vi /etc/default/hostapd

DAEMON_CONF=”/etc/hostapd/hostapd.conf”

Configure dnsmasq

As shared above dnsmasq is the service which provides IP addresses to clients who wants to connect RPI3’s WiFi interface which is acting as WiFi router (master mode). We can take a back up of the default dnsmasq config file as it can be used for future reference.

Note: As per my experience this is one of the best config files which any package provides as it has all the needed details.

pi@raspberrypi:~ $ sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.backup

Edit the file and add the below contents as shared.

pi@raspberrypi:~ $ sudo vi /etc/dnsmasq.conf

interface=wlan0 # use interface wlan0

listen-address=192.168.20.1 # address to listen on

dhcp-range=192.168.20.50,192.168.20.150,12h # IPv4 range and lease time

dhcp-range=2001:db8::102, 2001:db8::247,12h # IPv6 range and lease time

bind-interfaces # bind to the interface

server=8.8.8.8 # Google DNS server 

enable-ra # Enable router advertisement 

Configure Linux

We need to add a few iptables rules to make sure that the device is capable of transferring packets that comes to wlan0 interface (packets sent by client devices ) to the eth0 interface which is connected to the backbone. In other words, the ethernet interface is already connected to the backbone network and has access to the internet. With the below rules we are trying to make sure that whatever packets that is sent to the wlan0 interface by
the WiFi clients is sent to the ethernet interface which is in turn then sent out to the internet.

pi@raspberrypi:~ $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

pi@raspberrypi:~ $ sudo iptables -A FORWARD -i eth0 -o wlan0 -m state –state RELATED,ESTABLISHED -j ACCEPT

pi@raspberrypi:~ $ sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

To keep the above rules persistent across reboots we need to save these iptable rules into a file and then edit “/etc/network/interfaces” file to load these rules when the interface is configured.

pi@raspberrypi:~ $ sudo iptables-save > iptables.wifi

Add the below line into “/etc/network/interfaces” file. This should be placed either under IPv4 config or IPv6 config. I have kept it under IPv6 config entry.

iface wlan0 inet6 static

address 2001:db8::101/64

pre-up iptables-restore < /home/pi/iptables.wifi

This will make sure that whenever the device is rebooted the iptable entries/rules are restored and there is no need to execute these commands manually.

Enable IP routing

Now lets inform the linux kernel to forward packets which in turn makes this device behave like a router. Open the file “/etc/sysctl.conf” and un-comment the line containing the below entry:

net.ipv4.ip_forward=1

Again the above change will make sure that changes are persistent on reboots. You can also change this value temporarily by executing the below command:

pi@raspberrypi:~ $ sudo echo 0 > /proc/sys/net/ipv4/ip_forward

We can verify the change with the below command.

pi@raspberrypi:~ $ cat /proc/sys/net/ipv4/ip_forward

1

If the entry is shown as zero then the command was not executed properly.

To make sure all is working fine, we can start/restart the hostapd and dnsmasq services separately and check it. I did a complete reboot of the device to make sure all things are started nice and clean.

Scan and connect

I was able to scan using my mobile and then connect to RPI3’s WiFi interface and then access internet using it.