Configure Raspberry Pi 3B+ as an AP

00_Raspberry_Pi_3B+_as_AP

Configure Raspberry Pi 3B+ as an AP

dhcpd.conf

# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#

# option definitions common to all supported networks...
###option domain-name "example.org";
###option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;

# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

# No service will be given on this subnet, but declaring it helps the 
# DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

# This is a very basic subnet declaration.

subnet 192.168.50.0 netmask 255.255.255.0 {
  option broadcast-address 192.168.50.255;
  option routers 192.168.50.1;
  option subnet-mask 255.255.255.0;
  pool {
      range 192.168.50.10 192.168.50.150;
  }
  default-lease-time 600;
  max-lease-time 7200;
  option domain-name "local";
#  option domain-name-servers 8.8.4.4;			# dns2 is 0.0.0.0
#  option domain-name-servers 0.0.0.0 8.8.4.4;		# Configuration file errors encountered -- exiting
  option domain-name-servers 0.0.0.0;			# dns2 is 0.0.0.0
}

#subnet 10.254.239.0 netmask 255.255.255.224 {
#  range 10.254.239.10 10.254.239.20;
#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
#}

# This declaration allows BOOTP clients to get dynamic addresses,
# which we don't really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {
#  range dynamic-bootp 10.254.239.40 10.254.239.60;
#  option broadcast-address 10.254.239.31;
#  option routers rtr-239-32-1.example.org;
#}

# A slightly different configuration for an internal subnet.
#subnet 10.5.5.0 netmask 255.255.255.224 {
#  range 10.5.5.26 10.5.5.30;
#  option domain-name-servers ns1.internal.example.org;
#  option domain-name "internal.example.org";
#  option routers 10.5.5.1;
#  option broadcast-address 10.5.5.31;
#  default-lease-time 600;
#  max-lease-time 7200;
#}

# Hosts which require special configuration options can be listed in
# host statements.   If no address is specified, the address will be
# allocated dynamically (if possible), but the host-specific information
# will still come from the host declaration.

#host passacaglia {
#  hardware ethernet 0:0:c0:5d:bd:95;
#  filename "vmunix.passacaglia";
#  server-name "toccata.example.com";
#}

# Fixed IP addresses can also be specified for hosts.   These addresses
# should not also be listed as being available for dynamic assignment.
# Hosts for which fixed IP addresses have been specified can boot using
# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
# be booted with DHCP, unless there is an address range on the subnet
# to which a BOOTP client is connected which has the dynamic-bootp flag
# set.
#host fantasia {
#  hardware ethernet 08:00:07:26:c0:a5;
#  fixed-address fantasia.example.com;
#}

# You can declare a class of clients and then do address allocation
# based on that.   The example below shows a case where all clients
# in a certain class get addresses on the 10.17.224/24 subnet, and all
# other clients get addresses on the 10.0.29/24 subnet.

#class "foo" {
#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
#}

#shared-network 224-29 {
#  subnet 10.17.224.0 netmask 255.255.255.0 {
#    option routers rtr-224.example.org;
#  }
#  subnet 10.0.29.0 netmask 255.255.255.0 {
#    option routers rtr-29.example.org;
#  }
#  pool {
#    allow members of "foo";
#    range 10.17.224.10 10.17.224.250;
#  }
#  pool {
#    deny members of "foo";
#    range 10.0.29.10 10.0.29.230;
#  }
#}

dnsmasq.conf

# Never forward plain names (without a dot or domain part)
domain-needed

# Never forward addresses in the non-routed address spaces.
bogus-priv

# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=wlan0

# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
log-queries

hostapd.conf.wlan0.ap.2.4G

# /etc/hostapd/hostapd.conf 

#sets the wifi interface to use
interface=wlan0

#sets the ssid of the virtual wifi access point
ssid=Rpi3B-AP

#sets the mode of wifi, depends upon the devices you will be using. It can be a,b,g,n. Not all cards support 'n'.
hw_mode=g

#sets the channel for your wifi  (see $ iw list)
# for 2.4GHz, channels are [1-14] inclusive
channel=2
#channel=6

#macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"
macaddr_acl=0

#setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid
ignore_broadcast_ssid=0
### ignore_broadcast_ssid=1		# for hidden SSID

#Sets authentication algorithm
#1 - only open system authentication
#2 - both open system authentication and shared key authentication
auth_algs=1

#####Sets WPA and WPA2 authentication (remove this section if you don't need encryption)#####
#wpa option sets which wpa implementation to use
#1 - wpa only
#2 - wpa2 only
#3 - both
wpa=2

#sets wpa passphrase required by the clients to authenticate themselves on the network
wpa_passphrase=123456789a
#sets wpa key management
wpa_key_mgmt=WPA-PSK
#sets encryption used by WPA
wpa_pairwise=TKIP
#sets encryption used by WPA2
rsn_pairwise=CCMP

#
#driver to use, nl80211 works in most cases
driver=nl80211

# Interface for separate control program
# /var/run/hostapd is the recommended directory for sockets and by default,
# hostapd_cli will use it when trying to connect with hostapd.
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

hostapd.conf.wlan0.ap.5G

# /etc/hostapd/hostapd.conf 

#sets the wifi interface to use
interface=wlan0

#sets the ssid of the virtual wifi access point
ssid=Rpi3B-AP

# Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz),
# g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used
# with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this
# needs to be set to hw_mode=a. When using ACS (see channel parameter), a
# special value "any" can be used to indicate that any support band can be used.
# This special case is currently supported only with drivers with which
# offloaded ACS is used.
# Default: IEEE 802.11b
#sets the mode of wifi, depends upon the devices you will be using. It can be a,b,g,n. Not all cards support 'n'.
hw_mode=a

#sets the channel for your wifi  (see $ iw list)
# for 5GHz, channels are in [34]...[165] range (non-contiguous)
channel=149

# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535)
beacon_int=100

# Driver interface type (hostap/wired/none/nl80211/bsd);
# default: hostap). nl80211 is used with all Linux mac80211 drivers.
# Use driver=none if building hostapd as a standalone RADIUS server that does
# not control any wireless/wired driver.
# driver=hostap
driver=nl80211

# Access control for the control interface can be configured by setting the
# directory to allow only members of a group to use sockets. This way, it is
# possible to run hostapd as root (since it needs to change network
# configuration and open raw sockets) and still allow GUI/CLI components to be
# run as non-root users. However, since the control interface can be used to
# change the network configuration, this access needs to be protected in many
# cases. By default, hostapd is configured to use gid 0 (root). If you
# want to allow non-root users to use the contron interface, add a new group
# and change this value to match with that group. Add users that should have
# control interface access to this group.
#
# This variable can be a group name or gid.
#ctrl_interface_group=wheel
ctrl_interface_group=0

#setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid
ignore_broadcast_ssid=0
### ignore_broadcast_ssid=1		# for hidden SSID

# Client isolation can be used to prevent low-level bridging of frames between
# associated stations in the BSS. By default, this bridging is allowed.
#ap_isolate=1
ap_isolate=0

# ieee80211ac: Whether IEEE 802.11ac (VHT) is enabled
# 0 = disabled (default)
# 1 = enabled
# Note: You will also need to enable WMM for full VHT functionality.
# Note: hw_mode=a is used to specify that 5 GHz band is used with VHT.
ieee80211ac=1

# vht_capab: VHT capabilities (list of flags)
vht_capab=[HT40+]

# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e):
# for 802.11a or 802.11g networks
# These parameters are sent to WMM clients when they associate.
# The parameters will be used by WMM clients for frames transmitted to the
# access point.
#
# note - txop_limit is in units of 32microseconds
# note - acm is admission control mandatory flag. 0 = admission control not
# required, 1 = mandatory
# note - Here cwMin and cmMax are in exponent form. The actual cw value used
# will be (2^n)-1 where n is the value given here. The allowed range for these
# wmm_ac_??_{cwmin,cwmax} is 0..15 with cwmax >= cwmin.
#
wmm_enabled=1

#Sets authentication algorithm
#1 - only open system authentication
#2 - both open system authentication and shared key authentication
auth_algs=1

#####Sets WPA and WPA2 authentication (remove this section if you don't need encryption)#####
#wpa option sets which wpa implementation to use
#1 - wpa only
#2 - wpa2 only
#3 - both
wpa=2

#sets wpa passphrase required by the clients to authenticate themselves on the network
wpa_passphrase=123456789a
#sets wpa key management
wpa_key_mgmt=WPA-PSK
#sets encryption used by WPA
wpa_pairwise=TKIP
#sets encryption used by WPA2
rsn_pairwise=CCMP

#
#driver to use, nl80211 works in most cases
driver=nl80211

# Interface for separate control program
# /var/run/hostapd is the recommended directory for sockets and by default,
# hostapd_cli will use it when trying to connect with hostapd.
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

rpi3b+_wlan0_as_AP.txt

#

# firewall configuration

	$ sudo sysctl net.ipv4.ip_forward
	$ sudo sysctl net.ipv4.ip_forward=1

	#Run the following commands to create the network translation between the ethernet port eth0 and the wifi port wlan0
	#
	$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	$ sudo iptables -A FORWARD -i eth0  -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
	$ sudo iptables -A FORWARD -i wlan0 -o eth0  -j ACCEPT
	$ sudo iptables -t nas -L --line-numbers
	$ sudo iptables        -L --line-numbers

# start hostapd

	$ sudo hostapd /etc/hostapd/hostapd.conf

# start either udhcpd or isc-dhcp-server

	# check DHCP server status
	$ service --status-all | grep -e dhcp -e hostapd -e dns
	 [ - ]  dhcpcd
	 [ + ]  dnsmasq
	 [ + ]  hostapd
	 [ + ]  udhcpd

	#----- udhcpd
	$ sudo /etc/init.d/udhcpd status	(or sudo service udhcpd status)
	$ sudo /etc/init.d/udhcpd start		(or sudo service udhcpd start)
	$ sudo /etc/init.d/udhcpd restart	(or sudo service udhcpd stop ; sudo service udhcpd start)

		# modify "opt dns ..." line in /etc/udhcpd.conf
		# can have :  opt dns dns1=8.8.4.4
		# can have :  opt dns dns1=0.0.0.0 dns2=8.8.4.4
		# can have :  opt dns dns1=0.0.0.0 dns2=0.0.0.0

	#----- isc-dhcp-server
	$ sudo service isc-dhcp-server status
	$ sudo service isc-dhcp-server start

		# modify "option domain-name-servers ..." line in /etc/dhcp/dhcpd.conf
		# can have     :  option domain-name-servers 8.8.4.4;			# dns2 is 0.0.0.0
		# can NOT have :  option domain-name-servers 0.0.0.0 8.8.4.4;
		# can have     :  option domain-name-servers 0.0.0.0;			# dns2 is 0.0.0.0

		# See "systemctl status isc-dhcp-server.service" and "journalctl -xe" for details.
		$ journalctl -xe

		$ ls -l /var/run/dhcpd.pid

# start dnsmasq (with DHCP disabled)

	$ sudo /etc/init.d/dnsmasq status
	$ sudo /etc/init.d/dnsmasq start

# disable auto-start

	#https://askubuntu.com/a/874966/413720
	#
	# to prevent running DHCP server after reboot. update init scripts by update-rc.d:

	$ sudo update-rc.d -f isc-dhcp-server remove

	# to add DHCP Server to startup again, do:

	$ sudo update-rc.d isc-dhcp-server defaults

	#
	### tdwong's simple hack...
	#

	$ sudo chmod -x /etc/init.d/isc-dhcp-server

# show service log

	$ tail -f /var/log/syslog
	$ tail -f /var/log/daemon.log

udhcpd.conf

# Sample udhcpd configuration file (/etc/udhcpd.conf)

# The start and end of the IP lease block

##start		192.168.0.20	#default: 192.168.0.20
##end		192.168.0.254	#default: 192.168.0.254
start		192.168.50.20	#default: 192.168.0.20
end		192.168.50.150	#default: 192.168.0.254


# The interface that udhcpd will use

##interface	eth0		#default: eth0
interface	wlan0		#default: eth0


# The maximim number of leases (includes addressesd reserved
# by OFFER's, DECLINE's, and ARP conficts

#max_leases	254		#default: 254


# If remaining is true (default), udhcpd will store the time
# remaining for each lease in the udhcpd leases file. This is
# for embedded systems that cannot keep time between reboots.
# If you set remaining to no, the absolute time that the lease
# expires at will be stored in the dhcpd.leases file.

#remaining	yes		#default: yes


# The time period at which udhcpd will write out a dhcpd.leases
# file. If this is 0, udhcpd will never automatically write a
# lease file. (specified in seconds)

#auto_time	7200		#default: 7200 (2 hours)


# The amount of time that an IP will be reserved (leased) for if a
# DHCP decline message is received (seconds).

#decline_time	3600		#default: 3600 (1 hour)


# The amount of time that an IP will be reserved (leased) for if an
# ARP conflct occurs. (seconds

#conflict_time	3600		#default: 3600 (1 hour)


# How long an offered address is reserved (leased) in seconds

#offer_time	60		#default: 60 (1 minute)

# If a lease to be given is below this value, the full lease time is
# instead used (seconds).

#min_lease	60		#defult: 60


# The location of the leases file

#lease_file	/var/lib/misc/udhcpd.leases	#defualt: /var/lib/misc/udhcpd.leases
# # dumpleases -f /var/lib/misc/udhcpd.leases 

# The location of the pid file
#pidfile	/var/run/udhcpd.pid	#default: /var/run/udhcpd.pid

# Everytime udhcpd writes a leases file, the below script will be called.
# Useful for writing the lease file to flash every few hours.

#notify_file				#default: (no script)

#notify_file	dumpleases	# <--- useful for debugging

# The following are bootp specific options, setable by udhcpd.

#siaddr		192.168.0.22		#default: 0.0.0.0

#sname		zorak			#default: (none)

#boot_file	/var/nfs_root		#default: (none)

# The remainer of options are DHCP options and can be specifed with the
# keyword 'opt' or 'option'. If an option can take multiple items, such
# as the dns option, they can be listed on the same line, or multiple
# lines. The only option with a default is 'lease'.

#Examles
##opt	dns	192.168.10.2 192.168.10.10
### opt	dns	8.8.4.4
###opt	dns	0.0.0.0 0.0.0.0
###opt	dns	0.0.0.0 8.8.4.4
###opt	dns	8.8.8.8 8.8.4.4
opt	dns	192.168.50.1 8.8.4.4
option	subnet	255.255.255.0
##opt	router	192.168.10.2
opt	router	192.168.50.1
##opt	wins	192.168.10.10
##option	dns	129.219.13.81	# appened to above DNS servers for a total of 3
option	domain	local
option	lease	864000		# 10 days of seconds


# Currently supported options, for more info, see options.c
#opt subnet
#opt timezone
#opt router
#opt timesrv
#opt namesrv
#opt dns
#opt logsrv
#opt cookiesrv
#opt lprsrv
#opt bootsize
#opt domain
#opt swapsrv
#opt rootpath
#opt ipttl
#opt mtu
#opt broadcast
#opt wins
#opt lease
#opt ntpsrv
#opt tftp
#opt bootfile
#opt wpad

# Static leases map
#static_lease 00:60:08:11:CE:4E 192.168.0.54
#static_lease 00:60:08:11:CE:3E 192.168.0.44