Setup Raspberry Pi as Wireless Access Point

November 21, 2022

Wireless Access Points can also be added to your existing set up to improve WIFI coverage or to give you WIFI access.   Access points work by connecting directly to your broadband router or network switch with an ethernet or data cable. This provides the AP with the internet connection and bandwidth required. It then transmits and receives a wireless signal in either the 2.4Ghz or 5Ghz frequency range.  This allows you to connect wireless to your Local Area Network (LAN) and the internet.  Wireless Access points are perfect for devices where you cannot connect a physical Ethernet cable or where it would be difficult to do so, making them perfect for providing an internet connection to smart phones,  tablets,  laptops,  wireless Audio Systems,  smart TV’s and so on.   If you have a very large house which needs complete WIFI coverage or a commercial property, then you can pretty much install as many as you want. Just remember that more isn’t always more.  The more wireless devices that you have the more pieces of equipment that have to compete for the same amount of space. This is important when installing wireless systems within flats or terraced houses where you also have to compete with your neighbors’ wireless signals also. 

Many people confuse a wireless router and an access point.  While both provide wireless access to your network, a router acts as a gateway between your internal network and the internet.  A router is a network device that can transfer data in a wired or wireless way. As an intelligent device, the router is enabled to direct incoming and outgoing traffic on the network in an efficient way.  A wireless router refers to a network device that performs the functions of a router by connecting WiFi-enabled devices, like laptops, smartphones, tablets, and such wirelessly. 

With just a few commands we can make a Raspberry Pi wireless access point that can be used to share your home internet with all of your devices. This is made easy now that the Raspberry Pi’s come with built in wireless and ethernet port.  All of the hardware is built in and we just need to make some simple software configurations.  The level Raspberry Pi’s are not going to perform that well if you have fast Internet.  But if your internet connection is 35 megabit or slower then you won’t likely notice anyway.  If you have high speed Internet over about 50 megabit you’ll definitely need to go with a new Raspberry Pi 4 which has USB 3 and Gigabit networking.

When setting up a wireless access point we must consider the wifi security protocol to use.  Wi-Fi protection is designed to avoid unauthorized access to wireless devices. Most home routers have several security modes that differ in levels of safety.  Various types of wireless security protocols have been developed for the safety of home wireless networks. Wireless security protocols are WEP, WPA, and WPA2, which serve the same function but are different.   WEP was developed for wireless networks and introduced as a Wi-Fi security standard in September 1999<a href=”#anchor1″>[1]</a>. It is still prevalent in the modern era within older structures due to its age. Out of all protocols, WEP is considered to be the least stable. WEP was officially discontinued by the Wi-Fi Alliance in 2004.  Wi-Fi Protected Access ( WPA ) was developed in response to the weaknesses of Wired Equivalent Privacy standards ( WEP ). WPA provides stronger encryption than WEP using either of two standard technologies: Temporal key integrity protocol ( TKIP or WPA-TKIP )<a href=”#anchor2″>[2]</a> and advanced encryption standard ( AES or WPA-AES )<a href=”#anchor3″>[3]</a>. WPA also includes built-in authentication support that WEP does not.  WPA2 is a security protocol developed by the Wi-Fi Alliance in 2004 for use in securing wireless networks designed to replace the WEP and WPA protocols.  WPA2 uses the AES standard instead of the RC4 stream cipher. CCMP replaces WPA’s TKIP<a href=”#anchor4″>[4]</a>.

To create a Raspberry Pi wireless access point, you’ll need a Raspberry Pi 3 or later that runs the latest version of Raspberry Pi OS.  This tutorial assumes that you have the Raspberry Pi OS already installed,  if you are starting from scratch,  you can read this tutorial on <a href=”https://ames-pc.com/geek/blogs/blog.html?issue=1949″ target=”_blank”>installing an OS on the Raspberry Pi</a>.  You will also need an ethernet cable to physically connect the Pi to your  router so that the Pi can get online directly. We will then configure the Pi so that the onboard Wi-Fi chip broadcasts a network for other devices to connect to, creating a bridge across those networks.  This will allow those devices to access the internet, using your Pi as a gateway. You can use a USB wireless adapter to create your access point instead, but you’ll need to check whether the chipset of your USB device has Linux drivers that support AP mode. Many devices don’t.

We’re going to need to install a few packages and configure them to get our RPi acting like a wireless AP.  We will need to update the pi by typing in the following commands:

<pre>

  <code>

    sudo apt udpate

    sudo apt ugprade

  </code>

</pre>

Reboot the Pi after this by using the sudo reboot command to make sure everything is clean after this upgrade.

There are two ways to set up a Raspberry Pi wireless access point.  NAT mode and Bridge Mode.  NAT mode is where the RPi acts as a router and NATs all traffic behind it to a new network.  It acts as a DHCP server, and a DNS server for clients.  Bridge mode is where the RPi simply passes traffic as-is between your wired and wireless networks. In NAT mode,   all wireless devices connected to your Raspberry Pi wireless access point will be invisible to wired devices on your network, as they will all be hidden behind a single IP address.  We will be setting up the RPi in bridge mode.  This will make your RPi act just like a normal wireless access point and simply pass all traffic between the wired and wireless networks (unless you specifically block something with IPTables).

The first two we are going to install are hostapd and dnsmasq.  Hostapd is software that turns your wireless network card into an access point.  It will do most of the heavy lifting for this project.  Bridge-utils is the software that bridges two network adapters in order to pass traffic between them.

To install these, issue the following commands:

<pre>

  <code>

    sudo apt install hostapd bridge-utils

  </code>

</pre>

In order to turn our Raspberry Pi into a wireless access point, we need to set up bridging.  Bridging is going to join two network interfaces together so they can pass traffic between them.  Let’s start with modifications to dhcpcd.conf.  Edit dhcpcd.conf by typing in <b>sudo nano /etc/dhcpd.conf</b>.  You’ll want to add the following lines at the end of the file:

<pre>

  <code>

    denyinterfaces eth0

    denyinterfaces wlan0

  </code>

</pre>

This configuration will prevent both ETH0 and WLAN0 from getting addresses from the DHCP client services.  This is important, because we only want our virtual bridge interface BR0 to get an IP address.  Now we need to create that bridge and assign it our two interfaces, along with configuring how it gets its IP address.  Edit the interfaces file by typing in <b>sudo nano /etc/network/interfaces</b>.  Below are the settings for dynamic ip and static ip.

<pre>

  <code>

    Dynamic

    # AP Bridge setup

    auto br0

    iface br0 inet dhcp

    bridge_ports eth0 wlan0

    Static

    # AP Bridge setup

    auto br0

    iface br0 inet static

    bridge_ports eth0 wlan0

    address 192.168.1.5

    netmask 255.255.255.0

    network 192.168.1.0

    broadcast 192.168.1.255

  </code>

</pre>

The next step is to set up hostapd,  to do so,  type <b>sudo nano /etc/hostapd/hostapd.conf</b>.  Add the following lines:

<pre>

  <code>

    interface=wlan0

    driver=nl80211

    ssid=YOURSSIDHERE

    hw_mode=g

    channel=7

    wmm_enabled=0

    macaddr_acl=0

    auth_algs=1

    ignore_broadcast_ssid=0

    wpa=2

    wpa_passphrase=YOURPASSWORDHERE

    wpa_key_mgmt=WPA-PSK

    wpa_pairwise=TKIP

    rsn_pairwise=CCMP

  </code>

</pre>

AFter that is done,  we need to tell hostapd where its configuration is.  Type in <b>sudo nano /etc/default/hostapd</b>. Add the following line to the end of the file:

<pre>

  <code>

    DAEMON_CONF=”/etc/hostapd/hostapd.conf”

  </code>

</pre>

Now we can finally enable and startup the hostapd services with the following commands:

<pre>

  <code>

    sudo systemctl unmask hostapd

    sudo systemctl enable hostapd

    sudo systemctl start hostapd

  </code>

</pre>

At this point, you’ll be able to see the SSID being broadcast, as well as connect to it from your smartphone, tablet, or laptop.  However, traffic will not yet pass.

First, we need to enable IP forwarding by editing the sysctl.conf file.  To do this, type <b>sudo nano /etc/sysctl.conf</b>.  Uncomment the following line by removing the <b>#</b> from the front of the line.

<pre>

  <code>

    net.ipv4.ip_forward=1

  </code>

</pre>

Now we need to add masquerading for the Eth0 interface so that it can pass traffic for others and then make it permanent so it works on reboot.

<pre>

  <code>

    sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    sudo sh -c “iptables-save &gt; /etc/iptables.ipv4.nat”

  </code>

</pre>

Finally,  we will edit rc.local and add a command to it.  To do so,  type in the following:

<pre>

  <code>

    iptables-restore &lt; /etc/iptables.ipv4.nat

    iptables-restore &lt; /etc/iptables.ipv4.nat

  </code>

</pre>

Now we can reboot the Rpi and everything should take effect.  Once the Raspberry Pi has rebooted, you should be able to see your Raspberry Pi access point appear in the wireless network lists on any other wifi enabled device. You can then connect to it, allowing you to share your Pi’s internet connection as a portable router.  To test it,  open up a web browser on your device. If you can visit a website without any issues,  your Raspberry Pi is working as a wireless access point.  

<p id=”anchor1″>[1]<a href=”https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy” target=”_blank”>  https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy</a>    “Wired Equivalent Privacy”</p>

<p id=”anchor2″>[2]<a href=”https://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol” target=”_blank”>  https://en.wikipedia.org/wiki/Temporal_Key_Integrity_Protocol</a>    “Temporal Key Integrity Protocol”</p>

<p id=”anchor3″>[3]<a href=”https://en.wikipedia.org/wiki/Advanced_Encryption_Standard” target=”_blank”>  https://en.wikipedia.org/wiki/Advanced_Encryption_Standard</a>    “Advanced Encryption Standard”</p>

<p id=”anchor4″>[4]<a href=”https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#WPA2″ target=”_blank”>  https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#WPA2</a>    “Wi-Fi Protected Access, WPA2″</p>