In a
previous post, I talked about using the Raspberry Pi as a router. Now I wanted to add a WiFi device, and use the Pi as an access point as well. The Pi has three network interfaces:
wlan0 is the newly added WLAN device,
eth0 is my LAN, and
ppp0 is a USB GSM modem connecting everything to the internet.
The primary reason for all of this is to have an access point for an Android phone. It turns out that an ad-hoc network is not enough - Android connects only to real access points (unless rooted and configured to be less suspicious). So the task now is to set up a Linux access point.
Software-wise, the access point functionality is provided by hostapd, which can be installed on the Pi easily.
sudo apt-get install hostapd
The hardware part is quite tricky though - not every wlan card works in access point, or managed, mode in Linux. The state of support in the various drivers can be found at
linuxwireless.org. Among the USB WiFi sticks, ath9k_htc seems well supported. I ended up buying a
TL-WN722N, since it is supported by the ath9k_htc drier, and the external antenna looks efficient. It has worked very well so far, and is in daily use. Below, I describe the steps required for setting up everything. I am using Raspbian, but most of the things should work on any distribution.
The steps
Set up a DHCP server. Edit
/etc/dhcp/dhcpd.conf and add the following lines.
subnet 10.10.0.0 netmask 255.255.255.0 {
range 10.10.0.25 10.10.0.50;
option domain-name-servers 8.8.4.4;
option routers 10.10.0.1;
interface wlan0;
}
If you already have an entry for DHCP on another subnet on another interface, make sure that the old subnet declaration also specifies for which interface it applies. Next, execute the following commands in a terminal, as root.
ifconfig wlan0 10.10.0.1 #bring up the interface
/etc/init.d/isc-dhcp-server restart #restart the DHCP server
echo "1" > /proc/sys/net/ipv4/ip_forward #turn on IP forwarding
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE #add a routing rule.
Replace
ppp0 on the last line by the interface connected to the internet. For me
ppp0 is a GSM modem.
Edit
/etc/hostapd/hostapd.conf . Add these lines (as a starting point):
interface=wlan0
driver=nl80211
ssid=YOUR_STATION
hw_mode=g
channel=11
wpa=1
wpa_passphrase=SECRETPASSWORD
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
wpa_ptk_rekey=600
macaddr_acl=0
Next, start the access point by running hostapd.
hostapd -d /etc/hostapd/hostapd.conf
-d is for debugging output.
-dd shows even more. Can be useful while setting up.
Now you should be able to connect to your new access point! Note that when hostapd quits,
wlan0 looses it's IP address. So the IP must be set each time before hostapd is run.
If everything works with this setup, it is convenient to automate the startup procedure, so that the access point is enabled at each boot.
To bring up
wlan0 at boot, add the following to
/etc/network/interfaces
auto wlan0
iface wlan0 inet static
address 10.10.0.1
netmask 255.255.255.0
To start hostapd automatically, add the command to
/etc/rc.local:
hostapd -B /etc/hostapd/hostapd.conf
-B is for running in the background, as a daemon. Messages are logged in
/var/log/syslog.
For setting up the IP forwarding stuff permanently, see my previous
router post, and
this nice guide.
So far I am very pleased with this setup. The only drawback is that the LAN on
eth0 and the wireless network are separate and isolated from each other. Perhaps it's possible to construct a network bridge between the LAN and the WLAN interface. Then the two networks would appear as one, but this I leave for the next hacking session.
Add randomness!
Finally a note about a puzzling message from hostapd. When run with the flag
-dd, hostapd works, but outputs
Add randomness: count=1 entropy=0
Add randomness: count=2 entropy=1
Add randomness: count=3 entropy=2
and so on, with a new line every second or so. I thought this had to do with
/dev/random running out of random bits, but this is not the case.
Reading the source code of hostapd
(version 1.0, since this is what I have on the Pi), this turns out to be a normal and harmless debugging message. Hostapd keeps an internal pool of random bits (for encryption), in addition to the random numbers it reads from
/dev/random. In different places in the program, random (or at least unpredictable) data is mixed into this pool. For example the signal strength of each received packet is used in this way. The "
Add randomness" message is printed each time data is added to the pool. This is done in the function
random_add_randomness (const void *buf, size_t len)
in the file
hostapd-1.0/src/crypto/random.c. So, in summary, the message can safely be ignored, and goes away if one runs hostapd without the
-dd flag.
However, on a small system like the Pi, there
is a risk of depleting
/dev/random, especially just after a boot. I observed these messages from hostapd:
random: Got 18/20 bytes from /dev/random
random: Only 18/20 bytes of strong random data available from /dev/random
At this point I installed the program haveged,
sudo apt-get install haveged
Haveged is a program that helps with providing randomness or entropy, which it collects faster than the kernel does by default. I have not seen the message since then.