Using Raspberry Pi 3 running Stretch for a WiFi router

30 Oct 2017

There are several tutorials out there about turning your Rapberry Pi into a WiFi access point, but they all seem to written for Raspbian Jessie or earlier. There are a few changes in Stretch, the most recent version of the Pi’s operating system, that seem to break these tutorials.

Here I will describe what I did to turn my Raspberry Pi 3 into a WiFi router. This should all work for any Pi running Stretch, though I have only tested it on the 3. My desired routing setup is to plug an Ethernet cable from the Pi into a modem, so that the Internet connection through that modem can be shared by several wireless devices.

Differences between what I found in previous tutorials and what I needed to do related mainly to the switch from configuring the WiFi interface device via the /etc/network/interfaces file (used under Jessie and prior versions of Raspbian) to using the /etc/dhcpcd.conf file (as used by Stretch). Here’s how I set up my router:

Software

Over the course of this tutorial, you’ll need to sudo apt-get install three packages. But don’t install them just yet! Installing iptables-persistent as the final step causes it to notice you’ve changed the defaults already, and prompts you to save your work. It’s very convenient! The three packages are:

  • hostapd
  • dnsmasq
  • iptables-persistent

The first is the access point software, which creates and broadcasts a wireless network to which other computers can connect. The second manages the addresses that will be handed out to computers connecting on the new network. And the third makes sure that settings about how to route packets between the wired Ethernet device and the WiFi device are saved, so that the connection will be restored when the Pi is restarted.

Configure hostapd

First, install hostapd via

sudo apt-get install hostapd

You’ll configure two files to make your Pi into an access point. First, create the file /etc/hostapd/hostapd.conf for editing via nano:

sudo nano /etc/hostapd/hostapd.conf

This file will hold the settings for your access point. Just copy paste this code, but put your own choices in for ssid (this will be the name of the network you’re creating) and wpa_passphrase (this is the password for connecting to your new network):

interface=wlan0
ssid=network_name_here
hw_mode=g
channel=7
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
wmm_enabled=0
macaddr_acl=0
auth_algs=1
wpa=2
ignore_broadcast_ssid=0
wpa_passphrase=network_password_here
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

If you’d like to learn more about these configuration options, check the documentation.

Now you need to tell hostapd to read this configuration file when it starts. To do so, edit the /etc/default/hostapd file:

sudo nano /etc/default/hostapd

and change the line that reads

DAEMON_CONF=""

to

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Configure dnsmasq

Install dnsmasq via

sudo apt-get install dnsmasq

You have to configure two files in order for dnsmasq to start assigning IP adresses to devices that connect to your newly configured access point. First, open the dhcpcd configuration file in order to assign your Pi a static IP address on the WiFi device. This might not be necessary, but it does give you an address where you can wirelessly SSH into the Pi, so you’ll no longer need it to be connected to a monitor and keyboard.

Note that before you can SSH into your Pi, you must enable it for SSH, either by creating an empty file called ssh at the top level of the boot partition, or by connecting the Pi to a keyboard and monitor, opening a terminal, and using the menu under the sudo raspi-config command. Googling “headless Raspberry Pi ssh” will get you answers here.

Back to the main story. At the terminal, enter sudo nano /etc/dhcpcd.conf. At the bottom of the file, enter the following lines, but change the ip_address and routers to whatever address you want to assign to your Pi.

interface wlan0
static ip_address=192.168.1.1
static routers=192.168.1.1
static domain_name_servers=8.8.8.8

Now, edit the dnsmasq config file so it knows which addresses to assign to devices that connect on WiFi. Open the file with the command sudo nano /etc/dnsmasq.conf, and add the following lines at the end, except that dhcp-range should indicate whatever addresses you want to be assignable on your network:

interface=wlan0
domain-needed
bogus-priv
dhcp-range=192.168.1.8,192.168.1.250,12h

Configure IP routing

At this point you have a wireless access point, but it doesn’t connect to your Pi’s wired Ethernet port, which is its connection to the Internet. Making this final link is pretty easy. First, enable routing by opening the config file with sudo nano /etc/sysctl.conf, and add the following line:

net.ipv4.ip_forward=1

Then, at the command line, tell the Pi how to decide which packets get routed. That’s done by executing these three commands:

sudo iptables -t nat -A  POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

Finally, make these routing settings permanent by installing the iptables-persistent package, and saying yes when prompted to save the current settings:

sudo apt-get install iptables-persistent

Finish

That’s it! Just reboot your Pi to see the network you’ve configured and access the Internet through it! You may now want to learn something about network security and firewalls.

Chris

It doesn’t seem to work so just to clarify things. In my home network i have 192.168.10.x addresses in which 192.168.10.254 is my default gateway. Now when i configure my raspberry wlan0 IP address to 192.168.1.1 address it fails to show up the AP to connect. When i put an address that is in range of my network (e.g 192.168.10.1) the AP shows up correctly but when i connect a device to it i don’t have internet access. Now in the dnsmasq.conf i tried having addresses in range of 192.168.10.x and 192.168.1.x but none of them work. From my raspberry that acts as router i can ping my home default gateway. So i cant figure out what the issue might be. (i check all the cables are connected and working correctly).

Craig

I am a total newbie to Raspberry PI 3 etc. but what I want it to do is receive a wifi signal and then feed it to another wifi modem to feed my workshop. is this the setup I need. or can I even do it., I have a spare wifi router just need to get a signal to it to broadcast. I will be using an external range extender antenna on the raspberry.

Papageno

Dear Author

There is only one comment: Thanks, Thanks, Thanks. After trying many tutorials this is the first one whitch helped me to succeed.

Best Regards Papageno

Chris

Sorry for the double commend. So i managed to make it work by only using addresses in range of 10.0.0.x in both dhcpcd.conf (for static IP address) and dnsmasq.conf for the range addresses. Also in dhcpcd.conf i put as static routers = my-default-gateway. I dont know if this what i was suppose to do but just to let everyone know in case they have a similar issue. Overall great tutorial thanks.

Brian LONNON

How can I use my Pi3 as a router? I have set up wlan0 as the AP, but whatever I do, the wifi dongle comes up as a second AP! I have tried entries in dhcpcd.conf and the now discontinued network/interfaces all to no avail! The frustration is killing me!

Chris

I will try that since my default gateway is 192.168.10.254. I will configure wlan to give addresses in range of 10.10.1.1 and test it.

k3nz0

Hello, how can I connect 2 wifis interfaces, one would be connected to the internet and the other would be the access point. I need the internet to be available through the access point and ethernet. Can anybody help me. regards

Chris

I followed the exact instructions but when i connect to the raspberry AP i don’t have internet access to my device. Am i missing something?

Craig

I am a total newbie to Raspberry PI 3 etc. but what I want it to do is receive a wifi signal and then feed it to another wifi modem to feed my workshop. is this the setup I need. or can I even do it., I have a spare wifi router just need to get a signal to it to broadcast. I will be using an external range extender antenna on the raspberry.

benkelaci

Have you plugged the Ethernet cable properly? Have you checked the eth0 IP address? Can you ping your router? If your router is on 192.168.1.x subnet, then this might be a problem, then try your static IP address in /etc/dhcpcd.conf (wlan0) for a different subnet (e.g.: 192.168.10.x).

benkelaci

Hi,

Thank you very much. I also think that this article is very useful (other ones did not work). One note: sudo nano /etc/defaults/hostapd -> should be: sudo nano /etc/default/hostapd

Thanks again.

Regards, benkelaci

thomas

it works …..I tried for 2 days all available tutorials on the internet…then I flahes for the xxx-times a new SD -card and followedthis tutorial step by step and then I was “DISAPPIONTED”…the expected frustration was not available, since it works , the AP…….thanks

BalintK

Thank you, this is a good writeup. Im running also an MQTT broker and MySQL db on the raspi - configured as a router. Im wondering if there is a solution in dnsmasq to allow clients on the network to resolve the hostname of the router without using domain suffixes. Works: routerhostname.local / routerhostname.anything Wont Work: routerhostname

After adding a few lines to dnsmasq.conf as: domain needed, expand hosts domain=local
I can ping routerhostname without suffix directly and i get a reply, but cant connect via ssh or with an mqtt client from a different mobile / windows client. routerhostname.local still works.

Any Ideas?

Chris

It doesn’t seem to work so just to clarify things. In my home network i have 192.168.10.x addresses in which 192.168.10.254 is my default gateway. Now when i configure my raspberry wlan0 IP address to 192.168.1.1 address it fails to show up the AP to connect. When i put an address that is in range of my network (e.g 192.168.10.1) the AP shows up correctly but when i connect a device to it i don’t have internet access. Now in the dnsmasq.conf i tried having addresses in range of 192.168.10.x and 192.168.1.x but none of them work. From my raspberry that acts as router i can ping my home default gateway. So i cant figure out what the issue might be. (i check all the cables are connected and working correctly).

HammervoltJoe

OMG thanks. I was following various tutorials for the last day and none of them would work. Yours is the only one that worked and at the first time too.

Bruno

Thank you so much! This is actually the only one I tried that worked. The only additional step for me was to add “net.ifnames=0” to /boot/cmdline.txt in order to have iptables working fine and access internet through the AP. Check ifconfig output and this thread (https://raspberrypi.stackexchange.com/questions/72346/there-is-no-eth0-when-i-input-ifconfig)

Markdown is allowed. Email addresses will not be published.