How-To: Simple Wireless Repeater - Jessie


5 posts
by paulv » Tue Mar 29, 2016 10:01 am
[Updated]
For my Netflix Geo-unblock project, I needed a way to test my VPN connection without getting up from my chair and travel to another SOHO location.

Normally, you can only test the correct setup of a VPN link when you go to the public internet, outside of your SOHO local network, and let the VPN client knock on the door of the router and firewall to see if it can get access and connect to the VPN server on the local network.

To build a test-rig that would allow me to setup and test the VPN without moving about, I needed a wireless repeater. There are several how-to’s and tutorials on the web, all a bit different, and most not suitable for Jessie.

In a nut-shell, it’s not much different from setting up a wireless Access Point, and I already figured that out. You can follow my project and the instructions for the AP here:

https://www.raspberrypi.org/forums/viewtopic.php?f=35&t=138934&p=921795#p921795

Just follow steps 1 through 8 as a reference.

Because the wireless repeater is a little different, I’ll go though the steps quickly here, and only elaborate on the differences.

What we’ll need :
• A Raspberry Pi. I will use a Model (1) B.
• A USB WiFi Adapter (I use the Edimax Wireless 802.11b/g/n nano USB adapter) ID 7392:7811.This is the same Edimax adapter I used for the AP, because I know it works with a special hostapd.
• A second USB WiFi Adapter. This second adapter one can be of a different type, as long as it is supported by Jessie and the Pi. If it is also an Edimax, all the better.
• An SD card, 2 GB is enough for Jessie-lite. Speed is not important.
• Power supply that is capable of powering the Pi and two USB wireless devices.
• An HDMI cable to a TV/Monitor that will act as a console

First step is to put a working and up-to-date version of Jessie-Lite on the SD card. When you boot it up the first time, put both WiFi adapters in USB slots. Connect the Pi with a LAN cable to your SOHO network. Connect the Pi with an HDMI cable to the monitor. When you boot the Pi, you’ll see an IP address appearing that you can use to get headless access to the Pi through PuTTY.

NOTE:
During the setup, you can use the Pi connected to your router, but when you run it as a Repeater, you have to disable the LAN connection by making sure the eth0 interface is not assigned, and there is no LAN cable connecting your Pi to the router anymore. This connection will mess-up the Repeater function between the two wireless interfaces.

Now run run raspi-config (important: create a new strong! password, and create a different hostname (rpt-rpi), after that do an update/upgrade of everything. Look at the other post for details if you need that.

Get that done first before you continue.

1. Setting the Wireless Interfaces wlan0 & wlan1
As a first step, we need to figure out what WiFi USB adapter was assigned to what interface by Jessie. If you have two Edimax adapters that are the same, you can skip this step.

We must use the interface the Edimax is assigned to for the Access Point (AP), and the other adapter to communicate to the Router. The Ethernet interface (eth0) will be used to SSH into the Pi so we can run it headless. It would be nice if you could assign a particular interface to an adapter by using the MAC address. You were able to do that earlier with “hwaddress ether MAC-address” in /etc/network/interfaces, but I could not get that to work. All other procedures were too complex or cumbersome, so I decided to bend with the wind, rather than fight it.

Run iwconfig and note the “Nickname” of the adapters to get an idea of what adapter was assigned to wlan0 and wlan1. My Edimax adapter reported "<WIFI@REALTEK>" in the wlan1 field, so I need to use wlan1 as the AP interface and use wlan0 as the Router interface.
If Jessie assigned things differently for you, you need to swap wlan0 and wlan1 in all the instructions below.

2. Installing a Host Access Data Point Daemon (hostapd)
The hostapd module package from Debian/Jessie cannot handle the so called managed mode of the Edimax WiFi adapter, so we’re going to install one that is working with that adapter.
Run the following commands to get, compile and install the hostapd package from Jens Segers :
Code: Select all
wget https://github.com/jenssegers/RTL8188-hostapd/archive/v2.0.tar.gz
tar -zxvf v2.0.tar.gz
cd RTL8188-hostapd-2.0/hostapd
sudo make
sudo make install
Freeze the automatic updating of this package:
Code: Select all
sudo apt-mark hold hostapd

3. Installing and Setting up a DHCP server for the AP
Install the package.
Code: Select all
sudo apt-get install isc-dhcp-server
Edit the two configuration files /etc/dhcp/dhcpd.conf and /etc/default/isc-dhcp-server which we will need to configure.
Code: Select all
sudo nano /etc/dhcp/dhcpd.conf
Find the following two lines and comment them out by putting a ‘#’ in front of them.
Code: Select all
#option domain-name "example.org";
#option domain-name-servers ns1.example.org, ns2.example.org;
Find the line that has authoritative , and make it active by removing the ‘#’ in front of it.
Code: Select all
authoritative;
Now we need to setup the DHCP server with the subnet information for our access point.
Go to the end of the file and add this by copy & paste:
Code: Select all
subnet 192.168.200.0 netmask 255.255.255.0 {
 range 192.168.200.10 192.168.200.20;
 option broadcast-address 192.168.200.255;
 option routers 192.168.200.1;
 default-lease-time 600;
 max-lease-time 7200;
 option domain-name "RPT-RPi";
 option domain-name-servers 8.8.8.8, 8.8.4.4;
}
Note that I used the same name as the hostname (hostname name is lower case though)
Save the file and close the editor.
Edit the isc-dhcp-server configuration file and assign the AP wlan interface:
Code: Select all
sudo nano /etc/default/isc-dhcp-server
and change the wlan interface to wlan1:
Code: Select all
INTERFACES="wlan1"
Save the file and close the editor.

4. Installing the Network Interfaces
Edit /etc/network/interfaces and make the following changes:
Code: Select all
sudo nano /etc/network/interfaces
Either copy & paste the data below or make the changes in the file.
Code: Select all
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet manual

# Ralink adapter (Router i/f)
allow-hotplug wlan0
   iface wlan0 inet manual
   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

# Edimax adapter (AP)
allow-hotplug wlan1
   iface wlan1 inet manual
#   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
Note that we disabled the wpa_supplicant for the AP, it does not need it, but we do need it for the Router i/f.
Save and close the file.

Edit the supplicant file to add info for the Router interface:
Code: Select all
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
Add this so the Router interface can connect to the Router:
Code: Select all
network={
   ssid="Your Router SSID"
   psk="Your Router’s password"
}
Save and close the file.

4. Configuring dhcpcd
Edit the dhcpcd (dhcp-client-daemon) configuration file.
Code: Select all
sudo nano /etc/dhcpcd.conf
Add this:
Code: Select all
# Repeater settings
# Static IP configuration for eth0
#interface eth0
# do not assign anything for eth0

# static IP configuration for AP
# this is the Edimax adapter
interface wlan1
static ip_address=192.168.200.1/24
Save and close the file.

NOTE
It seems that you cannot assign anything to eth0. I had some problems when I uses the Repeater as a front-end to a wireless Access Point and it started to work when I removed all eth0 references and assignments from the Repeater. I need to investigate that a bit more, but to be safe, also remove the ip= assignment in the /boot/cmdline.txt file.

5. Setting up hostadp
We’re now going to setup the hosting part of the wireless AP network.
Code: Select all
sudo nano /etc/hostapd/hostapd.conf
It will look like this:
Code: Select all
# Basic configuration
interface=wlan1
ssid=XXXX
channel=6
#bridge=br0
# WPA and WPA2 configuration
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=6
wpa_passphrase= My_passphrase
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# Hardware configuration
driver=rtl871xdrv
ieee80211n=1
hw_mode=g
device_name=RTL8192CU
manufacturer=Realtek
# Other Settings
beacon_int=100
wmm_enabled=1
Make the following changes:
1. Change interface=wlan1
2. Change ssid=RPT-RPi
3. Change wpa_passphrase=to your AP password
4. Optional, change the channel= to the least congested one if you know how to.

Save and close the file.

5. Setting up the Network Address Translation & Filtering
The last step we need to do before we can start to use the Repeater is setting up the address translation and filtering for all three interfaces.
Create the file we will use to load the rules from at boot time.
Code: Select all
sudo touch /etc/iptables/rules.v4
Flush the rules currently in iptables memory:
Code: Select all
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -X
Load the new rules for the repeater:
Do that one line at a time to see the possible errors (MS-Word messes with the ‘-‘)
(second line is one line, no break)
Code: Select all
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT

And save them from memory into a file so then can be loaded at boot.
Code: Select all
sudo sh -c "iptables-save > /etc/iptables/rules.v4"

The next step is to install IP forwarding. Edit the the following file:
Code: Select all
sudo nano /etc/sysctl.conf
Un-comment this line :
Code: Select all
net.ipv4.ip_forwarding=1
Save the file and exit the editor.

6. Setting up the Boot Sequence
There is a race situation messing with the order of the boot process for the packages we just installed. There are other ways, this is simple and works. Run the following to avoid the automatic starting at boot:
Code: Select all
sudo update-rc.d hostapd remove
sudo update-rc.d isc-dhcp-server remove
Add the right startup sequence to /etc/rc.local:
Code: Select all
sudo nano /etc/rc.local
Copy & paste this just before the exit 0 :
Code: Select all
# start the Repeater packages here so everything will start in order
printf "Reloading iptables"
iptables-restore < /etc/iptables/rules.v4
sleep 1
printf "Starting hostapd"
service hostapd start
sleep 1
printf "Starting the DHCP server"
service isc-dhcp-server start
Save and close the file.

We’re done, so reboot the Pi.
Carefully watch the console boot messages for clues.

Log in and run ifconfig to see if you have the correct IP addresses for wlan0 and wlan1.
Run iwconfig to check if wlan0 is indeed connected to the router. Run route to see if the defaults for wlan0 and wlan1 are the same.

Ping 8.8.8.8 and then ping an outside website or server by using the hostname.

If everything is OK at this point, grab a wireless client, like an iPAD.
Switch the SSID on your iPAD to the new RPT-RPi SSID and supply the password. If you have the Ping app, ping to an outside IP address or use Safari to load a new website or reload one.
I suggest you try http://www.whatismyipaddress.com and if that works, load the free speedtest app from the app-store and run that test to see the speed you get.
My providers download speed is 150+Mbps up and 15+Mbps down with an 11-12Ms ping to the closest server. The speedtest on the Repeater reported 17.7Mbps down and 15.3Mbps up with a 14mSec ping to the same closest server. Not bad, although the download speed goes down dramatically. Still good enough for my purpose though.

If that is all successful, you just created a simple pass-through wireless Repeater that can also be used to extend the wireless router range for your clients in bad wireless spots. You can also use this Repeater to give visitors to your home access the internet without giving out your own main SSID password. If that is your main purpose, you may want to investigate in USB Wireless adapters with an antenna.

This Repeater solution is simple, because there are no sophisticated rules and filters for iptables, so browsing complex websites may not work, and there is no protection other than the SSID password. The good news is that the range for snooping is limited.

Enjoy!
Posts: 505
Joined: Tue Jan 15, 2013 12:10 pm
Location: Netherlands
by SteveD83 » Fri Sep 02, 2016 7:18 pm
Hi I am wondering if you can help, I can see my network but connecting to it fails, also looking at pi@PI-NET:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 202 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 304 0 0 wlan1
192.168.1.0 * 255.255.255.0 U 202 0 0 eth0
192.168.1.0 * 255.255.255.0 U 304 0 0 wlan1
192.168.5.0 * 255.255.255.0 U 303 0 0 wlan0

Any ideas?
Posts: 1
Joined: Fri Sep 02, 2016 7:12 pm
by renoir » Thu Dec 15, 2016 6:20 am
This worked for me once.

Created a fresh raspbian SD card. Plopped it in and did the same instructions. This time it won't work.

I am watching hostapd output via hostapd -dd /etc/hostapd/hostapd.conf and handshake doesn't even come through. What could be different this time?
Posts: 8
Joined: Thu Dec 03, 2015 7:18 pm
by smcfarlane » Sun Jan 01, 2017 11:58 pm
Followed these instructions and was unable to connect. I then re-installed the hostapd package using apt-get instead and it works great now
Posts: 1
Joined: Sun Jan 01, 2017 11:56 pm
by kingrolo » Wed Jan 18, 2017 7:43 am
This all looks good but I think there is some fuzziness around the correct definition of a WIFI repeater. If I understand correctly your solution offers a new SSID which mush be connected to, so the net result is 2 WIFI hotspots that naturally cover a wider geographical space. I don't know, but I would expect a WIFI repeater to simply extend the range of the existing SSID transparently. If I walk around with my iPhone I can see the 2 networks and there is a delay when I walk from one zone to another and the signal strength drops, disconnects, and then reconnects to the stronger signal network (big problem for music streaming and FaceTime). Is there a way to avoid this and create a true transparent range extender?
Posts: 2
Joined: Mon Jun 25, 2012 9:59 am