Dies ist eine alte Version des Dokuments!
Raspberry Pi als WLAN Access Point nutzen
Um möglichst überall im Haus mit WLAN versorgt zu sein, bedarf es meistens eines teuren WLAN-Repeaters oder eines zusätzlichen Access-Points. Beides ist mit einem Raspberry Pi kostengünstig umsetzbar und hier erfahren Sie, wie einfach Sie einen WLAN-Access-Point mit einem Raspberry Pi und einem günstigen WLAN-Stick aufbauen können.
Voraussetzungen
Natürlich benötigen Sie zuerst einen Raspberry Pi mit Netzteil, SD-Karte (mit installiertem Raspbian) und ein LAN-Kabel. Außerdem benötigen Sie einen WLAN-Stick/-Dongle, den Sie schon für weniger als 10€ bei Amazon kaufen können. Bedenken Sie bei der Wahl der Position des Raspberry Pis, dass dieser möglichst viel Raum mit WLAN abdecken soll und platzieren Sie diesen daher möglichst zentral.
Installation & Einrichtung
Nachdem der Raspberrry Pi nun seinen Platz gefunden hat und angeschlossen ist, verbinden Sie sich mittels SSH und aktualisieren Sie zuerst alle Pakete und den Kernel, damit die Unterstützung für möglichst jeden WLAN-Stick sichergestellt ist:
sudo apt-get update && sudo apt-get dist-upgrade -y sudo rpi-update sudo reboot
Prüfen Sie nun, ob der WLAN-Stick erkannt wird, indem Sie dazu lsusb auf dem Terminal eingeben. Die Ausgabe der letzten Zeile sollte dann folgendermaßen (oder ähnlich) aussehen:
Bus 001 Device 005: ID 0bda:8176 Realtec Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter
Anschließend können Sie die nötigen Pakete hostapd und dnsmasq installieren:
sudo apt-get install hostapd dnsmasq
Access Point einrichten
Zuerst müssen Sie dem WLAN-Stick eine feste IP-Adresse zuweisen. Editieren Sie dazu die Datei /etc/network/interfaces, sodass der Inhalt nun folgendermaßen aussieht:
auto lo iface lo inet loopback # ... iface wlan0 inet static address 192.168.2.1 netmask 255.255.255.0
Wichtig ist, dass wlan0 nur einmalig in dieser Datei genannt werden darf!
Nun muss hostapd eingerichtet werden. Dazu editieren Sie zunächst die 10. Zeile in der Datei /etc/default/hostapd:
# Defaults for hostapd initscript # # See /usr/share/doc/hostapd/README.Debian for information about alternative # methods of managing hostapd. # # Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration # file and hostapd will be started during system boot. An example configuration # file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz # DAEMON_CONF="/etc/hostapd/hostapd.conf" # Additional daemon options to be appended to hostapd command:- # -d show more debug messages (-dd for even more) # -K include key data in debug messages # -t include timestamps in some debug messages # # Note that -B (daemon mode) and -P (pidfile) options are automatically # configured by the init.d script and must not be added to DAEMON_OPTS. # #DAEMON_OPTS=""
Und schließlich muss die dort angegebene Deamon-Konfiguration erstellt und mit den gewünschten Einstellungen gefüllt werden. Dazu kopieren Sie einfach diese Konfiguration (mit eventuellen Anpassungen) in die /etc/hostapd/hostapd.conf-Datei. Die wichtigste Anpassung ist die des verwendeten Treibers. Bei den meisten Edimax-Dongles muss nichts nachinstalliert werden, sodass Sie hier den Treiber verwenden können, den die Eingabe von dmesg nach dem Einstecken des Dongles selbst anzeigt.
# Genutztes Interface, muss bei Bedarf geändert werden (siehe "ifconfig"-Ausgabe) interface=wlan0 # Realtek-Treiber, muss bei anderem Hersteller angepasst werden driver=rtl871xdrv # Deamon-Einstellungen ctrl_interface=/var/run/hostapd ctrl_interface_group=0 # WLAN-Konfiguration ssid=Raspberry Pi channel=1 hw_mode=g ieee80211n=1 # WLAN-Sicherheit (Passwort unbedingt anpassen!) wpa=2 wpa_passphrase=passwort123456 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP rsn_pairwise=CCMP # Ländercode country_code=DE
Zum Abschluss muss ein Client noch eine IP-Adresse erhalten, wenn er sich beim Access Point anmeldet. Dazu editieren Sie die dnsmasq-Konfiguration unter /etc/dnsmasq.conf folgendermaßen:
# Configuration file for dnsmasq. # ... # If you want dnsmasq to listen for DHCP and DNS requests only on # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. interface=wlan0 # ... # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. dhcp-range=192.168.2.2,192.168.2.100,255.255.255.0,12h # ...
Somit vergibt der Raspberry Pi nun IP-Adressen im Bereich von 192.168.2.2 bis 192.168.2.100 für jeweils 12 Stunden. Starten Sie nun die beiden Services neu und verbinden Sie sich mit dem neuen WLAN „Raspberry Pi“. Zwar haben Sie noch keine Internet-Verbindung, jedoch können Sie (falls installiert) unter 192.168.2.1 einen Webserver erreichen.
sudo service hostapd restart sudo service dnsmasq restart
Internet-Verbindung weiterleiten
Damit nun auch die WLAN-Clients eine Verbindung zum Internet erhalten, müssen Sie ein paar weitere Einstellungen vornehmen: Entfernen Sie zunächst die Raute vor dieser Zeile in der Datei /etc/sysctl.conf:
# Uncomment the next line to enable packet forwarding for IPv4 #net.ipv4.ip_forward=1
Und lesen Sie die Datei anschließend erneut ein:
sudo sysctl -p
Nun weisen Sie iptables an, den Internet-Traffic von wlan0 auf eth0 weiterzuleiten, indem Sie folgendes Skript bei jedem Neustart des Raspberry Pis ausführen lassen. Legen Sie dazu eine Datei unter /etc/network/if-up.d/accesspoint an und kopieren Sie folgenden Inhalt dort hinein:
#!/bin/sh iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE iptables --append FORWARD --in-interface wlan0 -j ACCEPT
Schließlich machen Sie diese Datei noch ausführbar und starten den Raspberry Pi neu:
sudo chmod +x /etc/network/if-up.d/accesspoint sudo reboot
Abschluss
Nun können Sie sich mit dem Access Point verbinden und haben eine funktionierende Internetverbindung.
Sollten Sie jedoch weiterhin nicht das Internet erreichen können, prüfen Sie folgende Fehlerquellen:
- Wurden die iptables-Einstellungen übernommen? Führen Sie die beiden Zeilen (s.o.) mit einem vorgestellten sudo einzeln aus und prüfen Sie die Verbindung erneut.
- Dem Gerät ist der Gateway unbekannt? Fügen Sie folgenden Zeile in die dnsmasq-Konfiguration ein:
dhcp-option=3,192.168.2.1
- Die Treiber für Ihren WLAN-Stick fehlen? Meist bieten die Hersteller auch Linux-Treiber an; andernfalls gibt es auch zu vielen Modellen bereits detaillierte Anleitungen in Foren oder Blogs.
Raspberry Pi as Access Point
Equipment List Below are all the bits and pieces that I used for this Raspberry Pi Wireless Access Point tutorial, there is nothing super special that you will need to be able to complete this. Recommended:
- Raspberry Pi 2 or 3
- Micro SD Card or a SD card if you’re using an old version of the Pi.
- Wifi dongle (The Pi 3 has WiFi inbuilt)
- Ethernet Connection
Optional:
- Raspberry Pi Case
Setting up the Wireless Access Point
As with most tutorials I do, this one just uses a clean version of Raspbian that has been updated to the latest packages. To setup the Raspberry Pi wireless access point we will be making the use of two packages. These two packages are hostapd and dnsmasq. hostapd is the package that allows us to utilize a Wi-Fi device as an access point, in our case we will be utilizing this to turn the Raspberry Pi 3’s Wi-Fi into our access point. The other package, dnsmasq acts as both a DHCP and DNS server so that we can assign IP addresses and process DNS requests through our Raspberry Pi itself. As a bonus dnsmasq is very easy to configure while being somewhat lightweight in comparison to isc-dhcp-server and bind9 packages.
Remember for this specific Raspberry Pi tutorial we will need to be utilizing an ethernet network connection and not the Wi-Fi connection.
1. Before we get started installing and setting up our packages, we will first run an update on the Raspberry Pi by running the following two commands.
sudo apt-get update sudo apt-get upgrade
2. With that done we can now install our two packages, run the following to commands to install hostapd and dnsmasq.
sudo apt-get install hostapd sudo apt-get install dnsmasq
3. With the packages now installed we will want to deny any interfaces from using our wlan0 connection, this will help ensure it is free for our access point. To do this we need to edit our dhcpd configuration file with the following command:
sudo nano /etc/dhcpcd.conf
4. Within this file we need to add the following line to the bottom. However, if you have any interfaces there, then make sure you place it above those as it is needed to override them.
denyinterfaces wlan0
Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.
5. Now we need to setup and configure our static IP address for the wlan0 connection, we will do this within our interfaces file. Begin editing this file by running the following command:
sudo nano /etc/network/interfaces
6. Within this file change the wlan0 section so it looks like below, this will setup the static ip address and allow hot plugging on the wlan0 connection.
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.220.1
netmask 255.255.255.0
network 192.168.220.0
broadcast 192.168.220.255
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
Now we can save and quit out of the file by pressing Ctrl +X then Y and then Enter.
7. Now we need to restart our dhcpd service so it will load in all our configuration changes, we also need to reload our wlan0 interface to make sure it’s loaded in our interface changes. Run the following two commands to reload both:
sudo service dhcpcd restart sudo ifdown wlan0 && sudo ifup wlan0
8. Next, we need to adjust our hostapd configuration, to do this we need to begin editing the config file with the following command:
sudo nano /etc/hostapd/hostapd.conf
9. In this file we need to write out the following lines, these basically set up how we want to interact with the wlan device. The only real lines you should worry about in this file is the ssid= line and the wpa_passphrase= line.
NOTE: If you are doing this tutorial with a different Wi-Fi device then the inbuilt Pi 3 one, you may have to also change the driver= line to the best driver for your device, google will be your friend for working out what the best driver to use is.
interface=wlan0 driver=nl80211 hw_mode=g channel=6 ieee80211n=1 wmm_enabled=1 ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] macaddr_acl=0 ignore_broadcast_ssid=0 # Use WPA2 auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP # This is the name of the network ssid=Pi3-AP # The network passphrase wpa_passphrase=raspberry
Remember to change wpa_passphrase to your own password, make sure you set it to something secure so random people can’t just connect into your Wi-Fi access point. Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.
10. With that done we should now have our hostapd configuration, but before it can be used we need to edit two files. These files are what hostapd will read to find our new configuration file. To begin editing the first of these two files run the following command:
sudo nano /etc/default/hostapd
11. In this file, we need to find the following line and replace it: Find:
#DAEMON_CONF=""
Replace with:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.
12. Now we need to edit the second configuration file, this file is located within the init.d folder. We can edit the file with the following command:
sudo nano /etc/init.d/hostapd
13. In this file, we need to find the following line and replace it: Find:
DAEMON_CONF=
Replace with:
DAEMON_CONF=/etc/hostapd/hostapd.conf
Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.
14. With hostapd now set up we need to move onto setting up dnsmasq, before we begin editing its configuration we will move the default one to a new location. We can do this with the following command:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
15. Now that the original configuration file is moved out of the way we can begin by creating our own new configuration file. We will create and edit the new file with the following command:
sudo nano /etc/dnsmasq.conf
16. To this file add the following lines, these lines basically tell the dnsmasq service how to handle all the connections coming through.
interface=wlan0 # Use interface wlan0 listen-address=192.168.220.1 # Specify the address to listen on bind-interfaces # Bind to the interface server=8.8.8.8 # Use Google DNS domain-needed # Don't forward short names bogus-priv # Drop the non-routed address spaces. dhcp-range=192.168.220.50,192.168.220.150,12h # IP range and lease time
Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.
17. Next, we need to configure your Raspberry Pi so that it will forward all traffic from our wlan0 connection over to our ethernet connection. First we must enable it through the sysctl.conf configuration file, so let’s begin editing it with the following command:
sudo nano /etc/sysctl.conf
18. Within this file you need to find the following line, and remove the # from the beginning of it. Find:
#net.ipv4.ip_forward=1
Replace with:
net.ipv4.ip_forward=1
19. Now since we are impatient and don’t want to wait for it to enable on next boot we can run the following command to activate it immediately:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
20. With IPv4 Forwarding now enabled we can configure a NAT between our wlan0 interface and our eth0 interface. Basically, this will forward all traffic from our access point over to our ethernet connection. Run the following commands to add our new rules to the iptable:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
21. Of course iptables are flushed on every boot of the Raspberry Pi so we will need to save our new rules somewhere so they are loaded back in on every boot. To save our new set of rules run the following command:
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
22. Now with our new rules safely saved somewhere we need to make this file be loaded back in on every reboot. The most simple way to handle this is to modify the rc.local file. Run the following command to begin editing the file:
sudo nano /etc/rc.local
23. Now we are in this file, we need to add the line below. Make sure this line appears above exit 0. This line basically reads the settings out of our iptables.ipv4.nat file and loads them into the iptables. Find:
exit 0
Add above “exit 0”:
iptables-restore < /etc/iptables.ipv4.nat
Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.
24. Finally all we need to do is start the two services and enable them in systemctl. Run the following two commands:
sudo service hostapd start sudo service dnsmasq start
25. Now you should finally have a fully operational Raspberry Pi wireless access point, you can ensure this is working by using any of your wireless devices and connecting to your new access point using the SSID and WPA Passphrase that was set earlier on in the tutorial. To ensure everything will run smoothly it's best to try rebooting now. This will ensure that everything will successfully re-enable when the Raspberry Pi is started back up. Run the following command to reboot the Raspberry Pi:
sudo reboot
This is yet another great project for the Raspberry Pi that can be extended to make it an extremely useful utility. As I mentioned above you can make this a WiFi access node where you can route all the internet traffic through a VPN.
I hope this Raspberry Pi Wireless access point tutorial has helped you be able to expand your wireless network. If you come across any issues or have some feedback related to this tutorial, then please don’t hesitate to leave a comment below.
https://www.raspberrypi.org/documentation/configuration/wireless/access-point-routed.md