There are many guides for creating a Raspberry Pi Access Point but from Raspbian 9 Stretch the network setup has changed, which means a lot of guides are out of date. So this guide is about setting up a Raspberry Pi Access Point for Raspbian 9 Stretch onwards. Works for Raspbian 8 Jessie and PiOS 10 Buster & PiOS Bullseye.
I have two other guides on how to set up an automatic Raspberry Pi Access Point, which connects to your home network when you are at home and generates a hotspot when you are out.
For the Autohotspot guide to setup an internet routed hotspot suitable for RPi4, RPi3, RPi2 & Rpi: Click Here
For the Autohotspot guide to setup a non internet routed hotspot suitable for RPi ZeroW and RPi Zero 2: Click Here
Easy Installer Script: the setup in this guide is available in an installer at Raspberry Pi AutoHotspot and Static Hotspot Installer Script
Aim:
- This guide will go through how to set up a permanent access point for both internet routed, for RPi's with ethernet ports, and non internet routed access point for Pi Zero/W & Pi Zero 2.
Requirements:
This has been tested on Raspbian Jessie, Raspbian Stretch, PiOS Buster & PiOS Bullseye. (Not compatible with PiOS Bookworm, Bookworm version available here)
To see which version you have enter the command lsb_release -a
- Raspberry Pi 4
- Raspberry Pi 3 or 3 B+
- Raspberry Pi 1 or 2 with a USB Wifi Dongle*,
- Raspberry Pi Zero W, Pi Zero 2 and Zero with a USB WiFi Dongle* (network/internet Access Point not useable as it has no ethernet port.)
*some USB WiFi dongles don't work in adhoc mode or don't work with with the nl80211 driver used in this guide for RPi4, RPi 3, RPi3 B+ & Pi Zero W , Pi Zero 2 nbuilt wifi, so you may want to check this first before starting.
To see if your usb WiFi dongle can be used as an access point enter the command; iw list ,scroll to section "Supported interface modes:" and look for * AP
Wifi requires that the correct country has been setup in the Raspberry Pi Configuration menus or the raspi-config program. This should have been done during the initial OS setup. You will not have access to these options if the AccessPoint is active but you will while connected to a local wifi network.
Note about Raspbian & PiOS - Bullseye, Buster and Stretch Network Device Names
From Raspbian Stretch there has been changes to how the network drivers are named, called Predictable Network Interface Names, and may be different for the usual wlan0 and wlan1 for wifi and eth0 for ethernet connections. Though the official Foundation version of PiOS seems to be keeping to the old standard names, at least at the time of writing, this may not always be the case. For this guide I will use wlan0 as the device that is used.
To check the device name for your setup enter the commmand iw dev and take a note of the "Interface" name. For wifi it should start with wl , replace your device name with any reference to wlan0 in the article, scripts and config files.
Step 1:
To start with hostapd hotspot client and dnsmasq lightweight dns server need to be installed.
Open a Terminal session.
Update Raspbian/PiOS with the latest updates by entering the commands:
sudo apt updatesudo apt upgrade
To install hostapd enter the command:
sudo apt install hostapd
enter Y when prompted.
To install dnsmasq enter the command:
sudo apt install dnsmasq
enter Y when prompted
The installers will have set up the programme so they run when the pi is started and activated them. While we set the hotspot we should stop them running. This is done with the following commands:
sudo systemctl stop hostapdsudo systemctl stop dnsmasq
Now the hostspot configuration file can be setup. This contains the name of the WiFi signal you will need to connect to (SSID) and the security password.
To edit the configuration files I will be using the nano text editor but if you prefer an editor with an point and click interface then replace nano with mousepad in the following instructions.
Hostapd Configuration
Using a text editor edit the hostapd configuration file. This file won't exist at this stage so will be blank.
sudo nano /etc/hostapd/hostapd.conf
download file here:
interface=wlan0
driver=nl80211
ssid=RPiHotSpot
hw_mode=g
channel=6
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=1234567890
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
- The interface will be wlan0
- The driver nl80211 works with the Raspberry Pi 4, 3, 3 B+ & Pi Zero W onboard WiFi but you will need to check that your usb wifi dongle is compatable and can use Access Point mode.
For more information on wifi dongles see elinux.org/RPi_USB_Wi-Fi_Adapters
- The SSID is the name of the WiFi signal broadcast from the RPi, which you will connect to with your Tablet or phones WiFi settings.
- Channel can be set between 1 and 13. If you are having trouble connection because of to many wifi signals in your area are using channel 6 then try another channel.
- Wpa_passphrase is the password you will need to enter when you first connect a device to your Raspberry Pi's hotspot. This should be at least 8 characters and a bit more difficult to guess than my example.
To save the config file press ctrl & o and to exit nano press Ctrl & x
A change in hostapd means the service will be masked, so hostapd won't start when you reboot. To Unmask the hostapd service enter:
sudo systemctl unmask hostapdsudo systemctl enable hostapd
Once you have completed the rest of the setup and rebooted Hostapd will start and generate the hotspot settings.
(Note: this bit for /etc/default/hostapd does not need to be changed for PiOS Buster or Bullseye. This is for the older OS's Stretch and Jessie)
Now the defaults file needs to be updated to point to where the config file is stored.
In terminal enter the command
sudo nano /etc/default/hostapd
Change:
#DAEMON_CONF=""
to
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Check the DAEMON_OPTS="" is preceded by a #, so is #DAEMON_OPTS=""
And save.
DNSmasq configuration
Next we need to update the DNSmasq.conf file. There are two setups depending if you need internet access or not.
DNSmasq Config 1 - No Internet
Open the dnsmasq.conf file with
sudo nano /etc/dnsmasq.conf
Go to the bottom of the file and add the following lines (download here)
#RPiHotspot config - No Intenet interface=wlan0 domain-needed bogus-priv dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h
and the save (ctl & o) and exit (ctrl & x)
DNSmasq Config 2 - Internet Routed
Open the dnsmasq.conf file with
sudo nano /etc/dnsmasq.conf
Go to the bottom of the file and add the following lines (download here)
#RPiHotspot config - Internet interface=wlan0 bind-dynamic domain-needed bogus-priv dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h
and the save (ctl & o) and exit (ctrl & x)
Step 2:
Now that hostapd and dnsmasq are configured we now need to make some changes to the interfaces file, the dhcpcd.conf file, setup ip_forwarding.
Interfaces File
The interfaces file is not required and should be empty of any network config. Depending which version of Raspbian you have this file may still contain network config.
Enter
sudo nano /etc/network/interfaces
If your file shows more than the standard top 5 lines like this
# interfaces(5) file used by ifup(8) and ifdown(8) # Please note that this file is written to be used with dhcpcd # For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf' # Include files from /etc/network/interfaces.d: source-directory /etc/network/interfaces.d
then make a copy of your file and then remove any excess lines from the interfaces file.
To make a backup of your interfaces file first, use the command
sudo cp /etc/network/interfaces /etc/network/interfaces-backup
DHCPCD.conf
Next we need to update the dhcpcd.conf file. Open the file with
sudo nano /etc/dhcpcd.conf
then scroll to the bottom of the file and add the line (Download here)
interface wlan0 nohook wpa_supplicant static ip_address=192.168.50.10/24 static routers=192.168.50.1
If you are setting up the Internet routed hotspot then also include
static domain_name_servers=8.8.8.8
now save (ctrl & o) and exit (ctrl & x)
The line 'nohooks wpa_supplicant' will stop the network wifi from starting if you have an entry in /etc/wpa_supplicant/wpa_supplicant.conf . If this is not done then network wifi will override the hotspot.
This next bit is only if you would like devices to have internet access. If not skip to "Testing the Access Point".
ip forwarding setup
For the internet to be available when an Ethernet cable is attached, IP forwarding needs to be activated. To do this enter
sudo nano /etc/sysctl.conf
look for the line
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
and remove the # so it is
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
now save (ctrl & o) and exit (ctrl & x)
NFtables & IPtables setup
Next the rules need to be added that will allow any device connected to the access point to be able to use the a network or internet connected to eth0. This is done with IP Table rules for older OS’s Buster, Stretch and Jessie. Bullseye onwards use Nftables.
These tables will need to be loaded every time the Raspberry Pi starts up.
NFtables - Bullseye
First create a nftables directory to hold the rule file.
sudo mkdir /etc/nftables
Change to the new folder with
cd /etc/nftables
then create a new file for the NFT rules called nft-stat-ap.nft and paste in the rules below. This is also available fro download here
sudo nano nft-stat-ap.nft
flush ruleset
table inet ap {
chain routethrough {
type nat hook postrouting priority filter; policy accept;
oifname "eth0" masquerade
}
chain fward {
type filter hook forward priority filter; policy accept;
iifname "eth0" oifname "wlan0" ct state established,related accept
iifname "wlan0" oifname "eth0" accept
}
}
now save (ctrl & o) and exit (ctrl & x)
This file needs to be updated to executable. Enter the command
sudo chmod +x /etc/nftables/nft-stat-ap.nft
next open nftables.conf and add the line below to the bottom of the file, so that the rules are loaded when the nftables service starts.
sudo nano /etc/nftables.conf
add
include "/etc/nftables/nft-stat-ap.nft"
now save (ctrl & o) and exit (ctrl & x)
So that the rules are used everytime the Pi starts the nftables service should be enabled.
enter the command
sudo systemctl enable nftables
NFtables are now setup, continue with the "Testing the Access Point" section below
IPtables - Buster, Stretch, Jessie
First create the file for the ip table rules.
sudo nano /etc/iptables-hs
add the lines below or download from here
#!/bin/bash iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
now save (ctrl & o) and exit (ctrl & x)
Update the permissions so it can be run with
sudo chmod +x /etc/iptables-hs
Now the service file can be created which will activate the ip tables each time the Raspberry Pi starts up
Create the following file
sudo nano /etc/systemd/system/hs-iptables.service
Then add the lines below of download from here
[Unit] Description=Activate IPtables for Hotspot After=network-pre.target Before=network-online.target [Service] Type=simple ExecStart=/etc/iptables-hs [Install] WantedBy=multi-user.target
now save (ctrl & o) and exit (ctrl & x)
To activate the service file, so it starts at every boot up, enter the command
sudo systemctl enable hs-iptables
Testing the Access Point
The access point setup is now complete. To test that the setup is ok reboot the RPi.
Once the RPi is up and running the wifi icon near the clock should now be two arrows facing opposite directions 
This means it is an access point. On a Tablet, phone or Laptop scan for wifi signals. You should see one for RPiHotSpot.
Select this as the wifi signal to connect to. The password is what you setup in the hostapd.conf file. From my example it is 1234567890
Local wifi signals in range on Android. You will see RPiHotSpot and not RPiHotN
For SSH and VNC the connection ip is 192.168.50.10 also if you have setup the RPi as a webserver use the same ip to see the webpage.
For ssh use ssh
For vnc use 192.168.50.10::5900
If you have setup the Internet routed configuration. Connect an ethernet cable to the Raspbery Pi and your router and wait a few seconds. The hotspot will now allow connected wifi devices to use the internet as well as the Raspberry Pi
Once you are happy the setup is working ok then your done.
Script Removal
If you don't wish to continue using the Hotspot then the Raspberry Pi can be reverted back to a standard wifi setup with the following steps.
Stop the Hostapd and dnsmasq services with the commands
sudo systemctl disable dnsmasq
sudo systemctl disable hostapd
In the /etc/dhcpcd.conf file remove the lines added at the bottom of the file.
#Static Hotspot nohook wpa_supplicant interface wlan0 static ip_address=192.168.50.10/24 static routers=192.168.50.1 static domain_name_servers=8.8.8.8
If you had previous config in your interfaces file and made a backup you can restore your original interfaces file with the command
sudo mv /etc/network/interfaces-backup /etc/network/interfaces
If you didn't setup an internet routed access point then your done, after a reboot your RPi will not longer be an Access Point. For Internet routed Hotspots you also need to do the following;
Disable the IP Tables setup
Disable the hs-iptables service with the command
sudo systemctl disable hs-iptables
Then disable ip forwarding
sudo nano /etc/sysctl.conf
look for the entry
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
and add a # as follows
# Uncomment the next line to enable packet forwarding for IPv4
# net.ipv4.ip_forward=1
Disable NF Tables setup
open nftables,conf
sudo nano /etc/nftables.conf
and remove the line
include "/etc/nftables/nft-stat-ap.nft"
If you know other NFtable rules are being used then you that is it, otherwise disable the nftables service.
sudo systemctl disable nftables
Access Point removal is now complete
Now reboot and the Raspberry Pi will be back to the standard wifi setup.
Trouble Shooting
- If you get no wifi connection or no hotspot and have this icon
then it is most likley there is an error in one of the configuration files. - If the RpiHotspot signal can't be seen by another device, Use the command
sudo systemctl status hostapdto see if there is an error with Hostapd. - If Hostapd has an error that it is Masked then try
sudo systemctl unmask hostapdsudo systemctl enable hostapdsudo systemctl start hostapd
- If you don't get an internet connection when an ethernet cable has been attached, with the Internet routed setup, then you can check the ip table rules have been activated with the command sudo iptables -S If you don't see any rules but just get
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT
then make sure the service was enabled with the command sudo systemctl enable hs-iptables and the iptables file has the correct permissions with sudo chmod +x /etc/iptables-hs - Check the NFtables rules are loaded with the command sudo nft list ruleset
- You can connect to the hotspot via an Android Phone but you can't get a ssh connection. Some users have found this issue where Android uses their data connection rather than the wifi. Disabeling data has allowed them to use ssh.
Thank you for the feedback. This guide expects that there is a working setup as the OS installation use to always prompt for wifi country on first boot.
The issue about updating it is because wpa_supplicant is stopped to allow the accesspoint setup so then any updates to the country won't work, until the Pi is reconnected to a wifi network.
But you can manually add 'country=gb' for example to /etc/wpa_supplicant/wpa_supplicant.conf
I have added a note in the requirements section, thanks.
For future reference, the installer script referenced at the top of the article makes that check and will not allow the autohotspot script to be installed until the country is set in wpa_supplicant as it is also needed in hostapd.
Thank you for the feedback, much appreciated.
I tried a handful before with no success, but this worked like a charm.
You are welcome, i'm glad you have found it useful.
I have not extended the Lan before. I but I think you need to set a static ip in /etc/dhcpcd.conf for the eth1 network, and probably do similar for any devices connected the other side for the same subnet. If you are not using the wlan0 access point then you can probably reconfigure dnsmasq for eth1.
You will need to add to the nftables as to link eth0 to eth1 but it will be the same as the wifi Accesspoint, devices on eth1 will not be visible to the devices on eth0 but you should get access to the internet if it is on eth0.
There is probably a better way to do this but as I have not done that setup before I am unable to offer any useful advice on what is require unfortunately.
I tried playing around a little with NFtables and it always crashed with syntax errors when I added an addition table "inet", but the system is running fine without the NFtables setup for the communication between eth0 and eth1. The device connected to eth1 can reach the internet, which is all I want, no need for communication between devices on the eth0 network and the eth1 network.
thanks for your detailed explanation on how to set up a WiFi hotspot on a RPi. It worked like a charm on my RPi 4 running Bullseye!
Now I need an extension of the LAN the RPi is connected to and would like to use an USB-to-Ethernet-Adapter for that purpose. I assume this adapter would be designated "eth1", and also assume that the hostapd part of your method (step 1) is not necessary for this. Can I just extend the config files in step 2 with additional lines, replacing "wlan0" by "eth1" and of course changing the IP address range for the subnet?
Normally I'd use a small network switch to achieve my goal, but in this case, the RPi is powered by a PoE HAT and there is no wall outlet to power a switch.
I am trying to use your script above to basically create an access point on my raspberry pis which has no internet connected i.e. for example using a raspberry pi 3a+ . Once the AP is up and running I would like the user from their mobile to be able to connect to the raspberry pi's AP and then be able to browse a webpage on their phone like 192.168.4.1 which will enable them to select a wifi network for their raspberry pi to connect to.
so I have the script written for the webpage etc it uses a simple flask app but my main issue is I cannot get the access point working as on my phone when I connect to the AP it says IP address not assigned along those lines.
what can I do? do you think you could come up with a script to enable users to connect to wifi as soon as they turn their raspberry pi on using the ap method? that would be really easy I think.
here is my flask app script:
from flask import Flask, redirect, render_template, request
import subprocess
import re
app = Flask(__name__)
@app.route("/")
def configure_wifi():
return redirect("http://192.168.4.1")
@app.route("/connect_wifi", methods=["GET", "POST"])
def connect_wifi():
if request.method == "POST":
selected_network = request.form["wifi_name"]
password = request.form["wifi_password"]
# Connect to the selected WiFi network
subprocess.run(["nmcli", "device", "wifi", "connect", selected_network, "password", password])
return f"Connected to {selected_network} with password {password}!"
scan_result = subprocess.run(["iwlist", "wlan0", "scan"], capture_output=True, text=True)
networks = re.findall(r"ESSID:"(.*?)"", scan_result.stdout)
return render_template("wifi_connect.html", available_networks=networks)
if __name__ == "__main__":
app.run(host="0.0.0.0", port=80)
I have considered adding a config webpage but then I found out a year or so back that RaspberryPi was going to change the Wifi software, which they have done in the latest PiOS Bookworm. So there was little need to continue the development.
I see from your script that nmcli is used, so im guessing you are using bookworm. The setup on this page won't work on Bookworm and requires the older OS's Bullseye or Buster. If that is the case it would be why you are not able to connect to the AP.
If you are not using bookworm then there is an Installer script on the home page for Buster/Bullseye. This will re-setup the access point and fix most config issues. This also has options which allows you to connect to a new wifi network once there is a ssh or vnc connection to the Pi. But as you say a webpage is a bit easier.
I'm just finishing off a Bookworm compatible version with an installer and config options in the next day or two. There is no webpage config option yet but that will be added along with a few other features as I develop it further.
I hope this helps, let me know if you have any further issues.
Unfortunately this setup will not work on Bookworm. In the Requirements section at the top of the article it shows which PiOS versions it works on.
In Bookworm the network setup has been changed to Network Manager from dhcpcd that has always been used previously.
If you are using a Desktop you can select the Wifi icon, then create a new network. There is an option to create a Hotspot. This is then selectable in the same way any wifi network is.
I'm not near a pi at the moment so I can't remember the exact options to choose but it is fairly straight forward.
I would reverse the changes you have made and create a Hotspot via the desktop Wifi icon which hopefully will suite your needs.
I am working on a Bookworm version of my scripts for headerless setups and convince which will be available soon.
https://www.raspberrypi.com/documentation//computers/configuration.html#host-a-wireless-network-on-your-raspberry-pi
thank you and a have good day
Felix
It basically depends on which PiOS you are using.
The Raspberry PiOS has been updated this week to version 12 Bookworm. There has been a change to the way the whole wifi and networking is setup in this version, so the docs reflect how to create a Hotspot in bookworm only. Which is much simpler to do now.
The guide above is for the previous four versions of PiOS which use the previous method and was a lot more complicated to create a hotspot.
So only use this if you are not using PiOS 12 Bookworm
I have a new version of my autohotspot scripts in development for Bookworm as it still has benefits even with the new networking setup.
I hope the helps
include "/etc/nftables/nft-stat-ap.nft"
to the top of the file, "nftables.conf". That doesn't work, I believe the line in the default file line "Flush ruleset" later on in the file negates the entry. Moving the added line to the file at the end, everything works perfect. Hopefully this helps someone. Thank you again. Daryl
Looking at the article I was a bit too general. The line should be added to the bottom of the file but I just said "add". So I have made that clearer now.
Thank you for letting me know and how you are using it. It's always good to hear how the scripts are being used.
These instructions worked for 3B and 3B+ running 64-bit Bullseye. I configured wlan0 as an access point and a USB WiFi as wlan1 following your instructions to replace eth0 with wlan1 in nft-stat-ap.nft.
It is good to hear that the guide has been useful for a worthwhile cause. Thanks for the feedback.
You are probably getting a routing problem due to two default routes on wifi devices.
if you run the command: route
you will see a "default" entry for wlan0 and for wlan1 which will be causing the problem.
It doesn't know which wifi to use.
when you connect eth0 it uses that instead and it all works.
The script is setup to get dns from google on 8.8.8.8 but you can change this to use your routers dns setup by removing it.
in /etc/dhcpcd.conf
comment out these two lines with a #
#static routers=192.168.50.1
#static domain_name_servers=8.8.8.8
after a reboot it "should" let you use any url.
let me know if you have a further issue.
This has been tested on Raspbian Jessie, Raspbian Stretch, PiOS Buster & PiOS Bullseye. To see which version you have enter the command lsb_release -a
Raspberry Pi 4
Raspberry Pi 3 or 3 B+
Raspberry Pi 1 or 2 with a USB Wifi Dongle*,
Raspberry Pi Zero W, Pi Zero 2 and Zero with a USB WiFi Dongle* (network/internet Access Point not useable as it has no ethernet port.)
*some USB WiFi dongles don't work in adhoc mode or don't work with with the nl80211 driver used in this guide for RPi4, RPi 3, RPi3 B+ & Pi Zero W , Pi Zero 2 nbuilt wifi, so you may want to check this first before starting.
To see if your usb WiFi dongle can be used as an access point enter the command; iw dev ,scroll to section "Supported interface modes:" and look for * AP
Last line should read"... enter the command; iw list" instead of "iw dev"
Great programming. Thank you!
This guide has been up for several years and I have read it so many times and still missed that and nobody else pointed it out either. Thank you
First of all, also from me: thank you for this very good write-up. I’ve gone true it and read most of the questions.
I have a device on eth(0) with a static IP. I want to access from wlan1.
I have the hotspot running and working with dnsmasq etc.
wlan1 IP = 192.168.144.100, with dhcp-range=192.168.144.101,192.168.144.120,255.255.255.0,24h
Up to the point I uncomment packet forwarding for IPv4net.ipv4.ip_forward=1, I’m able to ping
wlan1 from a connected (windows) device connected to the hotspot. After that, “request timed out”
When I ping 192.168.144.12 (the static device) I get “Reply from 192.168.144.116: Destination host unreachable.” The .116 is my windows system
Do you have a pointer for me where I should look?
Thanx
Thank you, you are welcome.
I have not setup my pi's for your configuration as I had a few issues involving SD cards, cables and batteries!.
You can skip the port forward part as your devices are the same network.
You could probably skip the nftables/iptables part as well for the same reasons.
Try that first but a bridge may be what you need.
If you are setting up a permanent config with a static device on eth0 fully accessible from wlan1 then you probably want a bridge setup on the pi which will put eth0 and wlan1 on the same network.
a bridge device will need creating then hostapd.conf needs an extra line for bridge= with the device name and dnsmasq.conf needs the interface=wlan1 changed to the bridged device name.
I don't have specific instructions but there should be plenty of guides on how to do it. Just avoid any that want an entry in /etc/network/interfaces as it is not used on the Pi and will conflict with the setup.
Hope this some help.
I was wondering if you could clarify exactly how to connect to the PI via SSH or VNC from a device that is connected to the hotspot, there's probably a tutorial around I'm just having trouble finding anything. I know it's something obvious like making sure the SSH client is running on both, but would be nice to have it step-by-step.
I followed the instructions for the internet-routed mode if that makes a difference.
Firstly apologies for the slow response.
You have probably solved this issue now. But for vnc you need to activate the VNC option in the RaspberryPi Config menu option for Interfaces. Also ssh as well while you are there.
There should be a VNC icon by the clock.
The download the Real VNC viewer to your PC/Table/Phone.
Connect you device to the Pi's access point wifi signal RPiHotSpot.
To use the VNC opne the Viewer and enter the ip address that was put in /etc/dhcpcd.conf
192.168.50.10
VNC will then connect and ask for your PI's user name and password.
For ssh, once the device is connected to Pi's wifi. Open your ssh software. Putty on windows or use the terminal on Linux.
For Linux, presuming the Pi's user is pi, enter ssh pi@192.168.50.10 in a terminal window.
In Windows Putty enter the IP in the HOSTS text box 192.168.50.10 and then open or connect (can't remember what the button is called)
You will then be asked for the pi's user name and password you use to login to the desktop.
Hopefully that will help.
It's working great now, I've been able to ssh in via the hotspot
That's good to hear, i'm glad you are up and running.
You are welcome. Thanks for you're feedback and I am glad you have found it useful.
It should work fine for that project, use to have a PI1 setup like that with a usb wifi adapter.
If hostapd is running you should at least see the "RPiHotSpot" ssid from other wifi devices.
and sudo systemctl status hostapd is not showing an error then it may be something more obscure like spelling such as wlano rather than wlan0 or a comma etc in the wrong place but if you have used the download links on the site then they will be fine.
Other things that cause issues are any network config in sudo nano /etc/network/interfaces.
and check that sudo nano /etc/default/hostapd
has the config path against "DAEMON_CONF=" and not with DAEMON_OPTS=. Also
DAEMON_OPTS= should have a comment #DAEMON_OPTS=
If you are using Buster or Bullseye you can delete /etc/default/hostapd as it is not required, but if it is in place it has to be correct.
There is an installer on the home page, that will install any of the 3 hotspot guides as they are described in the guides.
If you install option 3 for the static hotspot it will fix any issues that there are.
As you don't want the network and the installer will set it up. You can disable the networking with
For Bullseye, just incase something uses nftables in the furture:
sudo nano /etc/nftables.conf
remove the line "include "/etc/nftables/nft-stat-ap.nft""
sudo systemctl disable nftables
For Buster and older:
sudo systemctl disable hs-iptables
That should fix any issues you are having.
If not you can let me know by email, admin at this site. Can you include outputs of
sudo systemctl status hostapd
sudo systemctl status dnsmasq
ip a
sudo systemctl -all list-unit-files hostapd.service
sudo systemctl -all list-unit-files dnsmasq.service
and I will see if we can find the issue.
very nice guide.
Before readind this I made a lot of search and tests: result a lot of useless guides.
Hopefully I found this one and my pi is working perfectly as a bridge.
Thanks a lot !!!!
D.
I't good to know you have found the guide useful, Thank you.
It can be difficult to get good info as the Pi does use a different setup to other distros. Glad I could help.
On my raspberry pi I managed to get it to work following this script https://github.com/lukicdarkoo/rpi-wifi/blob/master/configure, but I had to remove ctrl_interface from wpa_supplicant.conf and from hostapd.conf ( and also ctrl_interface_group in this case ).
The problem is that I cannot make use of wpa_cli to control wlan0. Maybe if someone with more knowledge can look at this, can share a configuration that works properly on Rpi4.
Thank you!!
Thanks for the request
This seems to be a popular subject lately. It's not something I have tried but looking at the setup it is not directly compatible as it uses /etc/network/interfaces which is depreciated on the PiOS. This will conflict with the Access Point setup so it will need an alternate configuration.
I am currently working on new features but I may look at this at a later date as it looks interesting.
https://github.com/lukicdarkoo/rpi-wifi/blob/79c8a2955f27ab1041249d323424d6a20cce42e2/ap_sta_config2.sh
Thanks for sharing the link, that looks more suitable. Bullseye uses NF Tables rather than IP tables but sounds good. :)
Thanks for the feedback, i feel your pain trying to get solutions to problems. I'm glad I could help with your setup. It is a bit of a minefield with older guides and guides for non compatible systems. For the Pi avoiding /etc/network/interfaces and using dhcpcd.conf is the way to go :)
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
root@raspberrypi:~# uname -a
Linux raspberrypi 5.15.32-v8+ #1538 SMP PREEMPT Thu Mar 31 19:40:39 BST 2022 aarch64 GNU/Linux
root@raspberrypi:~# cat /sys/firmware/devicetree/base/model
Raspberry Pi 4 Model B Rev 1.4
I followed the instructions for bullseye no internet but I have issues with hostapd. This is the log from journalctl -xe
Apr 12 16:35:08 raspberrypi hostapd[877]: Configuration file: /etc/hostapd/hostapd.conf
Apr 12 16:35:08 raspberrypi hostapd[877]: rfkill: WLAN soft blocked
Apr 12 16:35:08 raspberrypi hostapd[877]: Using interface wlan0 with hwaddr e4:5f:01:1a:bd:91 and ssid "RPiHotSpot"
Apr 12 16:35:08 raspberrypi hostapd[877]: Failed to set beacon parameters
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: Could not connect to kernel driver
Apr 12 16:35:08 raspberrypi hostapd[877]: Interface initialization failed
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: interface state UNINITIALIZED->DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: AP-DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: Unable to setup interface.
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: interface state DISABLED->DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: AP-DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: CTRL-EVENT-TERMINATING
Apr 12 16:35:08 raspberrypi hostapd[877]: hostapd_free_hapd_data: Interface wlan0 wasn't started
Apr 12 16:35:08 raspberrypi hostapd[877]: nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Cannot find what is the cause :/
I see you are using PiOS 64 which this has been tested on a couple of months back. It worked ok then at least.
For some reason your wlan0 interface is down when hostapd starts so it can't create the access point.
You should have a similar error for dnsmasq. sudo systemctl status dnsmasq
check sudo systemctl status dhcpcd
that should be running
check that /etc/dhcpcd.conf doesn't have a line "denyinterfaces wlan0"
the command: ip a
will show if the wlan0 interface is up or down, it should be up.
There should be no entries in /etc/network/interfaces
If no luck you can try the autohotspot installer. Link at the top of the page or on the home page.
That will install the setup the same as the guide.
Let me know if this help
I figured all I had to do is `rfkill unblock wifi` and hostapd was working without problems. Thank you for you guide!
Taking it one step further, I would like to run both AP and a Managed wifi interfaces on the RPi 4B.
The idea is to use the AP to access the configuration of the RPi, and the Managed interface as an uplink where Ethernet connection is not available. Only moderate throughput is required.
The 'iw list' command shows:
valid interface combinations:
* #{ managed }
To use wlan1 to connect to Wifi Network you need to replace the eth0 references in the Ip tables or NF tables section to wlan1.
Then after a reboot you should have what you need.
If you want wlan0 to connect to a wifi network and wlan1 to be the AP then you have to change the wlan0 references in
/etc/hostapd/hostapd.conf
/etc/dnsmasq.conf
/etc/dhcpcd.conf
to wlan1
Then the the IP tables or NF tables change wlan0 to wlan1 and eth0 to wlan0
Let me know if you need further info.
My original post appears to be incomplete, and so perhaps not clear what I was asking.
My question is whether it is possible to run two wifi interfaces (e.g. wlan0 and wlan1) at the same time from the built-in wifi chip on the RPi 4 device.
The 'iw list' command output indicates that this is possible:
valid interface combinations:
* #{ managed }
ah ok, yep thats a bit different. My understanding is that that is not possible on the Pi wifi hardware. Wifi devices that use a Atheros chip can do this but that is not the Pi.
I have recently been asked a similar thing and there looks like there is a software solution but I have not tried this.
https://imti.co/iot-wifi/
Hopefully this project will do the trick.
table inet ap {
chain routethrough {
type nat hook postrouting priority filter; policy accept;
oifname "wlan1" masquerade
}
chain forward {
type filter hook forward priority filter; policy accept;
iifname "wlan1" oifname "wlan0" ct state established,related accept
iifname "wlan0" oifname "wlan1" accept
}
}
I dont know what I messed up but I hope you can help me
Thank you anyways
Your nftables look fine to replace eth0 with wlan1.
You can check that thay are loaded ok with the command
sudo nft list ruleset
This should show the same entries.
If the loaded rule set is blank then you can manually load them with
sudo nft -f /etc/nftables/nft-stat-ap.nft
If you are needing to do this then double check the service is active.
sudo systemctl enable nftables
and check
sudo systemctl status nftables
One important area is dhcpcd.conf. It should be correct but best to check.
/etc/dhcpcd.conf at the bottom of the file make sure that these lines are this way round
interface wlan0
nohook wpa_supplicant
Also check wlan1 is active ok with
wpa_cli -i wlan1 status
If none of this works let me know and I will have a closer look.
i'm presented with [FAILED] unable to start nftables at boot up. the icon for the AP are still showing X but status shows its active and running with no errors.
the nftable on the other hand is showing "exit-code, status=1/FAILURE)
any help would be greatly appreciated!
The AP should be working fine with that failure you just won't be able to connect to any network through eth0.
I don't have a Pi setup on Bullseye that I can check this with as it is setup for my current project but I would guess either the /etc/nftables/nft-stat-ap.nft file doesn't have the permission set.
Retry sudo chmod +x /etc/nftables/nft-stat-ap.nft
Alternately you can load the nftables manually. This will give you an error message that hopefully helps.
After the AP has activated. use the command
sudo nft -f /etc/nftables/nft-stat-ap.nft
Hopefully that will shed some light on the issue.
Let me know if that helps or if you get errors and I will look into it further.
says "active" and no errors but I do not see the hotspot. The two arrows show eth0 active (I can ssh into it) but no wlan associated after above procedure - what else shall I try?
_____________________________________________
● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-02-07 09:57:36 PST; 5min ago
Docs: man:hostapd(8)
Process: 512 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
Main PID: 553 (hostapd)
Tasks: 1 (limit: 4915)
CPU: 104ms
CGroup: /system.slice/hostapd.service
└─553 /usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf
Feb 07 09:57:36 rpdg-commish systemd[1]: Starting Access point and authentication server for Wi-Fi and Ethernet...
Feb 07 09:57:36 rpdg-commish hostapd[512]: Configuration file: /etc/hostapd/hostapd.conf
Feb 07 09:57:36 rpdg-commish hostapd[512]: Using interface wlan0 with hwaddr e4:5f:01:58:d4:6c and ssid "rpdg-commish"
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: interface state UNINITIALIZED->ENABLED
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: AP-ENABLED
Feb 07 09:57:36 rpdg-commish systemd[1]: Started Access point and authentication server for Wi-Fi and Ethernet.
● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-02-07 09:57:36 PST; 5min ago
Docs: man:hostapd(8)
Process: 512 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
Main PID: 553 (hostapd)
Tasks: 1 (limit: 4915)
CPU: 104ms
CGroup: /system.slice/hostapd.service
└─553 /usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf
Feb 07 09:57:36 rpdg-commish systemd[1]: Starting Access point and authentication server for Wi-Fi and Ethernet...
Feb 07 09:57:36 rpdg-commish hostapd[512]: Configuration file: /etc/hostapd/hostapd.conf
Feb 07 09:57:36 rpdg-commish hostapd[512]: Using interface wlan0 with hwaddr e4:5f:01:58:d4:6c and ssid "rpdg-commish"
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: interface state UNINITIALIZED->ENABLED
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: AP-ENABLED
Feb 07 09:57:36 rpdg-commish systemd[1]: Started Access point and authentication server for Wi-Fi and Ethernet.
Thanks for the output.
I have tried to reproduce your issue. I can reproduce it but I don't get the output
Using interface wlan0 with hwaddr ...
wlan0: AP-ENABLED
so it seems something is different.
Can you check that in /etc/dhcpcd.conf the line
nohook wpa_supplicant
exists. This can cause the issue you are describing as the Pi will be trying to connect to your router as well.
If you are using Buster or Bullseye, which I presume you are all lines in /etc/defaults/hostapd should be commented out with a # at the start of every line. This file is not needed anymore.
/etc/network/interfaces should only contain 5 lines with the last line the only one un-commeted
source-directory /etc/network/interfaces.d
The installer script will be able to install this setup if non of this helps. There is a link at the top of the guide.
Otherwise can you let me know what OS and Pi you are using and what the output to
sudo systemctl status dnsmasq
sudo systemctl status dhcpcd
show as well and I will have a further look into it.
It sounds like the connection is unstable. For the password I would say check the /etc/hostapd/hostapd.conf has at least a 8 character password but if the hostapd.service is ok then it's not likely to be that.
Can you check that there is the correct ip address and only one for wlan0.
use: ip a
under wlan0 you should only have 192.168.50.10. If there is anything different or more than one ip address then that will be why. This would point to dnsmasq.config having an issue with the ip entries.
The other place that can possible cause an unstable connection is in /etc/dhscpcd.conf, the line nohook wpa_supplicant misspelled or not entered. This would also show up as a wifi icon in the tool bar instead of two blue arrows.
You could also try using the installer with option 3, link at the top of the article. This will solve any config issues.
If this doesn't help then I will look into it further.
For some reason there was an entry for my current SSID in wpa_supplicant.conf that I never manually entered. Some other rookie errors on my part.
(1) Originally setup wlan0 on the same subnet as eth0 - Created wlan0 on different subnet.
(2) Renamed /etc/wpa_supplicant/wpa_supplicant.conf to /etc/wpa_supplicant/wpa_supplicant.conf.orig
It now is stable.
My use for this is to communicate with some remote power plugs on 2.4G.
Speedtest for eth0 is around 100 Mbits/sec.
Speedtest for wlan0 is 10 Mbits/sec or less.
What are the optimal /etc/hostapd/hostapd.conf settings for maximal speed/throughput on 2.4Gig?
What are steps to troubleshoot performance issues on hostapd?
Again, this is a RPI 4
The channel is clear of any other WIFIs.
Only feet away from the RPI 4.
Thanks
It good to know you have found the issue. It's always the little things that cause the most chaos.
I can't say I have done any performance testing as any intermittent issue I put down to interference, but I don't generally have an issue. But your speeds do seem very low.
I'm not sure there are any speed improvements from hostapd.conf. As far as I know it is usually around the drivers, but as it's builtin wifi that shouldn't be an issue.
Other than seeing if setting the wifi power management to off offers any speed increase. I take it when the Pi is connected to a router the speeds are better.
to see power management status:
iw wlan0 get power_save
to switch off:
sudo iw wlan0 set power_save off
The other thing you could try is using 5ghz access point just to see if that gives better performance. If that is bad as well then there may be another issue.
I can send you a 5ghz hostapd.conf file if you want to try that.
I will keep tinkering to see if the reliability and performance can be improved.
I just had one curiosity about one line in the dhcpcd configuration.
static routers=192.168.50.1
What is this address?
It is not pingable from the RPI or the PC connected to the hotspot when it is UP and connected.
Thanks
The line static routers=192.168.50.1 is the access points gateway. All the access point network traffic to other networks not in 192.168.50 such as eth0 goes through this address and is handled by dhcpcd.
I used your setup for multiple Raspberrys and it works perfectly, thanks a lot :)
I was just wondering, if it is possible to have two or more Raspis with this setup running at the same time. So lets say I have 2 Raspis, each of them providing a seperate WIFI network and running a DCHP server with your configurations. Both Raspis are connected to my router, which is connected to the internet. Can both raspies use the same configuration (static ip, ip range, standard gateway) without the risk of an ip conflict or something?
Thanks a lot in advance.
On a simple setup then two or more Pi's on one router will be fine.
The Ethernet ip address to the Pi's is managed by the router so they all will have unique ip addresses.
The Wifi access point is a separate network so any device connected to the access point can use the internet.
If you have two mobile phones each connected to one of the Pi's and by chance they have been given the same IP address, it won't conflict because the router is communicating through eth0 and is not aware of the access point ip address given to the phones.
Though you will want to change the SSID on each Pi so you know which one your mobile phone is connecting to.
All devices connected to the AP on Pi1 can ping each other but they can't ping devices connected to the AP on Pi2.
(Though they can ping Pi2)
If you are want a setup where a phone connected to the access point on Pi1 wants to ping a phone connected to the access point on Pi2, you will need set additional "routing" in your Router and you will need to change the access point IP address on each Pi.
Change the 50 to a different number ###.##.50.# in dnsmasq.conf and dhcpcd.conf
thanks for your explanation. That's what I was looking for :)
Thanks a lot and best regards.
thanka a lot for the detailed guide. I followed evey step and after two reboots my phone connected to the created hotspot, also pretending to have internet access but actually no page is loaded. So either it is not working or just very slow.
What could be the reason and what would I have to change?
Thanks and regards,
Matthias
If you can I would confirm the Pi itself is getting internet through the LAN connection on eth0.
If the Pi has access to a display then load up the Pi's desktop and see if it will load a webpage or in terminal ping ww.google.com
Alternately connect to the access point and use SSH or VNC to connect to the Pi. Then open a terminal window and ping www.google.com.
If the Pi has no internet access then the issue is between the Pi and your router.
enter ip a
and see if eth0 has an ip address starting with 192.168
The setup doesn't change anything with eth0 so there may be a different issue.
If the Pi has access to the internet but the device connected to the Access Point does not, then check the IP tables are setup with sudo iptables -S
you should see the routing between wlan0 and eth0.
-A FORWARD -i eth0 -o wlan0 ..... and a second line with the devices reversed.
If this doesn't show then redo the ip tables part of the guide.
check the ip tables service is running
sudo systemctl status hs-iptables
it should see in the output status=0/SUCCESS
If ip tables are working then check that /etc/sysctl.conf has forwarding on:
net.ipv4.ip_forward=1
Let me know if this doesn't help. There is also an installer on the home page that will set the pi up the same as this guide if you have no luck.
Thank you for the very good guide, It's been a life saver. But I have a problem with connecting through sockets. My setup is: my pc connected with a rpi through an ethernet cable and this rpi (access point following your guide) is connected with an other rpi through a wifi signal. From the access point I can establish a socket connection to both my pc and the other rpi. But I need a socket connection from the second rpi (server) to the pc. I can ping from from the second rpi to the pc but not the other way around.
This is the output from ip route:
default via 192.168.1.10 dev wlan0 src 192.168.1.200 metric 303
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.200 metric 303
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.1 linkdown
(I've used 1 instead of 50 from your guide and the linkdown is from a program that shares the wifi signal to a fourth device using an ethernet connection)
Do you have any idea how I can fix this?
Thanks in advance.
I'm glad you have found it useful, apart from the issue :)
As you say the PI's can access a PC through Ethernet and they can all ping each other but the PC doesn't want to ping the second pi via Ethernet through the access point Pi. The is due to subnet routing through the Ethernet. Additional routing needs to be setup so the PC can ping the other devices on the access point network.
I have had a brief look but initial ip routes didn't work.
I will have a better look soon and get back to you.
The solution is to add a route to your PC.
For me I have Pi1 as Access Point on 192.168.50.10
This is connected to a Ubuntu PC via Ethernet
Then I have Pi2 connected to the WiFi access point with an ip of 192.168.50.178.
on Pi1 enter ip route
which returned this for ethernet
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.103 metric 202
Then on the PC I added a route as
sudo ip route add 192.168.50.0/24 via 192.168.1.103
I can now ping Pi2 from the PC and still ping the PC from PI2
so on you PC enter
sudo ip route add 192.168.1.0/24 via 192.168.2.1
it should work
This works. My pc is windows so i had to change a few things in the commands (for someone who has the same problem: open your terminal as admin and instead of ip route... do "route add 192.168.1.0/24 192.168.2.1").
Thank you for your help!
Also, it appears that for some reason I had not unmask or enabled the dnsmasq.service (hostapd and hs-iptables were enabled). Once I did that and restarted twice(?), it is working nicely. Thank you for the clear presentation!
You're welcome, I'm glad you have it working how you need it.
If you are just replacing eth0 for wwan0 then the autohotspot/N scripts will be able to handle that.
in /usr/bin/autohotspotN the line below allows the eth0 port to be changed
ethdev="eth0" #Ethernet port to use with IP tables
as long as no other setup is required it will work.
This is limited to Lan types as you can't redirect eth0 to wlan1 for these scripts as it will effect the switching but can be done for the static access point.
If your Pi4 is running the Apache server then you can only use localhost from your Pi's desktop.
As your phone is a different device on the network you need to use the Pi's ip address of 192.168.50.10 in your phones browser or setup a hostname for the access point and use that instead to access the web server.
You can setup a hostname for the access point, which can be different from the hostname the pi may have already.
edit /etc/hosts
and add
192.168.50.10 mywebserver
After a reboot you can access your apache server from your phone using http://mywebserver
any issue please let me know
I am able to get up from pihole, but traffic doesn't flow beyond wlan0 that's the problem
If you can switch PiHole to use Rpi dhcpcd then that would work. Though check that there is no config in /etc/network/interfaces as that will still conflict with the access point. It should just be the top 5 lines as shown in this guide.
for ip tables, I would start by switching the eth0 entries in /etc/iptables-hs to br0
#!/bin/bash
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
iptables -A FORWARD -i br0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o br0 -j ACCEPT
try that. If that doesn't work it may be that PiHole already has something in place for iptables. Then just disable my iptables service with
sudo systemctl disable hs-iptables
and reboot
#etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
#bridge=br0
country_code=AE
#ieee80211d=1
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
ssid=raspi3
wpa_passphrase=111222Q!
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
#pppoe on eth0 & lan on wlan0 as hotspot
auto dsl-provider
iface dsl-provider inet ppp
pre-up /bin/ip link set eth0 up # line maintained by pppoeconf
provider dsl-provider
# Bridge setup
#auto br0
#iface br0 inet manual
#bridge_ports eth0 wlan0
auto eth0
iface eth0 inet manual
iface wlan0 inet manual
#/etc/iptables-hs
#!/bin/bash
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-12-
pi@raspberrypi:~ $ sudo systemctl list-unit-files hs-iptables.service
UNIT FILE STATE
hs-iptables.service enabled
1 unit files listed.
pi@raspberrypi:~ $ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
The will be an issue with the fact there is config in /etc/network/interfaces
This will mean you are using two network managers which are conflicting. The access point used the standard network manager for the Raspberry Pi which is dhcpcd. the interfaces file is not used in Buster or Stretch.
if the /etc/network/interfaces config has come from PiHole then it's not compatible.
If there is a bridge being used there then iptables-hs will need to use br0 instead of eth0.
If PiHole used dhcp then its not compatible as the Pi and the access point uses dhcpcd by default. dhcpcd would have been stopped to use dhcp.
I can have a look at PiHole to see how it is configured but if the above is correct then I probably won't be able to help. I will have a look sometime this week and let you know.
interface=wlan0
driver=nl80211
bridge=br0
country_code=AE
ieee80211d=1
hw_mode=g
channel=6
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
ssid=raspi3
wpa_passphrase=111222Q!
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
I have not used PiHole so I can't confirm if it works ok with this setup. I have tried that password on my access point and it works fine in hostapd as it's 8 characters and can use !. All others settings look ok and I don't expect the extra bridge line causes an issue.
Other than trying a different password and checking for extra spaces and hidden characters I don't know what to suggest as hostapd will just compare what has been entered as a ssid password from a wifi device, to this config file.
I take it you don't see the RPiHotspot ssid (issue with: hostapd) or if you are you can't get an ip (issue with: dnsmasq).
Can you check if hostapd are running ok and have not failed for some reason.
enter: sudo systemctl status hostapd
it should say active (running) on the 3rd line. If not it will state an error in the text somewhere.
if that is ok do the same for dnsmasq
I suspect the issue to be one of those as dhcpcd should be fine as you have no wifi.
If you still have an issue let me know the results of the above and i will look into it further or if you use the installer, link at the top of this page, and reinstall the access point with option 3 it should fix any issues.
Good to hear you are up and running. Those self hiding typo's are annoying. I get them all the time :)
Thanks for letting me know.
The Pi's can communicate with ssh, vnc etc if they are on the same network. It should be one pi is setup as the access point and all the other are standard wifi and connect to the RPiHotspot ssid.
If they all have double arrows I presume they are all access points? If so they are all separate networks.
The red Xs are wrong, seem we are back to the start.
If that's setup from the installer then it should all be fine.
Not sure whats going on there,
I take it you can't see RPihotspot being broadcast,
Try using option 4 uninstall, reboot and then option 3 and reinstall it.
The ip tables in the iptables-hs service enable the internet forwarding. Check that the service is enabled and ip forwarding is enabled.
sudo systemctl list-unit-files hs-iptables.service
this should return enabled
if not use
sudo systemctl enable hs-iptables
also check ip forwarding is on
sudo nano /etc/sysctl.conf
and this line has no # at the start
net.ipv4.ip_forward=1
let me know if you have further issues.
My pi3b+ has eth0 connected to pppoe, working fine. But wifi hotspot doesnt provide ip address.
If you are seeing the RPiHotspot ssid with a wifi device but are not getting an ip on connection then:
For IP issues check that dnsmasq is running ok.
enter: sudo systemctl is-enabled dnsmasq.service
this should return enabled
if not enter sudo systemctl enable dnsmasq
and reboot
If that is fine check it is running with no errors with sudo systemctl status dnsmasq
There should be some green text saying running, if there is any errors then it should give you a clue to the issue. probably an error in the /etc/dnsmasq.conf file
Alternately you could try using the installer script, there is a link at the top of this article. This will reinstall the setup and fix any common errors that can be done with the manual guide.
let me know if that helps. If not we can look into it further.
I really enjoyed following your guide, and want to thank you for writing it. I made some progress in a project on my own, but have an issue that I would very much appreciate if you could share some tips.
I have my RPi set up with as an hotspot, and all devices that are connected have internet access. However, they can not communicate with each other. When i, for example, ping a device on the network from another device from the network, I get the dreaded "Destination Host Unreachable". However, I can successfully ping the devices from the Pi that is set up as a hotspot.
Now, to complicate matters further, the internet is fed into the hotspot-Pi via USB tethering from an Android phone. This results in my config files looking a bit different than in your guide, and I hope you will understand them.
Below is the config/information about my setup. I would be very thankful if you could have a look at it.
Best regards
Interfaces on the hotspot-Pi:
wifi1 (external usb adapter, hosting the hotspot)
usb0 (internet connection from Android Phone)
wifi0 (built in wifi, disabled)
dnsmasq.conf:
interface=wlan1
dhcp-range=192.168.4.2,192.168.4.50,255.255.255.0,24h
domain=wlan
address=/gw.wlan/192.168.4.1
dhcp-option=3, 192.168.4.1
dhcpcd.conf:
option domain-name "router.local";
option domain-name-servers 8.8.8.8, 1.1.1.1;
authoritative;
interface wlan1
static ip_address=192.168.4.1/24
nohook wpa_supplicant
interface usb0
static ip_address=192.168.42.125/24
static routers=192.168.42.129
static domain_name_servers=192.168.42.129
nohook wpa_supplicant
I responded by email a couple of days ago but it got returned even though previous ones worked.
My response was:
Looking at your setup there is nothing that stands out as being an issue but as that's specific to your setup so i can't reproduce that to check.
The nohook wpa_supplicant under usb0 shouldn't be required as this is to disable wifi from trying to connect to a network on the pi.
For all devices to comunicate you need port forwarding which you would have enabled as part of the guide. The next area that can cause the issue is routing.
Use the command: route
if this comes back with two lines as default or 0.0.0.0 then your connected devices may get routed off to the internet rather than back through wlan1.
try deleting the default route for usb0, with: route del default gw 192.168.42.129
and see if that helps.
If not try the other way
route del default gw 192.168.50.1
I have previously checked connections within the access point network with several Pi's connected to an access point and thay can ping and ssh each other and also with a PC connected to the main Pi via ethernet. It should be just forwarding and making sure the route's don't cause an issue.
If this dosn't work I will set it up again and check the config, its been a while
Let me know if this helps.
Thank you for your reply. Maybe the email not getting through have to do with the global outage of the Google services..?
Anyway, I tried tinker some more in the last days, and it seems it might be a hardware problem (my external wifi adapter). I tried switching to hosting the AP on the internal wifi, and I was surprised to see the result was the opposite from before. I got no internet access, but could access the locally connected devices. Since then I've resorted to another solution for my personal case. I do however as I said, suspect it is a hardware issue (and the adapter wasn't listed in the referenced in this guide.
Hopefully your answer can help someone else with similar troubles.
I wish you all the best,
Elias
Ah that would make sense, the google issues.
Ok, well good luck with your project :)
1: I have several RPi hotspots set up in my house in different rooms, but not that far away from each other. For the "static ip_address=192.168.50.10/24", should each hotspot have its own 192.168.50.xxx/24 address? I.e, .10, .11, .12, etc.
2. Is there a way to verify that the RPis are using the "static domain_name_servers=8.8.8.8"? If I "cat /etc/resolv.conf" I get "nameserver 127.0.0.1"
Many thanks, this is a great tutorial!
The Hotspots can have all the same ip's as they are all independent networks. You can only connect to one of them with a WiFi device at a time. When I use ssh with my Pi's I find it convenient because 1 ssh login works with any pi i connect to as they have the same IP.
If you have them all connected to a router through eth0, they will also have their own IP from the router so they all have unique IP's on that network as well.
The only thing you would want different is the SSID setup in /etc/hostapd/hostapd.conf so you can tell them apart and know which one you are connected to.
It will only be an issue if you have a computer with two wifi devices and connected both to different hotspots, then you will most likely get confused connections.
I don't know if you can see what online dns is used. dnsmasq handles how the dns is connected. My setup is pointed to 127.0.0.1 and if you use commands like host -a google.com it returns 127.0.0.1#53 but if I go to a non hotspot setup then dns is my router in resolve.conf and not the dns server of my net provider.
Sorry I can't help with that one.
I have commented the DHCP entries in dnsmasq.conf and it works fine, but changing:
domain_name_servers=8.8.8.8
to
domain_name_servers=xxx.xxx.xxx.003
Doesn't work. I can ping from the RPi but cannot connect via the RPi to the internet from a WiFi client. Anyone have any ideas. Thanks.
Can you give a little more detail on your changes and setup please. Your previous comments says you can't get a connection for eth0, the domain_name_servers=8.8.8.8 is for the internet dns through eth0, in this case Googles dns.
If you remove the line and a local dns service or connected router with dns settings is available then it should use that.
Can you include your dnsmasq.conf and dhcpcd.conf entries for the hotspot setup.
-$ echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt
-comment all #DAEMON_CONF=""
-install aircrack-ng and run sudo airmon-ng to find out what chipset your USB dongle is using
-Alfa AWUS036H (1w version) doesn't work
-Alfa AWUS051NH v2 works but device download is terrible, upload unaffected
Personally cannot connect via VNC and eth0, can connect from a WiFi device connected to wlan0.
Thanks for the feedback.
So you are disabling the internal wifi completely. So the USB is defiantly wlan0
The /etc/default/hostapd can be deleted on Buster as it is not needed, it's left on the guide for Stretch compatibility.
Can you give me more detail about the VPN issue and eth0 issue. Nothing has been changed with eth0 so you should still be able to connect via Lan to the Pi.
Can you ssh in, if you use that. Does the Hotspot work if you go back to the Pi's wifi. Just want to check the script is working ok for you.
You're welcome, i'm glad you find it useful.
Many thanks
For IP issues check that dnsmasq is running ok.
enter: sudo systemctl is-enabled dnsmasq.service
this should return enabled
if not enter sudo systemctl enable dnsmasq
and reboot
If that is fine check it is running with no errors with sudo systemctl status dnsmasq
There should be some green text saying running, if there is any errors then it should give you a clue to the issue. probably an error in the /etc/dnsmasq.conf file
If there is no issues with the above try accessing the pi from a non android device just to rule out any issues from the phone. The only issue that is expected is you won't be able to ssh from an android phone without disabling data, but VNC and browser will work fine with data on.
let me know if that helps. If not we can look into it further.
pi@nancy01:/etc $ sudo systemctl status hostapd
● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2020-08-13 21:33:36 CDT; 1s ago
Process: 1774 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=1/FAILURE)
Aug 13 21:33:36 nancy01 systemd[1]: hostapd.service: Failed with result 'exit-code'.
Aug 13 21:33:36 nancy01 systemd[1]: Failed to start Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
pi@nancy01:/etc $ sudo systemctl unmask hostapd
pi@nancy01:/etc $ sudo systemctl enable hostapd
Synchronizing state of hostapd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable hostapd
pi@nancy01:/etc $ sudo systemctl start hostapd
Job for hostapd.service failed because the control process exited with error code.
See "systemctl status hostapd.service" and "journalctl -xe" for details.
pi@nancy01:/etc $ sudo systemctl status hostapd.service
● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2020-08-13 21:37:14 CDT; 257ms ago
Process: 1979 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=1/FAILURE)
Even though I have the two arrows at the upper right corner of my screen, my hotspot does not show up in my list of networks.
Any idea what the problem might be?
Thanks!
It looks like there is an error in /etc/default/hostapd
As you are using Buster this file is not required so you could delete it or rename it to something else.
But as it's available, it's used. just check that both these lines are correct in the fie
DAEMON_CONF="/etc/hostapd/hostapd.conf"
#DAEMON_OPTS=""
let me know if that helps.
Is it possible to activate the 5 GHz also? Eventually I want to install a VPN on the Pi, but am taking it one step at a time.
You've done a good job with the site.
Many thanks.
Yes 5ghz can be setup.
in /etc/hostapd/hostapd.conf
change
hw_mode=g to hw_mode=a
channel=6 to channel=36
wmm_enabled=0 to wmm_enabled=1
and add the line:
ieee80211ac=1
also make sure your country is correct as it is more important for 5ghz
country_code=GB
I believe that all you need for a basic 5ghz setup.
The channel can be changed if there are strong 5ghz signals in your area using ch36 causing an unstable connection.
This will work fine with openvpn without any changes.
thanks.
Thank you for the prompt response. Pi running 5GHz.
Could you please assist with my current situation.
Pi3B+ Buster 10
I installed Airvpn hummingbird client on the Pi. It works, as I can see the connect made on their homepage. My android phone also connects to the Pi. The problem is the android has no internet connection. It is not connecting with the tunnel. When I shut down hummingbird, my phone regains internet.
The only errors I see from hummingbird are:
iptables v1.8.2 (legacy): can't initialize iptables table `security': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `security': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
I noted in the instructions the netfilter-persistent program was not going to be installed, deferring to a custom service.
Thank you for giving this a look and insight would be appreciated.
The access point directs traffic between eth0 and wlan0. VPN's often create devices like tun0 or bri0 inplace of eth0 so it maybe that the iptable rules in this guide need altering for you.
with the VPN enabled enter: ip a
Check if there is a device other than eth0, wlan0, lo,
if there is something else like tun0 change all references to eth0 in /etc/iptables-hs
and reboot.
It may be that your default route is eth0 so no traffic from your android device is directed to the vpn.
enter route
if the vpn uses tun0 and you see
Destination: default for Iface: eth0 but not for Iface: Tun0 then that may be the issue but i would expect that all traffic to eth0 would be redirect to Tun0 in AirVPN's setup.
Otherwise list the iptables rules and see if there is a conflict between Airvpn's setup and the access point setup
sudo iptables -S
let me know the output to iptables and route if this doesn't help.
Thank you for all your information!
I've got the same problem as Vince but with nftables (bullseye). I followed your recipe as stated above on a clean bulleye install. In addition I'm using openvpn and all works well except that connected devices don't have internet access when openvpn is connected to the vpn server. The rpi itself has internet access when openvpn is connected to the vpn server. Only the connected devices don't. They do when openvpn is not running.
When openvpn is connected to then vpn server tun0 appears when entering 'ip a' and/or 'route'.
How should this be solved since bullseye doesn't come natively with iptables?
Thank you in advance!
Tom
To use OpenVPN with the access point the NFtables for eth0 need to be changed to tun0.
In /etc/nftables/nft-stat-ap.nft change the three references fot eth0 to tun0
then use the command
sudo nftables -F /etc/nftables/nft-stat-ap.nft
to load the new settings or reboot.
The connected devices will now only get internet if OpenVPN is running.
However, I need to have access to the Pi when I am out and there is just my laptop and the Pi, no other network. Internet is not needed. Currently this seems to be possible only via Wifi. How can I achieve this with ethernet cable? The Pi should accept both wired and wireless connection.
Many many thanks!
Thanks. The setup to the eth0 is not changed so it works the same as if the access point hasn't been setup. So any guide to setting up a direct ethernet link between a Pi and a laptop should be fine as long as changes to Eth0 are done in /etc/dhcpcd.conf and not /etc/network/interfaces.
This guide looks to be suitable if you use Window on the laptop
https://www.circuitbasics.com/how-to-connect-to-a-raspberry-pi-directly-with-an-ethernet-cable/
But as a static ip is being set it won't work if you then connect the Ethernet to your router afterwards unless the router is on the same network ip range as what is set for your eth0 static ip.
hopefully this helps
Being a total "noob" (but old as heck) I was about to give up, having tried more than a half dozen online guides that apparently were outdated.
Many thanks - I'll now have proper WiFi signal strength in the mancave :-)
You're welcome and thanks for the feedback
It is a bit of a nightmare finding the good info from the bad online, been there many times. I'm glad you have it sorted now.
I've set my RPi4 into an AP (no internet access) without any issue. When I tried to set it back, disabling the services and rebooting, it keeps as if it where in hotspot mode (but no device actually sees the AP). Does it have another turnaround to fix this?
Thanks again!
Have you removed the entries from /etc/dhcpcd.conf as that will stop wifi from working?
#Static Hotspot
nohook wpa_supplicant
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8
You can double check all the services have been disabled with the following lines
sudo systemctl -all list-unit-files hostapd.service
sudo systemctl -all list-unit-files dnsmasq.service
sudo systemctl -all list-unit-files hs-iptables.service
they should all say disabled
Thanks for your quick answer :)
I've indeed removed the entries in the /etc/dhcpcd.conf and do all the checks you posted.
The first two are disabled while the last one wasn't found. Since I didn't proceed to internet connection, no iptables were written.
Am I still missing something? I've double check the procedure and I can't find my mistake.
It must have been a mistake, I made a new install of the OS, then execute all the procedure in a bash script and the AP is ON. Afterwards, executed another script to put down the AP and turn on the wifi and it's working!
Thanks again for the answer and the tutorial.
glad you have it sorted. Once the dhcpcd.conf bits are removed it should connect to your router, presuming /etc/wpa_supplicant/wpa_supplicant.conf has a wifi network setup.
Even if hostapd is still active it will still connect to the router so i'm not sure what your issue was.
Sound like you have a script to activate and deactivate the hotspot. I presume the Autohotspot setup also on this site dosn't fit your needs. The installer script can activate and deactivate the hotspot.
For vnc use 192.168.50.10::5900 but no connection. i know is stil up beacuse my samba is on and i can access it. im running headless.i also use ufw and vpn which were before installed.help.
If you have managed to connect successfully to the access point then you may need to confirm what ip address the PI has for Wifi. You will be able to ssh in via eth0 if you are not using a PiZero. If the wifi is the correct ip then it may be ufw needs some changes.
I have not used a firewall with the setup. On the autohotspot script (on the home page) with Firewalled setup it wouldn't except the standard rules and has some mods at the bottom of the article. So maybe there is a similar issue.
Also for the VPN I think that uses a it's own device to route data. So the ip tables will probably need changing from eth0 to whatever your VPN uses. But you should at least be able to ssh VNC into the PI.
Also was there any other custom setting on /etc/dhcpcd.conf for wlan0 that may be conflicting with the setup?
It looks like you need to skip the section for ip-tables.
Do the port forwarding in /etc/sysctl.conf but don't do the file /etc/iptables-hs and sudo systemctl enable hs-iptables
Then in ufw setup a rule to route wlan0 to eth0 in the same way the /etc/iptables-hs does.
Im not sure what you need to do for VPN but if connected wifi devices to the access point don't get vpn access and the vpn uses a bride device like br0 then you probably need to change ufw from eth0 to br0.
I haven't done this so I don't know but these would be where I would start.
if you quote the port it is 2 ip::5900,
If you use the default port you can use 1 ip:0
As 5900 is the default either work.
VNC is usually 5800 or 5900 it seemed at least when I done the guide you needed ::5900 as 5800 isn't the default on the Pi.
The article is a couple of years old but is up to date as stated at the top that it works and has been tested on the Raspberry Pi 4 and Raspbian Buster. But I get your point that the default option of created date dosn't help when looking for newer content so I have changed it to modified date.
Jun 18 19:44:00 raspberrypi hostapd[15736]: Configuration file:
Jun 18 19:44:00 raspberrypi hostapd[15736]: Could not open configuration file '' for reading.
Jun 18 19:44:00 raspberrypi hostapd[15736]: Failed to set up interface with
...
This line needed to be added:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
The instruction to add the default path is in the guide. Just above the instruction to unmask.
In Buster the default file is depreciated so not required and hostapd works fine but it is required on stretch and jessie as they don't have the latest version available, or at least not the version Buster uses.
thank you for this nice tutorial.
Everything works fine if I use the access point over wired eth0. But If I use it over wlan0 (wlan0=access point, wlan1=replacement for eth0), I can not reach the other local hosts any more:
"PING 192.168.178.32 (192.168.178.32) 56(84) bytes of data.
From 192.168.178.34 icmp_seq=1 Destination Host Unreachable"
I can reach only remote hosts in internet.
I can ping the local hosts again If I disable the hostapd. But after that the access point doesn't work any more as a result.
Can anyone help?
I use it on a Raspery Pi 3 B+ with Buster.
The setup won't work with wlan1 as wifi is disabled. You will need to alter the entries from the guide that were done in /etc/dhcpcd.conf to
denyinterface wlan0
interface wlan0
static ip_address=192.168.50.10/24
nohook wpa_supplicant wlan0
with the ip tables changes to wlan1 then it should work for you.
thanks for the quick reply. I did these settings already. But still no success:
dhcpcd.conf:
interface wlan1
static ip_address=192.168.178.33/24
static routers=192.168.178.1
static domain_name_servers=192.168.178.1 8.8.8.8 8.8.4.4
static domain_search=
denyinterface wlan0
interface wlan0
static ip_address=192.168.178.34/24
nohook wpa_supplicant wlan0
rules for itables:
#!/bin/bash
iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT
exit 0
dnsmasq.conf:
interface=wlan0
bind-dynamic
domain-needed
bogus-priv
dhcp-range=192.168.178.100,192.168.178.150,255.255.255.0,12h # IP range and lease time
I believe the issue is wlan0 & wlan1 both have the same gateway but are on different networks.
I presume your Wifi Router is on 192.168.178.1
so you want the PI to appear on your wifi network as 192.168.178.33 through wlan1
The Hotspot is a different network and gives connected Wifi devices the ip addresses in the dnsmasq.conf dhcp-range. The hotspots IP they connect to is the IP in dhcpcd.conf for wlan0.
The Pi itself will have the IP address your router gives through wlan1.
I would change dnsmasq.conf to
dhcp-range=192.168.50.150,192.168.50.150,255.255.255.0,12h
and dhcpcd.conf for wlan0 to
static ip_address=192.168.50.10/24
and try it again.
that is it! It works like a charm!
Thank you!!!
No Probleml, glad you're up and running.
I am trying to set up rpi4 with wlan0 as permanent AP like you reccomend, and wlan1 via a USB dongle to function like the default "out-of-the-box" raspberry pi os functionality to connect to for example my smartphone in tether mode.
whether the internet is forwarded or not is not essential, but it would be nice to have access to apt update.
I got the Access Point on wlan0 working, but I missed something to get wlan1 working.
in the desktop, when I hover over the network icon, I get:
eth0: link is down
wlan0: STOPPED
wlan1: Not associated
You're welcome :)
In dhcpcd.conf the wifi devices have been disabled which is why you get the message you see.
This can be changed so only wlan0 is disabled by changing the entries in /etc/dhcpcd.conf to
denyinterface wlan0
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8
nohook wpa_supplicant wlan0
You will also need to change the iptable rules to use wlan1 instead of eth0
in /etc/iptables-hs change them to
#!/bin/bash
iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT
The Pi will decide which device is wlan0 and wlan1 so you may see that switch between internal wifi and usb wifi depending on which one is discovered first. Though this should usually be internal for wlan0.
let me know if you get further issues
I guess my trouble is to assign the wlan1 to connect to a wifi.
if I put the login information to my tether wifi in the same wpa_supplicant.conf file, giving the following:
```
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=DK
network={
ssid="AndroidAP"
psk="123456789"
}
```
after adding the network ssid, I get a different tooltip hover message:
eth0: link is down
wlan0: Associated with AndroidAP
wlan0: Configured 192.168.50.10/24
wlan1: Not associated
with this configuration, my pi can access the internet, but no longer broadcasts the access point.
Swift but wrong, how about a slower more measured response.
I have just tested that and it failed too, im sure it worked before Buster. Anyway, a slight mod and remove the deny line.
interface wlan0
nohook wpa_supplicant
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8
now wlan1 will connect to your phones AP
The issue is there is now two default routes and at least on my setup you cant get net access until the the Hotspots route on wlan0 is deleted.
pi@buster16:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.50.1 0.0.0.0 UG 303 0 0 wlan0
default 192.168.1.254 0.0.0.0 UG 304 0 0 wlan1
enter: route del default gw 192.168.50.1
then it shows
pi@buster16:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.254 0.0.0.0 UG 304 0 0 wlan1
Unfortunately you need to do this each boot.
Obviously this can be done with a boot script but it needs to be after the route has been created.
hopefully this helps. If there is another option with the route issue I will let you know.
I got everything working accordingly both with and without 'denyinterface wlan0' needing to run the 'route del default gw 192.168.50.1' in either case.
I noticed that the route comes back every time I plug or unplug the ethernet cable, so I need to figure out the most convenient way to re-run the 'route del' command.
Thank you very much for making this guide, as well as educating me along the process!
After this success, I am now struggling with a challenge, if you have any thoughts, I would be thankful for your input:
I wanted to add a usb-c connection from a guide I found on another website[1], this works great, but with this configuration added as well, I dont get internet on the devices I connect to the PiAccessPoint, although I get internet on the pi itself after deleting the route as above.
[1] hardill.me.uk/wordpress/2019/11/02/pi4-usb-c-gadget
another typo from me i missed the s, it's denyinterfaces wlan0
But you don't need that for this.
The default route will will appear for eth0 but in my case its the same as wlan1 as it's to my router so it's ok. It should be fine as you have a route between wlan0 and wlan1.
You can setup a systemd service to run the delete route once network is up. I have not done that yet but should work if that's any help.
Looking at the usb-c link, interesting setup.
The first issues that stand out is that it uses /etc/network/interfaces.d
dhcpcd is the RPi's network manager so device config should be in /etc/dhcpcd.conf. network/interfaces will conflict with the device setup.
I would try moving the entry for /etc/dnsmasq.d/usb into /etc/dnsmasq.conf under the hotspot entries.
in /etc/dhcpcd.conf
don use the denyinterfaces usb0
but add
interface usb0 (or whaterver shows up for usb in: ip a)
static ip_address=10.55.0.1/24
static routers=10.55.0.254
Then in the script /root/usb.sh
change the line near the bottom:
ifup usb0
to
ip link set dev usb0 up
this is because ifup is a /network/interfaces command ip will work with dhcpcd.conf
I can't guarantee that will work but it's where I would start.
pi@raspberrypi:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.55.0.254 0.0.0.0 UG 205 0 0 usb0
default 192.168.50.1 0.0.0.0 UG 303 0 0 wlan0
default 192.168.0.1 0.0.0.0 UG 304 0 0 wlan1
10.55.0.0 0.0.0.0 255.255.255.0 U 205 0 0 usb0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.255.0 U 304 0 0 wlan1
192.168.50.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0
In my first try I deleted '/etc/network/interfaces.d' but forgot to put the content in the bottom of /etc/dnsmasq.conf
that resulted in no access through usb, but after
pi@raspberrypi:~ $ sudo route del default gw 10.55.0.254
pi@raspberrypi:~ $ sudo route del default gw 192.168.50.1
I got forwarded internet over wifi, when I then added the forgotten content to /etc/dnsmasq.conf I was able to ssh through usb, but not achieve wifi internet forwarding on.
Making progress then :)
I would add routing from usb0 to wlan1 to /etc/iptables-hs
iptables -A FORWARD -i wlan1 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i usb0 -o wlan1 -j ACCEPT
for deleting the default route it seems there is a unspecified delay before the ap default route is in the routing table. I have tried removing it with a systemd service at a few points in boot but had no luck. Im sure there is a better way as this seems overkill but anyway I just added a script waits for the default 192.168.50.1 to appear within a 50 second window after the system is fully up and then deletes it.
create sudo nano /etc/systemd/system/routeupdate.service
add this:
[Unit]
Description=Delete Default Route for AP
After=multi-user.target
[Service]
Type=simple
ExecStart=/etc/aproute.sh
[Install]
WantedBy=multi-user.target
then create sudo nano /etc/aproute.sh
#!/bin/bash
x=0
until [ $x -gt 10 ]
do
if route | grep -n "default 192.168.50.1" ;then
route del default gw 192.168.50.1
x == 11
else
x=$((x + 1))
sleep 5
fi
done
then make this script executable
sudo chmod +x /etc/aproute.sh
and enable the service
sudo systemctl enable routeupdate.service
you can add the usb default route but it will only be deleted if the AP route is found.
I may also look into forwarding ethernet to usb, essentially making the pi a usb-to-ethernet adapter.
while still not having internet through wifi, I am already pondering to increase the utility by setting up the pi-hole software (either by docker or directly on the pi)
Thank you very much for routeupdate.service, that will save me for some manual bash commands!
If I figure out progress in the forwarding of wifi, I will let you know :)
The 169.254 ip is because of an error meaning the correct ip can't be generated.
If you have changed the ip address in /etc/dhcpcd.conf
to
static ip_address=192.168.8.10/24
static routers=192.168.8.1
you also need to change it in /etc/dnsmasq.conf.
The dhcp-range from
dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h
to
dhcp-range=192.168.8.150,192.168.8.200,255.255.255.0,12h
the first 3 digits of the ip need to match ###.###.## what ip has been set. The 4th digit is the range connected devices will receive 150 -200.
This should solve your issue. Let me know if you have further issues.
Sorry for wasting your time, but thanks again for the quick reply.
Ah I can understand the issue :) Glad you have it sorted now. No problem.
Either way thank you for a brilliant tutorial that works!
Yes it can be done, I have just done a test with a group of Pi's. Any device on the hotspot can access the home network via ssh fine but as it stands the devices on the network had to ssh to the Hotspot Pi first and then ssh to the device connected the hotspot. So to complete the route you would need to add additional routing iptables to route the data via IP address from the IOT device.
You can set any device on the hotspot a static ip by adding the mac address details of the IOT to dnsmasq.
Firstly find the mac address of the IOT device that will be connected to the hotspot
in /etc/dnsmasq.conf enter the line
dhcp-host=xx:xx:xx:xx:xx:xx,192.168.5.60 where xx is the mac address
This IP does not need to be in the 150-200 range of dhcp-range but does have to match the first 3 numbers of the ip ###.###.#
If you are using Raspbian Buster and going to do additional routing then you may want to look at NFtables. Iptables have been depreciated but the rules still work via NFtables. NFtables for routing is the way forward. I will be updating this guide and the other hotspot scripts with NFtables soon. Raspbian Stretch needs IPtables.
The problem is the wifi connection in dhcpcd is disabled with the nohooks line. If you change your dhcpcd.conf entry to
denyinterface wlan0
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
nohook wpa_supplicant wlan0
then wlan1 will work again.
Raspbian is still using unpredictable network interfaces ie wlan0 wlan1. You can't control if your internal or usb wifi will be wlan0. So you may find they swap between boots.
The predicable network Interfaces feature would give the device name of wl######## where # is your mac address. Then changing wlan0 and wlan1 references to the predictable device names would control which device is the hotspot. But currently predictable is off by default for Raspbian.
Hope this helps.
wlan0 is the access point and wlan1 is associated with my wifi network, so I can ssh back to the Pi from a network-connected computer. But I can't reach the internet, neither on the RPi or with my phone connected to the access point Wlan0.
I did the config: #RPiHotspot config - Internet
And added static domain_name_servers=8.8.8.8 to dhcpcd.conf
sudo iptables -S give me:
-A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o wlan1 -j ACCEPT
Something lacking wlan1 to give internet access?
Thanks for letting me know. I last done the wlan0 to wlan1 setup in Raspbian Stretch so maybe thats an issue with Buster now.
It is difficult to find info. Most guides are old and reference network/interfaces which is depreciated in Raspbian so causes setup issues.
To add to the issue Buster uses NFtables instead of IPtables. Though the guide still uses IPtables which works for now it will be updated shortly to NFtables, just going to release an installer first then will be updating the routing.
Annoying with buster version and too little formal information on the connections between network/interfaces, dnsmasq and dhcpcd.
Thanks.
Roboberry.
This is the dhcpcd.conf file with the comments removed:
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.
hostname
clientid
persistent
option rapid_commit
option interface_mtu
require dhcp_server_identifier
slaac private
#This section for the static hotspot
#Static Hotspot
nohook wpa_supplicant
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
I have one more suggestion. If you set up wifi in /boot/wpa_supplicant.conf on windows - some text editors put windows line endings to this file and that is the issue for the script. So make sure you use dos2unix on wpa_supplicant.conf file.
Thanks, I had to change some of the background software which meant the comments couldn't be extracted. All three hotspot scripts have been out there for a few years, so well tested. Most of the issues where user error or feature request any bugs found have been addressed. I plan on updating the trouble shooting section for a bit more self help.
For the wpa_supplicant file. I have only ever put it in the boot folder from a linux machine. If it's created on windows does the Pi happily use it but the hotspot scripts fail to recognise it? Th PI should fail to use it the top 3 config lines are missing.
This article doesn't use wpa_supplicant so I presume you are referring to the auto scripts?