Follow by Email

Blog Archive

Search This Blog

Set up Raspberry Pi as a WLAN bridge (WLAN access point)

WLAN routers for Internet access are also WLAN access points. In such cases, the access point has a DHCP and DNS server. So you configure your own IP network.
Share it:
Set up Raspberry Pi as a WLAN bridge (WLAN access point)
WLAN access point
Typically, WLAN routers for Internet access are also WLAN access points. In such cases, the access point has a DHCP and DNS server. So you configure your own IP network. But if you already have a DHCP and DNS server in the local network, the operation of an additional wireless router does not make much sense. Especially because the cascading of routers unnecessarily creates difficulties. This usually manifests itself with connection problems.
In general, it is sufficient to operate Raspberry Pi as a network bridge, which mediates the data packets and connections between WLAN and LAN.
A network bridge, in English Bridge, connects two network segments. The connected computers are all in the same logical IP network and receive their IP configuration from the same address range.

Of course, operating Raspberry Pi as a network bridge requires that the local network already has a DHCP server, a DNS server, and a default gateway.
task
  • Check if the WLAN adapter has an access point mode.
  • Set up the wireless adapter as a wireless LAN access point.
  • Set up the Ethernet port as a transition to the wired network.
Note: Name of the network interfaces
Since Raspbian Stretch, the Ethernet and WLAN network interfaces have different names. So no longer "eth0" and "wlan0", but "enx ..." and "wlx ...". This concerns USB-connected network adapters whose names differ from the designations mentioned here. This means that one must first determine the individual name or change the naming to the old method.
Check requirements
To avoid setup problems, it is recommended to use a fresh Raspbian image. A Raspbian Jessie Lite is sufficient. In addition, you should make sure that the wireless adapter used with Raspberry Pi basically works and controls the access point mode. It works with the internal WLAN adapter in  Raspberry Pi 3.

First of all, let's see if the intended WLAN adapter is in AP mode. To check this, the wireless tools must be installed.
 sudo apt-get install iw 
 iw list | grep AP 
If this command ejects one or more lines with "AP", then everything is in the green zone and the WLAN adapter dominates the access point mode. Then the WLAN adapter is suitable for our task. If not, then you should get another WLAN adapter.
In Raspbian Jessie, a DHCP Client Daemon (DHCPCD) is enabled by default. The network configuration is done in the file " /etc/dhcpcd.conf ". For a part of the configuration of the network bridge we use the file "/ etc / network / interfaces" here. The DHCP Client Daemon is not affected.

However, it is important to determine if the dhcpcd is active at all.
 systemctl status dhcpcd 
Then we have to make sure that both the Ethernet interface (eth0) and the WLAN adapter (wlan0) are working and in place.
 ip l 
Both network interfaces (eth0 and wlan0) must be present. The IP configuration is irrelevant.

Update system and install software
If Raspberry Pi and the Wi-Fi adapter meet all requirements, then we can get started. We start with the installation of the necessary software. Before that we do a system update.
sudo apt-get update
sudo apt-get upgrade 
> Then we need two things: once an access point daemon and software for the network bridge. The Host Access Point Daemon (HostAPD), in short "hostapd", is a WLAN authenticator. He takes care of offering encrypted WLAN functions and the required authentication of the WLAN clients. For example via WPA2-PSK.
"bridge-utils" contains libraries and commands to set up network bridges.
 sudo apt-get install hostapd bridge-utils 
After the installation, the configuration of the WLAN AP host and the network bridge is done.
Configure WLAN AP Host (hostapd)
The configuration of the wireless AP host:
 sudo nano /etc/hostapd/hostapd.conf 
The file should not exist yet and be empty. If the file does exist, then you should completely override it.
In the file we enter the following minimal configuration. Of course, there are even more parameters that are irrelevant in this case.
 # Bridge operation
bridge = br0

# Interface and driver
interface = wlan0
# Driver = nl80211


# WLAN configuration
ssid = WLANbridge
channel = 1
hw_mode = g
ieee80211n = 1
ieee80211d = 1
country_code = EN
wmm_enabled = 1


# Wi-Fi encryption
auth_algs = 1
wpa = 2
wpa_key_mgmt = WPA-PSK
rsn_pairwise = CCMP
wpa_passphrase = test test 
Three settings have to be made individually. One is the WLAN name ("ssid"), the channel ("channel"), which can be freely configured from 1 to 13, but you do not have to change anything here. You may have to change the channel here, if a WLAN analysis shows that already several other WLANs occupy this channel. In principle, several WLANs can occupy the same channel. This is better than when the channels overlap.
The third parameter is the WLAN password ("wpa_passphrase"). Here you should enter a password of at least 8 characters in clear text.
If you already have a wireless access point, then it is not wrong to use its Wi-Fi name and Wi-Fi password. The clients then automatically select the WLAN for which there is better reception. To test whether the configured Wi-Fi bridge actually works, you should temporarily select a different WLAN name ("ssid").

Note on the WLAN driver: There is the parameter "driver" in this configuration file, which is commented out (#). Normally "hostapd" automatically loads the correct driver. Of course, that does not work. Then you have to explicitly specify the correct driver here.

Then save and close with Ctrl + O, Return, Ctrl + X.

Because this file contains the WLAN password in plain text, only the user "root" should have read access to this file.
 sudo chmod 600 /etc/hostapd/hostapd.conf 
Do not worry, with the user "pi" you can change and save the file at any time.

Configure and commission the network bridge
Now we have to configure the bridge and the network interfaces.
 sudo nano / etc / network / interfaces 
For this purpose, we make the following minimal configuration in the configuration file for the network settings.
 # Localhost

car lo
iface lo inet loopback


# Ethernet
car eth0
allow-hotplug eth0
iface eth0 inet manual


# WIRELESS INTERNET ACCESS
car wlan0
allow-hotplug wlan0
iface wlan0 inet manual
wireless power off


# Network bridge
car br0
iface br0 inet dhcp
bridge_ports eth0 wlan0 # build bridge
bridge_fd 0 # no forwarding delay
bridge_stp off # disable Spanning Tree Protocol 
Then save and close with Ctrl + O, Return, Ctrl + X.

It would also be conceivable to give the Ethernet interface a static IP configuration. This need not be. In this form, the WLAN bridge has the advantage that it works on any local network if the IPv4 configuration is delivered via DHCP. If IPv6 is enabled then it works as well.

Note: If you intend to give Raspberry Pi a static IPv4 address, then configure the br0 interface, not "eth0" or "wlan0", otherwise you will no longer be able to connect to Raspberry Pi via SSH ,

For a static IP configuration, it is also recommended to deactivate the DHCPCD.
sudo service dhcpcd stop
sudo systemctl disable dhcpcd 
More information:
For all changes to be accepted, we recommend a restart now.
 sudo reboot 
After the restart, you should check whether the network bridge has gone into operation.
 brctl show 
Note: Do not be confused by the fact that only the interface "eth0, but" wlan0 "has not yet been added, the interface" wlan0 "will not be added to the network bridge until the interface goes live with" hostapd ".
Commission WLAN-AP host (hostpad)
First we start the "hostapd" with the option "-dd" in debug mode. We will see "all" error messages.
 sudo hostapd -dd /etc/hostapd/hostapd.conf 
In debug mode (parameter -dd), "hostapd" will always produce messages, which need not be error messages. The debug mode is very informative in this case. If the configuration is correct and the WLAN adapter plays along, the configuration runs through. The program will not be finished. That is, "hostapd" does not return for command input. It can be ended with "Ctrl + C".

If the "hostapd" crashes, then something is wrong. However, the errors are extremely diverse and the associated error messages are not always clear. A popular error is the missing "sudo" when calling the command.
Other sources of error can be ruled out if you make sure that the wireless adapter works in principle and mastered the AP mode.
Another source of error is the distribution used. It will definitely work with "Raspbian". Other stripped-down distributions can cause problems.

You can also call "hostapd" normally.
 sudo hostapd /etc/hostapd/hostapd.conf 
A good sign is when the message "wlan0: AP-ENABLED" appears. Then you can test the WLAN bridge. For this one tries with a WLAN client to find the WLAN and log in there.
In the command line you can observe how the WLAN client logs in (CONNECTED) and also logs it out again (DISCONNECTED) when it ends the connection.

Note: If you make the configuration via SSH, then you should do the testing of the WLAN bridge with another client, because otherwise you shoot the SSH connection by changing the wireless network.

With the installation of "hostapd" it is automatically started in the background when booting. However, you still have to tell the daemon where to find its configuration.
If "hostapd" is still running, then we end it with "Ctrl + C". Then we open a configuration file:
 sudo nano / etc / default / hostapd 
In it we add the following parameters:
RUN_DAEMON = yes
DAEMON_CONF = "/ etc / hostapd / hostapd.conf" 
Then save and close with Ctrl + O, Return, Ctrl + X.

After a restart, "hostapd" will be started automatically with the created configuration. The WLAN bridge should then be available as a WLAN access point.
 sudo reboot 
Troubleshooting: Check "hostapd"
The status of "hostapd" can be checked as follows:
 sudo systemctl status hostapd 
The "hostapd" has been activated when the following message appears: '' Starting advanced IEEE 802.11 management: hostapd. ''
If not, the following error message appears: '' Starting advanced IEEE 802.11 management: hostapd failed! ''

Then please check whether the WLAN adapter dominates the AP mode:
 iw list | grep AP $ 
If not, no output will appear here. So you should use a different wireless adapter.

Another problem can be caused by the DHCPCD, because the interface breaks under the nail and thus can prevent the commissioning of the bridge.

To do this we open the configuration file of the DHCPCD and enter a line there.
 sudo nano /etc/dhcpcd.conf 
Exclude network interface from the configuration by the DHCPCD:
 deny interfaces eth0 
This line excludes the relevant interface from the network configuration.

Troubleshooting: Check network bridge
The operation of this WLAN bridge can fail in practice on one thing or another. As a rule, it is difficult to get to the bottom of the reasons.
Basically, the WLAN interface is only added to the bridge when the "hostapd" goes into operation successfully.

If so, then you can see if the bridge has also gone into operation.
 brctl show 
Here in the column "interfaces" both "eth0" and "wlan0" must be listed.
Note: It may take a few seconds for the bridge to add all the interfaces. Therefore, do not panic immediately, if not yet both interfaces are displayed.

If you are unsure at the point, then you should take a look at the system messages.
 dmesg
dmesg | grep br0 There should be the following lines:
device wlan0 entered promiscuous mode
br0: port 2 (wlan0) entered forwarding state
If not, then you should look for error messages related to "wlan0" and "br0".

One should know that there are USB sticks (regardless of the chipset), which are quite bitchy during initialization during the boot process. For example Fritz WLAN sticks of AVM. The initialize first a drive (for the driver installation). Only then does the stick go into WLAN operation. Corresponding instructions can be found with "dmesg".
This of course has consequences for the automatic start of "hostapd". It can only go into operation if the WLAN interface is available.
It may well be that you have to wait one to two minutes after the boot process on the wireless interface.
 ip a
If it exists, try to start the "hostapd" manually.
sudo systemctl start hostapd
sudo systemctl status hostapd
If the service was started, then it is basically.
 iw wlan0 info
If you want to know later, which MAC addresses (WLAN clients) are connected to the bridge:
 brctl showmacs br0
If you changed the configuration
If you change the hostapd configuration during operation, then you should make a restart of the "hostapd" afterwards.
 sudo systemctl restart hostapd
Alternatively, you can stop it and start again.
sudo systemctl stop hostapd
sudo systemctl start hostapd
If the automatic start in the background is not desired when booting, you can also turn it off with:
 sudo systemctl disable hostapd
The automatic start in the background when booting can be optionally switched on with:
 sudo systemctl enable hostapd
Notes onRaspberry Pi as a Wi-Fi bridge
No matter which solution, as a WLAN access point, Raspberry Pi is not so well suited for its interface performance. The facility is error prone, cumbersome and may not be safe. Apart from that, the Raspberry Pi with the necessary equipment is more expensive than a wireless router. If you seriously and permanently want to operate a wireless access point, you should take a look at OpenWRT and get a cheap compatible router to do so. Price, but also from the comfort is much more interesting.

safety instructions
Anyone who sets up and starts up their own network components also takes responsibility for this. With this solution, you can possibly shoot yourself in the knee. If you think that the solution presented here is finished, then that is a mistake. If you do not take any additional security measures, then you break yourself with this network bridge a security gap in the local network.
Please observe the safety instructions for operating a WLAN access point.
Extension: Use the WLAN bridge as man-in-the-middle for network monitoring
This Wi-Fi bridge is great for recording network traffic. For example, for network monitoring or for man-in-the-middle attacks.
A man-in-the-middle is a network device capable of listening, recording and manipulating network traffic. For this to succeed, the corresponding device must be in a network connection between two endpoints. That's exactly the case with the WLAN bridge.
Share it:

Raspberry Pi

Post A Comment:

0 comments: