Building a wireless router for a wireless network with a Raspberry Pi

Hi there,

there is a lack of detailed information about to building a system, that shares it’s wireless connection which has internet (like eduroam or any other network) via an own wireless AP with it’s own setup configuration. Because of this, I’ll publish the manual how to do so with an RPI (or any other Debian system). To have a system like this can be really helpfull if you have an old system which only supports WEP, to connect with an AP which only allows devices wia WPA or certain cerificates to connect.

So what I literally want to do is the following

The setup

  • Raspberry Pi (256 MB SDRAM) with “2012-12-16-wheezy-raspbian”
  • 2GB Kingston microSD card with Kingston microSD-to-SD adapter
  • DeLOCK powered USB 2.0 HUB (B/N61393)
  • 2x LogiLink W-LAN USB with a Ralink RT5370 chipset

The Manual

I will devide the manual into three parts, while in the first part I will describe how to connect via the first W-LAN stick and the wpa_supplicant to an access point (AP) which offers an internet connection. The second part describes, how to setup the other W-LAN stick as an AP via hostapd and dnsmasq, so that you can connect to your RPI via W-LAN from your notebook (NB). In the last part I’ll setup the routing between the two W-LAN sticks via iptables, so that you can use the internet connection of the first W-LAN stick trough the second.

Part I (Connecting to any network)

If you have wpa_supplicant already installed on your system, everything is fine, otherwise install it via:

Now create a new config file, so that the supplicant knows, how to connect to the AP with the internet connection. Create it with the following command:

Now you can edit the file with your favorite editor (nano, etc.):

Search via any search engine you like, to setup the connection information to any other network. You can also try man wpa_supplicant.conf in the cli for more information.

For connecting with this network at startup of the system you have to add some lines to the /etc/network/interfaces file. Make sure that the device you want to connect with is wlan0 (Or replace wlan0 with the name of your device e.g. wlan1). Be also sure, that there is no other line wich configures your device (Delete or comment every other line, which has wlan0 in it):

Now you can reboot your system and try to ping any website. If it works, be happy.

If it’s not working, try the following two commands, which kills the actual wpa_supplicant and runs it in debug-mode.

Part II (Setup an AP for accessing the Pi via W-LAN)

Install hostapd so that the Pi can act as an AP, and dnsmasq for beeing an dhcp server:

After installing, you need to setup your W-LAN stick, with an static IP, so that hostapd can work properly. Add the following lines to your /etc/network/interfaces:

Now, the hostapd needs to be configured. To do so, you need to tell him, where the configuration file is. Eddit the file /etc/default/hostapd in the following way:

Now edit the config file, with the wieless setup configuration you like:

Now you need to configure the dnsmasq, so that your NB or PDA gets a IP address when it’s connecting to your Pi. To do so edit the /etc/dnsmasq.conf file in the following way:

The above setup means, that dnsmasq listens only on interface wlan1 and the second line gives every device which connects to it, an IP address between 10.0.0.2 and 10.0.0.128 for 12 hours.

Now you can reboot the Pi and try to connect to it with the security setup you have choosen.

Part III (Connecting wlan0 and wlan1, so that NB can connect to the inet)

Now l turn the Raspberry Pi into a router. First thing you need to do is to enable packet forwarding. In the file /etc/sysctl.conf, we need to uncomment the following line (should be line 28).

After changing that, run this command to re-read the sysctl.conf file

Now install iptables, so that the packeges from wlan1 can go through wlan0 and vice versa.

Now you have to define certain rules, so that the IP packages can be handed over. To do so, create a file and give it rights to be executed on every startup of the system (Update 2013-06-03: Add router.sh script to rc.local. Otherwise it wont run at startup.):

Now edit the rules in /etc/network/if-up.d/router.sh in the following way:

The last step is, to let dnsmasq tell the connected devices, that itself is an gateway to the internet. To do so, edit the file /etc/dnsmasq.conf in the folowing way:

Now, after a reboot, the system should act as mentioned.

Troubleshoot

  • Is every W-LAN device is running properly? To check, try ifconfig in the cli. There should be one wlan0 which has an IP from the AP with the inet connection, and a wlan1 with the static IP 10.0.0.1
  • Make sure that the rules for iptables have been executed from router.sh at startup. For checking, try iptables –list, then execute the router.sh and run iptables –list again. If nothing changes, the rules have been setup at startup. If there was a change, then add the rules to /etc/rc.local to run them explicitly on every startup.
  • Run wpa_supplicant or hostapd in debug-mode for more information.
  • Maybe your your wired ethernet adapter (eth0) is still up. This can cause to some forwarding problems. Just make sure, that eth0 won’t come up in /etc/network/interfaces

45 thoughts on “Building a wireless router for a wireless network with a Raspberry Pi

  1. Great tutorial! I was about to write the same thing, but then I stumbled on your guide. I’m sure this will be helpful to many students in Europe.

    1. Thx! For me it works great since I wrote it.
      But if you have any ideas for improving this tutorial, please don’t hasitate to submit.

    1. Hi Lionpunch,

      for me it looks like that wlan1 is not running in access point mode.
      Have you done the following:
      – Delete every line regarding wlan1 in the file “/etc/network/interfaces” instead of the lines descripted in “Part II”
      – Is “hostapd” running properly? Wuit the old “hostapd” process and try to start it in verbose mode: “hostapd -v -f /etc/hostapd/hostapd.conf”. How about the output?

      Greetz!

    2. Hi again!

      i found a bug in the hostapd script:
      “wmm_enable” should be “wmm_enabled” (the “d” was missing).
      now everything works for me!

  2. Thanks for your nice tutorial. I am on a Windows system, Android phone and was able to use the Internet without any problems.

    However, I have found the problem on Apple IPad2. Streaming video clip (YouTube) can not watch using Apple’s Ipad2.

    To solve the above problem, please your help.

    1. Hi Cha,
      this sounds interesting.
      I never used an iPad before, but all my android-based devices work fine even on youtube (as your phone does).
      Is it really the case, that only the streaming of youtube does not work?
      Youtube itself is reachable an also every other streaming host?
      Have you tried any properatary youtube-player (e.g. http://howto.cnet.com/8301-11310_39-57550638-285/four-youtube-players-square-off-for-a-spot-on-your-ipad/)

      As I’m new to this problem, I would check with the tool “netstat” and a working system (e.g. your WinOS), which connections are used by youtube and the streaming service.
      The tool exists also for iOS, so you can check on your iPad, if it builds the same connections to youtube as the WinOS does.
      If not, then try to type in an explicit DNS-Server into your iPad (e.g. 8.8.8.8 <- This might work always). Greetz, Tik0

      1. Hi Tik0,
        thanks for your interest and quick reply.

        The only problem is when RPI access point is connected to. Of course, my iPad to connect to another access point it is possible to watch streaming video.

        YouTube, the video on the public broadcaster and other Web sites and more. All kinds can not watch streaming video on iPad.
        Once after trying to connect to the streaming service, the general could not even surf the web. After rebooting iPad, general web surfing could be used again.

        iPad (iOS) seems to be required to do a special. I would like to know what it is.

        Thank you.

        1. Hi Cha,
          I am sorry but hradly understand your english.
          It sounds that only the iPad is able to connect to the RPi, but not able to connect to the internet.
          So I have to ask, if your iPad is even getting an IP address from the RPi?
          If not, you have to expand the DHCP-address range.
          If you followed my instruction, it’s just from 10.0.0.2 till 10.0.0.5.
          So you have 4 IP adresses to lease.
          Expand 10.0.0.5 to 10.0.0.128 (or anything else).

          Please reply, if this solves your problem.
          I am very sorry, but it’s hard to interpret your english.

  3. I followed this tutorial but when a device tries to connect it just get stuck at Obtaining IP address. I was able to connect to the PI before Part 3.

    1. Ok nervermind.

      Iptables was not configured correctly at startup.

      I added the line

      /etc/network/if-up.d/router.sh

      after the fi tag and before the exit 0

        1. Jup, I’ve added this already to the “troubleshoot”-section. I dont know why it’s not executed automaticaly.

          1. I have the TP-LINK tl-wn725n v2 wifi dongle with the custom driver from here and the custom HostAPD from here

            I was able to see the ssid but I was always stuck at “obtaining IP address”.

            Adding
            hostapd /etc/hostapd/hostapd.conf
            to /etc/rc.local seems to have fix that problem

  4. Is it possible to connect wlan0 to a network like fon when I need to insert some credentials?

  5. Hi, I’ve noticed, that “sysctl -p” needs sudo^^
    Nice tutorial, my PI repeater works like a charm. Thank you so much!

  6. Night guys, is this a setup where the pi is acting as a wireless repeater (wireless bridge) to extend the range of the wireless signal or just a pi acting as router to share a dsl/cablemodem ISP connection to the internet.

    1. Hi joag,

      the PI is not acting as a real bridge, because this wont work with eduroam.
      It acts, as you already said, as a router to share the eduroam network

  7. I was most pleased to find your tutorial on using RPi as a wireless repeater as that is just the thing I need at my house. I have exactly followed the contents of Steps 2 and 3. For Step 1 I use the default that is set up for wpa_supplicant when Wheezy-Raspian2013-9-25 is installed on my RPi so my ‘outside’ network is my DLink router (with wireless capability). On my RPi I have 2 identical WiPi usb wireless adapters.

    iwconfig output shows wlan0 as ‘Access Point’ and wlan1 as ‘Master’.
    If I understand your diagram correctly my Notebook (runs Linux Mint) or my android phone should connect to wlan1 which then communicates with wlan0 which talks to the DLink router which has access to the Internet. Output from ifconfig shows both adapters as sending and receiving packets.

    Both the Notebook and phone can connect to wlan1, but neither device can then access the Internet.

    Hopefully someone can help me resolve these issues. Be aware that my understanding of ‘networking’ is quite limited.

  8. Hi
    Is it possible to bridge wlan0 and wlan1 with brctrl in your setup?
    I would appreciate it if you can tell me how to do it
    Cheers,
    Arash

    1. Dear Arash,

      I tried it in the beginning, and because it didn’t work, I wrote this router-example.
      From my point of knowledge, it is even impossible to bridge wifi adapters (am I right here?).

  9. könntest Du bitte diesen Schritt auf Deutsch erklären?Danke

    For connecting with this network at startup of the system you have to add some lines to the /etc/network/interfaces file. Make sure that the device you want to connect with is wlan0 (Or replace wlan0 with the name of your device e.g. wlan1). Be also sure, that there is no other line wich configures your device (Delete or comment every other line, which has wlan0 in it):

    1. Hi,

      na klar:
      Hier erkläre ich, wie das wifi-Gerät zu konfigurieren ist, welches mit dem Netz verbunden ist, welches wiederum Internet bereitstellt (z.B. eduroam).
      In meiner ersten “Grafik” ist dies das wlan0-Gerät.
      Das Gerät selber wird durch die Datei “/etc/network/interfaces” konfiguriert (jedes mal beim Starten des Betriebssystems, oder wenn du “ifup wlan0” oder “ifdown wlan0” eintippst).
      Es müssen also für das wlan0-Gerät die entsprechenden Zeilen aus meinem Beitrag hinzugefügt werden.
      Es ist aber auch wichtig, dass andere Zeilen welche evtl. das wlan0-Gerät konfigurieren, aus der Datei entfernt werden, sodass es keine Konflikte gibt.

      Hat das geholfen?

  10. um welche Datei handelt es sich bei diesem Schritt?wohin mit diesen Zeilen?Danke

    Now edit the config file, with the wieless setup configuration you like:
    # 1. The Device which will act as AP
    interface=wlan1
    driver=nl80211

    # 2. Parameters so that the daemon runs
    ctrl_interface=/var/run/hostapd
    ctrl_interface_group=0

    # 3. The Wifi configuration
    ssid=pi
    channel=6
    hw_mode=g
    ieee80211n=1

    # 4. Security of the Wifi connection
    wpa=2
    wpa_passphrase=VERYSECRET
    wpa_key_mgmt=WPA-PSK
    wpa_pairwise=CCMP
    rsn_pairwise=CCMP

    # 5. Other settings
    beacon_int=100
    auth_algs=3
    wmm_enabled=1

    1. Du hast genau die Zeile nicht mitkopiert 🙂
      Schau nochmal genau hin “# Content of /etc/hostapd/hostapd.conf”.
      Es ist die “/etc/hostapd/hostapd.conf”

  11. Hi there,

    Thanks for the write up – I modified a version of your project to give me a wifi to ethernet (wlan0 to eth0) connection.

    However, can I point out there is an error in some of your code. The line that writes the router.sh into rc.local has syntax errors.

    $ sudo su -c “echo ‘/etc/network/if-up.d/router.sh’ >> /etc/rc.local”

    >> is incorrect. I believe it should be a single >

    Best regards,

    Marcus

    1. Thanks for the hint, but this is not a typo.
      ‘>>’ means that you append to the file, while ‘>’ means that you replace the file by the given content.
      So you delete all the old entries in your ‘rc.local’ if you use ‘>’ which is not a good practice.
      It could be, that the common ‘rc.local’ has a ‘return 0’ at the end, so that every code you append to this file by using ‘>>’ will never be executed.

  12. OK, thats weird !!

    I copied and pasted the text from your webpage, showing the error, but when I hit enter, the characters have corrected themselves.

    So – I’ll try again a different way.

    On line 3 of the code that defines the iptable setup, it reads:

    $ sudo su -c “echo ‘/etc/network/if-up.d/router.sh’ >> /etc/rc.local”

    with the characters ” & g t ; & g t ; ” between router.sh and /etc/rc.local. This is incorrect, it should be > > .

    Hopefully you can see what I am trying to point out.

    Thanks,

    Marcus

  13. ich habe diese Anleitung 5 Mal step by step durchgeführt, trotzdem mein Wlan1 sieht so aus: Access Point: Not-Associated, woran kann es liegen?

    1. Hm, eigentlich sollte mode=Master sein was durch hosapd konfiguriert wird.
      Hast du evtl. noch einen anderen Netzwerkmanager, der dein Device konfiguriert?
      Was ist dein (Hardware)Setup?

  14. i followed this steps one by one but i get a limited connection ,
    internet worked fine inside rpi browser

    1. I can imagen that the gateway is missing on your device which tries to connect through the Pi.
      Can you investigate the network configuration on your device (Windows: ipconfig /all, Linux: route -n) to see if the routes are correct?

  15. WOW! this worked, out of the box as it where! Thank you so much…………… I’m adapting this to now fit on an old laptop running Linux Mint 13.

    Mike

  16. Hi There,
    I was wondering if I can use this instruction to add one more wifi dongle and create a AP with two domain?each ap supports one domain?
    tnx

    1. This should work.
      You just have to follow the configuration for wlan1 and substitute it with e.g. wlan2.
      By the way, it’s a nice idea to setup a guest network (I think I’ll try this right away).

  17. Hi , i have made pi hotspot using wifi dongle RT5370. when i try to connect the pi from phone. it tries to connect but fails then i try again. on 5th 6th time it connects.

    the question is Why it does not connect the first time. Sometimes, my phone fails at the following stage ‘obtaining ip…’ or ‘connecting’ and says remembered rather then connecting.

    Any ideas?

  18. HI,
    so I can use this script and hardware to build my own “eduroam” repeater?

    This really works?

    1. You can not really build a reapeater for the eduroam network.
      A repeater would mean, that you can login into your RasPi’s network with your notebook/etc. with your eduroam login, and this is not the case.
      But you are spanning up your own wifi network which is routed through the eduroam network to the internet.
      Thus, (and what is even cooler) you use your own wifi configuration and passphrases ontop of eduroam.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.