Typically, WiFi routers for Internet access are also Wifi access points. In such cases, the access point has a DHCP and DNS server. So you configure your own IP network. But if you already have a DHCP and DNS server in the local network, the operation of an additional wireless router does not make much sense. Especially because the cascading of routers unnecessarily creates difficulties. This usually manifests itself with connection problems.
In general, it is sufficient to operate Raspberry Pi as a network bridge, which mediates the data packets and connections between Wifi and LAN.
A network bridge, in English Bridge, connects two network segments. The connected computers are all in the same logical IP network and receive their IP configuration from the same address range.
Of course, operating Raspberry Pi as a network bridge requires that the local network already has a DHCP server, a DNS server, and a default gateway.
task
- Check if the Wifi adapter has an access point mode.
- Set up the wireless adapter as a wireless LAN access point.
- Set up the Ethernet port as a transition to the wired network.
Note: Name of the network interfaces
Since Raspbian Stretch, the Ethernet and Wifinetwork interfaces have different names. So no longer “eth0” and “wlan0”, but “enx …” and “wlx …”. This concerns USB-connected network adapters whose names differ from the designations mentioned here. This means that one must first determine the individual name or change the naming to the old method.
Check requirements
To avoid setup problems, it is recommended to use a fresh Raspbian image. A Raspbian Jessie Lite is sufficient. In addition, you should make sure that the wireless adapter used with Raspberry Pi basically works and controls the access point mode. It works with the internal Wifi adapter inĀ Raspberry Pi 3.
First of all, let’s see if the intended Wifi adapter is in AP mode. To check this, the wireless tools must be installed.
sudo apt-get install iw
iw list | grep AP
If this command ejects one or more lines with “AP”, then everything is in the green zone and the Wifi adapter dominates the access point mode. Then the Wifi adapter is suitable for our task. If not, then you should get another Wifi adapter.
In Raspbian Jessie, a DHCP Client Daemon (DHCPCD) is enabled by default. The network configuration is done in the file ” /etc/dhcpcd.conf “. For a part of the configuration of the network bridge we use the file “/ etc / network / interfaces” here. The DHCP Client Daemon is not affected.
However, it is important to determine if the dhcpcd is active at all.
systemctl status dhcpcd
Then we have to make sure that both the Ethernet interface (eth0) and the Wifi adapter (wlan0) are working and in place.
ip l
Both network interfaces (eth0 and wlan0) must be present. The IP configuration is irrelevant.
Update system and install software
If Raspberry Pi and the WiFi adapter meet all requirements, then we can get started. We start with the installation of the necessary software. Before that we do a system update.
sudo apt-get update
sudo apt-get upgrade
> Then we need two things: once an access point daemon and software for the network bridge. The Host Access Point Daemon (HostAPD), in short “hostapd”, is a Wifi authenticator. He takes care of offering encrypted Wifi functions and the required authentication of the Wifi clients. For example via WPA2-PSK.
“bridge-utils” contains libraries and commands to set up network bridges.
sudo apt-get install hostapd bridge-utils
After the installation, the configuration of the Wifi AP host and the network bridge is done.
Configure WiFi AP Host (hostapd)
The configuration of the wireless AP host:
sudo nano /etc/hostapd/hostapd.conf
The file should not exist yet and be empty. If the file does exist, then you should completely override it.
In the file we enter the following minimal configuration. Of course, there are even more parameters that are irrelevant in this case.
# Bridge operation
bridge = br0
# Interface and driver
interface = wlan0
# Driver = nl80211
# WLAN configuration
ssid = WLANbridge
channel = 1
hw_mode = g
ieee80211n = 1
ieee80211d = 1
country_code = EN
wmm_enabled = 1
# Wi-Fi encryption
auth_algs = 1
wpa = 2
wpa_key_mgmt = WPA-PSK
rsn_pairwise = CCMP
wpa_passphrase = test test
Three settings have to be made individually. One is the Wifi name (“ssid”), the channel (“channel”), which can be freely configured from 1 to 13, but you do not have to change anything here. You may have to change the channel here, if a Wifi analysis shows that already several other Wifis occupy this channel. In principle, several Wifis can occupy the same channel. This is better than when the channels overlap.
The third parameter is the Wifi password (“wpa_passphrase”). Here you should enter a password of at least 8 characters in clear text.
If you already have a wireless access point, then it is not wrong to use its Wi-Fi name and Wi-Fi password. The clients then automatically select the Wifi for which there is better reception. To test whether the configured Wi-Fi bridge actually works, you should temporarily select a different Wifi name (“ssid”).
Note on the Wifi driver: There is the parameter “driver” in this configuration file, which is commented out (#). Normally “hostapd” automatically loads the correct driver. Of course, that does not work. Then you have to explicitly specify the correct driver here.
Then save and close with Ctrl + O, Return, Ctrl + X.
Because this file contains the Wifi password in plain text, only the user “root” should have read access to this file.
sudo chmod 600 /etc/hostapd/hostapd.conf
Do not worry, with the user “pi” you can change and save the file at any time.
Configure and commission the network bridge
Now we have to configure the bridge and the network interfaces.
sudo nano /etc/network/interfaces
For this purpose, we make the following minimal configuration in the configuration file for the network settings.
# Localhost
car lo
iface lo inet loopback
# Ethernet
car eth0
allow-hotplug eth0
iface eth0 inet manual
# WIRELESS INTERNET ACCESS
car wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wireless power off
# Network bridge
car br0
iface br0 inet dhcp
bridge_ports eth0 wlan0 # build bridge
bridge_fd 0 # no forwarding delay
bridge_stp off # disable Spanning Tree Protocol
Then save and close with Ctrl + O, Return, Ctrl + X.
It would also be conceivable to give the Ethernet interface a static IP configuration. This need not be. In this form, the Wifi bridge has the advantage that it works on any local network if the IPv4 configuration is delivered via DHCP. If IPv6 is enabled then it works as well.
Note: If you intend to give Raspberry Pi a static IPv4 address, then configure the br0 interface, not “eth0” or “wlan0”, otherwise you will no longer be able to connect to Raspberry Pi via SSH ,
For a static IP configuration, it is also recommended to deactivate the DHCPCD.
sudo service dhcpcd stop
sudo systemctl disable dhcpcd
More information:
For all changes to be accepted, we recommend a restart now.
sudo reboot
After the restart, you should check whether the network bridge has gone into operation.
brctl show
Note: Do not be confused by the fact that only the interface “eth0, but” wlan0 “has not yet been added, the interface” wlan0 “will not be added to the network bridge until the interface goes live with” hostapd “.
Commission WiFi-AP host (hostpad)
First we start the “hostapd” with the option “-dd” in debug mode. We will see “all” error messages.
sudo hostapd -dd /etc/hostapd/hostapd.conf
In debug mode (parameter -dd), “hostapd” will always produce messages, which need not be error messages. The debug mode is very informative in this case. If the configuration is correct and the Wifi adapter plays along, the configuration runs through. The program will not be finished. That is, “hostapd” does not return for command input. It can be ended with “Ctrl + C”.
If the “hostapd” crashes, then something is wrong. However, the errors are extremely diverse and the associated error messages are not always clear. A popular error is the missing “sudo” when calling the command.
Other sources of error can be ruled out if you make sure that the wireless adapter works in principle and mastered the AP mode.
Another source of error is the distribution used. It will definitely work with “Raspbian”. Other stripped-down distributions can cause problems.
You can also call “hostapd” normally.
sudo hostapd /etc/hostapd/hostapd.conf
A good sign is when the message “wlan0: AP-ENABLED” appears. Then you can test the Wifi bridge. For this one tries with a Wifi client to find the Wifi and log in there.
In the command line you can observe how the Wifi client logs in (CONNECTED) and also logs it out again (DISCONNECTED) when it ends the connection.
Note: If you make the configuration via SSH, then you should do the testing of the Wifi bridge with another client, because otherwise you shoot the SSH connection by changing the wireless network.
With the installation of “hostapd” it is automatically started in the background when booting. However, you still have to tell the daemon where to find its configuration.
If “hostapd” is still running, then we end it with “Ctrl + C”. Then we open a configuration file:
sudo nano /etc/default/hostapd
In it we add the following parameters:
RUN_DAEMON = yes
DAEMON_CONF = "/etc/hostapd/hostapd.conf"
Then save and close with Ctrl + O, Return, Ctrl + X.
After a restart, “hostapd” will be started automatically with the created configuration. The Wifi bridge should then be available as a Wifi access point.
sudo reboot
Troubleshooting: Check “hostapd”
The status of “hostapd” can be checked as follows:
sudo systemctl status hostapd
The “hostapd” has been activated when the following message appears: ” Starting advanced IEEE 802.11 management: hostapd. ”
If not, the following error message appears: ” Starting advanced IEEE 802.11 management: hostapd failed! ”
Then please check whether the Wifi adapter dominates the AP mode:
iw list | grep AP $
If not, no output will appear here. So you should use a different wireless adapter.
Another problem can be caused by the DHCPCD, because the interface breaks under the nail and thus can prevent the commissioning of the bridge.
To do this we open the configuration file of the DHCPCD and enter a line there.
sudo nano /etc/dhcpcd.conf
Exclude network interface from the configuration by the DHCPCD:
deny interfaces eth0
This line excludes the relevant interface from the network configuration.
Troubleshooting: Check network bridge
The operation of this Wifi bridge can fail in practice on one thing or another. As a rule, it is difficult to get to the bottom of the reasons.
Basically, the Wifi interface is only added to the bridge when the “hostapd” goes into operation successfully.
If so, then you can see if the bridge has also gone into operation.
brctl show
Here in the column “interfaces” both “eth0” and “wlan0” must be listed.
Note: It may take a few seconds for the bridge to add all the interfaces. Therefore, do not panic immediately, if not yet both interfaces are displayed.
If you are unsure at the point, then you should take a look at the system messages.
dmesg
dmesg | grep br0 There should be the following lines:
device wlan0 entered promiscuous mode
br0: port 2 (wlan0) entered forwarding state
If not, then you should look for error messages related to “wlan0” and “br0”.
One should know that there are USB sticks (regardless of the chipset), which are quite bitchy during initialization during the boot process. For example Fritz Wifi sticks of AVM. The initialize first a drive (for the driver installation). Only then does the stick go into Wifi operation. Corresponding instructions can be found with “dmesg”.
This of course has consequences for the automatic start of “hostapd”. It can only go into operation if the Wifi interface is available.
It may well be that you have to wait one to two minutes after the boot process on the wireless interface.
ip a
If it exists, try to start the “hostapd” manually.
sudo systemctl start hostapd
sudo systemctl status hostapd
If the service was started, then it is basically.
iw wlan0 info
If you want to know later, which MAC addresses (Wifi clients) are connected to the bridge:
brctl showmacs br0
If you changed the configuration
If you change the hostapd configuration during operation, then you should make a restart of the “hostapd” afterwards.
sudo systemctl restart hostapd
Alternatively, you can stop it and start again.
sudo systemctl stop hostapd
sudo systemctl start hostapd
If the automatic start in the background is not desired when booting, you can also turn it off with:
sudo systemctl disable hostapd
The automatic start in the background when booting can be optionally switched on with:
sudo systemctl enable hostapd
Notes on Raspberry Pi as a WiFi bridge
No matter which solution, as a Wifi access point, Raspberry Pi is not so well suited for its interface performance. The facility is error prone, cumbersome and may not be safe. Apart from that, the Raspberry Pi with the necessary equipment is more expensive than a wireless router. If you seriously and permanently want to operate a wireless access point, you should take a look at OpenWRT and get a cheap compatible router to do so. Price, but also from the comfort is much more interesting.
safety instructions
Anyone who sets up and starts up their own network components also takes responsibility for this. With this solution, you can possibly shoot yourself in the knee. If you think that the solution presented here is finished, then that is a mistake. If you do not take any additional security measures, then you break yourself with this network bridge a security gap in the local network.
Please observe the safety instructions for operating a Wifi access point.
Extension: Use the WiFi bridge as man-in-the-middle for network monitoring
This WiFi bridge is great for recording network traffic. For example, for network monitoring or for man-in-the-middle attacks.
A man-in-the-middle is a network device capable of listening, recording and manipulating network traffic. For this to succeed, the corresponding device must be in a network connection between two endpoints. That’s exactly the case with the Wifi bridge.
Leave a Reply