# TwinAIR: Raspberry Pi as Router and Wi-Fi Repeater :::info This guide is based on University of Bristol's guide, by Sam Gunner. ::: ## Requirements For this setup, we need: 1. Raspberry Pi with Wi-Fi and USB ports (3b+, 4...), setup with Raspbian or similar desktop environment (this is useful to setup EDUROAM later on) 2. HDMI Cable and screen 3. USB Mouse and keyboard 4. USB WiFi Dongle :::info Fab Lab Barcelona provides: - raspberry pi, already setup with Raspbian, including power supply - HDMI cable - USB WiFi dongle ::: ## Summary We are going to connect to eduroam with the onboard WiFi (wlan0) and then host an access point with the WiFi dongle (wlan1). You’re better off connecting to eduroam using the GUI, and the instruction below assume that you have already done that and have internet connection on the Raspberry Pi. If you’d rather use the command line then there are instructions for what the `wpa_supplicants` file needs to look like for Bristol here: https://www.wireless.bris.ac.uk/eduroam/instructions/go-wpasup/ Each institution has a slightly different process (for example at Bristol you need to download a `cert` from the Bristol website first which would not be the same at LiU). :::warning This setup does require someone to include their university login details, including the password, in a plain text file on the Raspberry Pi. Check with your institution as they might not be so happy! ::: ## Steps :::info The steps required are mostly taken from here: https://www.nextpcb.com/blog/how-to-turn-a-raspberry-pi-into-a-router although there are a few tweaks to get things working on my system. Note: `eth0` is not configured to do anything special... a bridge needs to be configured if internet is going to be shared via that interface as well, although this has not yet been done. ::: 1. Do update and upgrade ```shell= $ sudo apt-get update $ sudo apt-get full-upgrade ``` 2. Install DHCP server and WiFi Access point software (just setting up the access point using the gui didn't work): ```shell= $ sudo apt-get install dnsmasq hostapd ``` 3. Set a static IP address on `wlan1`: ```shell= $ sudo vim /etc/dhcpcd.conf ``` And insert at the bottom: ```=! interface wlan1 static ip_address=10.0.69.1/24 static routers=10.0.69.1 static domain_name_servers=8.8.8.8 ``` 4. Configure the DHCP server ```shell= $ sudo vim /etc/dnsmasq.conf ``` and insert at the bottom: ```=! interface=wlan1 dhcp-range=10.0.69.10,10.0.69.99,12h ``` 5. set up wifi access point ```shell= $ sudo vim /etc/hostapd/hostapd.conf ``` and insert: ```=! interface=wlan1 ssid=TwinAIR AP hw_mode=g channel=7 wmm_enabled=0 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=twinairisgreat? wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP ``` 6. set traffic forwarding ```shell= $ sudo vim /etc/sysctl.conf ``` and uncomment: ```=! net.ipv4.ip_forward=1 ``` 7. set up the IP tables rules ```shell= $ sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE ``` :::danger For some reason the instruction above never make the ip tables rules permanent, and this needs to be done, all you need to do is: ```shell=! $ sudo apt install iptables-persistent ``` And this does it for you. This information was found here: https://linuxconfig.org/how-to-make-iptables-rules-persistent-after-reboot-on-linux ::: 8. Also, it appears that as it stands hostapd comes up to quickly, and so you need to include a sleep in the unit file. :::info How to do this is described here: https://forums.raspberrypi.com/viewtopic.php?t=234145 ::: Namely: ```shell= $ sudo vim /etc/systemd/system/multi-user.target.wants/hostapd.service ``` And add: ```=! ExecStartPre=/bin/sleep 15 ``` To the `[Service]` section, this delays the launch of hosytapd and makes sure that the hardware is ready for it. :::success Done! ::: --- # Take 2 ``` #!/bin/bash # This is a scpit to configure the hotspot using nmcli # You have to be root for it to work. if [[ $EUID -ne 0 ]]; then echo "This must be run as root." 1>&2 exit 100 fi # set up the connection, providing the interface name and the SSID of the hotpost nmcli con add con-name TwinAirHotSpot ifname wlan0 type wifi ssid "TwinAIR" # specifcy the security protocols to use nmcli con modify TwinAirHotSpot wifi-sec.key-mgmt wpa-psk # specify the PSK nmcli con modify TwinAirHotSpot wifi-sec.psk 'Tw1n4IR!' # now we need to set up ip addressing on the interface it is going to attached to # we do not include a gateway here, otherwise traffic is not routed correctly, # dnsmasq will do that for devices on the network. nmcli conn modify TwinAirHotSpot ipv4.addresses 192.168.101.1/24 ipv4.method manual # finally the wifi mode nmcli con modify TwinAirHotSpot 802-11-wireless.mode ap 802-11-wireless.band bg # this has taken the place of the dhcpcd.conf stuff from before ``` configure dnsmasq, by changing the file: ``` sudo vim /etc/dnsmasq.conf ``` and adding: ``` interface=wlan0 dhcp-range=192.168.101.10,192.168.101.99,12h ``` then restart dnsmasq: ``` sudo systemctl restart dnsmasq.service ``` (note: we don't need to do the hostapd stuff because that's now done by nmcli) enable IP forwarding by uncommenting: ``` net.ipv4.ip_forward=1 ``` in: ``` sudo vim /etc/sysctl.conf ``` NAT still needs to be setup using iptables, although this seems not to be installed by default any more so install first using: ``` sudo apt install iptables ``` now set up NAT with: ``` sudo iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE ``` and make the rule permanent, by installing this package which then sorts things out for you. ``` sudo apt install iptables-persistent```