A WiFi Access Point (Basic Service Set, BSS) is the transition from a wired to a wireless network. The WiFi access point establishes access to the wired network and vice versa within a radio cell (spatial propagation of the radio signals).
There are several ways to set up a WiFi access point.
- Wireless Bridge
- WiFi router
- Wifi Repeater
Wireless LAN Adapter
Not all WLAN adapters are equally suitable for the operation of an access point. Here is a small overview with which WLAN adapters it works and with which not.
- Integrated WLAN adapter from Raspberry Pi / IEEE 802.11n (working)
- Noname 150 Mbps: Mediatek / Ralink RT5370 / IEEE 802.11n (working)
- Noname 150 Mbps: Mediatek / Ralink MT7601u / IEEE 802.11n (does not work)
- Noname 300 Mbps: Mediatek / Ralink RT5372 / IEEE 802.11n (working, unstable)
- Alfa AWUS036H: Realtek RTL8187 / IEEE 802.11g (does not work)
- Alfa AWUS036EW: Realtek RTL8187 / IEEE 802.11g (does not work)
- Edimax EW-7811Un : Realtek RTL8188CUS / IEEE 802.11n (working)
- TP-Link TL-WN722N : Atheros AR9271 / IEEE 802.11n (working)
- TP-Link TL-WN821N V4 : Realtek RTL8192CU / IEEE 802.11n (working)
- TP-Link TL-WDN4200 V1.0 : Mediatek / Ralink RT3573 / IEEE 802.11n (working)
In general, it can be said that WiFi adapters with Realtek chipset are hardly suitable for operating a WLAN bridge or an access point. For these chipsets you need a special driver or a custom “hostapd”. The best are WLAN adapters with Ralink and Atheros chipset, or you can use a Raspberry Pi with its integrated WLAN adapter.
Setup Raspberry Pi as WiFi bridge
If you already have an Internet access router or a DSL router and only want to extend the local network with additional Wi-Fi access, you are more likely to set up a network bridge. A network bridge connects two network segments together. In this case, the wired network with wireless clients. The connected computers are all in the same logical IP network and receive their IP configuration from the same address range.
Of course, operating Raspberry Pi as a network bridge requires that the local network already has a DHCP server, a DNS server, and a default gateway.
Setup Raspberry Pi as a wireless router
A WLAN router provides its own IP configuration to the WLAN clients via its integrated access point. The WiFi access point then has a DHCP and DNS server. So you configure your own IP network.
Setup Raspberry Pi as a wireless repeater
A Raspberry Pi, which is configured as a wireless repeater, is a wireless access point that receives, reprocesses, and re-radiates weak radio signals. A WLAN repeater basically increases the range of a WiFi access point. The repeater function is practically a radio extension.
Those who set up and commission their own network components are also responsible for this. With these solutions you can possibly shoot yourself in the knee. If you think that the solutions presented here are finished, then that is a mistake. If you do not take additional security measures, then you break yourself with these configurations a security hole in the local network.
Basically, a WiFi access point is an extension of the local network. About the same as hanging a network cable out the window. You never know who connects to the network and what they do.
Basically, the WLAN must be encrypted as in this configuration. Everything else is negligent. Since breaking WiFi encryption with WPA is costly but not impossible, it should be assumed that the attacker can gain access to the WLAN. For that reason you should make some arrangements.
A good idea is to restrict SSH access to Raspberry Pi. Either only over the LAN and not over the WLAN or one turns it off completely. Then you always have to change the screen and keyboard when making changes. Yes, that’s awkward, but it increases security enormously.
If that does not work then you should at least choose a secure password for the user “pi”. Because this is also used for SSH access. You can also limit the login attempts.
Furthermore, it should be made clear that the Wi-Fi password is in plain text in the hostapd configuration file. If an attacker has somehow gained access to the local network and then gets on Raspberry Pi, then he can get the WLAN password and make any further attacks unnoticed via the WLAN.
One should not take safety lightly. In this form, Raspberry Pi is ideal for man-in-the-middle attacks. It is important to ensure that third parties can not get access to the device.
Note: Raspberry Pi as a wireless access point
Raspberry Pi unfortunately has several disadvantages, which is why it is only partially suitable as a WiFi access point.
- The Ethernet interface of Raspberry Pi hangs together with the WLAN adapter on the single USB port of the CPU. Here, the data traffic must once via the wireless adapter and a second time via the Ethernet interface. Forced the Wi-Fi performance is forced by the limited USB connection and by the double transfer to his knees.
- Raspberry Pi is a mini-computer in terms of computing power and storage capacity, significantly oversized for this purpose. The facility is error prone, cumbersome and may not be safe.
- Raspberry Pi as a WiFi access point is comparatively expensive. If you calculate the costs for Raspberry Pi (30 USD), power supply (5 USD), housing (5 USD), SD card (5 USD) and WLAN adapter (10 USD), you will get at least 60 USD. Let’s assume that we recycle unused equipment, but we hardly get below 50 USD.
No matter which solution, as a WiFi access point, Raspberry Pi is not suitable for its interface performance. Apart from that, Raspberry Pi with the necessary equipment is more expensive than a wireless router. If you seriously and permanently want to operate a WiFi access point, you should take a look at OpenWRT and get a cheap compatible router to do so. Price, but also from the comfort is much more interesting.
There are actually only two useful applications for a Raspberry Pi as a WiFi access point. That’s the network monitoring. The other is man-in-the-middle attacks.