jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17887
Joined: Sat Jul 30, 2011 7:41 pm

Help requested on validating some docs

Fri Mar 17, 2017 2:42 pm

I wonder is people might be available to help me out. I've written some documentation on how to set up Raspberry Pi's as an access point and whilst I have tested it I would someone else to give it a go on a fresh image to double check the instructions work.

The docs are here...

https://github.com/raspberrypi/document ... s-point.md

It doesn't need copy editing, we do that here, just a check to make sure the instructions actually result in the required access point. Post any issues on this thread,

TIA

James
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

mattmiller
Posts: 1428
Joined: Thu Feb 05, 2015 11:25 pm

Re: Help requested on validating some docs

Fri Mar 17, 2017 3:11 pm

Not tried it but just scanning the instructions (which look very clear ) and just wondering if there should be something on disabling dnsmask when in bridging mode (maybe there is but I couldn't see anything)

(Maybe dnsmask is automatically disabled in bridging mode - if so just ignore me)

User avatar
DougieLawson
Posts: 29764
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Help requested on validating some docs

Fri Mar 17, 2017 3:43 pm

  1. Just after you've done

    Code: Select all

    sudo apt-get install dnsmasq hostapd
    both of those services will get automatically started. That gets confusing later. So use

    Code: Select all

    sudo systemctl stop dnsmasq
    sudo systemctl stop hostapd
    to terminate them
  2. Code: Select all

      dhcp-range=192.168.0.2,192.168.0.20,255.255.255.0, 24h
    does that space in front of , 24h matter?

    Code: Select all

      dhcp-range=192.168.0.2,192.168.0.20,255.255.255.0,24h
    would be better formatting and easier to understand
  3. Code: Select all

    interface=<Usually wlan0, but check ifconfig to determine the name of the wireless device to use>
    is just confusing on 99.99% of all raspberries it's going to be

    Code: Select all

    interface=wlan0
  4. Code: Select all

    channel=<required channel number, between 1 and 13>
    I know we can use channel 12 & 13, but some folks can't so setting the list as "between 1 and 11" is going to work better Worldwide
  5. Code: Select all

    ssid=<name of you wireless network here>
    watch out for special characters, do <> work if folks type them in literally? Watch for quotes - they get passed as the SSID
  6. Code: Select all

    wpa_passphrase=<your wireless network password>
    watch for spaces, watch for quotes, watch for angle brackets <>
    this doesn't work the same as psk= in the supplicant file.
I didn't try the bridged network stuff. I'd already mucked up too much that would need undoing on that Raspberry.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17887
Joined: Sat Jul 30, 2011 7:41 pm

Re: Help requested on validating some docs

Fri Mar 17, 2017 7:30 pm

Thanks chaps,

Will push Dougies suggestions into the docs. dnsmasg I think is ignored in bridging mode so doesn;t need to be turned off. I think...

James
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

bensimmo
Posts: 1740
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: Help requested on validating some docs

Fri Mar 17, 2017 9:22 pm

I never used that method and something similar always cause some problem.
It seems to be based on
https://frillip.com/using-your-raspberr ... h-hostapd/
Which like you uses the interfaces file, i believe you can use the nicer wpa_supplicant file? When i moved from the older interfaces wheezy style to wpa-... It worked for me (i had problems with the older method.)


I use this and it works well, at least the slightly older RC.local style.
http://www.raspberryconnect.com/network ... o-internet

Also, please state the instructions work for the Pi3 and ZW unbuild WiFi.
The hostapd settings may/will need to be slightly different for USB dongles. So put a note to check the forum if they try to use an alternative and it doesn't work.

Heater
Posts: 7747
Joined: Tue Jul 17, 2012 3:02 pm

Re: Help requested on validating some docs

Fri Mar 17, 2017 9:39 pm

I was worried about the suggested static address: 192.168.0.1

That is the address of my home router!

I'll try and find time to run through these instructions here....

User avatar
DougieLawson
Posts: 29764
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Help requested on validating some docs

Fri Mar 17, 2017 9:50 pm

Heater wrote:I was worried about the suggested static address: 192.168.0.1

That is the address of my home router!

I'll try and find time to run through these instructions here....
When I did it last time with hostapd as a WiFi AP, I used 172.31.4.0/24 to avoid that type of problem.
When I set up dnsmasq (on the mosquitto server) for an MQTT project I used

Code: Select all

dhcp-range=interface:eth0,10.1.2.90,10.1.2.95,infinite
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

bensimmo
Posts: 1740
Joined: Sun Dec 28, 2014 3:02 pm
Location: East Yorkshire

Re: Help requested on validating some docs

Fri Mar 17, 2017 10:07 pm

I use 168.192.2.x 168.192.3.x etc so i know which i am connected to, well which SDcsrd i am connected to.
I don't use the routing to Internet through, just standard APs originally design to go in our rockets, but is useful for other things now.

You may also want to add the first option to knock out if things cannot connect is the line rsn...CCMP line, at least I have to with my Edimax and Vilros Nano dongles.

Also maybe add a note that
wpa=3
Can be used is WPA and WPA2 support is needed at the same time.

viewtopic.php?f=28&t=170336#p1095109 ( for CCMP part)

https://wireless.wiki.kernel.org/en/use ... on/hostapd just as a general For More Info.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17887
Joined: Sat Jul 30, 2011 7:41 pm

Re: Help requested on validating some docs

Sat Mar 18, 2017 2:07 pm

Heater wrote:I was worried about the suggested static address: 192.168.0.1

That is the address of my home router!

I'll try and find time to run through these instructions here....
The first section really if for a network controlled y the Pi rather than an external router. The bridging section is when you want to attach to an existing network. I need to make that clearer.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

Heater
Posts: 7747
Joined: Tue Jul 17, 2012 3:02 pm

Re: Help requested on validating some docs

Sat Mar 18, 2017 2:50 pm

Yea, I know what you are doing but could be a bit clearer for those new to the game that there are two distinct setups here and that one should be chosen or the other.

Anyway, the first, standalone, setup works as described.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17887
Joined: Sat Jul 30, 2011 7:41 pm

Re: Help requested on validating some docs

Mon Mar 20, 2017 12:09 pm

I've made suggestion as above, if anyone has the time to check them out.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

User avatar
DougieLawson
Posts: 29764
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Help requested on validating some docs

Mon Mar 20, 2017 7:57 pm

I see you've added all my suggestions, thanks. I'll have to wire one of my RPi3Bs to my network and try out the bridged network stuff.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

User avatar
DougieLawson
Posts: 29764
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Help requested on validating some docs

Tue Mar 21, 2017 8:25 pm

I've had a look at the bridged network stuff
  1. Code: Select all

    sudo apt-get install hostapd bridge-utils
    should tell folks to disable hostapd until it's configured
  2. Code: Select all

    sudo brctl addif br0 etho wlan0
    moaned at me that it couldn't bridge wlan0 and couldn't find etho ((typo there)
  3. Code: Select all

    /etc/netowrk/interfaces
    has another t7po/speeling errur
  4. Code: Select all

    allow-hotplug wlan0
     iface wlan0 inet manual
    is already there in the stock Raspbian interfaces file
  5. "Now reboot the Raspberry Pi" - what was the point of doing the brctl addbr and brctl addif since that will get undone on the reboot
This item was posted while connected across that bridge.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17887
Joined: Sat Jul 30, 2011 7:41 pm

Re: Help requested on validating some docs

Wed Mar 22, 2017 2:06 pm

Thanks Dougie. Any idea how the bridge stays persistent? Is actually automatically created by the bridge entries in hostapd and interfaces? In which case, is the install of bridge utils and subsequent calls actually necessary?
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

User avatar
DougieLawson
Posts: 29764
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Help requested on validating some docs

Wed Mar 22, 2017 9:01 pm

It looks like the stuff added to /etc/network/interfaces and /etc/hostapd/hostapd.conf do that magic.

I've no idea what pieces got installed with bridge-utils (because I didn't look).
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

thegnnu
Posts: 155
Joined: Thu Oct 18, 2012 7:07 pm
Location: Bristol

Re: Help requested on validating some docs

Thu Mar 23, 2017 10:42 am

Followed all the instructions and it seemed to go ok. Found the IP I had used from Win10 Laptop using "advanced Ip scanner" program.
Question is the beacon for the ssid set to be ON as I cannot find it on the wifi scanner.

mattmiller
Posts: 1428
Joined: Thu Feb 05, 2015 11:25 pm

Re: Help requested on validating some docs

Thu Mar 23, 2017 11:08 am

Found the IP I had used from Win10 Laptop using "advanced Ip scanner" program.
I recommend installing Bonjour for Windows as it makes it much easier to find Pi on one-one connections whether using this AP method or any other direct connections such as ethernet cat5 or USB gadget mode on PiZero

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17887
Joined: Sat Jul 30, 2011 7:41 pm

Re: Help requested on validating some docs

Thu Mar 23, 2017 11:23 am

I'm thinking of updating the doc to use dhcpcd to provide the static IP, which I believe is now the correct way in Jessie. It will make the doc shorter as well. I'll also try to get bridging going without the use of the bridge utils - just using the entries in interfaces etc as commented above.

Bear with me!
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

procount
Posts: 785
Joined: Thu Jun 27, 2013 12:32 pm
Location: UK

Re: Help requested on validating some docs

Thu Mar 23, 2017 12:43 pm

There is a third way of using the Pi as an AP, whereby it creates it's own subnet (like the standalone solution) , but then connects to the home network (like the sharing solution) but as a router rather than a bridge.
Maybe it's more complicated because you have to add iptables into the mix for the routing. Is that out of scope or worth considering? It can be useful if you want to disable that subnet from internet access at any time, or if you need more control over the routing.

Also, is there any advice/recommendation concerning the use of dnsmasq over isc-dhcp-server for the standalone solution?
PINN - NOOBS with the extras... https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=142574

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17887
Joined: Sat Jul 30, 2011 7:41 pm

Re: Help requested on validating some docs

Thu Mar 23, 2017 12:52 pm

procount wrote:There is a third way of using the Pi as an AP, whereby it creates it's own subnet (like the standalone solution) , but then connects to the home network (like the sharing solution) but as a router rather than a bridge.
Maybe it's more complicated because you have to add iptables into the mix for the routing. Is that out of scope or worth considering? It can be useful if you want to disable that subnet from internet access at any time, or if you need more control over the routing.

Also, is there any advice/recommendation concerning the use of dnsmasq over isc-dhcp-server for the standalone solution?
I don't want to overcomplicate things - just need simply instruction to get people up and running. I've inclined to publish as they are now in fact - the dhcpcd static address things I cannot get to work.

I simply chose dnsmasq, no specific reason. I think there was a reference in the tutorials to dnsmasq which probably prompted the use here.

If you have more detail instructions that can be added, perhaps as a an advanced page, then you can send us a PR and we will check it out for accuracy, copy edit it, and then publish.

I'd also like a page on doing this but also combined with connecting via a VPN, but don't have time right now...my documentation effort needs to drop to the back burner for some actual software tasks. We have cleared the majority of PR's and issues (50->9, 73->20), and now have sufficient staff and process to keep the backlog down, so it's back to actual work!
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

User avatar
DougieLawson
Posts: 29764
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website

Re: Help requested on validating some docs

Thu Mar 23, 2017 2:46 pm

If you want a starting point for OpenVPN please feel free to steal anything that's useful from something I wrote in a previous life at https://www.ibm.com/developerworks/comm ... v6?lang=en (I've lost the email address associated with that so can't edit it).

I've even got my OpenVPN tunnel running with a IPv6 /64 prefix so I now get a public, routeable IPv6 anywhere in the world and it comes in through my OpenVPN tunnel on to my Hurricane Electric tunnel.
Microprocessor, Raspberry Pi & Arduino Hacker
Mainframe database troubleshooter
MQTT Evangelist
Twitter: @DougieLawson

Since 2012: 1B*5, 2B*2, B+, A+, Zero*2, 3B*3

Please post ALL technical questions on the forum. Do not send private messages.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17887
Joined: Sat Jul 30, 2011 7:41 pm

Re: Help requested on validating some docs

Tue Mar 28, 2017 2:02 pm

OK, new draft of a security page is here...

https://github.com/raspberrypi/document ... ecurity.md


Comments welcome, here is fine.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

jahboater
Posts: 1785
Joined: Wed Feb 04, 2015 6:38 pm

Re: Help requested on validating some docs

Tue Mar 28, 2017 4:34 pm

Mostly trivia ...

For example, if you are simply using your Raspberry Pi on your home network, behind a router with a firewall, then it already quite secure by default. (typo: then it already )

SSH is a common way of accessing a Raspberry Pi remotely. By default, logging in with SSH requires a username/password pair, but a more secure method is to use key based authorisation. (perhaps "authentication" ?)

Key pairs are two, cryptographically secure, keys. On is private, one is public, and they can be used to authenticate a client to an SSH server (in this case the Raspberry Pi). (typo: On is private )

The public key now needs to be moved on to the server. This can be done by email, or cut and paste, or file copying. (I always use ssh-copy-id for this, seems a lot easier - you never go in .ssh).

hippy
Posts: 2176
Joined: Fri Sep 09, 2011 10:34 pm
Location: UK

Re: Help requested on validating some docs

Tue Mar 28, 2017 4:34 pm

jamesh wrote:I'm thinking of updating the doc to use dhcpcd to provide the static IP, which I believe is now the correct way in Jessie.
jamesh wrote:I've inclined to publish as they are now in fact - the dhcpcd static address things I cannot get to work.
You are not the first to find dhcpcd isn't as easy to get working as some suggest. It would however be worth persevering with that as using /etc/network/interfaces invites getting jumped on with 'that's not the way it should be done'.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 17887
Joined: Sat Jul 30, 2011 7:41 pm

Re: Help requested on validating some docs

Tue Mar 28, 2017 7:10 pm

hippy wrote:
jamesh wrote:I'm thinking of updating the doc to use dhcpcd to provide the static IP, which I believe is now the correct way in Jessie.
jamesh wrote:I've inclined to publish as they are now in fact - the dhcpcd static address things I cannot get to work.
You are not the first to find dhcpcd isn't as easy to get working as some suggest. It would however be worth persevering with that as using /etc/network/interfaces invites getting jumped on with 'that's not the way it should be done'.
That page is now up and running, but I am more than happy to take PR with corrections and improvements.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Please direct all questions to the forum, I do not do support via PM.

Return to “Off topic discussion”

Who is online

Users browsing this forum: No registered users and 5 guests