Try   HackMD

TwinAIR: Raspberry Pi as Router and Wi-Fi Repeater

This guide is based on University of Bristol's guide, by Sam Gunner.

Requirements

For this setup, we need:

  1. Raspberry Pi with Wi-Fi and USB ports (3b+, 4), setup with Raspbian or similar desktop environment (this is useful to setup EDUROAM later on)
  2. HDMI Cable and screen
  3. USB Mouse and keyboard
  4. USB WiFi Dongle

Fab Lab Barcelona provides:

  • raspberry pi, already setup with Raspbian, including power supply
  • HDMI cable
  • USB WiFi dongle

Summary

We are going to connect to eduroam with the onboard WiFi (wlan0) and then host an access point with the WiFi dongle (wlan1).

You’re better off connecting to eduroam using the GUI, and the instruction below assume that you have already done that and have internet connection on the Raspberry Pi. If you’d rather use the command line then there are instructions for what the wpa_supplicants file needs to look like for Bristol here: https://www.wireless.bris.ac.uk/eduroam/instructions/go-wpasup/

Each institution has a slightly different process (for example at Bristol you need to download a cert from the Bristol website first which would not be the same at LiU).

This setup does require someone to include their university login details, including the password, in a plain text file on the Raspberry Pi. Check with your institution as they might not be so happy!

Steps

The steps required are mostly taken from here: https://www.nextpcb.com/blog/how-to-turn-a-raspberry-pi-into-a-router although there are a few tweaks to get things working on my system.

Note: eth0 is not configured to do anything special a bridge needs to be configured if internet is going to be shared via that interface as well, although this has not yet been done.

  1. Do update and upgrade
$ sudo apt-get update $ sudo apt-get full-upgrade
  1. Install DHCP server and WiFi Access point software (just setting up the access point using the gui didn't work):
$ sudo apt-get install dnsmasq hostapd
  1. Set a static IP address on wlan1:
$ sudo vim /etc/dhcpcd.conf

And insert at the bottom:

interface wlan1

static ip_address=10.0.69.1/24

static routers=10.0.69.1

static domain_name_servers=8.8.8.8
  1. Configure the DHCP server
$ sudo vim /etc/dnsmasq.conf

and insert at the bottom:

interface=wlan1

dhcp-range=10.0.69.10,10.0.69.99,12h
  1. set up wifi access point
$ sudo vim /etc/hostapd/hostapd.conf

and insert:

interface=wlan1
ssid=TwinAIR AP
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=twinairisgreat?
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
  1. set traffic forwarding
$ sudo vim /etc/sysctl.conf

and uncomment:

net.ipv4.ip_forward=1
  1. set up the IP tables rules
$ sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

For some reason the instruction above never make the ip tables rules permanent, and this needs to be done, all you need to do is:

$ sudo apt install iptables-persistent

And this does it for you. This information was found here: https://linuxconfig.org/how-to-make-iptables-rules-persistent-after-reboot-on-linux

  1. Also, it appears that as it stands hostapd comes up to quickly, and so you need to include a sleep in the unit file.

How to do this is described here: https://forums.raspberrypi.com/viewtopic.php?t=234145

Namely:

$ sudo vim /etc/systemd/system/multi-user.target.wants/hostapd.service

And add:

ExecStartPre=/bin/sleep 15

To the [Service] section, this delays the launch of hosytapd and makes sure that the hardware is ready for it.

Done!


Take 2

#!/bin/bash

 

# This is a scpit to configure the hotspot using nmcli


# You have to be root for it to work.

if [[ $EUID -ne 0 ]]; then

    echo "This must be run as root." 1>&2

    exit 100

fi


# set up the connection, providing the interface name and the SSID of the hotpost

nmcli con add con-name TwinAirHotSpot ifname wlan0 type wifi ssid "TwinAIR"

# specifcy the security protocols to use

nmcli con modify TwinAirHotSpot wifi-sec.key-mgmt wpa-psk

# specify the PSK

nmcli con modify TwinAirHotSpot wifi-sec.psk 'Tw1n4IR!'

# now we need to set up ip addressing on the interface it is going to attached to

# we do not include a gateway here, otherwise traffic is not routed correctly,

# dnsmasq will do that for devices on the network.

nmcli conn modify TwinAirHotSpot ipv4.addresses 192.168.101.1/24 ipv4.method manual

# finally the wifi mode

nmcli con modify TwinAirHotSpot 802-11-wireless.mode ap 802-11-wireless.band bg


# this has taken the place of the dhcpcd.conf stuff from before

configure dnsmasq, by changing the file:

sudo vim /etc/dnsmasq.conf

and adding:

interface=wlan0

dhcp-range=192.168.101.10,192.168.101.99,12h

then restart dnsmasq:

sudo systemctl restart dnsmasq.service

(note: we don't need to do the hostapd stuff because that's now done by nmcli)

enable IP forwarding by uncommenting:

net.ipv4.ip_forward=1

in:

sudo vim /etc/sysctl.conf

NAT still needs to be setup using iptables, although this seems not to be installed by default any more so install first using:

sudo apt install iptables

now set up NAT with:

sudo iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE

and make the rule permanent, by installing this package which then sorts things out for you.

sudo apt install iptables-persistent```