Raspberry WLAN Access Point Tutorial

Nico edited this page Sep 3, 2016 · 19 revisions

Archlinux tutorial will follow and will be much simpler.

Installation Instructions

# Install dependencies
sudo apt-get install hostapd dnsmasq iptables-persistent

# Edit config files (samples below)
sudo nano /etc/network/interfaces
sudo nano /etc/hostapd/hostapd.conf
sudo nano /etc/dnsmasq.d/dnsmasq.conf
sudo nano /etc/sysctl.d/50-hostapd.conf

# Configure iptables
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo dpkg-reconfigure iptables-persistent

# Reboot system
sudo reboot

/etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet manual

#allow-hotplug wlan0
#iface wlan0 inet manual
#    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

allow-hotplug wlan0
iface wlan0 inet static
    address 192.168.42.1
    netmask 255.255.255.0

allow-hotplug wlan1
iface wlan1 inet manual
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

/etc/hostapd/hostapd.conf

# Interface Settings
interface=wlan0
driver=nl80211

# Wifi AP Settings
ssid=hackallthethings
wpa_passphrase=hackallthethings
hw_mode=g
channel=6
ieee80211n=1

# Encryption Settings
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# Accept all MAC addresses
macaddr_acl=0

# Require clients to know the network name
#ignore_broadcast_ssid=0

# Enable WMM (QoS)
wmm_enabled=1

/etc/dnsmasq.d/dnsmasq.conf

interface=wlan0      # Use interface wlan0
bind-interfaces      # Bind to the interface to make sure we aren't sending things elsewhere
#server=8.8.8.8       # Forward DNS requests to Google DNS
domain-needed        # Don't forward short names
bogus-priv           # Never forward addresses in the non-routed address spaces.
dhcp-range=192.168.42.100,192.168.42.150,12h

/etc/sysctl.d/50-hostapd.conf

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

Generate new password + QR code every day

sudo apt-get install qrencode rng-tools
sudo nano /usr/local/bin/wlankeygen
sudo chmod +x /usr/local/bin/wlankeygen
sudo crontab -e

mkdir -p ~/bin
nano ~/bin/wlanqrgen
chmod +x ~/bin/wlanqrgen

/usr/local/bin/wlankeygen

#!/bin/bash

# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

# Generate new wlan password and safe it. Don't use special chars to make it simpler
WLANPSK=$(</dev/random tr -dc '[:graph:]'| head -c 63 )
sed -ie "s/wpa_passphrase=.*/wpa_passphrase=${WLANPSK}/" /etc/hostapd/hostapd.conf
service hostapd reload

echo "New WLAN password was generated and hostapd reloaded."

~/bin/wlanqrgen

#!/bin/bash

# Read in current setting
# Attention! eval is dangerous if hostapd.conf file can be modified from another user!
# If this script is run as root, one could insert 'ssid="nothing" reboot'
eval $(grep "^wpa_passphrase=" /etc/hostapd/hostapd.conf)
eval $(grep "^ssid=" /etc/hostapd/hostapd.conf)
eval $(grep "^ignore_broadcast_ssid=" /etc/hostapd/hostapd.conf)
hidden="false"
if [ "${ignore_broadcast_ssid}" == "0" ]
then
    hidden="true"
fi

# Generate QR code pictures for Android and Windows
qrencode -t PNG -o ~/Pictures/android.png -s 4 "WIFI:T:WPA;S:${ssid};P:${wpa_passphrase};H:${hidden};"
qrencode -t PNG -o ~/Pictures/windows.png -s 4 "WIFI;T:WPA;S:${ssid};P:${wpa_passphrase};H:${hidden};"

# IOS requires a hosted webpage which I do not want to host
# Use the copy to clipboard function for the password and manually connect instead.
qrencode -t PNG -o ~/Pictures/ios.png -s 4 "${wpa_passphrase}"

/var/spool/cron/crontabs/root

# DO NOT EDIT THIS FILE - edit the master and reinstall.
0 6 * * * /usr/local/bin/wlankeygen

Python Gui

You can also use a python gui to display the current password and its qr codes.

#TODO
sudo apt-get install qrencode python-kivy rng-tools python-configobj

nano /usr/local/bin/guestwlan.py
nano /usr/local/bin/guestwlan.kv

Links

Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.