Wifi adaptor to build it wifi access point (internet sharing)

[ajtaggart]

I want to be able to connect multiple pis to one main Pi and have it share its Internet connection to them and provide static IPs. Currently I have a wireless adapter connected to the Internet on the main PI and im trying to use dnsmasq and hostapd to create an access point for other Pis to connect to and get Internet from the main Pi. Not a single tutorial has worked for me including the access point tutorial on the official website... not sure if its stretch or if i'm doing something wrong. The steps im following right now are below.

sudo apt-get update
sudo apt-get upgrade
sudo rpi-update

sudo apt-get install -y hostapd
sudo apt-get install -y dnsmasq

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf--->>>

network={
ssid="networkname"
psk="networkpassword"
}

--------------------------------

sudo reboot -h now

sudo systemctl stop dnsmasq
sudo systemctl stop hostapd

sudo nano /etc/dhcpcd.conf--->>>

interface wlan0
static ip_address=192.168.220.1/24

--------------------------------

sudo service dhcpcd restart

sudo nano /etc/hostapd/hostapd.conf--->>>

interface=wlan0
driver=nl80211

hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

ssid=Pi3-network
wpa_passphrase=raspberry

--------------------------------

sudo nano /etc/default/hostapd--->>>

#DAEMON_CONF="" --->>> DAEMON_CONF="/etc/hostapd/hostapd.conf"

--------------------------------

sudo nano /etc/init.d/hostapd--->>>

DAEMON_CONF= --->>> DAEMON_CONF=/etc/hostapd/hostapd.conf

--------------------------------

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

sudo nano /etc/dnsmasq.conf--->>>

interface=wlan0 # Use interface wlan0
listen-address=192.168.220.1 # Specify the address to listen on
bind-interfaces # Bind to the interface
server=8.8.8.8 # Use Google DNS
domain-needed # Don't forward short names
bogus-priv # Drop the non-routed address spaces.
dhcp-range=192.168.220.50,192.168.220.150,12h # IP range and lease time

--------------------------------

sudo sed -i '28 s/#//' sysctl.conf

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"


BUILT IN WIFI TO DONGLE------------------------------------------
sudo iptables -F
sudo iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
sudo iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT
-----------------------------------------------------------------

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

sudo sed -i '20i\iptables-restore < /etc/iptables.ipv4.nat\' rc.local

sudo systemctl start hostapd
sudo systemctl start dnsmasq

sudo reboot -h now

[SurferTim]

This may be a problem

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf--->>>

network={
ssid="networkname"
psk="networkpassword"
}

If you are using two wifi devices, you should split the wpa_supplicant.conf file. Save the client (wlan1) as
/etc/wpa_supplicant/wpa_supplicant-wlan1.conf
Ensure the wpa_supplicant.conf file has no network entry.

You can check the status of hostapd with this:

Code: Select all

sudo service hostapd status

It should show active (running).

Edit: Also check that the wifi devices are booting with the correct names. Compare the mac addresses. I have a usb wifi module that does not support ap mode. My onboard wlan device sometimes boots as wlan0, and other times as wlan1.

[ajtaggart]

Alright so i tried what you said and made two WPA supplicant files. It actually worked for a second then the network instantly went away... so still have some problems. Also the static IP for wlan0 (the access point) does not show up in ifconfig anymore not sure if that is because its an access point and it just wont show up. What is did is just make a copy of the original file and rename it for wlan1 and added a network. I did not chance the original files name. Also just to clarify I want the built in wifi "wlan0" to be the access point NOT wlan1 which is the wifi dongle. In the instructions I posted I accidents titled my IPtable rules wrong I meant to write this. My reasoning for this is because the dongle requires me to run some software to put it into AP mode and I don't want to deal with that, to my understanding the raspberry pis built in wifi is capable of AP mode not sure if I need to change a setting somewhere to put it into that mode though ... ? ALSO even though the network wont show up it still says Active while running sudo service hostapd status.


Dongle To Built in WIFI------------------------------------------
sudo iptables -F
sudo iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
sudo iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT

UPDATE: Im not seeing this debug out put while running the below command. Is this because the built in is not capable of AP mode ...?
pi@raspberrypi:~ $ sudo hostapd -d /etc/hostapd/hostapd.conf
random: Trying to read entropy from /dev/random
Configuration file: /etc/hostapd/hostapd.conf
rfkill: initial event: idx=0 type=1 op=0 soft=0 hard=0
rfkill: initial event: idx=1 type=1 op=0 soft=0 hard=0
rfkill: initial event: idx=2 type=2 op=0 soft=0 hard=0
nl80211: Supported cipher 00-0f-ac:1
nl80211: Supported cipher 00-0f-ac:5
nl80211: Supported cipher 00-0f-ac:2
nl80211: Supported cipher 00-0f-ac:4
nl80211: Supported cipher 00-0f-ac:10
nl80211: Supported cipher 00-0f-ac:8
nl80211: Supported cipher 00-0f-ac:9
nl80211: Using driver-based off-channel TX
nl80211: interface wlan0 in phy phy0
nl80211: Set mode ifindex 3 iftype 3 (AP)
nl80211: Failed to set interface 3 to mode 3: -95 (Operation not supported)
nl80211: Try mode change after setting interface down
nl80211: Set mode ifindex 3 iftype 3 (AP)
nl80211: Failed to set interface 3 to mode 3: -95 (Operation not supported)
nl80211: Interface mode change to 3 from 0 failed
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
nl80211: Remove monitor interface: refcount=0
netlink: Operstate: ifindex=3 linkmode=0 (kernel-control), operstate=6 (IF_OPER_UP)
nl80211: Set mode ifindex 3 iftype 2 (STATION)
nl80211 driver initialization failed.
hostapd_interface_deinit_free(0x13d1cd8)
hostapd_interface_deinit_free: num_bss=1 conf->num_bss=1
hostapd_interface_deinit(0x13d1cd8)
wlan0: interface state UNINITIALIZED->DISABLED
hostapd_bss_deinit: deinit bss wlan0
wlan0: AP-DISABLED
hostapd_cleanup(hapd=0x13d29a0 (wlan0))
hostapd_free_hapd_data: Interface wlan0 wasn't started
hostapd_interface_deinit_free: driver=(nil) drv_priv=(nil) -> hapd_deinit
hostapd_interface_free(0x13d1cd8)
hostapd_interface_free: free hapd 0x13d29a0
hostapd_cleanup_iface(0x13d1cd8)
hostapd_cleanup_iface_partial(0x13d1cd8)
hostapd_cleanup_iface: free iface=0x13d1cd8

[ajtaggart]

UPDATE: so the Access point works now , the interface names changed on me so wlan1 is now the built in wifi and wlan0 is the dongle. Right now we can connect to the AP network and ping the access point and all interfaces (eth0 and wlan0) BUT we have no internet access... not sure if this is because of IPtables or if we need a bridge between the two wifi interfaces??

[SurferTim]

Does your client device get network settings?

You must add a masquerade for your wlan that is your gateway to the internet. Mine is wlan1.

Code: Select all

sudo iptables -t nat -A  POSTROUTING -o wlan1 -j MASQUERADE

If you want your interfaces booting as a specific name, this is what I use:
Create file /etc/udev/rules.d/72-static-name.rules
Add this:

Code: Select all

ACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*",
ATTR{address}=="00:c0:ca:96:d8:8b", KERNEL=="w*",NAME="wlan0"

ACTION=="add", SUBSYSTEM=="net", DRIVERS=="?*",
ATTR{address}=="b8:27:eb:1e:56:52", KERNEL=="w*",NAME="wlan1"
 

Change the mac addresses to those of your devices.

[ajtaggart]

For the interface names I just enabled predictable network interface names to solve the swapping problem. (gonna need to find a way to enable that without running raspi-config later on) As for the IPtable rules, so what your saying is I need to MASQUERADE the provider and gateway? Also ill repost my rules using "gateway" and "provider" instead of interface names to prevent confusion haha. (provider is the one connected to the outside world and gateway is the one running hostapd and dnsmasq to share internet to other devices connected to the hostapd network)

sudo iptables -X
sudo iptables -F
sudo iptables -t nat -X
sudo iptables -t nat -F
sudo iptables -t nat -A POSTROUTING -o 'provider' -j MASQUERADE
sudo iptables -A FORWARD -i 'provider' -o 'gateway' -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i 'gateway' -o 'provider' -j ACCEPT

and what your saying is also add this line ? ->
sudo iptables -t nat -A POSTROUTING -o 'gateway' -j MASQUERADE

because adding that didn't change anything, AP still running fine and i can ping all my interfaces but still no Internet connection :/

[SurferTim]

Can you ping ips on the internet? Try pinging Google's dns server.

Code: Select all

ping 8.8.8.8

Edit: If you can't ping it, try traceroute and see where the route stops.

Code: Select all

traceroute 8.8.8.8

[ajtaggart]

output of trace route:
pi@raspberrypi:~ $ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 192.168.1.15 (192.168.1.15) 3093.748 ms !H 3093.630 ms !H 3093.587 ms !H


output of route:
pi@raspberrypi:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 303 0 0 wlan0
default 10.10.35.254 0.0.0.0 UG 304 0 0 wlx28f366aa5a6f
10.10.34.0 0.0.0.0 255.255.254.0 U 304 0 0 wlx28f366aa5a6f
192.168.1.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0

[SurferTim]

I see you have changed your entire setup for your AP. You'll need to post everything again. Originally, you were using the 192.168.220.x localnet, now you have 192.168.1.x.

[ajtaggart]

Yea sorry about that I made some changes and I didn't like that IP. BUT I did notice that the routes were incorrectly ordered and were choosing the wrong interface for internet requests. I fixed this by specifying the metric in dhcpcd.conf everything seems to be working as i want now but ill be trying to break it. Here is my current script (i run this once on pi setup).


echo "
Updating machine . . .
"

sudo apt-get update -y && sudo apt-get upgrade -y

echo "
Installing host services . . .
"
sudo apt-get install -y dnsmasq
sudo apt-get install -y hostapd
sudo apt-get install -y rng-tools


echo "
Generating new wpa_supplicant . . .
"

sudo cp /etc/wpa_supplicant/wpa_supplicant.conf /etc/wpa_supplicant/wpa_supplicant-wlx28f366aa5a6f.conf

sudo echo "network={
ssid=\"CSLabs\"
psk=\"1kudlick\"
}" | sudo tee -a /etc/wpa_supplicant/wpa_supplicant-wlx28f366aa5a6f.conf

echo "
Stopping host serices . . .
"

sudo systemctl stop dnsmasq
sudo systemctl stop hostapd


#-----------------------------------------------------------
echo "
Updating dhcpcd.conf . . .
"

sudo echo "interface wlan0
metric 300
static ip_address=192.168.1.15/24
static routers=192.168.1.1
static domain_name_servers=192.168.1.1

interface wlx28f366aa5a6f
metric 200" | sudo tee -a /etc/dhcpcd.conf

echo "
Rebooting daemon and dhcpcd service . . .
"

sudo systemctl daemon-reload

sudo service dhcpcd restart
#------------------------------------------------------------

echo "
Generating new hostapd.conf . . .
"

sudo echo "interface=wlan0
driver=nl80211
ssid=Pi-AP
channel=1
wmm_enabled=0
wpa=1
wpa_passphrase=raspberry
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
auth_algs=1
macaddr_acl=0
logger_stdout=-1
logger_stdout_level=2
" | sudo tee /etc/hostapd/hostapd.conf

echo "
Linking new hostapd.conf . . .
"

sudo sed -i '10s/.*/DAEMON_CONF="\/etc\/hostapd\/hostapd.conf"/' /etc/default/hostapd

sudo sed -i '19s/.*/DAEMON_CONF=\/etc\/hostapd\/hostapd.conf/' /etc/init.d/hostapd

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

echo "
Generating new dnsmasq.conf . . .
"

sudo echo "no-resolv #potentially needed
interface=wlan0
listen-address=192.168.1.15
server=8.8.8.8 # Use Google DNS
domain-needed # Don't forward short names
bogus-priv # Drop the non-routed address spaces.
dhcp-range=192.168.1.50,192.168.1.150,12h # IP range and lease time
#log each DNS query as it passes through
log-queries
dhcp-authoritative
" | sudo tee /etc/dnsmasq.conf

# IPTABLES: ------------------------------------------
echo "
Generating new iptable Rules . . .
"

sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t nat -A POSTROUTING -o wlx28f366aa5a6f -j MASQUERADE #--source 192.168.1.15
sudo iptables -A FORWARD -i wlx28f366aa5a6f -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o wlx28f366aa5a6f -j ACCEPT

echo "
Allowing ip_forward . . .
"

sudo sed -i '28 s/#//' /etc/sysctl.conf

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

echo "
Saving / Restoring iptables . . .
"

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

sudo sed -i '20i\iptables-restore < /etc/iptables.ipv4.nat\' /etc/rc.local

echo "
Starting host services . . .
"

sudo systemctl daemon-reload

sudo systemctl start dnsmasq
sudo systemctl start hostapd

echo "
Getting Tired . . Time to reboot . . .
"
sleep 1

sudo reboot -h now



# DEBUG --->>>
# sudo service hostapd status
# sudo hostapd -dd /etc/hostapd/hostapd.conf
# sudo service rng-tools status

[SurferTim]

So what device on the wifi localnet is 192.168.1.1?

[ajtaggart]

Are you talking about the dhcpd.conf ? I forgot to change those lines but I actually shouldn't need them anymore

[SurferTim]

When I install an access point, I use 192.168.4.1/24. Many routers use 192.168.0.1/24 or 192.168.1.1/24 as a localnet. If you use the same wireless localnet as your router's ethernet localnet, you will have serious routing problems.

[ajtaggart]

i took those lines out and it has been working fine. I do have a problem though i need to enable predictable network names by default without using raspi-config. But cant seem to find what files raspi-config changes to enable predictable names. Do you have any idea how to do this?