This guide is based on University of Bristol's guide, by Sam Gunner.
For this setup, we need:
Fab Lab Barcelona provides:
We are going to connect to eduroam with the onboard WiFi (wlan0) and then host an access point with the WiFi dongle (wlan1).
You’re better off connecting to eduroam using the GUI, and the instruction below assume that you have already done that and have internet connection on the Raspberry Pi. If you’d rather use the command line then there are instructions for what the wpa_supplicants
file needs to look like for Bristol here: https://www.wireless.bris.ac.uk/eduroam/instructions/go-wpasup/
Each institution has a slightly different process (for example at Bristol you need to download a cert
from the Bristol website first which would not be the same at LiU).
This setup does require someone to include their university login details, including the password, in a plain text file on the Raspberry Pi. Check with your institution as they might not be so happy!
The steps required are mostly taken from here: https://www.nextpcb.com/blog/how-to-turn-a-raspberry-pi-into-a-router although there are a few tweaks to get things working on my system.
Note: eth0
is not configured to do anything special… a bridge needs to be configured if internet is going to be shared via that interface as well, although this has not yet been done.
$ sudo apt-get update
$ sudo apt-get full-upgrade
$ sudo apt-get install dnsmasq hostapd
wlan1
:$ sudo vim /etc/dhcpcd.conf
And insert at the bottom:
interface wlan1
static ip_address=10.0.69.1/24
static routers=10.0.69.1
static domain_name_servers=8.8.8.8
$ sudo vim /etc/dnsmasq.conf
and insert at the bottom:
interface=wlan1
dhcp-range=10.0.69.10,10.0.69.99,12h
$ sudo vim /etc/hostapd/hostapd.conf
and insert:
interface=wlan1
ssid=TwinAIR AP
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=twinairisgreat?
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
$ sudo vim /etc/sysctl.conf
and uncomment:
net.ipv4.ip_forward=1
$ sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
For some reason the instruction above never make the ip tables rules permanent, and this needs to be done, all you need to do is:
$ sudo apt install iptables-persistent
And this does it for you. This information was found here: https://linuxconfig.org/how-to-make-iptables-rules-persistent-after-reboot-on-linux
How to do this is described here: https://forums.raspberrypi.com/viewtopic.php?t=234145
Namely:
$ sudo vim /etc/systemd/system/multi-user.target.wants/hostapd.service
And add:
ExecStartPre=/bin/sleep 15
To the [Service]
section, this delays the launch of hosytapd and makes sure that the hardware is ready for it.
Done!
#!/bin/bash
# This is a scpit to configure the hotspot using nmcli
# You have to be root for it to work.
if [[ $EUID -ne 0 ]]; then
echo "This must be run as root." 1>&2
exit 100
fi
# set up the connection, providing the interface name and the SSID of the hotpost
nmcli con add con-name TwinAirHotSpot ifname wlan0 type wifi ssid "TwinAIR"
# specifcy the security protocols to use
nmcli con modify TwinAirHotSpot wifi-sec.key-mgmt wpa-psk
# specify the PSK
nmcli con modify TwinAirHotSpot wifi-sec.psk 'Tw1n4IR!'
# now we need to set up ip addressing on the interface it is going to attached to
# we do not include a gateway here, otherwise traffic is not routed correctly,
# dnsmasq will do that for devices on the network.
nmcli conn modify TwinAirHotSpot ipv4.addresses 192.168.101.1/24 ipv4.method manual
# finally the wifi mode
nmcli con modify TwinAirHotSpot 802-11-wireless.mode ap 802-11-wireless.band bg
# this has taken the place of the dhcpcd.conf stuff from before
configure dnsmasq, by changing the file:
sudo vim /etc/dnsmasq.conf
and adding:
interface=wlan0
dhcp-range=192.168.101.10,192.168.101.99,12h
then restart dnsmasq:
sudo systemctl restart dnsmasq.service
(note: we don't need to do the hostapd stuff because that's now done by nmcli)
enable IP forwarding by uncommenting:
net.ipv4.ip_forward=1
in:
sudo vim /etc/sysctl.conf
NAT still needs to be setup using iptables, although this seems not to be installed by default any more so install first using:
sudo apt install iptables
now set up NAT with:
sudo iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
and make the rule permanent, by installing this package which then sorts things out for you.
sudo apt install iptables-persistent```