there is a lack of detailed information about to building a system, that shares it’s wireless connection which has internet (like eduroam or any other network) via an own wireless AP with it’s own setup configuration. Because of this, I’ll publish the manual how to do so with an RPI (or any other Debian system). To have a system like this can be really helpfull if you have an old system which only supports WEP, to connect with an AP which only allows devices wia WPA or certain cerificates to connect.
So what I literally want to do is the following
Raspberry Pi acting as wireless router
between AP1 and devices via AP2. Security, SSID etc.,
of AP2 are independent of AP1.
\|/ <-> \|/ | RPI | \|/ <-> \|/ |Devices which
| AP1(e.g. | |Linux| | AP2 | |use AP2 (NB,
| eduroam) |_wlan0|_____|wlan1_| |__|PDA, etc.
- Raspberry Pi (256 MB SDRAM) with “2012-12-16-wheezy-raspbian”
- 2GB Kingston microSD card with Kingston microSD-to-SD adapter
- DeLOCK powered USB 2.0 HUB (B/N61393)
- 2x LogiLink W-LAN USB with a Ralink RT5370 chipset
I will devide the manual into three parts, while in the first part I will describe how to connect via the first W-LAN stick and the wpa_supplicant to an access point (AP) which offers an internet connection. The second part describes, how to setup the other W-LAN stick as an AP via hostapd and dnsmasq, so that you can connect to your RPI via W-LAN from your notebook (NB). In the last part I’ll setup the routing between the two W-LAN sticks via iptables, so that you can use the internet connection of the first W-LAN stick trough the second.
Part I (Connecting to any network)
If you have wpa_supplicant already installed on your system, everything is fine, otherwise install it via:
$ sudo apt-get install wpasupplicant
Now create a new config file, so that the supplicant knows, how to connect to the AP with the internet connection. Create it with the following command:
$ sudo touch /etc/wpa.conf
Now you can edit the file with your favorite editor (nano, etc.):
# Content of /etc/wpa.conf
# Conenctioninfo for e.g. university of paderborn network
Search via any search engine you like, to setup the connection information to any other network. You can also try man wpa_supplicant.conf in the cli for more information.
For connecting with this network at startup of the system you have to add some lines to the /etc/network/interfaces file. Make sure that the device you want to connect with is wlan0 (Or replace wlan0 with the name of your device e.g. wlan1). Be also sure, that there is no other line wich configures your device (Delete or comment every other line, which has wlan0 in it):
## Additional lines in /etc/network/interfaces for wlan0 device
# Start the device at system startup
# Configure the device via dhcp
iface wlan0 inet dhcp
# Use the given file for connecting to the internet
Now you can reboot your system and try to ping any website. If it works, be happy.
If it’s not working, try the following two commands, which kills the actual wpa_supplicant and runs it in debug-mode.
$ sudo killall wpa_supplicant
$ sudo wpa_supplicant -iwlan0 -c/etc/wpa.conf -dd
Part II (Setup an AP for accessing the Pi via W-LAN)
Install hostapd so that the Pi can act as an AP, and dnsmasq for beeing an dhcp server:
$ sudo apt-get install hostapd
$ sudo apt-get install dnsmasq
After installing, you need to setup your W-LAN stick, with an static IP, so that hostapd can work properly. Add the following lines to your /etc/network/interfaces:
## Additional lines in /etc/network/interfaces for wlan1 device
# Setup the device with an static IP
iface wlan1 inet static
# Static IP-Address
Now, the hostapd needs to be configured. To do so, you need to tell him, where the configuration file is. Edditing the file /etc/default/hostapd by editing the it in the following way:
Now edit the config file, with the wieless setup configuration you like:
# Content of /etc/hostapd/hostapd.conf
# 1. The Device which will act as AP
# 2. Parameters so that the daemon runs
# 3. The Wifi configuration
# 4. Security of the Wifi connection
# 5. Other settings
Now you need to configure the dnsmasq, so that your NB or PDA gets a IP address when it’s connecting to your Pi. To do so edit the /etc/dnsmasq.conf file in the following way:
The above setup means, that dnsmasq listens only on interface wlan1 and the second line gives every device which connects to it, an IP address between 10.0.0.2 and 10.0.0.128 for 12 hours.
Now you can reboot the Pi and try to connect to it with the security setup you have choosen.
Part III (Connecting wlan0 and wlan1, so that NB can connect to the inet)
Now l turn the Raspberry Pi into a router. First thing you need to do is to enable packet forwarding. In the file /etc/sysctl.conf, we need to uncomment the following line (should be line 28).
After changing that, run this command to re-read the sysctl.conf file
$ sysctl -p
Now install iptables, so that the packeges from wlan1 can go through wlan0 and vice versa.
$ sudo apt-get install iptables
Now you have to define certain rules, so that the IP packages can be handed over. To do so, create a file and give it rights to be executed on every startup of the system (Update 2013-06-03: Add router.sh script to rc.local. Otherwise it wont run at startup.):
$ sudo touch /etc/network/if-up.d/router.sh
$ sudo chmod +x /etc/network/if-up.d/router.sh
$ sudo su -c "echo '/etc/network/if-up.d/router.sh' >> /etc/rc.local"
Now edit the rules in /etc/network/if-up.d/router.sh in the following way:
iptables --table nat --append POSTROUTING --out-interface wlan0 -j MASQUERADE
iptables --append FORWARD --in-interface wlan1 -j ACCEPT
The last step is, to let dnsmasq tell the connected devices, that itself is an gateway to the internet. To do so, edit the file /etc/dnsmasq.conf in the folowing way:
Now, after a reboot, the system should act as mentioned.
- Is every W-LAN device is running properly? To check, try ifconfig in the cli. There should be one wlan0 which has an IP from the AP with the inet connection, and a wlan1 with the static IP 10.0.0.1
- Make sure that the rules for iptables have been executed from router.sh at startup. For checking, try iptables –list, then execute the router.sh and run iptables –list again. If nothing changes, the rules have been setup at startup. If there was a change, then add the rules to /etc/rc.local to run them explicitly on every startup.
- Run wpa_supplicant or hostapd in debug-mode for more information.
- Maybe your your wired ethernet adapter (eth0) is still up. This can cause to some forwarding problems. Just make sure, that eth0 won’t come up in /etc/network/interfaces