There are many guides for creating a Raspberry Pi Access Point but from Raspbian 9 Stretch the network setup has changed, which means a lot of guides are out of date. So this guide is about setting up a Raspberry Pi Access Point for Raspbian 9 Stretch onwards. Works for Raspbian 8 Jessie and PiOS 10 Buster & PiOS Bullseye.

I have two other guides on how to set up an automatic Raspberry Pi Access Point, which connects to your home network when you are at home and generates a hotspot when you are out.

For the Autohotspot guide to setup an internet routed hotspot suitable for RPi4, RPi3, RPi2 & Rpi: Click Here
For the Autohotspot guide to setup a non internet routed hotspot suitable for RPi ZeroW and RPi Zero 2: Click Here

Easy Installer Script: the setup in this guide is available in an installer at Raspberry Pi AutoHotspot and Static Hotspot Installer Script

Aim:

  • This guide will go through how to set up a permanent access point for both internet routed, for RPi's with ethernet ports, and non internet routed access point for Pi Zero/W & Pi Zero 2.

 Requirements:

This has been tested on Raspbian Jessie, Raspbian Stretch, PiOS Buster & PiOS Bullseye. (Not compatible with PiOS Bookworm, Bookworm version available here)

To see which version you have enter the command lsb_release -a

  • Raspberry Pi 4
  • Raspberry Pi 3 or 3 B+
  • Raspberry Pi 1 or 2 with a USB Wifi Dongle*,
  • Raspberry Pi Zero W, Pi Zero 2 and Zero with a USB WiFi Dongle* (network/internet  Access Point not useable as it has no ethernet port.)

 

*some USB WiFi dongles don't work in adhoc mode or don't work with with the nl80211 driver used in this guide for RPi4, RPi 3, RPi3 B+ & Pi Zero W , Pi Zero 2 nbuilt wifi, so you may want to check this first before starting.

To see if your usb WiFi dongle can be used as an access point enter the command; iw list ,scroll to section "Supported interface modes:" and look for * AP

  

Note about Raspbian & PiOS - Bullseye, Buster and Stretch Network Device Names

From Raspbian Stretch there has been changes to how the network drivers are named, called Predictable Network Interface Names,  and may be different for the usual wlan0 and wlan1 for wifi and eth0 for ethernet connections. Though the official Foundation version of PiOS seems to be keeping to the old standard names, at least at the time of writing,  this may not always be the case. For this guide I will use wlan0 as the device that is used.  

To check the device name for your setup enter the commmand iw dev and take a note of the "Interface" name. For wifi it should start with wl , replace your device name with any reference to wlan0 in the article, scripts and config files.

 

Step 1:

To start with hostapd hotspot client and dnsmasq lightweight dns server need to be installed.

Open a Terminal session.

Update Raspbian/PiOS with the latest updates by entering the commands:

sudo apt update
sudo apt upgrade

 To install hostapd enter the command:

sudo apt install hostapd

enter Y when prompted.

To install dnsmasq enter the command:

sudo apt install dnsmasq

enter Y when prompted

The installers will have set up the programme so they run when the pi is started and activated them. While we set the hotspot we should stop them running. This is done with the following commands:

sudo systemctl stop hostapd
sudo systemctl stop dnsmasq

Now the hostspot configuration file can be setup. This contains the name of the WiFi signal you will need to connect to (SSID) and the security password.

To edit the configuration files I will be using the nano text editor but if you prefer an editor with an point and click interface then replace nano with mousepad in the following instructions.

Hostapd Configuration

Using a text editor edit the hostapd configuration file. This file won't exist at this stage so will be blank.

sudo nano /etc/hostapd/hostapd.conf

download file here:

interface=wlan0
driver=nl80211
ssid=RPiHotSpot
hw_mode=g
channel=6
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=1234567890
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

  • The interface will be wlan0
  • The driver nl80211 works with the Raspberry Pi 4, 3, 3 B+  & Pi Zero W onboard WiFi but you will need to check that your usb wifi dongle is compatable and can use Access Point mode.

For more information on wifi dongles see elinux.org/RPi_USB_Wi-Fi_Adapters

  • The SSID is the name of the WiFi signal broadcast from the RPi, which you will connect to with your Tablet or phones WiFi settings.
  • Channel can be set between 1 and 13. If you are having trouble connection because of to many wifi signals in your area are using channel 6 then try another channel.
  • Wpa_passphrase is the password you will need to enter when you first connect a device to your Raspberry Pi's hotspot. This should be at least 8 characters and a bit more difficult to guess than my example.

To save the config file press ctrl & o and to exit nano press Ctrl & x

A change in hostapd means the service will be masked, so hostapd won't start when you reboot. To Unmask the hostapd service enter:

  • sudo systemctl unmask hostapd
  • sudo systemctl enable hostapd

Once you have completed the rest of the setup and rebooted Hostapd will start and generate the hotspot settings.

(Note:  this bit for /etc/default/hostapd does not need to be changed for PiOS Buster or Bullseye. This is for the older OS's Stretch and Jessie)

Now the defaults file needs to be updated to point to where the config file is stored.
In terminal enter the command

sudo nano /etc/default/hostapd

Change:
#DAEMON_CONF=""
to
DAEMON_CONF="/etc/hostapd/hostapd.conf"

Check the DAEMON_OPTS="" is preceded by a #, so is #DAEMON_OPTS=""

And save.

DNSmasq configuration

Next we need to update the DNSmasq.conf file. There are two setups depending if you need internet access or not.

DNSmasq Config 1 - No Internet

Open the dnsmasq.conf file with

sudo nano /etc/dnsmasq.conf

Go to the bottom of the file and add the following lines (download here)

 


#RPiHotspot config - No Intenet
interface=wlan0
domain-needed
bogus-priv
dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h

and the save (ctl & o) and exit (ctrl & x)

DNSmasq Config 2 - Internet Routed

Open the dnsmasq.conf file with

sudo nano /etc/dnsmasq.conf

Go to the bottom of the file and add the following lines (download here)


#RPiHotspot config - Internet
interface=wlan0
bind-dynamic 
domain-needed
bogus-priv
dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h

and the save (ctl & o) and exit (ctrl & x)

 

Step 2:

Now that hostapd and dnsmasq are configured we now need to make some changes to the interfaces file, the dhcpcd.conf file, setup ip_forwarding.

Interfaces File

The interfaces file is not required and should be empty of any network config. Depending which version of Raspbian you have this file may still contain network config.

Enter

sudo nano /etc/network/interfaces

If your file shows more than the standard top 5 lines like this


# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

then make a copy of your file and then remove any excess lines from the interfaces file.

To make a backup of your interfaces file first, use the command

sudo cp /etc/network/interfaces /etc/network/interfaces-backup

DHCPCD.conf

Next we need to update the dhcpcd.conf file. Open the file with

sudo nano /etc/dhcpcd.conf

then scroll to the bottom of the file and add the line (Download here)


interface wlan0
nohook wpa_supplicant
static ip_address=192.168.50.10/24
static routers=192.168.50.1

If you are setting up the Internet routed hotspot then also include

static domain_name_servers=8.8.8.8

now save (ctrl & o) and exit (ctrl & x)

The line 'nohooks wpa_supplicant' will stop the network wifi from starting if you have an entry in /etc/wpa_supplicant/wpa_supplicant.conf . If this is not done then network wifi will override the hotspot.

This next bit is only if you would like devices to have internet access. If not skip to "Testing the Access Point".

 ip forwarding setup

For the internet to be available when an Ethernet cable is attached, IP forwarding needs to be activated. To do this enter

sudo nano /etc/sysctl.conf

look for the line

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

and remove the # so it is

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

now save (ctrl & o) and exit (ctrl & x)

NFtables & IPtables setup

Next the rules need to be added that will allow any device connected to the access point to be able to use the a network or internet connected to eth0. This is done with IP Table rules for older OS’s Buster, Stretch and Jessie. Bullseye onwards use Nftables.
These tables will need to be loaded every time the Raspberry Pi starts up.

NFtables - Bullseye

First create a nftables directory to hold the rule file. 

sudo mkdir /etc/nftables

Change to the new folder with 

cd /etc/nftables

then create a new file for the NFT rules called nft-stat-ap.nft and paste in the rules below. This is also available fro download here

sudo nano nft-stat-ap.nft


flush ruleset

table inet ap {
	chain routethrough {
		type nat hook postrouting priority filter; policy accept;
		oifname "eth0" masquerade
	}

	chain fward {
		type filter hook forward priority filter; policy accept;
		iifname "eth0" oifname "wlan0" ct state established,related accept
		iifname "wlan0" oifname "eth0" accept
	}
}

 now save (ctrl & o) and exit (ctrl & x)

This file needs to be updated to executable. Enter the command

sudo chmod +x /etc/nftables/nft-stat-ap.nft

next open nftables.conf and add the line below to the bottom of the file, so that the rules are loaded when the nftables service starts.

sudo nano /etc/nftables.conf

add

include "/etc/nftables/nft-stat-ap.nft"

 now save (ctrl & o) and exit (ctrl & x)

So that the rules are used everytime the Pi starts the nftables service should be enabled.

enter the command

sudo systemctl enable nftables

NFtables are now setup, continue with the "Testing the Access Point" section below

IPtables - Buster, Stretch, Jessie

First create the file for the ip table rules.

sudo nano /etc/iptables-hs

add the lines below or download from here

#!/bin/bash
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

now save (ctrl & o) and exit (ctrl & x)

Update the permissions so it can be run with

sudo chmod +x /etc/iptables-hs

Now the service file can be created which will activate the ip tables each time the Raspberry Pi starts up

Create the following file

sudo nano /etc/systemd/system/hs-iptables.service

Then add the lines below of download from here


[Unit]
Description=Activate IPtables for Hotspot
After=network-pre.target
Before=network-online.target

[Service]
Type=simple
ExecStart=/etc/iptables-hs

[Install]
WantedBy=multi-user.target

now save (ctrl & o) and exit (ctrl & x)

To activate the service file, so it starts at every boot up, enter the command

sudo systemctl enable hs-iptables

 

Testing the Access Point

The access point setup is now complete. To test that the setup is ok reboot the RPi.

 Once the RPi is up and running the wifi icon near the clock should now be two arrows facing opposite directions networkdown This means it is an access point. On a Tablet, phone or Laptop scan for wifi signals. You should see one for RPiHotSpot.

Select this as the wifi signal to connect to. The password is what you setup in the hostapd.conf file. From my example it is 1234567890

rpiHotspot android

Local wifi signals in range on Android. You will see RPiHotSpot and not RPiHotN

For SSH and VNC the connection ip is 192.168.50.10 also if you have setup the RPi as a webserver use the same ip to see the webpage.

For ssh use ssh This email address is being protected from spambots. You need JavaScript enabled to view it.

For vnc use 192.168.50.10::5900

If you have setup the Internet routed configuration. Connect an ethernet cable to the Raspbery Pi and your router and wait a few seconds. The hotspot will now allow connected wifi devices to use the internet as well as the Raspberry Pi

 Once you are happy the setup is working ok then your done.

 

Script Removal

If you don't wish to continue using the Hotspot then the Raspberry Pi can be reverted back to a standard wifi setup with the following steps.

Stop the Hostapd and dnsmasq services with the commands

sudo systemctl disable dnsmasq

sudo systemctl disable hostapd

In the /etc/dhcpcd.conf file remove the lines added at the bottom of the file.

#Static Hotspot
nohook wpa_supplicant
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8

If you had previous config in your interfaces file and made a backup you can restore your original interfaces file with the command

sudo mv /etc/network/interfaces-backup /etc/network/interfaces

If you didn't setup an internet routed access point then your done, after a reboot your RPi will not longer be an Access Point. For Internet routed Hotspots you also need to do the following;

Disable the IP Tables setup

Disable the hs-iptables service with the command

sudo systemctl disable hs-iptables

Then disable ip forwarding

sudo nano /etc/sysctl.conf

look for the entry

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

and add a # as follows

# Uncomment the next line to enable packet forwarding for IPv4
# net.ipv4.ip_forward=1

Disable NF Tables setup

open nftables,conf  

sudo nano /etc/nftables.conf

and remove the line

include "/etc/nftables/nft-stat-ap.nft"

If you know other NFtable rules are being used then you that is it, otherwise disable the nftables service.

sudo systemctl disable nftables

Access Point removal is now complete

Now reboot and the Raspberry Pi will be back to the standard wifi setup.

 

 Trouble Shooting

  • If you get no wifi connection or no hotspot and have this icon networkdownthen it is most likley there is an error in one of the configuration files.
  • If the RpiHotspot signal can't be seen by another device, Use the command sudo systemctl status hostapd to see if there is an error with Hostapd.
  • If Hostapd has an error that it is Masked then try
    • sudo systemctl unmask hostapd
    • sudo systemctl enable hostapd
    • sudo systemctl start hostapd
  • If you don't get an internet connection when an ethernet cable has been attached, with the Internet routed setup, then you can check the ip table rules have been activated with the command sudo iptables -S If you don't see any rules but just get
    -P INPUT ACCEPT
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    

    then make sure the service was enabled with the command sudo systemctl enable hs-iptables and the iptables file has the correct permissions with sudo chmod +x /etc/iptables-hs
  • Check the NFtables rules are loaded with the command  sudo nft list ruleset
  • You can connect to the hotspot via an Android Phone but you can't get a ssh connection. Some users have found this issue where Android uses their data connection rather than the wifi. Disabeling data has allowed them to use ssh.  

 


Add comment

Comments  
Perfect for RPi Zero W!
Thank you so much for this clear guide, with the extra care to explain what parts are needed for what RPi OS types!
I tried a handful before with no success, but this worked like a charm.
Perfect for RPi Zero W!
Hi Josh You are welcome. Thank you for the feedback and i'm glad to hear you have found the setup useful.
Additional LAN interface
Hi Richard

You are welcome, i'm glad you have found it useful.

I have not extended the Lan before. I but I think you need to set a static ip in /etc/dhcpcd.conf for the eth1 network, and probably do similar for any devices connected the other side for the same subnet. If you are not using the wlan0 access point then you can probably reconfigure dnsmasq for eth1.
You will need to add to the nftables as to link eth0 to eth1 but it will be the same as the wifi Accesspoint, devices on eth1 will not be visible to the devices on eth0 but you should get access to the internet if it is on eth0.

There is probably a better way to do this but as I have not done that setup before I am unable to offer any useful advice on what is require unfortunately.
Additional LAN interface
Thanks for your answer, I got it running in the meantime by duplicating the configs in dhcpcd.conf and dnsmasq.conf, replacing "wlan0" by "eth1" and of course changing the subnet. I also added a config file for NFtables, but forgot to include that in nftables.conf, but it works anyway. I just wonder if problems might arise by not having a NFtables ruleset for packets passed between eth0 and eth1, but since I have limited access to the room with the Pi, I'll monitor the situation and modifiy nftables.conf if the need arises.
Additional LAN interface
I don't believe any device on the eth0 network will be able to contact the eth1 network without proper nftables setup. You will probably be better off with a bridge setup. As you are using Bullseye it will probably be easier if you use raspi-config and change the network setup to Network Manager from dhcpcd. Then you can use the Network Manager GUI to create a bridge and an wifi Access Point which will be a lot easier than through dhcpcd. You just need to disable the services setup in this guide. Bookworm works that way anyway so will be useful if you plan to upgrade.
Additional LAN interface
Can't use Network Manager GUI, this is a headless setup w/out all the graphical desktop stuff.

I tried playing around a little with NFtables and it always crashed with syntax errors when I added an addition table "inet", but the system is running fine without the NFtables setup for the communication between eth0 and eth1. The device connected to eth1 can reach the internet, which is all I want, no need for communication between devices on the eth0 network and the eth1 network.
Additional LAN interface
Ah ok, that will be a bit more difficult without a GUI :) though there is plenty of info about setting up a bridge with the nmcli command, so if you need it in the future I would consider it an easier route. It's good to hear you have it setup as you need.
Additional LAN interface
Hi Roboberry,

thanks for your detailed explanation on how to set up a WiFi hotspot on a RPi. It worked like a charm on my RPi 4 running Bullseye!

Now I need an extension of the LAN the RPi is connected to and would like to use an USB-to-Ethernet-Adapter for that purpose. I assume this adapter would be designated "eth1", and also assume that the hostapd part of your method (step 1) is not necessary for this. Can I just extend the config files in step 2 with additional lines, replacing "wlan0" by "eth1" and of course changing the IP address range for the subnet?

Normally I'd use a small network switch to achieve my goal, but in this case, the RPi is powered by a PoE HAT and there is no wall outlet to power a switch.
Cannot connect to AP
Hi there

I am trying to use your script above to basically create an access point on my raspberry pis which has no internet connected i.e. for example using a raspberry pi 3a+ . Once the AP is up and running I would like the user from their mobile to be able to connect to the raspberry pi's AP and then be able to browse a webpage on their phone like 192.168.4.1 which will enable them to select a wifi network for their raspberry pi to connect to.

so I have the script written for the webpage etc it uses a simple flask app but my main issue is I cannot get the access point working as on my phone when I connect to the AP it says IP address not assigned along those lines.

what can I do? do you think you could come up with a script to enable users to connect to wifi as soon as they turn their raspberry pi on using the ap method? that would be really easy I think.

here is my flask app script:

from flask import Flask, redirect, render_template, request
import subprocess
import re

app = Flask(__name__)

@app.route("/")
def configure_wifi():
return redirect("http://192.168.4.1")

@app.route("/connect_wifi", methods=["GET", "POST"])
def connect_wifi():
if request.method == "POST":
selected_network = request.form["wifi_name"]
password = request.form["wifi_password"]

# Connect to the selected WiFi network
subprocess.run(["nmcli", "device", "wifi", "connect", selected_network, "password", password])

return f"Connected to {selected_network} with password {password}!"

scan_result = subprocess.run(["iwlist", "wlan0", "scan"], capture_output=True, text=True)
networks = re.findall(r"ESSID:"(.*?)"", scan_result.stdout)

return render_template("wifi_connect.html", available_networks=networks)

if __name__ == "__main__":
app.run(host="0.0.0.0", port=80)
Cannot connect to AP
Hi Ahmed

I have considered adding a config webpage but then I found out a year or so back that RaspberryPi was going to change the Wifi software, which they have done in the latest PiOS Bookworm. So there was little need to continue the development.

I see from your script that nmcli is used, so im guessing you are using bookworm. The setup on this page won't work on Bookworm and requires the older OS's Bullseye or Buster. If that is the case it would be why you are not able to connect to the AP.

If you are not using bookworm then there is an Installer script on the home page for Buster/Bullseye. This will re-setup the access point and fix most config issues. This also has options which allows you to connect to a new wifi network once there is a ssh or vnc connection to the Pi. But as you say a webpage is a bit easier.

I'm just finishing off a Bookworm compatible version with an installer and config options in the next day or two. There is no webpage config option yet but that will be added along with a few other features as I develop it further.

I hope this helps, let me know if you have any further issues.
Bookworm
Hi Ahmed The bookworm version of the AccessPoint script is now available on the homepage.
Bookworm
Hi Frank

Unfortunately this setup will not work on Bookworm. In the Requirements section at the top of the article it shows which PiOS versions it works on.

In Bookworm the network setup has been changed to Network Manager from dhcpcd that has always been used previously.

If you are using a Desktop you can select the Wifi icon, then create a new network. There is an option to create a Hotspot. This is then selectable in the same way any wifi network is.
I'm not near a pi at the moment so I can't remember the exact options to choose but it is fairly straight forward.

I would reverse the changes you have made and create a Hotspot via the desktop Wifi icon which hopefully will suite your needs.

I am working on a Bookworm version of my scripts for headerless setups and convince which will be available soon.
Mr.
Hi Roboberry, Thanks a lot for the fast response and your dedication to the project. As I am not in a hurry and as the Pi 1 is pretty slow, I will not install a GUI but wait instead for your future version. Have a nice day,
Bookworm
Hi Frank The bookworm version is now available on the homepage.
Mr.
Hi, I have a very good impression of your instructions, but unfortunately they don't work for me. I have a Pi 1 running bookworm with an USB stick (Fritz WLAN N v2) and a LAN cable connected. Without any hotspot configuration I can connect with SSH over my local (W)LAN to the eth0 and the wlan0 interface. Following closely your instructions, no RPiHotSpot appears on my smartphone and I can connect over my local WLAN as before. So I thought it is a driver problem and changed the corresponding line in hostapd.conf to 'driver=rt2870.bin' (this filename appears in the lsusb and dmesg output, so I guessed it might be the driver). Result: as before. Then I deleted the driver line and now the hotspot was visible on my smartphone, but it couldn't connect ('optaining IP address fails'). besides that, only the green LED on my USB stick was on, not the yellow one as before. How could I debug that? If you have any ideas what to check, please tell me how to check, I am a complete noob in networking.
Hello
I am wondering what is the advantage/use case for this method when creating a hotspot compared to the raspberry documentation guide?
https://www.raspberrypi.com/documentation//computers/configuration.html#host-a-wireless-network-on-your-raspberry-pi

thank you and a have good day
Felix
vs RaspberryPi Docs
Hi Felix

It basically depends on which PiOS you are using.

The Raspberry PiOS has been updated this week to version 12 Bookworm. There has been a change to the way the whole wifi and networking is setup in this version, so the docs reflect how to create a Hotspot in bookworm only. Which is much simpler to do now.

The guide above is for the previous four versions of PiOS which use the previous method and was a lot more complicated to create a hotspot.

So only use this if you are not using PiOS 12 Bookworm

I have a new version of my autohotspot scripts in development for Bookworm as it still has benefits even with the new networking setup.

I hope the helps
Excellent how-to
I want to thank you so much for this excellent, detailed writeup. And unlike a lot of info out on the web, you have kept this up to date. I am building a remote system for monitoring where internet connectivity is not available. Using the Pi (3B, Bullseye) to serve DHCP is perfect and having the ability to connect it to a router/internet when available via eth0 is perfect for updates. The only issue I had with your instructions is I added the line:

include "/etc/nftables/nft-stat-ap.nft"

to the top of the file, "nftables.conf". That doesn't work, I believe the line in the default file line "Flush ruleset" later on in the file negates the entry. Moving the added line to the file at the end, everything works perfect. Hopefully this helps someone. Thank you again. Daryl
Excellent how-to
Hi Daryl, Thank you, i'm glad you have found it useful.

Looking at the article I was a bit too general. The line should be added to the bottom of the file but I just said "add". So I have made that clearer now.
Thank you for letting me know and how you are using it. It's always good to hear how the scripts are being used.
Thank You!
Great instructions and thank you for posting them! Like others I had spent many hours struggling with outdated instructions. I’m using RPIs for a STEM education workshop and need 10 RPIs working consistently.
These instructions worked for 3B and 3B+ running 64-bit Bullseye. I configured wlan0 as an access point and a USB WiFi as wlan1 following your instructions to replace eth0 with wlan1 in nft-stat-ap.nft.
Thank You!
Hi David, you are welcome.
It is good to hear that the guide has been useful for a worthwhile cause. Thanks for the feedback.
WLAN1 Routing
I realize this is a little out of scope for your post, but I’m hoping you may have some insight into an issue I’m having with wlan1. I get a ‘no route to host’ error for some, but not all URLs. If I plug in my ethernet cable I can access all the URLs I’m interested in. I have limited networking skills but to me it suggests a DNS issue. I’ve tried setting up a wlan1 interface in the dhcpcd.conf file but I only made things worse.
WLAN1 Routing
Hi David

You are probably getting a routing problem due to two default routes on wifi devices.
if you run the command: route
you will see a "default" entry for wlan0 and for wlan1 which will be causing the problem.
It doesn't know which wifi to use.
when you connect eth0 it uses that instead and it all works.

The script is setup to get dns from google on 8.8.8.8 but you can change this to use your routers dns setup by removing it.

in /etc/dhcpcd.conf

comment out these two lines with a #

#static routers=192.168.50.1
#static domain_name_servers=8.8.8.8

after a reboot it "should" let you use any url.

let me know if you have a further issue.
WLAN1 Routing
Works perfectly. Thanks for the solution and quick response!
typo in static hotspot guide
Requirements:
This has been tested on Raspbian Jessie, Raspbian Stretch, PiOS Buster & PiOS Bullseye. To see which version you have enter the command lsb_release -a

Raspberry Pi 4
Raspberry Pi 3 or 3 B+
Raspberry Pi 1 or 2 with a USB Wifi Dongle*,
Raspberry Pi Zero W, Pi Zero 2 and Zero with a USB WiFi Dongle* (network/internet Access Point not useable as it has no ethernet port.)


*some USB WiFi dongles don't work in adhoc mode or don't work with with the nl80211 driver used in this guide for RPi4, RPi 3, RPi3 B+ & Pi Zero W , Pi Zero 2 nbuilt wifi, so you may want to check this first before starting.

To see if your usb WiFi dongle can be used as an access point enter the command; iw dev ,scroll to section "Supported interface modes:" and look for * AP

Last line should read"... enter the command; iw list" instead of "iw dev"

Great programming. Thank you!
typo in static hotspot guide
Thanks Seth

This guide has been up for several years and I have read it so many times and still missed that and nobody else pointed it out either. Thank you
Set-up with a static device on eth0
Hello roboberry,

First of all, also from me: thank you for this very good write-up. I’ve gone true it and read most of the questions.

I have a device on eth(0) with a static IP. I want to access from wlan1.
I have the hotspot running and working with dnsmasq etc.
wlan1 IP = 192.168.144.100, with dhcp-range=192.168.144.101,192.168.144.120,255.255.255.0,24h

Up to the point I uncomment packet forwarding for IPv4net.ipv4.ip_forward=1, I’m able to ping
wlan1 from a connected (windows) device connected to the hotspot. After that, “request timed out”

When I ping 192.168.144.12 (the static device) I get “Reply from 192.168.144.116: Destination host unreachable.” The .116 is my windows system

Do you have a pointer for me where I should look?

Thanx
Set-up with a static device on eth0
Hi Bart

Thank you, you are welcome.

I have not setup my pi's for your configuration as I had a few issues involving SD cards, cables and batteries!.

You can skip the port forward part as your devices are the same network.

You could probably skip the nftables/iptables part as well for the same reasons.

Try that first but a bridge may be what you need.

If you are setting up a permanent config with a static device on eth0 fully accessible from wlan1 then you probably want a bridge setup on the pi which will put eth0 and wlan1 on the same network.
a bridge device will need creating then hostapd.conf needs an extra line for bridge= with the device name and dnsmasq.conf needs the interface=wlan1 changed to the bridged device name.

I don't have specific instructions but there should be plenty of guides on how to do it. Just avoid any that want an entry in /etc/network/interfaces as it is not used on the Pi and will conflict with the setup.

Hope this some help.
Tutorial for SSH / VNC?
Hey, just wanted to start off by saying I got this working perfectly on a Raspberry PI 400 (the in-keyboard model) on Buster, so you can add that to the list of capable devices.

I was wondering if you could clarify exactly how to connect to the PI via SSH or VNC from a device that is connected to the hotspot, there's probably a tutorial around I'm just having trouble finding anything. I know it's something obvious like making sure the SSH client is running on both, but would be nice to have it step-by-step.

I followed the instructions for the internet-routed mode if that makes a difference.
Tutorial for SSH / VNC?
Hi Cam

Firstly apologies for the slow response.

You have probably solved this issue now. But for vnc you need to activate the VNC option in the RaspberryPi Config menu option for Interfaces. Also ssh as well while you are there.
There should be a VNC icon by the clock.
The download the Real VNC viewer to your PC/Table/Phone.
Connect you device to the Pi's access point wifi signal RPiHotSpot.
To use the VNC opne the Viewer and enter the ip address that was put in /etc/dhcpcd.conf
192.168.50.10
VNC will then connect and ask for your PI's user name and password.

For ssh, once the device is connected to Pi's wifi. Open your ssh software. Putty on windows or use the terminal on Linux.
For Linux, presuming the Pi's user is pi, enter ssh pi@192.168.50.10 in a terminal window.
In Windows Putty enter the IP in the HOSTS text box 192.168.50.10 and then open or connect (can't remember what the button is called)
You will then be asked for the pi's user name and password you use to login to the desktop.

Hopefully that will help.
Working now!
No worries. I hadn't gotten it working yet actually, I had no idea it would be that simple - but I was using a projector against an uneven wall as a screen and it was hard to navigate! Hence the desire for vnc access.

It's working great now, I've been able to ssh in via the hotspot
Working now!
Hi Cam

That's good to hear, i'm glad you are up and running.
Finally got it work.
Finally got it to work with a 3B+. Thank you for this guide. I tried following others and they didnt work. After more searching I found this guide and I got it to work the first time. Easy to follow.
Finally got it work.
Hi Travis

You are welcome. Thanks for you're feedback and I am glad you have found it useful.
Hotspot not working
The trouble I'm having is the first thing in the troubleshooting: if the connection icon has x's, a config file is wrong. I've looked through all the config files several times while trying different guides, and they are all correct. hostapd is running, dnsmasq is running, but the network doesn't show up on another device. I have a Pi 3 that I'm trying to use to basically turn a non-wifi printer into a wifi printer using CUPS, so that you can connect to the hotspot and print to the printer without a direct printer connection. Thus, I don't need the hotspot to have internet access.
Hotspot not Working
Hi Joe

It should work fine for that project, use to have a PI1 setup like that with a usb wifi adapter.

If hostapd is running you should at least see the "RPiHotSpot" ssid from other wifi devices.
and sudo systemctl status hostapd is not showing an error then it may be something more obscure like spelling such as wlano rather than wlan0 or a comma etc in the wrong place but if you have used the download links on the site then they will be fine.

Other things that cause issues are any network config in sudo nano /etc/network/interfaces.
and check that sudo nano /etc/default/hostapd
has the config path against "DAEMON_CONF=" and not with DAEMON_OPTS=. Also
DAEMON_OPTS= should have a comment #DAEMON_OPTS=
If you are using Buster or Bullseye you can delete /etc/default/hostapd as it is not required, but if it is in place it has to be correct.


There is an installer on the home page, that will install any of the 3 hotspot guides as they are described in the guides.
If you install option 3 for the static hotspot it will fix any issues that there are.

As you don't want the network and the installer will set it up. You can disable the networking with

For Bullseye, just incase something uses nftables in the furture:
sudo nano /etc/nftables.conf
remove the line "include "/etc/nftables/nft-stat-ap.nft""
sudo systemctl disable nftables

For Buster and older:
sudo systemctl disable hs-iptables

That should fix any issues you are having.

If not you can let me know by email, admin at this site. Can you include outputs of

sudo systemctl status hostapd
sudo systemctl status dnsmasq
ip a
sudo systemctl -all list-unit-files hostapd.service
sudo systemctl -all list-unit-files dnsmasq.service

and I will see if we can find the issue.
Fix by copy/paste
Thanks for the info! I ended up talking to someone, and fixed it by copying and pasting the hostage.conf file instead of hand-writing it, and for some reason it works now.
Very nice guide
Hi
very nice guide.
Before readind this I made a lot of search and tests: result a lot of useless guides.
Hopefully I found this one and my pi is working perfectly as a bridge.
Thanks a lot !!!!
D.
Very nice guide
Hi didierh

I't good to know you have found the guide useful, Thank you.
It can be difficult to get good info as the Pi does use a different setup to other distros. Glad I could help.
Access Point with Wifi Client
Hey! Would you be interested to integrate to this guide a way how to setup an access point while keeping the wifi client?

On my raspberry pi I managed to get it to work following this script https://github.com/lukicdarkoo/rpi-wifi/blob/master/configure, but I had to remove ctrl_interface from wpa_supplicant.conf and from hostapd.conf ( and also ctrl_interface_group in this case ).

The problem is that I cannot make use of wpa_cli to control wlan0. Maybe if someone with more knowledge can look at this, can share a configuration that works properly on Rpi4.

Thank you!!
Access Point with Wifi Client
Hi xiki808


Thanks for the request
This seems to be a popular subject lately. It's not something I have tried but looking at the setup it is not directly compatible as it uses /etc/network/interfaces which is depreciated on the PiOS. This will conflict with the Access Point setup so it will need an alternate configuration.

I am currently working on new features but I may look at this at a later date as it looks interesting.
Access Point with Wifi Client
I found one works with bullseye, tried and tested :)

https://github.com/lukicdarkoo/rpi-wifi/blob/79c8a2955f27ab1041249d323424d6a20cce42e2/ap_sta_config2.sh
Access Point with Wifi Client
Hi xiki808

Thanks for sharing the link, that looks more suitable. Bullseye uses NF Tables rather than IP tables but sounds good. :)
Finally worked
I've spent the better part of the last 24 hours trying to get an internet-less AP working on my 3B with Bullseye to connect my laptop to a Jetson Nano at a conference booth - didn't figure it would be this hard. Not sure exactly what yours did that other's didn't, but after trying once, getting an error, and going over your instructions again very carefully, Pi-Fi is up and running. Cheers!
Finally worked
Hi Jack

Thanks for the feedback, i feel your pain trying to get solutions to problems. I'm glad I could help with your setup. It is a bit of a minefield with older guides and guides for non compatible systems. For the Pi avoiding /etc/network/interfaces and using dhcpcd.conf is the way to go :)
hostapd Failed to start
root@raspberrypi:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
root@raspberrypi:~# uname -a
Linux raspberrypi 5.15.32-v8+ #1538 SMP PREEMPT Thu Mar 31 19:40:39 BST 2022 aarch64 GNU/Linux
root@raspberrypi:~# cat /sys/firmware/devicetree/base/model
Raspberry Pi 4 Model B Rev 1.4


I followed the instructions for bullseye no internet but I have issues with hostapd. This is the log from journalctl -xe

Apr 12 16:35:08 raspberrypi hostapd[877]: Configuration file: /etc/hostapd/hostapd.conf
Apr 12 16:35:08 raspberrypi hostapd[877]: rfkill: WLAN soft blocked
Apr 12 16:35:08 raspberrypi hostapd[877]: Using interface wlan0 with hwaddr e4:5f:01:1a:bd:91 and ssid "RPiHotSpot"
Apr 12 16:35:08 raspberrypi hostapd[877]: Failed to set beacon parameters
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: Could not connect to kernel driver
Apr 12 16:35:08 raspberrypi hostapd[877]: Interface initialization failed
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: interface state UNINITIALIZED->DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: AP-DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: Unable to setup interface.
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: interface state DISABLED->DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: AP-DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: CTRL-EVENT-TERMINATING
Apr 12 16:35:08 raspberrypi hostapd[877]: hostapd_free_hapd_data: Interface wlan0 wasn't started
Apr 12 16:35:08 raspberrypi hostapd[877]: nl80211: deinit ifname=wlan0 disabled_11b_rates=0


Cannot find what is the cause :/
hostapd Failed to start
Hi xiki808

I see you are using PiOS 64 which this has been tested on a couple of months back. It worked ok then at least.

For some reason your wlan0 interface is down when hostapd starts so it can't create the access point.
You should have a similar error for dnsmasq. sudo systemctl status dnsmasq

check sudo systemctl status dhcpcd
that should be running

check that /etc/dhcpcd.conf doesn't have a line "denyinterfaces wlan0"

the command: ip a
will show if the wlan0 interface is up or down, it should be up.

There should be no entries in /etc/network/interfaces

If no luck you can try the autohotspot installer. Link at the top of the page or on the home page.
That will install the setup the same as the guide.

Let me know if this help
hostapd Failed to start
Thanks for your comment roboberry!

I figured all I had to do is `rfkill unblock wifi` and hostapd was working without problems. Thank you for you guide!
Two WiFi Interfaces
Great tutorial - thanks.

Taking it one step further, I would like to run both AP and a Managed wifi interfaces on the RPi 4B.
The idea is to use the AP to access the configuration of the RPi, and the Managed interface as an uplink where Ethernet connection is not available. Only moderate throughput is required.

The 'iw list' command shows:
valid interface combinations:
* #{ managed }
Two WiFi Interfaces
Hi Terry

To use wlan1 to connect to Wifi Network you need to replace the eth0 references in the Ip tables or NF tables section to wlan1.

Then after a reboot you should have what you need.

If you want wlan0 to connect to a wifi network and wlan1 to be the AP then you have to change the wlan0 references in
/etc/hostapd/hostapd.conf
/etc/dnsmasq.conf
/etc/dhcpcd.conf

to wlan1

Then the the IP tables or NF tables change wlan0 to wlan1 and eth0 to wlan0

Let me know if you need further info.
Two WiFi Interfaces
Thanks for your reply.
My original post appears to be incomplete, and so perhaps not clear what I was asking.

My question is whether it is possible to run two wifi interfaces (e.g. wlan0 and wlan1) at the same time from the built-in wifi chip on the RPi 4 device.

The 'iw list' command output indicates that this is possible:
valid interface combinations:
* #{ managed }
Two WiFi Interfaces
Hi Terry

ah ok, yep thats a bit different. My understanding is that that is not possible on the Pi wifi hardware. Wifi devices that use a Atheros chip can do this but that is not the Pi.

I have recently been asked a similar thing and there looks like there is a software solution but I have not tried this.
https://imti.co/iot-wifi/

Hopefully this project will do the trick.
No Internet
Thank you for the instructions, I did everything you said, but I get No Internet on my Android device when I connect to the network hosted by my Raspberry Pi 3. I am using the wlan chip that comes with the thing and using a wifi dongle as my uplink. My nft list ruleset output is

table inet ap {
chain routethrough {
type nat hook postrouting priority filter; policy accept;
oifname "wlan1" masquerade
}

chain forward {
type filter hook forward priority filter; policy accept;
iifname "wlan1" oifname "wlan0" ct state established,related accept
iifname "wlan0" oifname "wlan1" accept
}
}


I dont know what I messed up but I hope you can help me

Thank you anyways
No Internet
Hi manjaroman

Your nftables look fine to replace eth0 with wlan1.
You can check that thay are loaded ok with the command
sudo nft list ruleset

This should show the same entries.
If the loaded rule set is blank then you can manually load them with
sudo nft -f /etc/nftables/nft-stat-ap.nft

If you are needing to do this then double check the service is active.
sudo systemctl enable nftables
and check
sudo systemctl status nftables


One important area is dhcpcd.conf. It should be correct but best to check.
/etc/dhcpcd.conf at the bottom of the file make sure that these lines are this way round

interface wlan0
nohook wpa_supplicant

Also check wlan1 is active ok with
wpa_cli -i wlan1 status


If none of this works let me know and I will have a closer look.
Bump
I went a different route, got it working now! poggers
Failed to start - nftables
this is by far the closest i've gotten to almost getting the AP setup on RP4....however, since the OS is on Bullseye and using nftables, after adding line "include "/etc/nftables/nft-stat-ap.nft"

i'm presented with [FAILED] unable to start nftables at boot up. the icon for the AP are still showing X but status shows its active and running with no errors.

the nftable on the other hand is showing "exit-code, status=1/FAILURE)

any help would be greatly appreciated!
Failed to start - nftables
Hi David

The AP should be working fine with that failure you just won't be able to connect to any network through eth0.
I don't have a Pi setup on Bullseye that I can check this with as it is setup for my current project but I would guess either the /etc/nftables/nft-stat-ap.nft file doesn't have the permission set.
Retry sudo chmod +x /etc/nftables/nft-stat-ap.nft

Alternately you can load the nftables manually. This will give you an error message that hopefully helps.

After the AP has activated. use the command
sudo nft -f /etc/nftables/nft-stat-ap.nft

Hopefully that will shed some light on the issue.

Let me know if that helps or if you get errors and I will look into it further.
No wifi Hotspot with good status
sudo systemctl status hostapd
says "active" and no errors but I do not see the hotspot. The two arrows show eth0 active (I can ssh into it) but no wlan associated after above procedure - what else shall I try?



_____________________________________________
● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-02-07 09:57:36 PST; 5min ago
Docs: man:hostapd(8)
Process: 512 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
Main PID: 553 (hostapd)
Tasks: 1 (limit: 4915)
CPU: 104ms
CGroup: /system.slice/hostapd.service
└─553 /usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf

Feb 07 09:57:36 rpdg-commish systemd[1]: Starting Access point and authentication server for Wi-Fi and Ethernet...
Feb 07 09:57:36 rpdg-commish hostapd[512]: Configuration file: /etc/hostapd/hostapd.conf
Feb 07 09:57:36 rpdg-commish hostapd[512]: Using interface wlan0 with hwaddr e4:5f:01:58:d4:6c and ssid "rpdg-commish"
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: interface state UNINITIALIZED->ENABLED
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: AP-ENABLED
Feb 07 09:57:36 rpdg-commish systemd[1]: Started Access point and authentication server for Wi-Fi and Ethernet.
● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-02-07 09:57:36 PST; 5min ago
Docs: man:hostapd(8)
Process: 512 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
Main PID: 553 (hostapd)
Tasks: 1 (limit: 4915)
CPU: 104ms
CGroup: /system.slice/hostapd.service
└─553 /usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf

Feb 07 09:57:36 rpdg-commish systemd[1]: Starting Access point and authentication server for Wi-Fi and Ethernet...
Feb 07 09:57:36 rpdg-commish hostapd[512]: Configuration file: /etc/hostapd/hostapd.conf
Feb 07 09:57:36 rpdg-commish hostapd[512]: Using interface wlan0 with hwaddr e4:5f:01:58:d4:6c and ssid "rpdg-commish"
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: interface state UNINITIALIZED->ENABLED
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: AP-ENABLED
Feb 07 09:57:36 rpdg-commish systemd[1]: Started Access point and authentication server for Wi-Fi and Ethernet.
No wifi Hotspot with good status
Hi Joe

Thanks for the output.

I have tried to reproduce your issue. I can reproduce it but I don't get the output
Using interface wlan0 with hwaddr ...
wlan0: AP-ENABLED
so it seems something is different.

Can you check that in /etc/dhcpcd.conf the line
nohook wpa_supplicant
exists. This can cause the issue you are describing as the Pi will be trying to connect to your router as well.

If you are using Buster or Bullseye, which I presume you are all lines in /etc/defaults/hostapd should be commented out with a # at the start of every line. This file is not needed anymore.

/etc/network/interfaces should only contain 5 lines with the last line the only one un-commeted
source-directory /etc/network/interfaces.d

The installer script will be able to install this setup if non of this helps. There is a link at the top of the guide.

Otherwise can you let me know what OS and Pi you are using and what the output to
sudo systemctl status dnsmasq
sudo systemctl status dhcpcd
show as well and I will have a further look into it.
Wrong Password
Hi Keith

It sounds like the connection is unstable. For the password I would say check the /etc/hostapd/hostapd.conf has at least a 8 character password but if the hostapd.service is ok then it's not likely to be that.
Can you check that there is the correct ip address and only one for wlan0.
use: ip a
under wlan0 you should only have 192.168.50.10. If there is anything different or more than one ip address then that will be why. This would point to dnsmasq.config having an issue with the ip entries.
The other place that can possible cause an unstable connection is in /etc/dhscpcd.conf, the line nohook wpa_supplicant misspelled or not entered. This would also show up as a wifi icon in the tool bar instead of two blue arrows.

You could also try using the installer with option 3, link at the top of the article. This will solve any config issues.

If this doesn't help then I will look into it further.
Wrong password - RESOLVED
Part of my problem stemmed from trying to implement multiple tutorials on hostapd.
For some reason there was an entry for my current SSID in wpa_supplicant.conf that I never manually entered. Some other rookie errors on my part.
(1) Originally setup wlan0 on the same subnet as eth0 - Created wlan0 on different subnet.
(2) Renamed /etc/wpa_supplicant/wpa_supplicant.conf to /etc/wpa_supplicant/wpa_supplicant.conf.orig

It now is stable.

My use for this is to communicate with some remote power plugs on 2.4G.

Speedtest for eth0 is around 100 Mbits/sec.
Speedtest for wlan0 is 10 Mbits/sec or less.

What are the optimal /etc/hostapd/hostapd.conf settings for maximal speed/throughput on 2.4Gig?
What are steps to troubleshoot performance issues on hostapd?
Again, this is a RPI 4
The channel is clear of any other WIFIs.
Only feet away from the RPI 4.

Thanks
Wrong password - RESOLVED
Hi Keith

It good to know you have found the issue. It's always the little things that cause the most chaos.

I can't say I have done any performance testing as any intermittent issue I put down to interference, but I don't generally have an issue. But your speeds do seem very low.

I'm not sure there are any speed improvements from hostapd.conf. As far as I know it is usually around the drivers, but as it's builtin wifi that shouldn't be an issue.

Other than seeing if setting the wifi power management to off offers any speed increase. I take it when the Pi is connected to a router the speeds are better.

to see power management status:
iw wlan0 get power_save

to switch off:
sudo iw wlan0 set power_save off


The other thing you could try is using 5ghz access point just to see if that gives better performance. If that is bad as well then there may be another issue.
I can send you a 5ghz hostapd.conf file if you want to try that.
Wrong password - RESOLVED
All the config files are correct.
I will keep tinkering to see if the reliability and performance can be improved.

I just had one curiosity about one line in the dhcpcd configuration.

static routers=192.168.50.1

What is this address?
It is not pingable from the RPI or the PC connected to the hotspot when it is UP and connected.

Thanks
# Wrong password - RESOLVED
Hi Keith

The line static routers=192.168.50.1 is the access points gateway. All the access point network traffic to other networks not in 192.168.50 such as eth0 goes through this address and is handled by dhcpcd.
Wrong password - Cant connect
I have a strong RF signal from the hotspot on the chosen channel, but 'most' of the time when I try to connect I get an 'invalid password' or 'not available' message. Even if it ever connects, it wont stay up long. I have tried to connect via cell phone or with PC wifi with the same result. Though all the comments here focus on the network side of the AP, what is there to troubleshoot the RF portion beyond having a clear channel and sufficient signal? I have the RPI4 with Buster(10). I am using the Static Hotspot guide. No errors using 'systemctl status hostapd.service'. Thanks
Multiple Hotspots on same router
Hi,
I used your setup for multiple Raspberrys and it works perfectly, thanks a lot :)

I was just wondering, if it is possible to have two or more Raspis with this setup running at the same time. So lets say I have 2 Raspis, each of them providing a seperate WIFI network and running a DCHP server with your configurations. Both Raspis are connected to my router, which is connected to the internet. Can both raspies use the same configuration (static ip, ip range, standard gateway) without the risk of an ip conflict or something?

Thanks a lot in advance.
Multiple Hotspots on same router
Hi Alex

On a simple setup then two or more Pi's on one router will be fine.
The Ethernet ip address to the Pi's is managed by the router so they all will have unique ip addresses.
The Wifi access point is a separate network so any device connected to the access point can use the internet.
If you have two mobile phones each connected to one of the Pi's and by chance they have been given the same IP address, it won't conflict because the router is communicating through eth0 and is not aware of the access point ip address given to the phones.
Though you will want to change the SSID on each Pi so you know which one your mobile phone is connecting to.

All devices connected to the AP on Pi1 can ping each other but they can't ping devices connected to the AP on Pi2.
(Though they can ping Pi2)

If you are want a setup where a phone connected to the access point on Pi1 wants to ping a phone connected to the access point on Pi2, you will need set additional "routing" in your Router and you will need to change the access point IP address on each Pi.
Change the 50 to a different number ###.##.50.# in dnsmasq.conf and dhcpcd.conf
Multiple Hotspots on same router
Hi roboberry,

thanks for your explanation. That's what I was looking for :)
Thanks a lot and best regards.
Hotspot created but no real internet access
Hi Roboberry,
thanka a lot for the detailed guide. I followed evey step and after two reboots my phone connected to the created hotspot, also pretending to have internet access but actually no page is loaded. So either it is not working or just very slow.
What could be the reason and what would I have to change?

Thanks and regards,

Matthias
Hotspot created but no real internet access
Hi Matthias

If you can I would confirm the Pi itself is getting internet through the LAN connection on eth0.
If the Pi has access to a display then load up the Pi's desktop and see if it will load a webpage or in terminal ping ww.google.com

Alternately connect to the access point and use SSH or VNC to connect to the Pi. Then open a terminal window and ping www.google.com.

If the Pi has no internet access then the issue is between the Pi and your router.
enter ip a
and see if eth0 has an ip address starting with 192.168
The setup doesn't change anything with eth0 so there may be a different issue.


If the Pi has access to the internet but the device connected to the Access Point does not, then check the IP tables are setup with sudo iptables -S
you should see the routing between wlan0 and eth0.
-A FORWARD -i eth0 -o wlan0 ..... and a second line with the devices reversed.
If this doesn't show then redo the ip tables part of the guide.

check the ip tables service is running
sudo systemctl status hs-iptables
it should see in the output status=0/SUCCESS

If ip tables are working then check that /etc/sysctl.conf has forwarding on:
net.ipv4.ip_forward=1

Let me know if this doesn't help. There is also an installer on the home page that will set the pi up the same as this guide if you have no luck.
Hello Roboberry,
Thank you for the very good guide, It's been a life saver. But I have a problem with connecting through sockets. My setup is: my pc connected with a rpi through an ethernet cable and this rpi (access point following your guide) is connected with an other rpi through a wifi signal. From the access point I can establish a socket connection to both my pc and the other rpi. But I need a socket connection from the second rpi (server) to the pc. I can ping from from the second rpi to the pc but not the other way around.
This is the output from ip route:
default via 192.168.1.10 dev wlan0 src 192.168.1.200 metric 303
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.200 metric 303
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.1 linkdown
(I've used 1 instead of 50 from your guide and the linkdown is from a program that shares the wifi signal to a fourth device using an ethernet connection)
Do you have any idea how I can fix this?
Thanks in advance.
Hi Jorne

I'm glad you have found it useful, apart from the issue :)
As you say the PI's can access a PC through Ethernet and they can all ping each other but the PC doesn't want to ping the second pi via Ethernet through the access point Pi. The is due to subnet routing through the Ethernet. Additional routing needs to be setup so the PC can ping the other devices on the access point network.
I have had a brief look but initial ip routes didn't work.
I will have a better look soon and get back to you.
Hi Jorne

The solution is to add a route to your PC.
For me I have Pi1 as Access Point on 192.168.50.10
This is connected to a Ubuntu PC via Ethernet
Then I have Pi2 connected to the WiFi access point with an ip of 192.168.50.178.

on Pi1 enter ip route
which returned this for ethernet
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.103 metric 202

Then on the PC I added a route as
sudo ip route add 192.168.50.0/24 via 192.168.1.103

I can now ping Pi2 from the PC and still ping the PC from PI2

so on you PC enter
sudo ip route add 192.168.1.0/24 via 192.168.2.1
it should work
Hi roboberry

This works. My pc is windows so i had to change a few things in the commands (for someone who has the same problem: open your terminal as admin and instead of ip route... do "route add 192.168.1.0/24 192.168.2.1").

Thank you for your help!
cool, i'm glad that is working. Thanks for the windows command, useful
Thank you for your tutorial--it taught me quite a bit about the inner workings. It took me reading all the other comments to solve my problem, as I had also tried the AutoHotspot scripts without success. Going through the tutorial, I set up using wwan0 (my cellular) instead of eth0, so I changed that in the scripts.
Also, it appears that for some reason I had not unmask or enabled the dnsmasq.service (hostapd and hs-iptables were enabled). Once I did that and restarted twice(?), it is working nicely. Thank you for the clear presentation!
Hi Scott

You're welcome, I'm glad you have it working how you need it.

If you are just replacing eth0 for wwan0 then the autohotspot/N scripts will be able to handle that.

in /usr/bin/autohotspotN the line below allows the eth0 port to be changed

ethdev="eth0" #Ethernet port to use with IP tables

as long as no other setup is required it will work.

This is limited to Lan types as you can't redirect eth0 to wlan1 for these scripts as it will effect the switching but can be done for the static access point.
so i got my cell phone on the pi4 network and it shared data from my wired router, but im unable to view apache pages using localhost is there a way i can be able to?
Hi Gareth

If your Pi4 is running the Apache server then you can only use localhost from your Pi's desktop.
As your phone is a different device on the network you need to use the Pi's ip address of 192.168.50.10 in your phones browser or setup a hostname for the access point and use that instead to access the web server.

You can setup a hostname for the access point, which can be different from the hostname the pi may have already.
edit /etc/hosts
and add
192.168.50.10 mywebserver

After a reboot you can access your apache server from your phone using http://mywebserver

any issue please let me know
I can disable pihole dhcp and use rpi dhcp disease, then do i have to use bridge or just iptables.
I am able to get up from pihole, but traffic doesn't flow beyond wlan0 that's the problem
Hi Sohail

If you can switch PiHole to use Rpi dhcpcd then that would work. Though check that there is no config in /etc/network/interfaces as that will still conflict with the access point. It should just be the top 5 lines as shown in this guide.

for ip tables, I would start by switching the eth0 entries in /etc/iptables-hs to br0

#!/bin/bash
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
iptables -A FORWARD -i br0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o br0 -j ACCEPT

try that. If that doesn't work it may be that PiHole already has something in place for iptables. Then just disable my iptables service with

sudo systemctl disable hs-iptables

and reboot
My config in files are as belwo please refer, i cant forward traffic from wlan0 (LAN) to etho (Internet)
#etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
#bridge=br0
country_code=AE
#ieee80211d=1
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
ssid=raspi3
wpa_passphrase=111222Q!
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
#pppoe on eth0 & lan on wlan0 as hotspot
auto dsl-provider
iface dsl-provider inet ppp
pre-up /bin/ip link set eth0 up # line maintained by pppoeconf
provider dsl-provider

# Bridge setup
#auto br0
#iface br0 inet manual
#bridge_ports eth0 wlan0

auto eth0
iface eth0 inet manual
iface wlan0 inet manual

#/etc/iptables-hs
#!/bin/bash
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-12-
pi@raspberrypi:~ $ sudo systemctl list-unit-files hs-iptables.service
UNIT FILE STATE
hs-iptables.service enabled

1 unit files listed.
pi@raspberrypi:~ $ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
Hi Sohail

The will be an issue with the fact there is config in /etc/network/interfaces

This will mean you are using two network managers which are conflicting. The access point used the standard network manager for the Raspberry Pi which is dhcpcd. the interfaces file is not used in Buster or Stretch.

if the /etc/network/interfaces config has come from PiHole then it's not compatible.

If there is a bridge being used there then iptables-hs will need to use br0 instead of eth0.
Please guide me. I need to use Pihole on same PI3b+. DHCP is handed by pihole & working fine. All devices can connect to WLAN & get ip addresses, but cant get internet.
Hi Sohail

If PiHole used dhcp then its not compatible as the Pi and the access point uses dhcpcd by default. dhcpcd would have been stopped to use dhcp.

I can have a look at PiHole to see how it is configured but if the above is correct then I probably won't be able to help. I will have a look sometime this week and let you know.
hi rob m using pihole as dhcp its runng in its web gui fine, m getting password incorrect config is
interface=wlan0
driver=nl80211
bridge=br0
country_code=AE
ieee80211d=1
hw_mode=g
channel=6
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
ssid=raspi3
wpa_passphrase=111222Q!
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
Hi Sohail

I have not used PiHole so I can't confirm if it works ok with this setup. I have tried that password on my access point and it works fine in hostapd as it's 8 characters and can use !. All others settings look ok and I don't expect the extra bridge line causes an issue.

Other than trying a different password and checking for extra spaces and hidden characters I don't know what to suggest as hostapd will just compare what has been entered as a ssid password from a wifi device, to this config file.
Thanks for the detailed tutorial. I have tried to setup a no-Internet router on a RPI4 with a fresh updated Raspian SD card. Unfortunately, I see two red Xs where the arrows should be. I have checked and both Dnsmasq and Hostapd show as enabled. I have triple checked each step and I don’t see any errors. Any suggestions? All I want is to create a simple network with no internet for 3-8 PIs so they can talk to each other. Thanks in advance.
Hi Frank

I take it you don't see the RPiHotspot ssid (issue with: hostapd) or if you are you can't get an ip (issue with: dnsmasq).

Can you check if hostapd are running ok and have not failed for some reason.

enter: sudo systemctl status hostapd
it should say active (running) on the 3rd line. If not it will state an error in the text somewhere.
if that is ok do the same for dnsmasq

I suspect the issue to be one of those as dhcpcd should be fine as you have no wifi.

If you still have an issue let me know the results of the above and i will look into it further or if you use the installer, link at the top of this page, and reinstall the access point with option 3 it should fix any issues.
Thanks for the ideas. Both dnsmasq and hostapd responded running. So I used your script and it was easy to implement and was successful. My problem must have been a typo. I am still glad I went through your tutorial since it gave me an idea how everything works.
Hi Frank

Good to hear you are up and running. Those self hiding typo's are annoying. I get them all the time :)

Thanks for letting me know.
One more question. I am able to SSH and communicate between PIs now, all of the PIs show the double arrow when in Access Point mode except the PI setup as the router. Is that to be expected?
Hi Frank

The Pi's can communicate with ssh, vnc etc if they are on the same network. It should be one pi is setup as the access point and all the other are standard wifi and connect to the RPiHotspot ssid.

If they all have double arrows I presume they are all access points? If so they are all separate networks.
Ooops, I misspoke. They all have the radio signal, and none have double arrows. The Access Point PI has the two red Xs.
Hi Frank

The red Xs are wrong, seem we are back to the start.
If that's setup from the installer then it should all be fine.
Not sure whats going on there,

I take it you can't see RPihotspot being broadcast,

Try using option 4 uninstall, reboot and then option 3 and reinstall it.
That fixed the problem. Thanks.
I am able to connect pppoe on pib+ ethernet used as Internet-WAN, now wifi traffic doesnt NAT/FORWRD to etho0 to connect WLAN devices to internet. Moreover do i need to configure BR0 to bridge them with utils? thanks
Hi sohail

The ip tables in the iptables-hs service enable the internet forwarding. Check that the service is enabled and ip forwarding is enabled.

sudo systemctl list-unit-files hs-iptables.service
this should return enabled

if not use
sudo systemctl enable hs-iptables

also check ip forwarding is on
sudo nano /etc/sysctl.conf

and this line has no # at the start
net.ipv4.ip_forward=1


let me know if you have further issues.
Hi roboberry,
My pi3b+ has eth0 connected to pppoe, working fine. But wifi hotspot doesnt provide ip address.
Hi Sohail

If you are seeing the RPiHotspot ssid with a wifi device but are not getting an ip on connection then:

For IP issues check that dnsmasq is running ok.
enter: sudo systemctl is-enabled dnsmasq.service
this should return enabled
if not enter sudo systemctl enable dnsmasq
and reboot

If that is fine check it is running with no errors with sudo systemctl status dnsmasq
There should be some green text saying running, if there is any errors then it should give you a clue to the issue. probably an error in the /etc/dnsmasq.conf file

Alternately you could try using the installer script, there is a link at the top of this article. This will reinstall the setup and fix any common errors that can be done with the manual guide.

let me know if that helps. If not we can look into it further.
Hi roboberry!

I really enjoyed following your guide, and want to thank you for writing it. I made some progress in a project on my own, but have an issue that I would very much appreciate if you could share some tips.

I have my RPi set up with as an hotspot, and all devices that are connected have internet access. However, they can not communicate with each other. When i, for example, ping a device on the network from another device from the network, I get the dreaded "Destination Host Unreachable". However, I can successfully ping the devices from the Pi that is set up as a hotspot.

Now, to complicate matters further, the internet is fed into the hotspot-Pi via USB tethering from an Android phone. This results in my config files looking a bit different than in your guide, and I hope you will understand them.

Below is the config/information about my setup. I would be very thankful if you could have a look at it.

Best regards

Interfaces on the hotspot-Pi:
wifi1 (external usb adapter, hosting the hotspot)
usb0 (internet connection from Android Phone)
wifi0 (built in wifi, disabled)

dnsmasq.conf:
interface=wlan1
dhcp-range=192.168.4.2,192.168.4.50,255.255.255.0,24h
domain=wlan
address=/gw.wlan/192.168.4.1
dhcp-option=3, 192.168.4.1

dhcpcd.conf:
option domain-name "router.local";
option domain-name-servers 8.8.8.8, 1.1.1.1;
authoritative;

interface wlan1
static ip_address=192.168.4.1/24
nohook wpa_supplicant

interface usb0
static ip_address=192.168.42.125/24
static routers=192.168.42.129
static domain_name_servers=192.168.42.129
nohook wpa_supplicant
Hello Elias
I responded by email a couple of days ago but it got returned even though previous ones worked.
My response was:

Looking at your setup there is nothing that stands out as being an issue but as that's specific to your setup so i can't reproduce that to check.
The nohook wpa_supplicant under usb0 shouldn't be required as this is to disable wifi from trying to connect to a network on the pi.

For all devices to comunicate you need port forwarding which you would have enabled as part of the guide. The next area that can cause the issue is routing.

Use the command: route
if this comes back with two lines as default or 0.0.0.0 then your connected devices may get routed off to the internet rather than back through wlan1.

try deleting the default route for usb0, with: route del default gw 192.168.42.129

and see if that helps.
If not try the other way
route del default gw 192.168.50.1

I have previously checked connections within the access point network with several Pi's connected to an access point and thay can ping and ssh each other and also with a PC connected to the main Pi via ethernet. It should be just forwarding and making sure the route's don't cause an issue.
If this dosn't work I will set it up again and check the config, its been a while

Let me know if this helps.
Hello again,

Thank you for your reply. Maybe the email not getting through have to do with the global outage of the Google services..?
Anyway, I tried tinker some more in the last days, and it seems it might be a hardware problem (my external wifi adapter). I tried switching to hosting the AP on the internal wifi, and I was surprised to see the result was the opposite from before. I got no internet access, but could access the locally connected devices. Since then I've resorted to another solution for my personal case. I do however as I said, suspect it is a hardware issue (and the adapter wasn't listed in the referenced in this guide.

Hopefully your answer can help someone else with similar troubles.

I wish you all the best,
Elias
Hi Elias

Ah that would make sense, the google issues.
Ok, well good luck with your project :)
Hi, roboberry, I appreciate your help in the past, and I have a couple of questions:
1: I have several RPi hotspots set up in my house in different rooms, but not that far away from each other. For the "static ip_address=192.168.50.10/24", should each hotspot have its own 192.168.50.xxx/24 address? I.e, .10, .11, .12, etc.
2. Is there a way to verify that the RPis are using the "static domain_name_servers=8.8.8.8"? If I "cat /etc/resolv.conf" I get "nameserver 127.0.0.1"
Many thanks, this is a great tutorial!
Hi Milton

The Hotspots can have all the same ip's as they are all independent networks. You can only connect to one of them with a WiFi device at a time. When I use ssh with my Pi's I find it convenient because 1 ssh login works with any pi i connect to as they have the same IP.

If you have them all connected to a router through eth0, they will also have their own IP from the router so they all have unique IP's on that network as well.
The only thing you would want different is the SSID setup in /etc/hostapd/hostapd.conf so you can tell them apart and know which one you are connected to.

It will only be an issue if you have a computer with two wifi devices and connected both to different hotspots, then you will most likely get confused connections.

I don't know if you can see what online dns is used. dnsmasq handles how the dns is connected. My setup is pointed to 127.0.0.1 and if you use commands like host -a google.com it returns 127.0.0.1#53 but if I go to a non hotspot setup then dns is my router in resolve.conf and not the dns server of my net provider.
Sorry I can't help with that one.
I've been trying but with no success to set the AP to use my existing DHCP and DNS server. xxx.xxx.003

I have commented the DHCP entries in dnsmasq.conf and it works fine, but changing:

domain_name_servers=8.8.8.8

to

domain_name_servers=xxx.xxx.xxx.003

Doesn't work. I can ping from the RPi but cannot connect via the RPi to the internet from a WiFi client. Anyone have any ideas. Thanks.
Hi Andrew

Can you give a little more detail on your changes and setup please. Your previous comments says you can't get a connection for eth0, the domain_name_servers=8.8.8.8 is for the internet dns through eth0, in this case Googles dns.
If you remove the line and a local dns service or connected router with dns settings is available then it should use that.

Can you include your dnsmasq.conf and dhcpcd.conf entries for the hotspot setup.
A couple of comments which may be of help for Buster and USB adapter:

-$ echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt
-comment all #DAEMON_CONF=""
-install aircrack-ng and run sudo airmon-ng to find out what chipset your USB dongle is using
-Alfa AWUS036H (1w version) doesn't work
-Alfa AWUS051NH v2 works but device download is terrible, upload unaffected

Personally cannot connect via VNC and eth0, can connect from a WiFi device connected to wlan0.
Hi Andrew

Thanks for the feedback.

So you are disabling the internal wifi completely. So the USB is defiantly wlan0

The /etc/default/hostapd can be deleted on Buster as it is not needed, it's left on the guide for Stretch compatibility.

Can you give me more detail about the VPN issue and eth0 issue. Nothing has been changed with eth0 so you should still be able to connect via Lan to the Pi.
Can you ssh in, if you use that. Does the Hotspot work if you go back to the Pi's wifi. Just want to check the script is working ok for you.
Apologies for the delay, I just spent some time adding a pigtail to the B+ and a 2.4GHz amplifier. Now I get a really good connection and throughput is much higher than using the Alfa USB adapters. Still low 6-8mps but more than enough for my needs. Thanks!!
Thank you for that! It's working perfectly! Now I can connect my App to send data to rasp/mysql and photos via FTP easily.
Hi Aires

You're welcome, i'm glad you find it useful.
Hi, I have an RPi 4B+ 4GB and completed this tutorial, I am using an Android device and it sees the WAP and prompts me to login but when I put the password in, it says "Couldn't get IP address" on my phone. How can I fix this?

Many thanks
Hi Isaac

For IP issues check that dnsmasq is running ok.
enter: sudo systemctl is-enabled dnsmasq.service
this should return enabled
if not enter sudo systemctl enable dnsmasq
and reboot

If that is fine check it is running with no errors with sudo systemctl status dnsmasq
There should be some green text saying running, if there is any errors then it should give you a clue to the issue. probably an error in the /etc/dnsmasq.conf file

If there is no issues with the above try accessing the pi from a non android device just to rule out any issues from the phone. The only issue that is expected is you won't be able to ssh from an android phone without disabling data, but VNC and browser will work fine with data on.

let me know if that helps. If not we can look into it further.
Hi, I have a 3B+ with Buster, and I am getting an error:
pi@nancy01:/etc $ sudo systemctl status hostapd
● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2020-08-13 21:33:36 CDT; 1s ago
Process: 1774 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=1/FAILURE)

Aug 13 21:33:36 nancy01 systemd[1]: hostapd.service: Failed with result 'exit-code'.
Aug 13 21:33:36 nancy01 systemd[1]: Failed to start Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
pi@nancy01:/etc $ sudo systemctl unmask hostapd
pi@nancy01:/etc $ sudo systemctl enable hostapd
Synchronizing state of hostapd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable hostapd
pi@nancy01:/etc $ sudo systemctl start hostapd
Job for hostapd.service failed because the control process exited with error code.
See "systemctl status hostapd.service" and "journalctl -xe" for details.
pi@nancy01:/etc $ sudo systemctl status hostapd.service
● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2020-08-13 21:37:14 CDT; 257ms ago
Process: 1979 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=1/FAILURE)
Even though I have the two arrows at the upper right corner of my screen, my hotspot does not show up in my list of networks.
Any idea what the problem might be?
Thanks!
Hi Milton,

It looks like there is an error in /etc/default/hostapd

As you are using Buster this file is not required so you could delete it or rename it to something else.

But as it's available, it's used. just check that both these lines are correct in the fie

DAEMON_CONF="/etc/hostapd/hostapd.conf"
#DAEMON_OPTS=""

let me know if that helps.
Thank you for making this so easy for someone new to linux and raspberry.

Is it possible to activate the 5 GHz also? Eventually I want to install a VPN on the Pi, but am taking it one step at a time.

You've done a good job with the site.
Many thanks.
Hi Vince. No problem, glad you found it useful.
Yes 5ghz can be setup.

in /etc/hostapd/hostapd.conf

change
hw_mode=g to hw_mode=a
channel=6 to channel=36
wmm_enabled=0 to wmm_enabled=1

and add the line:
ieee80211ac=1

also make sure your country is correct as it is more important for 5ghz
country_code=GB

I believe that all you need for a basic 5ghz setup.
The channel can be changed if there are strong 5ghz signals in your area using ch36 causing an unstable connection.

This will work fine with openvpn without any changes.

thanks.
Greetings roboberry!

Thank you for the prompt response. Pi running 5GHz.

Could you please assist with my current situation.

Pi3B+ Buster 10

I installed Airvpn hummingbird client on the Pi. It works, as I can see the connect made on their homepage. My android phone also connects to the Pi. The problem is the android has no internet connection. It is not connecting with the tunnel. When I shut down hummingbird, my phone regains internet.

The only errors I see from hummingbird are:
iptables v1.8.2 (legacy): can't initialize iptables table `security': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `security': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

I noted in the instructions the netfilter-persistent program was not going to be installed, deferring to a custom service.

Thank you for giving this a look and insight would be appreciated.
Hi Vince,

The access point directs traffic between eth0 and wlan0. VPN's often create devices like tun0 or bri0 inplace of eth0 so it maybe that the iptable rules in this guide need altering for you.

with the VPN enabled enter: ip a
Check if there is a device other than eth0, wlan0, lo,
if there is something else like tun0 change all references to eth0 in /etc/iptables-hs
and reboot.

It may be that your default route is eth0 so no traffic from your android device is directed to the vpn.

enter route
if the vpn uses tun0 and you see

Destination: default for Iface: eth0 but not for Iface: Tun0 then that may be the issue but i would expect that all traffic to eth0 would be redirect to Tun0 in AirVPN's setup.

Otherwise list the iptables rules and see if there is a conflict between Airvpn's setup and the access point setup

sudo iptables -S

let me know the output to iptables and route if this doesn't help.
Same for nftables
Hi roboberry,

Thank you for all your information!
I've got the same problem as Vince but with nftables (bullseye). I followed your recipe as stated above on a clean bulleye install. In addition I'm using openvpn and all works well except that connected devices don't have internet access when openvpn is connected to the vpn server. The rpi itself has internet access when openvpn is connected to the vpn server. Only the connected devices don't. They do when openvpn is not running.

When openvpn is connected to then vpn server tun0 appears when entering 'ip a' and/or 'route'.

How should this be solved since bullseye doesn't come natively with iptables?

Thank you in advance!

Tom
Same for nftables
Hi Tom

To use OpenVPN with the access point the NFtables for eth0 need to be changed to tun0.

In /etc/nftables/nft-stat-ap.nft change the three references fot eth0 to tun0

then use the command

sudo nftables -F /etc/nftables/nft-stat-ap.nft

to load the new settings or reboot.

The connected devices will now only get internet if OpenVPN is running.
Your script is fantastic. After trying out so many things this was the final solution and it worked right away.

However, I need to have access to the Pi when I am out and there is just my laptop and the Pi, no other network. Internet is not needed. Currently this seems to be possible only via Wifi. How can I achieve this with ethernet cable? The Pi should accept both wired and wireless connection.

Many many thanks!
Hi Stefan

Thanks. The setup to the eth0 is not changed so it works the same as if the access point hasn't been setup. So any guide to setting up a direct ethernet link between a Pi and a laptop should be fine as long as changes to Eth0 are done in /etc/dhcpcd.conf and not /etc/network/interfaces.
This guide looks to be suitable if you use Window on the laptop
https://www.circuitbasics.com/how-to-connect-to-a-raspberry-pi-directly-with-an-ethernet-cable/

But as a static ip is being set it won't work if you then connect the Ethernet to your router afterwards unless the router is on the same network ip range as what is set for your eth0 static ip.

hopefully this helps
Blimey - it works!

Being a total "noob" (but old as heck) I was about to give up, having tried more than a half dozen online guides that apparently were outdated.
Many thanks - I'll now have proper WiFi signal strength in the mancave :-)
Hi Anders
You're welcome and thanks for the feedback

It is a bit of a nightmare finding the good info from the bad online, been there many times. I'm glad you have it sorted now.
Thanks for the tutorial! It's really great and well organized.

I've set my RPi4 into an AP (no internet access) without any issue. When I tried to set it back, disabling the services and rebooting, it keeps as if it where in hotspot mode (but no device actually sees the AP). Does it have another turnaround to fix this?

Thanks again!
Hi Neobits

Have you removed the entries from /etc/dhcpcd.conf as that will stop wifi from working?

#Static Hotspot
nohook wpa_supplicant
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8

You can double check all the services have been disabled with the following lines

sudo systemctl -all list-unit-files hostapd.service
sudo systemctl -all list-unit-files dnsmasq.service
sudo systemctl -all list-unit-files hs-iptables.service

they should all say disabled
Hi roboberry!

Thanks for your quick answer :)

I've indeed removed the entries in the /etc/dhcpcd.conf and do all the checks you posted.

The first two are disabled while the last one wasn't found. Since I didn't proceed to internet connection, no iptables were written.

Am I still missing something? I've double check the procedure and I can't find my mistake.
Hello again!
It must have been a mistake, I made a new install of the OS, then execute all the procedure in a bash script and the AP is ON. Afterwards, executed another script to put down the AP and turn on the wifi and it's working!

Thanks again for the answer and the tutorial.
Hi Neobits

glad you have it sorted. Once the dhcpcd.conf bits are removed it should connect to your router, presuming /etc/wpa_supplicant/wpa_supplicant.conf has a wifi network setup.

Even if hostapd is still active it will still connect to the router so i'm not sure what your issue was.

Sound like you have a script to activate and deactivate the hotspot. I presume the Autohotspot setup also on this site dosn't fit your needs. The installer script can activate and deactivate the hotspot.
hello. i did everything in tutorial and reach the restart piint where my vnc or putty wont connect. i tried For ssh use ssh pi@192.168.50.10
For vnc use 192.168.50.10::5900 but no connection. i know is stil up beacuse my samba is on and i can access it. im running headless.i also use ufw and vpn which were before installed.help.
Hi Kraker

If you have managed to connect successfully to the access point then you may need to confirm what ip address the PI has for Wifi. You will be able to ssh in via eth0 if you are not using a PiZero. If the wifi is the correct ip then it may be ufw needs some changes.

I have not used a firewall with the setup. On the autohotspot script (on the home page) with Firewalled setup it wouldn't except the standard rules and has some mods at the bottom of the article. So maybe there is a similar issue.

Also for the VPN I think that uses a it's own device to route data. So the ip tables will probably need changing from eth0 to whatever your VPN uses. But you should at least be able to ssh VNC into the PI.

Also was there any other custom setting on /etc/dhcpcd.conf for wlan0 that may be conflicting with the setup?
i`ve manage to connect it to a pc. the reason vnc is not working was even if my pi is connected to Ethernet i wouldn't get any connectivity over internet. i`ve reversed back everything and now i`m fine. I want to try again. which things i should be aware for in my case?thanks
Hi Kraker

It looks like you need to skip the section for ip-tables.
Do the port forwarding in /etc/sysctl.conf but don't do the file /etc/iptables-hs and sudo systemctl enable hs-iptables

Then in ufw setup a rule to route wlan0 to eth0 in the same way the /etc/iptables-hs does.

Im not sure what you need to do for VPN but if connected wifi devices to the access point don't get vpn access and the vpn uses a bride device like br0 then you probably need to change ufw from eth0 to br0.

I haven't done this so I don't know but these would be where I would start.
vnc use 192.168.50.10::5900 Should this not just have one :?
Hi Peter

if you quote the port it is 2 ip::5900,
If you use the default port you can use 1 ip:0

As 5900 is the default either work.
VNC is usually 5800 or 5900 it seemed at least when I done the guide you needed ::5900 as 5800 isn't the default on the Pi.
A stupid little thing I know, but it is a good tutorial. My thing is that it is not dated so when I find a reference like this I do not know if it is current. I have been running my Pi zero W as a AP for a year now, but am having trouble with Hostapd when I upgrade the software. Today's searh is to find the latest version for the R-Pi and upgrade that.
Hi Peter

The article is a couple of years old but is up to date as stated at the top that it works and has been tested on the Raspberry Pi 4 and Raspbian Buster. But I get your point that the default option of created date dosn't help when looking for newer content so I have changed it to modified date.
Not 100% sure, but I just rebuilt my AP on Raspbian stretch and it still would not work. Eventually syslog led me to the fact that /etc/default/hostapd had not been updated with the full path of the hostapd.conf file. This needs checking to see if it is a new fault with the hostapd installation, something the problem with the way that I do it.

Jun 18 19:44:00 raspberrypi hostapd[15736]: Configuration file:

Jun 18 19:44:00 raspberrypi hostapd[15736]: Could not open configuration file '' for reading.

Jun 18 19:44:00 raspberrypi hostapd[15736]: Failed to set up interface with
...

This line needed to be added:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Hi Peter

The instruction to add the default path is in the guide. Just above the instruction to unmask.

In Buster the default file is depreciated so not required and hostapd works fine but it is required on stretch and jessie as they don't have the latest version available, or at least not the version Buster uses.
Hi,

thank you for this nice tutorial.

Everything works fine if I use the access point over wired eth0. But If I use it over wlan0 (wlan0=access point, wlan1=replacement for eth0), I can not reach the other local hosts any more:

"PING 192.168.178.32 (192.168.178.32) 56(84) bytes of data.
From 192.168.178.34 icmp_seq=1 Destination Host Unreachable"

I can reach only remote hosts in internet.
I can ping the local hosts again If I disable the hostapd. But after that the access point doesn't work any more as a result.

Can anyone help?

I use it on a Raspery Pi 3 B+ with Buster.
Hi TanKil

The setup won't work with wlan1 as wifi is disabled. You will need to alter the entries from the guide that were done in /etc/dhcpcd.conf to

denyinterface wlan0
interface wlan0
static ip_address=192.168.50.10/24
nohook wpa_supplicant wlan0

with the ip tables changes to wlan1 then it should work for you.
Hi roboberry,

thanks for the quick reply. I did these settings already. But still no success:


dhcpcd.conf:
interface wlan1
static ip_address=192.168.178.33/24
static routers=192.168.178.1
static domain_name_servers=192.168.178.1 8.8.8.8 8.8.4.4
static domain_search=

denyinterface wlan0
interface wlan0
static ip_address=192.168.178.34/24
nohook wpa_supplicant wlan0


rules for itables:
#!/bin/bash
iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT
exit 0


dnsmasq.conf:
interface=wlan0
bind-dynamic
domain-needed
bogus-priv
dhcp-range=192.168.178.100,192.168.178.150,255.255.255.0,12h # IP range and lease time
Hi TanKil

I believe the issue is wlan0 & wlan1 both have the same gateway but are on different networks.

I presume your Wifi Router is on 192.168.178.1
so you want the PI to appear on your wifi network as 192.168.178.33 through wlan1

The Hotspot is a different network and gives connected Wifi devices the ip addresses in the dnsmasq.conf dhcp-range. The hotspots IP they connect to is the IP in dhcpcd.conf for wlan0.

The Pi itself will have the IP address your router gives through wlan1.

I would change dnsmasq.conf to
dhcp-range=192.168.50.150,192.168.50.150,255.255.255.0,12h

and dhcpcd.conf for wlan0 to
static ip_address=192.168.50.10/24

and try it again.
Hi robobery,

that is it! It works like a charm!

Thank you!!!
Hi TanKil
No Probleml, glad you're up and running.
Hi, I am finding this tutorial very useful, thanks for sharing!

I am trying to set up rpi4 with wlan0 as permanent AP like you reccomend, and wlan1 via a USB dongle to function like the default "out-of-the-box" raspberry pi os functionality to connect to for example my smartphone in tether mode.

whether the internet is forwarded or not is not essential, but it would be nice to have access to apt update.

I got the Access Point on wlan0 working, but I missed something to get wlan1 working.

in the desktop, when I hover over the network icon, I get:

eth0: link is down
wlan0: STOPPED
wlan1: Not associated
Hi Jake

You're welcome :)

In dhcpcd.conf the wifi devices have been disabled which is why you get the message you see.

This can be changed so only wlan0 is disabled by changing the entries in /etc/dhcpcd.conf to

denyinterface wlan0
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8
nohook wpa_supplicant wlan0


You will also need to change the iptable rules to use wlan1 instead of eth0

in /etc/iptables-hs change them to

#!/bin/bash
iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT

The Pi will decide which device is wlan0 and wlan1 so you may see that switch between internal wifi and usb wifi depending on which one is discovered first. Though this should usually be internal for wlan0.

let me know if you get further issues
Hi roboberry, thanks for the swift reply :)

I guess my trouble is to assign the wlan1 to connect to a wifi.

if I put the login information to my tether wifi in the same wpa_supplicant.conf file, giving the following:

```
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=DK

network={
ssid="AndroidAP"
psk="123456789"
}
```

after adding the network ssid, I get a different tooltip hover message:

eth0: link is down
wlan0: Associated with AndroidAP
wlan0: Configured 192.168.50.10/24
wlan1: Not associated

with this configuration, my pi can access the internet, but no longer broadcasts the access point.
Hi Jake

Swift but wrong, how about a slower more measured response.
I have just tested that and it failed too, im sure it worked before Buster. Anyway, a slight mod and remove the deny line.

interface wlan0
nohook wpa_supplicant
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8

now wlan1 will connect to your phones AP

The issue is there is now two default routes and at least on my setup you cant get net access until the the Hotspots route on wlan0 is deleted.

pi@buster16:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.50.1 0.0.0.0 UG 303 0 0 wlan0
default 192.168.1.254 0.0.0.0 UG 304 0 0 wlan1

enter: route del default gw 192.168.50.1

then it shows
pi@buster16:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.254 0.0.0.0 UG 304 0 0 wlan1

Unfortunately you need to do this each boot.
Obviously this can be done with a boot script but it needs to be after the route has been created.

hopefully this helps. If there is another option with the route issue I will let you know.
I think you may not have been totally wrong after all - I couldn't get it working and took a fresh image on my sd card.

I got everything working accordingly both with and without 'denyinterface wlan0' needing to run the 'route del default gw 192.168.50.1' in either case.

I noticed that the route comes back every time I plug or unplug the ethernet cable, so I need to figure out the most convenient way to re-run the 'route del' command.

Thank you very much for making this guide, as well as educating me along the process!

After this success, I am now struggling with a challenge, if you have any thoughts, I would be thankful for your input:

I wanted to add a usb-c connection from a guide I found on another website[1], this works great, but with this configuration added as well, I dont get internet on the devices I connect to the PiAccessPoint, although I get internet on the pi itself after deleting the route as above.


[1] hardill.me.uk/wordpress/2019/11/02/pi4-usb-c-gadget
Hi Jake , glade your up and running now.
another typo from me i missed the s, it's denyinterfaces wlan0
But you don't need that for this.

The default route will will appear for eth0 but in my case its the same as wlan1 as it's to my router so it's ok. It should be fine as you have a route between wlan0 and wlan1.

You can setup a systemd service to run the delete route once network is up. I have not done that yet but should work if that's any help.

Looking at the usb-c link, interesting setup.
The first issues that stand out is that it uses /etc/network/interfaces.d
dhcpcd is the RPi's network manager so device config should be in /etc/dhcpcd.conf. network/interfaces will conflict with the device setup.

I would try moving the entry for /etc/dnsmasq.d/usb into /etc/dnsmasq.conf under the hotspot entries.

in /etc/dhcpcd.conf
don use the denyinterfaces usb0

but add
interface usb0 (or whaterver shows up for usb in: ip a)
static ip_address=10.55.0.1/24
static routers=10.55.0.254

Then in the script /root/usb.sh
change the line near the bottom:
ifup usb0
to
ip link set dev usb0 up

this is because ifup is a /network/interfaces command ip will work with dhcpcd.conf

I can't guarantee that will work but it's where I would start.
Interesting:

pi@raspberrypi:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.55.0.254 0.0.0.0 UG 205 0 0 usb0
default 192.168.50.1 0.0.0.0 UG 303 0 0 wlan0
default 192.168.0.1 0.0.0.0 UG 304 0 0 wlan1
10.55.0.0 0.0.0.0 255.255.255.0 U 205 0 0 usb0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.255.0 U 304 0 0 wlan1
192.168.50.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0




In my first try I deleted '/etc/network/interfaces.d' but forgot to put the content in the bottom of /etc/dnsmasq.conf

that resulted in no access through usb, but after

pi@raspberrypi:~ $ sudo route del default gw 10.55.0.254

pi@raspberrypi:~ $ sudo route del default gw 192.168.50.1

I got forwarded internet over wifi, when I then added the forgotten content to /etc/dnsmasq.conf I was able to ssh through usb, but not achieve wifi internet forwarding on.
Hi Jake

Making progress then :)

I would add routing from usb0 to wlan1 to /etc/iptables-hs
iptables -A FORWARD -i wlan1 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i usb0 -o wlan1 -j ACCEPT

for deleting the default route it seems there is a unspecified delay before the ap default route is in the routing table. I have tried removing it with a systemd service at a few points in boot but had no luck. Im sure there is a better way as this seems overkill but anyway I just added a script waits for the default 192.168.50.1 to appear within a 50 second window after the system is fully up and then deletes it.

create sudo nano /etc/systemd/system/routeupdate.service

add this:
[Unit]
Description=Delete Default Route for AP
After=multi-user.target

[Service]
Type=simple
ExecStart=/etc/aproute.sh

[Install]
WantedBy=multi-user.target


then create sudo nano /etc/aproute.sh
#!/bin/bash

x=0
until [ $x -gt 10 ]
do
if route | grep -n "default 192.168.50.1" ;then
route del default gw 192.168.50.1
x == 11
else
x=$((x + 1))
sleep 5
fi
done


then make this script executable
sudo chmod +x /etc/aproute.sh

and enable the service
sudo systemctl enable routeupdate.service

you can add the usb default route but it will only be deleted if the AP route is found.
Interesting thoughts; with 2 wifi adaptors, ethernet, and usb networking, there seems to be many ways to utilize the pi in the middle.
I may also look into forwarding ethernet to usb, essentially making the pi a usb-to-ethernet adapter.

while still not having internet through wifi, I am already pondering to increase the utility by setting up the pi-hole software (either by docker or directly on the pi)

Thank you very much for routeupdate.service, that will save me for some manual bash commands!

If I figure out progress in the forwarding of wifi, I will let you know :)
Hi, thanks for the tutorial. I've got the hotspot working (No Internet). The only issue is, that the ip address I retrieve from ifconfig (169.254.214.159) is different from the one I've set (192.168.8.10). For SSH I have to use the ip address I get from ifconfig. Any idea what could cause the issue here? Thanks in advance!
Hi Frederik

The 169.254 ip is because of an error meaning the correct ip can't be generated.

If you have changed the ip address in /etc/dhcpcd.conf
to
static ip_address=192.168.8.10/24
static routers=192.168.8.1

you also need to change it in /etc/dnsmasq.conf.

The dhcp-range from

dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h
to
dhcp-range=192.168.8.150,192.168.8.200,255.255.255.0,12h

the first 3 digits of the ip need to match ###.###.## what ip has been set. The 4th digit is the range connected devices will receive 150 -200.

This should solve your issue. Let me know if you have further issues.
Hi, thanks for the quick reply. My problem has been solved. Although this wasn't the issue. After checking that all ips started with said address I noticed that I had misspelled ip_address in /etc/dhcpcd.conf. Since "address" is only spelled with one 'd' in german I make that mistake too often.
Sorry for wasting your time, but thanks again for the quick reply.
Hi Frederik

Ah I can understand the issue :) Glad you have it sorted now. No problem.
Hi I have got the hotspot working with an Ip's from 192.168.5.150 to 200. My main network uses Ip addresses in the range 192.168.1.xxx. I can connect to the hotspot with my tablet and thence to the internet. I would like IOT devices connected to the hotspot to be able to connect to devices on my main network and vice versa. I.e. An IOT devices on 192.168.5.60 to send data to an MQTT broker on 192.168.1.119. Can that be done by modifying the hotspot? Could you tell me how to do it please or point me to some guidance.
Either way thank you for a brilliant tutorial that works!
Hi Bob, Thanks, you're welcome.
Yes it can be done, I have just done a test with a group of Pi's. Any device on the hotspot can access the home network via ssh fine but as it stands the devices on the network had to ssh to the Hotspot Pi first and then ssh to the device connected the hotspot. So to complete the route you would need to add additional routing iptables to route the data via IP address from the IOT device.

You can set any device on the hotspot a static ip by adding the mac address details of the IOT to dnsmasq.
Firstly find the mac address of the IOT device that will be connected to the hotspot
in /etc/dnsmasq.conf enter the line
dhcp-host=xx:xx:xx:xx:xx:xx,192.168.5.60 where xx is the mac address
This IP does not need to be in the 150-200 range of dhcp-range but does have to match the first 3 numbers of the ip ###.###.#

If you are using Raspbian Buster and going to do additional routing then you may want to look at NFtables. Iptables have been depreciated but the rules still work via NFtables. NFtables for routing is the way forward. I will be updating this guide and the other hotspot scripts with NFtables soon. Raspbian Stretch needs IPtables.
Thanks, the hotspot is up and running. But I can't get it to route an internet connection form my wlan1. I'm missing somthing since buster version (interfaces) is different from previous raspbians. I have changed your eth0 to wlan1. but what else? some config in dhcpcd or dnsmasq? BR Chris
Hi Chris

The problem is the wifi connection in dhcpcd is disabled with the nohooks line. If you change your dhcpcd.conf entry to

denyinterface wlan0
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
nohook wpa_supplicant wlan0

then wlan1 will work again.

Raspbian is still using unpredictable network interfaces ie wlan0 wlan1. You can't control if your internal or usb wifi will be wlan0. So you may find they swap between boots.

The predicable network Interfaces feature would give the device name of wl######## where # is your mac address. Then changing wlan0 and wlan1 references to the predictable device names would control which device is the hotspot. But currently predictable is off by default for Raspbian.

Hope this helps.
Thnx for the fast response.
wlan0 is the access point and wlan1 is associated with my wifi network, so I can ssh back to the Pi from a network-connected computer. But I can't reach the internet, neither on the RPi or with my phone connected to the access point Wlan0.

I did the config: #RPiHotspot config - Internet
And added static domain_name_servers=8.8.8.8 to dhcpcd.conf

sudo iptables -S give me:
-A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o wlan1 -j ACCEPT

Something lacking wlan1 to give internet access?
Hi Chris

Thanks for letting me know. I last done the wlan0 to wlan1 setup in Raspbian Stretch so maybe thats an issue with Buster now.

It is difficult to find info. Most guides are old and reference network/interfaces which is depreciated in Raspbian so causes setup issues.

To add to the issue Buster uses NFtables instead of IPtables. Though the guide still uses IPtables which works for now it will be updated shortly to NFtables, just going to release an installer first then will be updating the routing.
After a couple of tries back and forth between dnsmasq and dhcpcd. I notice that all works well with your example if I remove static routers row in dhcpcd. Thank you so much for helping out and a great guide.

Annoying with buster version and too little formal information on the connections between network/interfaces, dnsmasq and dhcpcd.
Nice job on the tutorial.

Thanks.
IPtables is also depreciated. NFtables is the new kid in town.
I wasn't aware of that one. I will check it out. thank you
Hi. Great write up. I found that DAEMON_CONF= is depreciated and support will be removed. Does or should that change your instructions?
Thanks Dazz. I saw that it is going to be depreciated in a future release, so I will look into that when I do some updates to the Autohotspot articles in the near future. I think that is just being dropped and /etc/hostapd/hostapd.conf will be standard. If that's the case that step will be skipped but I will look into in more detail. But thanks for highlighting, easily missed on the install message.

Roboberry.
Hello, my hotspot dont work and I think I know why. Because the /etc/dhcpcd.conf file was empty when I opened it. I think I deleted all accidentally, because Im not good at the terminal and I tried it a few times. Can you give me the content of the file, so I can paste it into my file? (My English isnt very good, sorry)
Hi Jannes, I have sent you the file via email.
hi Jannes, I keep getting a return on your email. Can you email me direct admin@ this site and I will send it to you.

This is the dhcpcd.conf file with the comments removed:

# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.
hostname
clientid
persistent
option rapid_commit
option interface_mtu
require dhcp_server_identifier
slaac private

#This section for the static hotspot
#Static Hotspot
nohook wpa_supplicant
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
Hi, thanks for the script. I like the new design of your website, but it's a shame, that all those valuable comments below this article dissapeared.
I have one more suggestion. If you set up wifi in /boot/wpa_supplicant.conf on windows - some text editors put windows line endings to this file and that is the issue for the script. So make sure you use dos2unix on wpa_supplicant.conf file.
Hi Martin

Thanks, I had to change some of the background software which meant the comments couldn't be extracted. All three hotspot scripts have been out there for a few years, so well tested. Most of the issues where user error or feature request any bugs found have been addressed. I plan on updating the trouble shooting section for a bit more self help.

For the wpa_supplicant file. I have only ever put it in the boot folder from a linux machine. If it's created on windows does the Pi happily use it but the hotspot scripts fail to recognise it? Th PI should fail to use it the top 3 config lines are missing.
This article doesn't use wpa_supplicant so I presume you are referring to the auto scripts?