Skip to content

Raspberry WLAN Access Point Tutorial

Jump to bottom
Nico edited this page Sep 3, 2016 · 19 revisions

Archlinux tutorial will follow and will be much simpler.

Installation Instructions

# Install dependencies
sudo apt-get install hostapd dnsmasq iptables-persistent

# Edit config files (samples below)
sudo nano /etc/network/interfaces
sudo nano /etc/hostapd/hostapd.conf
sudo nano /etc/dnsmasq.d/dnsmasq.conf
sudo nano /etc/sysctl.d/50-hostapd.conf

# Configure iptables
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo dpkg-reconfigure iptables-persistent

# Reboot system
sudo reboot

/etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet manual

#allow-hotplug wlan0
#iface wlan0 inet manual
#    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

allow-hotplug wlan0
iface wlan0 inet static
    address 192.168.42.1
    netmask 255.255.255.0

allow-hotplug wlan1
iface wlan1 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

/etc/hostapd/hostapd.conf

# Interface Settings
interface=wlan0
driver=nl80211

# Wifi AP Settings
ssid=hackallthethings
wpa_passphrase=hackallthethings
hw_mode=g
channel=6
ieee80211n=1

# Encryption Settings
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# Accept all MAC addresses
macaddr_acl=0

# Require clients to know the network name
#ignore_broadcast_ssid=0

# Enable WMM (QoS)
wmm_enabled=1

/etc/dnsmasq.d/dnsmasq.conf

interface=wlan0      # Use interface wlan0
bind-interfaces      # Bind to the interface to make sure we aren't sending things elsewhere
#server=8.8.8.8       # Forward DNS requests to Google DNS
domain-needed        # Don't forward short names
bogus-priv           # Never forward addresses in the non-routed address spaces.
dhcp-range=192.168.42.100,192.168.42.150,12h

/etc/sysctl.d/50-hostapd.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

Generate new password + QR code every day

sudo apt-get install qrencode rng-tools
sudo nano /usr/local/bin/wlankeygen
sudo chmod +x /usr/local/bin/wlankeygen
sudo crontab -e

mkdir -p ~/bin
nano ~/bin/wlanqrgen
chmod +x ~/bin/wlanqrgen

/usr/local/bin/wlankeygen

#!/bin/bash

# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

# Generate new wlan password and safe it. Don't use special chars to make it simpler
WLANPSK=$(</dev/random tr -dc '[:graph:]'| head -c 63 )
sed -ie "s/wpa_passphrase=.*/wpa_passphrase=${WLANPSK}/" /etc/hostapd/hostapd.conf
service hostapd reload

echo "New WLAN password was generated and hostapd reloaded."

~/bin/wlanqrgen

#!/bin/bash

# Read in current setting
# Attention! eval is dangerous if hostapd.conf file can be modified from another user!
# If this script is run as root, one could insert 'ssid="nothing" reboot'
eval $(grep "^wpa_passphrase=" /etc/hostapd/hostapd.conf)
eval $(grep "^ssid=" /etc/hostapd/hostapd.conf)
eval $(grep "^ignore_broadcast_ssid=" /etc/hostapd/hostapd.conf)
hidden="false"
if [ "${ignore_broadcast_ssid}" == "0" ]
then
    hidden="true"
fi

# Generate QR code pictures for Android and Windows
qrencode -t PNG -o ~/Pictures/android.png -s 4 "WIFI:T:WPA;S:${ssid};P:${wpa_passphrase};H:${hidden};"
qrencode -t PNG -o ~/Pictures/windows.png -s 4 "WIFI;T:WPA;S:${ssid};P:${wpa_passphrase};H:${hidden};"

# IOS requires a hosted webpage which I do not want to host
# Use the copy to clipboard function for the password and manually connect instead.
qrencode -t PNG -o ~/Pictures/ios.png -s 4 "${wpa_passphrase}"

/var/spool/cron/crontabs/root

# DO NOT EDIT THIS FILE - edit the master and reinstall.
0 6 * * * /usr/local/bin/wlankeygen

Python Gui

You can also use a python gui to display the current password and its qr codes.

#TODO
sudo apt-get install qrencode python-kivy rng-tools python-configobj

nano /usr/local/bin/guestwlan.py
nano /usr/local/bin/guestwlan.kv

Links

https://NicoHood.de

Clone this wiki locally