Do you allow this site to use Cookies?

There are many guides for creating a Raspberry Pi Access Point but from Raspbian 9 Stretch the network setup has changed, which means a lot of guides are out of date. So this guide is about setting up a Raspberry Pi Access Point for Raspbian 9 Stretch onwards. Works for Raspbian 8 Jessie and PiOS 10 Buster & PiOS Bullseye.

I have two other guides on how to set up an automatic Raspberry Pi Access Point, which connects to your home network when you are at home and generates a hotspot when you are out.

For the Autohotspot guide to setup an internet routed hotspot suitable for RPi4, RPi3, RPi2 & Rpi: Click Here
For the Autohotspot guide to setup a non internet routed hotspot suitable for RPi ZeroW and RPi Zero 2: Click Here

Easy Installer Script: the setup in this guide is available in an installer at Raspberry Pi AutoHotspot and Static Hotspot Installer Script

Aim:

  • This guide will go through how to set up a permanent access point for both internet routed, for RPi's with ethernet ports, and non internet routed access point for Pi Zero/W & Pi Zero 2.

 Requirements:

This has been tested on Raspbian Jessie, Raspbian Stretch, PiOS Buster & PiOS Bullseye. To see which version you have enter the command lsb_release -a

  • Raspberry Pi 4
  • Raspberry Pi 3 or 3 B+
  • Raspberry Pi 1 or 2 with a USB Wifi Dongle*,
  • Raspberry Pi Zero W, Pi Zero 2 and Zero with a USB WiFi Dongle* (network/internet  Access Point not useable as it has no ethernet port.)

 

*some USB WiFi dongles don't work in adhoc mode or don't work with with the nl80211 driver used in this guide for RPi4, RPi 3, RPi3 B+ & Pi Zero W , Pi Zero 2 nbuilt wifi, so you may want to check this first before starting.

To see if your usb WiFi dongle can be used as an access point enter the command; iw dev ,scroll to section "Supported interface modes:" and look for * AP

  

Note about Raspbian & PiOS - Bullseye, Buster and Stretch Network Device Names

From Raspbian Stretch there has been changes to how the network drivers are named, called Predictable Network Interface Names,  and may be different for the usual wlan0 and wlan1 for wifi and eth0 for ethernet connections. Though the official Foundation version of PiOS seems to be keeping to the old standard names, at least at the time of writing,  this may not always be the case. For this guide I will use wlan0 as the device that is used.  

To check the device name for your setup enter the commmand iw dev and take a note of the "Interface" name. For wifi it should start with wl , replace your device name with any reference to wlan0 in the article, scripts and config files.

 

Step 1:

To start with hostapd hotspot client and dnsmasq lightweight dns server need to be installed.

Open a Terminal session.

Update Raspbian/PiOS with the latest updates by entering the commands:

sudo apt update
sudo apt upgrade

 To install hostapd enter the command:

sudo apt install hostapd

enter Y when prompted.

To install dnsmasq enter the command:

sudo apt install dnsmasq

enter Y when prompted

The installers will have set up the programme so they run when the pi is started and activated them. While we set the hotspot we should stop them running. This is done with the following commands:

sudo systemctl stop hostapd
sudo systemctl stop dnsmasq

Now the hostspot configuration file can be setup. This contains the name of the WiFi signal you will need to connect to (SSID) and the security password.

To edit the configuration files I will be using the nano text editor but if you prefer an editor with an point and click interface then replace nano with mousepad in the following instructions.

Hostapd Configuration

Using a text editor edit the hostapd configuration file. This file won't exist at this stage so will be blank.

sudo nano /etc/hostapd/hostapd.conf

download file here:

interface=wlan0
driver=nl80211
ssid=RPiHotSpot
hw_mode=g
channel=6
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=1234567890
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

  • The interface will be wlan0
  • The driver nl80211 works with the Raspberry Pi 4, 3, 3 B+  & Pi Zero W onboard WiFi but you will need to check that your usb wifi dongle is compatable and can use Access Point mode.

For more information on wifi dongles see elinux.org/RPi_USB_Wi-Fi_Adapters

  • The SSID is the name of the WiFi signal broadcast from the RPi, which you will connect to with your Tablet or phones WiFi settings.
  • Channel can be set between 1 and 13. If you are having trouble connection because of to many wifi signals in your area are using channel 6 then try another channel.
  • Wpa_passphrase is the password you will need to enter when you first connect a device to your Raspberry Pi's hotspot. This should be at least 8 characters and a bit more difficult to guess than my example.

To save the config file press ctrl & o and to exit nano press Ctrl & x

A change in hostapd means the service will be masked, so hostapd won't start when you reboot. To Unmask the hostapd service enter:

  • sudo systemctl unmask hostapd
  • sudo systemctl enable hostapd

Once you have completed the rest of the setup and rebooted Hostapd will start and generate the hotspot settings.

(Note:  this bit for /etc/default/hostapd does not need to be changed for PiOS Buster or Bullseye. This is for the older OS's Stretch and Jessie)

Now the defaults file needs to be updated to point to where the config file is stored.
In terminal enter the command

sudo nano /etc/default/hostapd

Change:
#DAEMON_CONF=""
to
DAEMON_CONF="/etc/hostapd/hostapd.conf"

Check the DAEMON_OPTS="" is preceded by a #, so is #DAEMON_OPTS=""

And save.

DNSmasq configuration

Next we need to update the DNSmasq.conf file. There are two setups depending if you need internet access or not.

DNSmasq Config 1 - No Internet

Open the dnsmasq.conf file with

sudo nano /etc/dnsmasq.conf

Go to the bottom of the file and add the following lines (download here)

 


#RPiHotspot config - No Intenet
interface=wlan0
domain-needed
bogus-priv
dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h

and the save (ctl & o) and exit (ctrl & x)

DNSmasq Config 2 - Internet Routed

Open the dnsmasq.conf file with

sudo nano /etc/dnsmasq.conf

Go to the bottom of the file and add the following lines (download here)


#RPiHotspot config - Internet
interface=wlan0
bind-dynamic 
domain-needed
bogus-priv
dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h

and the save (ctl & o) and exit (ctrl & x)

 

Step 2:

Now that hostapd and dnsmasq are configured we now need to make some changes to the interfaces file, the dhcpcd.conf file, setup ip_forwarding.

Interfaces File

The interfaces file is not required and should be empty of any network config. Depending which version of Raspbian you have this file may still contain network config.

Enter

sudo nano /etc/network/interfaces

If your file shows more than the standard top 5 lines like this


# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

then make a copy of your file and then remove any excess lines from the interfaces file.

To make a backup of your interfaces file first, use the command

sudo cp /etc/network/interfaces /etc/network/interfaces-backup

DHCPCD.conf

Next we need to update the dhcpcd.conf file. Open the file with

sudo nano /etc/dhcpcd.conf

then scroll to the bottom of the file and add the line (Download here)


interface wlan0
nohook wpa_supplicant
static ip_address=192.168.50.10/24
static routers=192.168.50.1

If you are setting up the Internet routed hotspot then also include

static domain_name_servers=8.8.8.8

now save (ctrl & o) and exit (ctrl & x)

The line 'nohooks wpa_supplicant' will stop the network wifi from starting if you have an entry in /etc/wpa_supplicant/wpa_supplicant.conf . If this is not done then network wifi will override the hotspot.

This next bit is only if you would like devices to have internet access. If not skip to "Testing the Access Point".

 ip forwarding setup

For the internet to be available when an Ethernet cable is attached, IP forwarding needs to be activated. To do this enter

sudo nano /etc/sysctl.conf

look for the line

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

and remove the # so it is

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

now save (ctrl & o) and exit (ctrl & x)

NFtables & IPtables setup

Next the rules need to be added that will allow any device connected to the access point to be able to use the a network or internet connected to eth0. This is done with IP Table rules for older OS’s Buster, Stretch and Jessie. Bullseye onwards use Nftables.
These tables will need to be loaded every time the Raspberry Pi starts up.

NFtables - Bullseye

First create a nftables directory to hold the rule file. 

sudo mkdir /etc/nftables

Change to the new folder with 

cd /etc/nftables

then create a new file for the NFT rules called nft-stat-ap.nft and paste in the rules below. This is also available fro download here

sudo nano nft-stat-ap.nft


flush ruleset

table inet ap {
	chain routethrough {
		type nat hook postrouting priority filter; policy accept;
		oifname "eth0" masquerade
	}

	chain fward {
		type filter hook forward priority filter; policy accept;
		iifname "eth0" oifname "wlan0" ct state established,related accept
		iifname "wlan0" oifname "eth0" accept
	}
}

 now save (ctrl & o) and exit (ctrl & x)

This file needs to be updated to executable. Enter the command

sudo chmod +x /etc/nftables/nft-stat-ap.nft

next open nftables.conf and add the line below so that the rules are loaded when the nftables service starts.

sudo nano /etc/nftables.conf

add

include "/etc/nftables/nft-stat-ap.nft"

 now save (ctrl & o) and exit (ctrl & x)

So that the rules are used everytime the Pi starts the nftables service should be enabled.

enter the command

sudo systemctl enable nftables

NFtables are now setup, continue with the "Testing the Access Point" section below

IPtables - Buster, Stretch, Jessie

First create the file for the ip table rules.

sudo nano /etc/iptables-hs

add the lines below or download from here

#!/bin/bash
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

now save (ctrl & o) and exit (ctrl & x)

Update the permissions so it can be run with

sudo chmod +x /etc/iptables-hs

Now the service file can be created which will activate the ip tables each time the Raspberry Pi starts up

Create the following file

sudo nano /etc/systemd/system/hs-iptables.service

Then add the lines below of download from here


[Unit]
Description=Activate IPtables for Hotspot
After=network-pre.target
Before=network-online.target

[Service]
Type=simple
ExecStart=/etc/iptables-hs

[Install]
WantedBy=multi-user.target

now save (ctrl & o) and exit (ctrl & x)

To activate the service file, so it starts at every boot up, enter the command

sudo systemctl enable hs-iptables

 

Testing the Access Point

The access point setup is now complete. To test that the setup is ok reboot the RPi.

 Once the RPi is up and running the wifi icon near the clock should now be two arrows facing opposite directions networkdown This means it is an access point. On a Tablet, phone or Laptop scan for wifi signals. You should see one for RPiHotSpot.

Select this as the wifi signal to connect to. The password is what you setup in the hostapd.conf file. From my example it is 1234567890

rpiHotspot android

Local wifi signals in range on Android. You will see RPiHotSpot and not RPiHotN

For SSH and VNC the connection ip is 192.168.50.10 also if you have setup the RPi as a webserver use the same ip to see the webpage.

For ssh use ssh This email address is being protected from spambots. You need JavaScript enabled to view it.

For vnc use 192.168.50.10::5900

If you have setup the Internet routed configuration. Connect an ethernet cable to the Raspbery Pi and your router and wait a few seconds. The hotspot will now allow connected wifi devices to use the internet as well as the Raspberry Pi

 Once you are happy the setup is working ok then your done.

 

Script Removal

If you don't wish to continue using the Hotspot then the Raspberry Pi can be reverted back to a standard wifi setup with the following steps.

Stop the Hostapd and dnsmasq services with the commands

sudo systemctl disable dnsmasq

sudo systemctl disable hostapd

In the /etc/dhcpcd.conf file remove the lines added at the bottom of the file.

#Static Hotspot
nohook wpa_supplicant
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8

If you had previous config in your interfaces file and made a backup you can restore your original interfaces file with the command

sudo mv /etc/network/interfaces-backup /etc/network/interfaces

If you didn't setup an internet routed access point then your done, after a reboot your RPi will not longer be an Access Point. For Internet routed Hotspots you also need to do the following;

Disable the IP Tables setup

Disable the hs-iptables service with the command

sudo systemctl disable hs-iptables

Then disable ip forwarding

sudo nano /etc/sysctl.conf

look for the entry

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

and add a # as follows

# Uncomment the next line to enable packet forwarding for IPv4
# net.ipv4.ip_forward=1

Disable NF Tables setup

open nftables,conf  

sudo nano /etc/nftables.conf

and remove the line

include "/etc/nftables/nft-stat-ap.nft"

If you know other NFtable rules are being used then you that is it, otherwise disable the nftables service.

sudo systemctl disable nftables

Access Point removal is now complete

Now reboot and the Raspberry Pi will be back to the standard wifi setup.

 

 Trouble Shooting

  • If you get no wifi connection or no hotspot and have this icon networkdownthen it is most likley there is an error in one of the configuration files.
  • If the RpiHotspot signal can't be seen by another device, Use the command sudo systemctl status hostapd to see if there is an error with Hostapd.
  • If Hostapd has an error that it is Masked then try
    • sudo systemctl unmask hostapd
    • sudo systemctl enable hostapd
    • sudo systemctl start hostapd
  • If you don't get an internet connection when an ethernet cable has been attached, with the Internet routed setup, then you can check the ip table rules have been activated with the command sudo iptables -S If you don't see any rules but just get
    -P INPUT ACCEPT
    -P FORWARD ACCEPT
    -P OUTPUT ACCEPT
    

    then make sure the service was enabled with the command sudo systemctl enable hs-iptables and the iptables file has the correct permissions with sudo chmod +x /etc/iptables-hs
  • Check the NFtables rules are loaded with the command  sudo nft list ruleset
  • You can connect to the hotspot via an Android Phone but you can't get a ssh connection. Some users have found this issue where Android uses their data connection rather than the wifi. Disabeling data has allowed them to use ssh.  

 


Add comment
Enter any text in "Title"

PLEASE NOTE:
I have very limited time currently for the comments, so you will probably get a very slow response for questions I know the answer to. If I need to set up a Pi to check your issue or request then I am unlikely to have chance to spend time on this.
I will continue support once I can spare the time again.
Thank you for your interest


Comments  
# Set-up with a static device on eth0Bart 2022-11-25 11:59
Hello roboberry,

First of all, also from me: thank you for this very good write-up. I’ve gone true it and read most of the questions.

I have a device on eth(0) with a static IP. I want to access from wlan1.
I have the hotspot running and working with dnsmasq etc.
wlan1 IP = 192.168.144.100, with dhcp-range=192.168.144.101,192.168.144.120,255.255.255.0,24h

Up to the point I uncomment packet forwarding for IPv4net.ipv4.ip_forward=1, I’m able to ping
wlan1 from a connected (windows) device connected to the hotspot. After that, “request timed out”

When I ping 192.168.144.12 (the static device) I get “Reply from 192.168.144.116: Destination host unreachable.” The .116 is my windows system

Do you have a pointer for me where I should look?

Thanx
Reply | Reply with quote | Quote | Report to administrator
# Tutorial for SSH / VNC?Cam 2022-10-03 01:14
Hey, just wanted to start off by saying I got this working perfectly on a Raspberry PI 400 (the in-keyboard model) on Buster, so you can add that to the list of capable devices.

I was wondering if you could clarify exactly how to connect to the PI via SSH or VNC from a device that is connected to the hotspot, there's probably a tutorial around I'm just having trouble finding anything. I know it's something obvious like making sure the SSH client is running on both, but would be nice to have it step-by-step.

I followed the instructions for the internet-routed mode if that makes a difference.
Reply | Reply with quote | Quote | Report to administrator
# Tutorial for SSH / VNC?roboberry 2022-10-25 17:33
Hi Cam

Firstly apologies for the slow response.

You have probably solved this issue now. But for vnc you need to activate the VNC option in the RaspberryPi Config menu option for Interfaces. Also ssh as well while you are there.
There should be a VNC icon by the clock.
The download the Real VNC viewer to your PC/Table/Phone.
Connect you device to the Pi's access point wifi signal RPiHotSpot.
To use the VNC opne the Viewer and enter the ip address that was put in /etc/dhcpcd.conf
192.168.50.10
VNC will then connect and ask for your PI's user name and password.

For ssh, once the device is connected to Pi's wifi. Open your ssh software. Putty on windows or use the terminal on Linux.
For Linux, presuming the Pi's user is pi, enter ssh in a terminal window.
In Windows Putty enter the IP in the HOSTS text box 192.168.50.10 and then open or connect (can't remember what the button is called)
You will then be asked for the pi's user name and password you use to login to the desktop.

Hopefully that will help.
Reply | Reply with quote | Quote | Report to administrator
# Working now!Cam 2022-10-30 23:40
No worries. I hadn't gotten it working yet actually, I had no idea it would be that simple - but I was using a projector against an uneven wall as a screen and it was hard to navigate! Hence the desire for vnc access.

It's working great now, I've been able to ssh in via the hotspot
Reply | Reply with quote | Quote | Report to administrator
# Working now!roboberry 2022-11-02 12:56
Hi Cam

That's good to hear, i'm glad you are up and running.
Reply | Reply with quote | Quote | Report to administrator
# Finally got it work.Travis 2022-09-18 18:21
Finally got it to work with a 3B+. Thank you for this guide. I tried following others and they didnt work. After more searching I found this guide and I got it to work the first time. Easy to follow.
Reply | Reply with quote | Quote | Report to administrator
# Finally got it work.roboberry 2022-09-19 21:02
Hi Travis

You are welcome. Thanks for you're feedback and I am glad you have found it useful.
Reply | Reply with quote | Quote | Report to administrator
# Hotspot not workingJoe 2022-09-04 03:20
The trouble I'm having is the first thing in the troubleshooting: if the connection icon has x's, a config file is wrong. I've looked through all the config files several times while trying different guides, and they are all correct. hostapd is running, dnsmasq is running, but the network doesn't show up on another device. I have a Pi 3 that I'm trying to use to basically turn a non-wifi printer into a wifi printer using CUPS, so that you can connect to the hotspot and print to the printer without a direct printer connection. Thus, I don't need the hotspot to have internet access.
Reply | Reply with quote | Quote | Report to administrator
# Hotspot not Workingroboberry 2022-09-06 16:06
Hi Joe

It should work fine for that project, use to have a PI1 setup like that with a usb wifi adapter.

If hostapd is running you should at least see the "RPiHotSpot" ssid from other wifi devices.
and sudo systemctl status hostapd is not showing an error then it may be something more obscure like spelling such as wlano rather than wlan0 or a comma etc in the wrong place but if you have used the download links on the site then they will be fine.

Other things that cause issues are any network config in sudo nano /etc/network/interfaces.
and check that sudo nano /etc/default/hostapd
has the config path against "DAEMON_CONF=" and not with DAEMON_OPTS=. Also
DAEMON_OPTS= should have a comment #DAEMON_OPTS=
If you are using Buster or Bullseye you can delete /etc/default/hostapd as it is not required, but if it is in place it has to be correct.


There is an installer on the home page, that will install any of the 3 hotspot guides as they are described in the guides.
If you install option 3 for the static hotspot it will fix any issues that there are.

As you don't want the network and the installer will set it up. You can disable the networking with

For Bullseye, just incase something uses nftables in the furture:
sudo nano /etc/nftables.conf
remove the line "include "/etc/nftables/nft-stat-ap.nft""
sudo systemctl disable nftables

For Buster and older:
sudo systemctl disable hs-iptables

That should fix any issues you are having.

If not you can let me know by email, admin at this site. Can you include outputs of

sudo systemctl status hostapd
sudo systemctl status dnsmasq
ip a
sudo systemctl -all list-unit-files hostapd.service
sudo systemctl -all list-unit-files dnsmasq.service

and I will see if we can find the issue.
Reply | Reply with quote | Quote | Report to administrator
# Fix by copy/pasteJoe 2022-09-19 21:13
Thanks for the info! I ended up talking to someone, and fixed it by copying and pasting the hostage.conf file instead of hand-writing it, and for some reason it works now.
Reply | Reply with quote | Quote | Report to administrator
# Very nice guidedidierh 2022-05-11 18:02
Hi
very nice guide.
Before readind this I made a lot of search and tests: result a lot of useless guides.
Hopefully I found this one and my pi is working perfectly as a bridge.
Thanks a lot !!!!
D.
Reply | Reply with quote | Quote | Report to administrator
# Very nice guideRoboberry 2022-05-13 17:44
Hi didierh

I't good to know you have found the guide useful, Thank you.
It can be difficult to get good info as the Pi does use a different setup to other distros. Glad I could help.
Reply | Reply with quote | Quote | Report to administrator
# Access Point with Wifi Clientxiki808 2022-05-06 14:00
Hey! Would you be interested to integrate to this guide a way how to setup an access point while keeping the wifi client?

On my raspberry pi I managed to get it to work following this script https://github.com/lukicdarkoo/rpi-wifi/blob/master/configure, but I had to remove ctrl_interface from wpa_supplicant.conf and from hostapd.conf ( and also ctrl_interface_group in this case ).

The problem is that I cannot make use of wpa_cli to control wlan0. Maybe if someone with more knowledge can look at this, can share a configuration that works properly on Rpi4.

Thank you!!
Reply | Reply with quote | Quote | Report to administrator
# Access Point with Wifi Clientroboberry 2022-05-09 19:28
Hi xiki808


Thanks for the request
This seems to be a popular subject lately. It's not something I have tried but looking at the setup it is not directly compatible as it uses /etc/network/interfaces which is depreciated on the PiOS. This will conflict with the Access Point setup so it will need an alternate configuration.

I am currently working on new features but I may look at this at a later date as it looks interesting.
Reply | Reply with quote | Quote | Report to administrator
# Access Point with Wifi Clientxiki808 2022-05-10 15:06
I found one works with bullseye, tried and tested :)

https://github.com/lukicdarkoo/rpi-wifi/blob/79c8a2955f27ab1041249d323424d6a20cce42e2/ap_sta_config2.sh
Reply | Reply with quote | Quote | Report to administrator
# Access Point with Wifi Client Roboberry 2022-05-13 17:47
Hi xiki808

Thanks for sharing the link, that looks more suitable. Bullseye uses NF Tables rather than IP tables but sounds good. :)
Reply | Reply with quote | Quote | Report to administrator
# Finally workedJack 2022-04-14 21:38
I've spent the better part of the last 24 hours trying to get an internet-less AP working on my 3B with Bullseye to connect my laptop to a Jetson Nano at a conference booth - didn't figure it would be this hard. Not sure exactly what yours did that other's didn't, but after trying once, getting an error, and going over your instructions again very carefully, Pi-Fi is up and running. Cheers!
Reply | Reply with quote | Quote | Report to administrator
# Finally workedroboberry 2022-04-15 10:09
Hi Jack

Thanks for the feedback, i feel your pain trying to get solutions to problems. I'm glad I could help with your setup. It is a bit of a minefield with older guides and guides for non compatible systems. For the Pi avoiding /etc/network/interfaces and using dhcpcd.conf is the way to go :)
Reply | Reply with quote | Quote | Report to administrator
# hostapd Failed to startxiki808 2022-04-12 16:44
root@raspberrypi:~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
root@raspberrypi:~# uname -a
Linux raspberrypi 5.15.32-v8+ #1538 SMP PREEMPT Thu Mar 31 19:40:39 BST 2022 aarch64 GNU/Linux
root@raspberrypi:~# cat /sys/firmware/devicetree/base/model
Raspberry Pi 4 Model B Rev 1.4


I followed the instructions for bullseye no internet but I have issues with hostapd. This is the log from journalctl -xe

Apr 12 16:35:08 raspberrypi hostapd[877]: Configuration file: /etc/hostapd/hostapd.conf
Apr 12 16:35:08 raspberrypi hostapd[877]: rfkill: WLAN soft blocked
Apr 12 16:35:08 raspberrypi hostapd[877]: Using interface wlan0 with hwaddr e4:5f:01:1a:bd:91 and ssid "RPiHotSpot"
Apr 12 16:35:08 raspberrypi hostapd[877]: Failed to set beacon parameters
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: Could not connect to kernel driver
Apr 12 16:35:08 raspberrypi hostapd[877]: Interface initialization failed
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: interface state UNINITIALIZED->DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: AP-DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: Unable to setup interface.
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: interface state DISABLED->DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: AP-DISABLED
Apr 12 16:35:08 raspberrypi hostapd[877]: wlan0: CTRL-EVENT-TERMINATING
Apr 12 16:35:08 raspberrypi hostapd[877]: hostapd_free_hapd_data: Interface wlan0 wasn't started
Apr 12 16:35:08 raspberrypi hostapd[877]: nl80211: deinit ifname=wlan0 disabled_11b_rates=0


Cannot find what is the cause :/
Reply | Reply with quote | Quote | Report to administrator
# hostapd Failed to startroboberry 2022-04-14 21:17
Hi xiki808

I see you are using PiOS 64 which this has been tested on a couple of months back. It worked ok then at least.

For some reason your wlan0 interface is down when hostapd starts so it can't create the access point.
You should have a similar error for dnsmasq. sudo systemctl status dnsmasq

check sudo systemctl status dhcpcd
that should be running

check that /etc/dhcpcd.conf doesn't have a line "denyinterfaces wlan0"

the command: ip a
will show if the wlan0 interface is up or down, it should be up.

There should be no entries in /etc/network/interfaces

If no luck you can try the autohotspot installer. Link at the top of the page or on the home page.
That will install the setup the same as the guide.

Let me know if this help
Reply | Reply with quote | Quote | Report to administrator
# hostapd Failed to startxiki808 2022-04-18 13:11
Thanks for your comment roboberry!

I figured all I had to do is `rfkill unblock wifi` and hostapd was working without problems. Thank you for you guide!
Reply | Reply with quote | Quote | Report to administrator
# Two WiFi InterfacesTerry 2022-03-29 03:15
Great tutorial - thanks.

Taking it one step further, I would like to run both AP and a Managed wifi interfaces on the RPi 4B.
The idea is to use the AP to access the configuration of the RPi, and the Managed interface as an uplink where Ethernet connection is not available. Only moderate throughput is required.

The 'iw list' command shows:
valid interface combinations:
* #{ managed }
Reply | Reply with quote | Quote | Report to administrator
# Two WiFi Interfacesroboberry 2022-03-29 14:23
Hi Terry

To use wlan1 to connect to Wifi Network you need to replace the eth0 references in the Ip tables or NF tables section to wlan1.

Then after a reboot you should have what you need.

If you want wlan0 to connect to a wifi network and wlan1 to be the AP then you have to change the wlan0 references in
/etc/hostapd/hostapd.conf
/etc/dnsmasq.conf
/etc/dhcpcd.conf

to wlan1

Then the the IP tables or NF tables change wlan0 to wlan1 and eth0 to wlan0

Let me know if you need further info.
Reply | Reply with quote | Quote | Report to administrator
# Two WiFi InterfacesTerry 2022-03-29 23:38
Thanks for your reply.
My original post appears to be incomplete, and so perhaps not clear what I was asking.

My question is whether it is possible to run two wifi interfaces (e.g. wlan0 and wlan1) at the same time from the built-in wifi chip on the RPi 4 device.

The 'iw list' command output indicates that this is possible:
valid interface combinations:
* #{ managed }
Reply | Reply with quote | Quote | Report to administrator
# Two WiFi Interfacesroboberry 2022-03-31 17:25
Hi Terry

ah ok, yep thats a bit different. My understanding is that that is not possible on the Pi wifi hardware. Wifi devices that use a Atheros chip can do this but that is not the Pi.

I have recently been asked a similar thing and there looks like there is a software solution but I have not tried this.
https://imti.co/iot-wifi/

Hopefully this project will do the trick.
Reply | Reply with quote | Quote | Report to administrator
# No Internetmanjaroman 2022-03-24 19:05
Thank you for the instructions, I did everything you said, but I get No Internet on my Android device when I connect to the network hosted by my Raspberry Pi 3. I am using the wlan chip that comes with the thing and using a wifi dongle as my uplink. My nft list ruleset output is

table inet ap {
chain routethrough {
type nat hook postrouting priority filter; policy accept;
oifname "wlan1" masquerade
}

chain forward {
type filter hook forward priority filter; policy accept;
iifname "wlan1" oifname "wlan0" ct state established,related accept
iifname "wlan0" oifname "wlan1" accept
}
}


I dont know what I messed up but I hope you can help me

Thank you anyways
Reply | Reply with quote | Quote | Report to administrator
# No Internetroboberry 2022-03-25 19:19
Hi manjaroman

Your nftables look fine to replace eth0 with wlan1.
You can check that thay are loaded ok with the command
sudo nft list ruleset

This should show the same entries.
If the loaded rule set is blank then you can manually load them with
sudo nft -f /etc/nftables/nft-stat-ap.nft

If you are needing to do this then double check the service is active.
sudo systemctl enable nftables
and check
sudo systemctl status nftables


One important area is dhcpcd.conf. It should be correct but best to check.
/etc/dhcpcd.conf at the bottom of the file make sure that these lines are this way round

interface wlan0
nohook wpa_supplicant

Also check wlan1 is active ok with
wpa_cli -i wlan1 status


If none of this works let me know and I will have a closer look.
Reply | Reply with quote | Quote | Report to administrator
# Bumpmanjaroman 2022-03-30 19:37
I went a different route, got it working now! poggers
Reply | Reply with quote | Quote | Report to administrator
# Failed to start - nftablesDavid 2022-03-14 03:37
this is by far the closest i've gotten to almost getting the AP setup on RP4....however, since the OS is on Bullseye and using nftables, after adding line "include "/etc/nftables/nft-stat-ap.nft"

i'm presented with [FAILED] unable to start nftables at boot up. the icon for the AP are still showing X but status shows its active and running with no errors.

the nftable on the other hand is showing "exit-code, status=1/FAILURE)

any help would be greatly appreciated!
Reply | Reply with quote | Quote | Report to administrator
# Failed to start - nftablesroboberry 2022-03-14 14:32
Hi David

The AP should be working fine with that failure you just won't be able to connect to any network through eth0.
I don't have a Pi setup on Bullseye that I can check this with as it is setup for my current project but I would guess either the /etc/nftables/nft-stat-ap.nft file doesn't have the permission set.
Retry sudo chmod +x /etc/nftables/nft-stat-ap.nft

Alternately you can load the nftables manually. This will give you an error message that hopefully helps.

After the AP has activated. use the command
sudo nft -f /etc/nftables/nft-stat-ap.nft

Hopefully that will shed some light on the issue.

Let me know if that helps or if you get errors and I will look into it further.
Reply | Reply with quote | Quote | Report to administrator
# No wifi Hotspot with good statusJoe Herbst 2022-02-07 18:10
sudo systemctl status hostapd
says "active" and no errors but I do not see the hotspot. The two arrows show eth0 active (I can ssh into it) but no wlan associated after above procedure - what else shall I try?



_____________________________________________
● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-02-07 09:57:36 PST; 5min ago
Docs: man:hostapd(8)
Process: 512 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
Main PID: 553 (hostapd)
Tasks: 1 (limit: 4915)
CPU: 104ms
CGroup: /system.slice/hostapd.service
└─553 /usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf

Feb 07 09:57:36 rpdg-commish systemd[1]: Starting Access point and authentication server for Wi-Fi and Ethernet...
Feb 07 09:57:36 rpdg-commish hostapd[512]: Configuration file: /etc/hostapd/hostapd.conf
Feb 07 09:57:36 rpdg-commish hostapd[512]: Using interface wlan0 with hwaddr e4:5f:01:58:d4:6c and ssid "rpdg-commish"
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: interface state UNINITIALIZED->ENABLED
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: AP-ENABLED
Feb 07 09:57:36 rpdg-commish systemd[1]: Started Access point and authentication server for Wi-Fi and Ethernet.
● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-02-07 09:57:36 PST; 5min ago
Docs: man:hostapd(8)
Process: 512 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
Main PID: 553 (hostapd)
Tasks: 1 (limit: 4915)
CPU: 104ms
CGroup: /system.slice/hostapd.service
└─553 /usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf

Feb 07 09:57:36 rpdg-commish systemd[1]: Starting Access point and authentication server for Wi-Fi and Ethernet...
Feb 07 09:57:36 rpdg-commish hostapd[512]: Configuration file: /etc/hostapd/hostapd.conf
Feb 07 09:57:36 rpdg-commish hostapd[512]: Using interface wlan0 with hwaddr e4:5f:01:58:d4:6c and ssid "rpdg-commish"
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: interface state UNINITIALIZED->ENABLED
Feb 07 09:57:36 rpdg-commish hostapd[512]: wlan0: AP-ENABLED
Feb 07 09:57:36 rpdg-commish systemd[1]: Started Access point and authentication server for Wi-Fi and Ethernet.
Reply | Reply with quote | Quote | Report to administrator
# No wifi Hotspot with good statusroboberry 2022-02-07 21:19
Hi Joe

Thanks for the output.

I have tried to reproduce your issue. I can reproduce it but I don't get the output
Using interface wlan0 with hwaddr ...
wlan0: AP-ENABLED
so it seems something is different.

Can you check that in /etc/dhcpcd.conf the line
nohook wpa_supplicant
exists. This can cause the issue you are describing as the Pi will be trying to connect to your router as well.

If you are using Buster or Bullseye, which I presume you are all lines in /etc/defaults/hostapd should be commented out with a # at the start of every line. This file is not needed anymore.

/etc/network/interfaces should only contain 5 lines with the last line the only one un-commeted
source-directory /etc/network/interfaces.d

The installer script will be able to install this setup if non of this helps. There is a link at the top of the guide.

Otherwise can you let me know what OS and Pi you are using and what the output to
sudo systemctl status dnsmasq
sudo systemctl status dhcpcd
show as well and I will have a further look into it.
Reply | Reply with quote | Quote | Report to administrator
# Wrong PasswordRoboberry 2022-01-07 21:52
Hi Keith

It sounds like the connection is unstable. For the password I would say check the /etc/hostapd/hostapd.conf has at least a 8 character password but if the hostapd.service is ok then it's not likely to be that.
Can you check that there is the correct ip address and only one for wlan0.
use: ip a
under wlan0 you should only have 192.168.50.10. If there is anything different or more than one ip address then that will be why. This would point to dnsmasq.config having an issue with the ip entries.
The other place that can possible cause an unstable connection is in /etc/dhscpcd.conf, the line nohook wpa_supplicant misspelled or not entered. This would also show up as a wifi icon in the tool bar instead of two blue arrows.

You could also try using the installer with option 3, link at the top of the article. This will solve any config issues.

If this doesn't help then I will look into it further.
Reply | Reply with quote | Quote | Report to administrator
# Wrong password - RESOLVEDKeith Brown 2022-01-10 22:00
All the config files are correct.
I will keep tinkering to see if the reliability and performance can be improved.

I just had one curiosity about one line in the dhcpcd configuration.

static routers=192.168.50.1

What is this address?
It is not pingable from the RPI or the PC connected to the hotspot when it is UP and connected.

Thanks
Reply | Reply with quote | Quote | Report to administrator
# # Wrong password - RESOLVEDRoboberry 2022-01-10 22:28
Hi Keith

The line static routers=192.168.50.1 is the access points gateway. All the access point network traffic to other networks not in 192.168.50 such as eth0 goes through this address and is handled by dhcpcd.
Reply | Reply with quote | Quote | Report to administrator
# Wrong password - RESOLVEDKeith Brown 2022-01-08 18:49
Part of my problem stemmed from trying to implement multiple tutorials on hostapd.
For some reason there was an entry for my current SSID in wpa_supplicant.conf that I never manually entered. Some other rookie errors on my part.
(1) Originally setup wlan0 on the same subnet as eth0 - Created wlan0 on different subnet.
(2) Renamed /etc/wpa_supplicant/wpa_supplicant.conf to /etc/wpa_supplicant/wpa_supplicant.conf.orig

It now is stable.

My use for this is to communicate with some remote power plugs on 2.4G.

Speedtest for eth0 is around 100 Mbits/sec.
Speedtest for wlan0 is 10 Mbits/sec or less.

What are the optimal /etc/hostapd/hostapd.conf settings for maximal speed/throughput on 2.4Gig?
What are steps to troubleshoot performance issues on hostapd?
Again, this is a RPI 4
The channel is clear of any other WIFIs.
Only feet away from the RPI 4.

Thanks
Reply | Reply with quote | Quote | Report to administrator
# Wrong password - RESOLVEDRoboberry 2022-01-10 20:48
Hi Keith

It good to know you have found the issue. It's always the little things that cause the most chaos.

I can't say I have done any performance testing as any intermittent issue I put down to interference, but I don't generally have an issue. But your speeds do seem very low.

I'm not sure there are any speed improvements from hostapd.conf. As far as I know it is usually around the drivers, but as it's builtin wifi that shouldn't be an issue.

Other than seeing if setting the wifi power management to off offers any speed increase. I take it when the Pi is connected to a router the speeds are better.

to see power management status:
iw wlan0 get power_save

to switch off:
sudo iw wlan0 set power_save off


The other thing you could try is using 5ghz access point just to see if that gives better performance. If that is bad as well then there may be another issue.
I can send you a 5ghz hostapd.conf file if you want to try that.
Reply | Reply with quote | Quote | Report to administrator
# Wrong password - Cant connectKeith Brown 2022-01-06 21:45
I have a strong RF signal from the hotspot on the chosen channel, but 'most' of the time when I try to connect I get an 'invalid password' or 'not available' message. Even if it ever connects, it wont stay up long. I have tried to connect via cell phone or with PC wifi with the same result. Though all the comments here focus on the network side of the AP, what is there to troubleshoot the RF portion beyond having a clear channel and sufficient signal? I have the RPI4 with Buster(10). I am using the Static Hotspot guide. No errors using 'systemctl status hostapd.service'. Thanks
Reply | Reply with quote | Quote | Report to administrator
# Multiple Hotspots on same routerAlex 2021-12-02 10:25
Hi,
I used your setup for multiple Raspberrys and it works perfectly, thanks a lot :)

I was just wondering, if it is possible to have two or more Raspis with this setup running at the same time. So lets say I have 2 Raspis, each of them providing a seperate WIFI network and running a DCHP server with your configurations. Both Raspis are connected to my router, which is connected to the internet. Can both raspies use the same configuration (static ip, ip range, standard gateway) without the risk of an ip conflict or something?

Thanks a lot in advance.
Reply | Reply with quote | Quote | Report to administrator
# Multiple Hotspots on same routerroboberry 2021-12-02 22:24
Hi Alex

On a simple setup then two or more Pi's on one router will be fine.
The Ethernet ip address to the Pi's is managed by the router so they all will have unique ip addresses.
The Wifi access point is a separate network so any device connected to the access point can use the internet.
If you have two mobile phones each connected to one of the Pi's and by chance they have been given the same IP address, it won't conflict because the router is communicating through eth0 and is not aware of the access point ip address given to the phones.
Though you will want to change the SSID on each Pi so you know which one your mobile phone is connecting to.

All devices connected to the AP on Pi1 can ping each other but they can't ping devices connected to the AP on Pi2.
(Though they can ping Pi2)

If you are want a setup where a phone connected to the access point on Pi1 wants to ping a phone connected to the access point on Pi2, you will need set additional "routing" in your Router and you will need to change the access point IP address on each Pi.
Change the 50 to a different number ###.##.50.# in dnsmasq.conf and dhcpcd.conf
Reply | Reply with quote | Quote | Report to administrator
# Multiple Hotspots on same routerAlex 2021-12-03 12:30
Hi roboberry,

thanks for your explanation. That's what I was looking for :)
Thanks a lot and best regards.
Reply | Reply with quote | Quote | Report to administrator
# Hotspot created but no real internet accessMatthias 2021-08-21 16:06
Hi Roboberry,
thanka a lot for the detailed guide. I followed evey step and after two reboots my phone connected to the created hotspot, also pretending to have internet access but actually no page is loaded. So either it is not working or just very slow.
What could be the reason and what would I have to change?

Thanks and regards,

Matthias
Reply | Reply with quote | Quote | Report to administrator
# Hotspot created but no real internet accessRoboberry 2021-08-21 19:34
Hi Matthias

If you can I would confirm the Pi itself is getting internet through the LAN connection on eth0.
If the Pi has access to a display then load up the Pi's desktop and see if it will load a webpage or in terminal ping ww.google.com

Alternately connect to the access point and use SSH or VNC to connect to the Pi. Then open a terminal window and ping www.google.com.

If the Pi has no internet access then the issue is between the Pi and your router.
enter ip a
and see if eth0 has an ip address starting with 192.168
The setup doesn't change anything with eth0 so there may be a different issue.


If the Pi has access to the internet but the device connected to the Access Point does not, then check the IP tables are setup with sudo iptables -S
you should see the routing between wlan0 and eth0.
-A FORWARD -i eth0 -o wlan0 ..... and a second line with the devices reversed.
If this doesn't show then redo the ip tables part of the guide.

check the ip tables service is running
sudo systemctl status hs-iptables
it should see in the output status=0/SUCCESS

If ip tables are working then check that /etc/sysctl.conf has forwarding on:
net.ipv4.ip_forward=1

Let me know if this doesn't help. There is also an installer on the home page that will set the pi up the same as this guide if you have no luck.
Reply | Reply with quote | Quote | Report to administrator
# Jorne 2021-03-03 11:42
Hello Roboberry,
Thank you for the very good guide, It's been a life saver. But I have a problem with connecting through sockets. My setup is: my pc connected with a rpi through an ethernet cable and this rpi (access point following your guide) is connected with an other rpi through a wifi signal. From the access point I can establish a socket connection to both my pc and the other rpi. But I need a socket connection from the second rpi (server) to the pc. I can ping from from the second rpi to the pc but not the other way around.
This is the output from ip route:
default via 192.168.1.10 dev wlan0 src 192.168.1.200 metric 303
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.200 metric 303
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.1 linkdown
(I've used 1 instead of 50 from your guide and the linkdown is from a program that shares the wifi signal to a fourth device using an ethernet connection)
Do you have any idea how I can fix this?
Thanks in advance.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2021-03-04 19:47
Hi Jorne

I'm glad you have found it useful, apart from the issue :)
As you say the PI's can access a PC through Ethernet and they can all ping each other but the PC doesn't want to ping the second pi via Ethernet through the access point Pi. The is due to subnet routing through the Ethernet. Additional routing needs to be setup so the PC can ping the other devices on the access point network.
I have had a brief look but initial ip routes didn't work.
I will have a better look soon and get back to you.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2021-03-07 12:55
Hi Jorne

The solution is to add a route to your PC.
For me I have Pi1 as Access Point on 192.168.50.10
This is connected to a Ubuntu PC via Ethernet
Then I have Pi2 connected to the WiFi access point with an ip of 192.168.50.178.

on Pi1 enter ip route
which returned this for ethernet
192.168.1.0/24 dev eth0 proto dhcp scope link src 192.168.1.103 metric 202

Then on the PC I added a route as
sudo ip route add 192.168.50.0/24 via 192.168.1.103

I can now ping Pi2 from the PC and still ping the PC from PI2

so on you PC enter
sudo ip route add 192.168.1.0/24 via 192.168.2.1
it should work
Reply | Reply with quote | Quote | Report to administrator
# Jorne 2021-03-08 13:43
Hi roboberry

This works. My pc is windows so i had to change a few things in the commands (for someone who has the same problem: open your terminal as admin and instead of ip route... do "route add 192.168.1.0/24 192.168.2.1").

Thank you for your help!
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2021-03-08 20:28
cool, i'm glad that is working. Thanks for the windows command, useful
Reply | Reply with quote | Quote | Report to administrator
# Scott 2021-01-18 22:18
Thank you for your tutorial--it taught me quite a bit about the inner workings. It took me reading all the other comments to solve my problem, as I had also tried the AutoHotspot scripts without success. Going through the tutorial, I set up using wwan0 (my cellular) instead of eth0, so I changed that in the scripts.
Also, it appears that for some reason I had not unmask or enabled the dnsmasq.service (hostapd and hs-iptables were enabled). Once I did that and restarted twice(?), it is working nicely. Thank you for the clear presentation!
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2021-01-20 20:04
Hi Scott

You're welcome, I'm glad you have it working how you need it.

If you are just replacing eth0 for wwan0 then the autohotspot/N scripts will be able to handle that.

in /usr/bin/autohotspotN the line below allows the eth0 port to be changed

ethdev="eth0" #Ethernet port to use with IP tables

as long as no other setup is required it will work.

This is limited to Lan types as you can't redirect eth0 to wlan1 for these scripts as it will effect the switching but can be done for the static access point.
Reply | Reply with quote | Quote | Report to administrator
# gareth hards 2021-01-14 17:45
so i got my cell phone on the pi4 network and it shared data from my wired router, but im unable to view apache pages using localhost is there a way i can be able to?
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2021-01-14 20:08
Hi Gareth

If your Pi4 is running the Apache server then you can only use localhost from your Pi's desktop.
As your phone is a different device on the network you need to use the Pi's ip address of 192.168.50.10 in your phones browser or setup a hostname for the access point and use that instead to access the web server.

You can setup a hostname for the access point, which can be different from the hostname the pi may have already.
edit /etc/hosts
and add
192.168.50.10 mywebserver

After a reboot you can access your apache server from your phone using http://mywebserver

any issue please let me know
Reply | Reply with quote | Quote | Report to administrator
# Sohail 2020-12-29 20:37
I can disable pihole dhcp and use rpi dhcp disease, then do i have to use bridge or just iptables.
I am able to get up from pihole, but traffic doesn't flow beyond wlan0 that's the problem
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-29 21:00
Hi Sohail

If you can switch PiHole to use Rpi dhcpcd then that would work. Though check that there is no config in /etc/network/interfaces as that will still conflict with the access point. It should just be the top 5 lines as shown in this guide.

for ip tables, I would start by switching the eth0 entries in /etc/iptables-hs to br0

#!/bin/bash
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
iptables -A FORWARD -i br0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o br0 -j ACCEPT

try that. If that doesn't work it may be that PiHole already has something in place for iptables. Then just disable my iptables service with

sudo systemctl disable hs-iptables

and reboot
Reply | Reply with quote | Quote | Report to administrator
# sohail 2020-12-29 19:44
My config in files are as belwo please refer, i cant forward traffic from wlan0 (LAN) to etho (Internet)
#etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
#bridge=br0
country_code=AE
#ieee80211d=1
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
ssid=raspi3
wpa_passphrase=111222Q!
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
#pppoe on eth0 & lan on wlan0 as hotspot
auto dsl-provider
iface dsl-provider inet ppp
pre-up /bin/ip link set eth0 up # line maintained by pppoeconf
provider dsl-provider

# Bridge setup
#auto br0
#iface br0 inet manual
#bridge_ports eth0 wlan0

auto eth0
iface eth0 inet manual
iface wlan0 inet manual

#/etc/iptables-hs
#!/bin/bash
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A FORWARD -i eth0 -o wlan0 -j ACCEPT

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2020-12-
pi@raspberrypi:~ $ sudo systemctl list-unit-files hs-iptables.service
UNIT FILE STATE
hs-iptables.service enabled

1 unit files listed.
pi@raspberrypi:~ $ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-29 19:56
Hi Sohail

The will be an issue with the fact there is config in /etc/network/interfaces

This will mean you are using two network managers which are conflicting. The access point used the standard network manager for the Raspberry Pi which is dhcpcd. the interfaces file is not used in Buster or Stretch.

if the /etc/network/interfaces config has come from PiHole then it's not compatible.

If there is a bridge being used there then iptables-hs will need to use br0 instead of eth0.
Reply | Reply with quote | Quote | Report to administrator
# sohail 2020-12-29 20:10
Please guide me. I need to use Pihole on same PI3b+. DHCP is handed by pihole & working fine. All devices can connect to WLAN & get ip addresses, but cant get internet.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-29 20:28
Hi Sohail

If PiHole used dhcp then its not compatible as the Pi and the access point uses dhcpcd by default. dhcpcd would have been stopped to use dhcp.

I can have a look at PiHole to see how it is configured but if the above is correct then I probably won't be able to help. I will have a look sometime this week and let you know.
Reply | Reply with quote | Quote | Report to administrator
# sohail 2020-12-29 16:38
hi rob m using pihole as dhcp its runng in its web gui fine, m getting password incorrect config is
interface=wlan0
driver=nl80211
bridge=br0
country_code=AE
ieee80211d=1
hw_mode=g
channel=6
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
ssid=raspi3
wpa_passphrase=111222Q!
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-29 19:41
Hi Sohail

I have not used PiHole so I can't confirm if it works ok with this setup. I have tried that password on my access point and it works fine in hostapd as it's 8 characters and can use !. All others settings look ok and I don't expect the extra bridge line causes an issue.

Other than trying a different password and checking for extra spaces and hidden characters I don't know what to suggest as hostapd will just compare what has been entered as a ssid password from a wifi device, to this config file.
Reply | Reply with quote | Quote | Report to administrator
# Frank Keeler 2020-12-29 00:57
Thanks for the detailed tutorial. I have tried to setup a no-Internet router on a RPI4 with a fresh updated Raspian SD card. Unfortunately, I see two red Xs where the arrows should be. I have checked and both Dnsmasq and Hostapd show as enabled. I have triple checked each step and I don’t see any errors. Any suggestions? All I want is to create a simple network with no internet for 3-8 PIs so they can talk to each other. Thanks in advance.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-29 12:37
Hi Frank

I take it you don't see the RPiHotspot ssid (issue with: hostapd) or if you are you can't get an ip (issue with: dnsmasq).

Can you check if hostapd are running ok and have not failed for some reason.

enter: sudo systemctl status hostapd
it should say active (running) on the 3rd line. If not it will state an error in the text somewhere.
if that is ok do the same for dnsmasq

I suspect the issue to be one of those as dhcpcd should be fine as you have no wifi.

If you still have an issue let me know the results of the above and i will look into it further or if you use the installer, link at the top of this page, and reinstall the access point with option 3 it should fix any issues.
Reply | Reply with quote | Quote | Report to administrator
# Frank Keeler 2020-12-29 19:39
Thanks for the ideas. Both dnsmasq and hostapd responded running. So I used your script and it was easy to implement and was successful. My problem must have been a typo. I am still glad I went through your tutorial since it gave me an idea how everything works.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-29 19:47
Hi Frank

Good to hear you are up and running. Those self hiding typo's are annoying. I get them all the time :)

Thanks for letting me know.
Reply | Reply with quote | Quote | Report to administrator
# Frank Keeler 2020-12-29 20:32
Ooops, I misspoke. They all have the radio signal, and none have double arrows. The Access Point PI has the two red Xs.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-29 20:50
Hi Frank

The red Xs are wrong, seem we are back to the start.
If that's setup from the installer then it should all be fine.
Not sure whats going on there,

I take it you can't see RPihotspot being broadcast,

Try using option 4 uninstall, reboot and then option 3 and reinstall it.
Reply | Reply with quote | Quote | Report to administrator
# Frank Keeler 2020-12-29 22:59
That fixed the problem. Thanks.
Reply | Reply with quote | Quote | Report to administrator
# Frank Keeler 2020-12-29 20:09
One more question. I am able to SSH and communicate between PIs now, all of the PIs show the double arrow when in Access Point mode except the PI setup as the router. Is that to be expected?
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-29 20:23
Hi Frank

The Pi's can communicate with ssh, vnc etc if they are on the same network. It should be one pi is setup as the access point and all the other are standard wifi and connect to the RPiHotspot ssid.

If they all have double arrows I presume they are all access points? If so they are all separate networks.
Reply | Reply with quote | Quote | Report to administrator
# sohail 2020-12-27 18:15
I am able to connect pppoe on pib+ ethernet used as Internet-WAN, now wifi traffic doesnt NAT/FORWRD to etho0 to connect WLAN devices to internet. Moreover do i need to configure BR0 to bridge them with utils? thanks
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-27 20:02
Hi sohail

The ip tables in the iptables-hs service enable the internet forwarding. Check that the service is enabled and ip forwarding is enabled.

sudo systemctl list-unit-files hs-iptables.service
this should return enabled

if not use
sudo systemctl enable hs-iptables

also check ip forwarding is on
sudo nano /etc/sysctl.conf

and this line has no # at the start
net.ipv4.ip_forward=1


let me know if you have further issues.
Reply | Reply with quote | Quote | Report to administrator
# sohail 2020-12-19 17:46
Hi roboberry,
My pi3b+ has eth0 connected to pppoe, working fine. But wifi hotspot doesnt provide ip address.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-19 21:30
Hi Sohail

If you are seeing the RPiHotspot ssid with a wifi device but are not getting an ip on connection then:

For IP issues check that dnsmasq is running ok.
enter: sudo systemctl is-enabled dnsmasq.service
this should return enabled
if not enter sudo systemctl enable dnsmasq
and reboot

If that is fine check it is running with no errors with sudo systemctl status dnsmasq
There should be some green text saying running, if there is any errors then it should give you a clue to the issue. probably an error in the /etc/dnsmasq.conf file

Alternately you could try using the installer script, there is a link at the top of this article. This will reinstall the setup and fix any common errors that can be done with the manual guide.

let me know if that helps. If not we can look into it further.
Reply | Reply with quote | Quote | Report to administrator
# Elias 2020-12-15 11:18
Hi roboberry!

I really enjoyed following your guide, and want to thank you for writing it. I made some progress in a project on my own, but have an issue that I would very much appreciate if you could share some tips.

I have my RPi set up with as an hotspot, and all devices that are connected have internet access. However, they can not communicate with each other. When i, for example, ping a device on the network from another device from the network, I get the dreaded "Destination Host Unreachable". However, I can successfully ping the devices from the Pi that is set up as a hotspot.

Now, to complicate matters further, the internet is fed into the hotspot-Pi via USB tethering from an Android phone. This results in my config files looking a bit different than in your guide, and I hope you will understand them.

Below is the config/information about my setup. I would be very thankful if you could have a look at it.

Best regards

Interfaces on the hotspot-Pi:
wifi1 (external usb adapter, hosting the hotspot)
usb0 (internet connection from Android Phone)
wifi0 (built in wifi, disabled)

dnsmasq.conf:
interface=wlan1
dhcp-range=192.168.4.2,192.168.4.50,255.255.255.0,24h
domain=wlan
address=/gw.wlan/192.168.4.1
dhcp-option=3, 192.168.4.1

dhcpcd.conf:
option domain-name "router.local";
option domain-name-servers 8.8.8.8, 1.1.1.1;
authoritative;

interface wlan1
static ip_address=192.168.4.1/24
nohook wpa_supplicant

interface usb0
static ip_address=192.168.42.125/24
static routers=192.168.42.129
static domain_name_servers=192.168.42.129
nohook wpa_supplicant
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-17 20:38
Hello Elias
I responded by email a couple of days ago but it got returned even though previous ones worked.
My response was:

Looking at your setup there is nothing that stands out as being an issue but as that's specific to your setup so i can't reproduce that to check.
The nohook wpa_supplicant under usb0 shouldn't be required as this is to disable wifi from trying to connect to a network on the pi.

For all devices to comunicate you need port forwarding which you would have enabled as part of the guide. The next area that can cause the issue is routing.

Use the command: route
if this comes back with two lines as default or 0.0.0.0 then your connected devices may get routed off to the internet rather than back through wlan1.

try deleting the default route for usb0, with: route del default gw 192.168.42.129

and see if that helps.
If not try the other way
route del default gw 192.168.50.1

I have previously checked connections within the access point network with several Pi's connected to an access point and thay can ping and ssh each other and also with a PC connected to the main Pi via ethernet. It should be just forwarding and making sure the route's don't cause an issue.
If this dosn't work I will set it up again and check the config, its been a while

Let me know if this helps.
Reply | Reply with quote | Quote | Report to administrator
# Elias 2020-12-17 20:46
Hello again,

Thank you for your reply. Maybe the email not getting through have to do with the global outage of the Google services..?
Anyway, I tried tinker some more in the last days, and it seems it might be a hardware problem (my external wifi adapter). I tried switching to hosting the AP on the internal wifi, and I was surprised to see the result was the opposite from before. I got no internet access, but could access the locally connected devices. Since then I've resorted to another solution for my personal case. I do however as I said, suspect it is a hardware issue (and the adapter wasn't listed in the referenced in this guide.

Hopefully your answer can help someone else with similar troubles.

I wish you all the best,
Elias
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-12-18 20:16
Hi Elias

Ah that would make sense, the google issues.
Ok, well good luck with your project :)
Reply | Reply with quote | Quote | Report to administrator
# Milton 2020-11-02 20:40
Hi, roboberry, I appreciate your help in the past, and I have a couple of questions:
1: I have several RPi hotspots set up in my house in different rooms, but not that far away from each other. For the "static ip_address=192.168.50.10/24", should each hotspot have its own 192.168.50.xxx/24 address? I.e, .10, .11, .12, etc.
2. Is there a way to verify that the RPis are using the "static domain_name_servers=8.8.8.8"? If I "cat /etc/resolv.conf" I get "nameserver 127.0.0.1"
Many thanks, this is a great tutorial!
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-11-02 23:12
Hi Milton

The Hotspots can have all the same ip's as they are all independent networks. You can only connect to one of them with a WiFi device at a time. When I use ssh with my Pi's I find it convenient because 1 ssh login works with any pi i connect to as they have the same IP.

If you have them all connected to a router through eth0, they will also have their own IP from the router so they all have unique IP's on that network as well.
The only thing you would want different is the SSID setup in /etc/hostapd/hostapd.conf so you can tell them apart and know which one you are connected to.

It will only be an issue if you have a computer with two wifi devices and connected both to different hotspots, then you will most likely get confused connections.

I don't know if you can see what online dns is used. dnsmasq handles how the dns is connected. My setup is pointed to 127.0.0.1 and if you use commands like host -a google.com it returns 127.0.0.1#53 but if I go to a non hotspot setup then dns is my router in resolve.conf and not the dns server of my net provider.
Sorry I can't help with that one.
Reply | Reply with quote | Quote | Report to administrator
# Andrew Gebhardt 2020-11-01 19:52
I've been trying but with no success to set the AP to use my existing DHCP and DNS server. xxx.xxx.003

I have commented the DHCP entries in dnsmasq.conf and it works fine, but changing:

domain_name_servers=8.8.8.8

to

domain_name_servers=xxx.xxx.xxx.003

Doesn't work. I can ping from the RPi but cannot connect via the RPi to the internet from a WiFi client. Anyone have any ideas. Thanks.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-11-02 20:50
Hi Andrew

Can you give a little more detail on your changes and setup please. Your previous comments says you can't get a connection for eth0, the domain_name_servers=8.8.8.8 is for the internet dns through eth0, in this case Googles dns.
If you remove the line and a local dns service or connected router with dns settings is available then it should use that.

Can you include your dnsmasq.conf and dhcpcd.conf entries for the hotspot setup.
Reply | Reply with quote | Quote | Report to administrator
# Andrew Gebhardt 2020-11-01 17:05
A couple of comments which may be of help for Buster and USB adapter:

-$ echo "dtoverlay=pi3-disable-wifi" | sudo tee -a /boot/config.txt
-comment all #DAEMON_CONF=""
-install aircrack-ng and run sudo airmon-ng to find out what chipset your USB dongle is using
-Alfa AWUS036H (1w version) doesn't work
-Alfa AWUS051NH v2 works but device download is terrible, upload unaffected

Personally cannot connect via VNC and eth0, can connect from a WiFi device connected to wlan0.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-11-02 19:49
Hi Andrew

Thanks for the feedback.

So you are disabling the internal wifi completely. So the USB is defiantly wlan0

The /etc/default/hostapd can be deleted on Buster as it is not needed, it's left on the guide for Stretch compatibility.

Can you give me more detail about the VPN issue and eth0 issue. Nothing has been changed with eth0 so you should still be able to connect via Lan to the Pi.
Can you ssh in, if you use that. Does the Hotspot work if you go back to the Pi's wifi. Just want to check the script is working ok for you.
Reply | Reply with quote | Quote | Report to administrator
# Andrew Jan Stanislaw Gebhardt 2020-11-04 15:22
Apologies for the delay, I just spent some time adding a pigtail to the B+ and a 2.4GHz amplifier. Now I get a really good connection and throughput is much higher than using the Alfa USB adapters. Still low 6-8mps but more than enough for my needs. Thanks!!
Reply | Reply with quote | Quote | Report to administrator
# Aires 2020-09-25 14:49
Thank you for that! It's working perfectly! Now I can connect my App to send data to rasp/mysql and photos via FTP easily.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-09-25 20:36
Hi Aires

You're welcome, i'm glad you find it useful.
Reply | Reply with quote | Quote | Report to administrator
# Isaac 2020-09-24 16:29
Hi, I have an RPi 4B+ 4GB and completed this tutorial, I am using an Android device and it sees the WAP and prompts me to login but when I put the password in, it says "Couldn't get IP address" on my phone. How can I fix this?

Many thanks
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-09-24 22:08
Hi Isaac

For IP issues check that dnsmasq is running ok.
enter: sudo systemctl is-enabled dnsmasq.service
this should return enabled
if not enter sudo systemctl enable dnsmasq
and reboot

If that is fine check it is running with no errors with sudo systemctl status dnsmasq
There should be some green text saying running, if there is any errors then it should give you a clue to the issue. probably an error in the /etc/dnsmasq.conf file

If there is no issues with the above try accessing the pi from a non android device just to rule out any issues from the phone. The only issue that is expected is you won't be able to ssh from an android phone without disabling data, but VNC and browser will work fine with data on.

let me know if that helps. If not we can look into it further.
Reply | Reply with quote | Quote | Report to administrator
# Milton 2020-08-14 03:42
Hi, I have a 3B+ with Buster, and I am getting an error:
pi@nancy01:/etc $ sudo systemctl status hostapd
● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2020-08-13 21:33:36 CDT; 1s ago
Process: 1774 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=1/FAILURE)

Aug 13 21:33:36 nancy01 systemd[1]: hostapd.service: Failed with result 'exit-code'.
Aug 13 21:33:36 nancy01 systemd[1]: Failed to start Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.
pi@nancy01:/etc $ sudo systemctl unmask hostapd
pi@nancy01:/etc $ sudo systemctl enable hostapd
Synchronizing state of hostapd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable hostapd
pi@nancy01:/etc $ sudo systemctl start hostapd
Job for hostapd.service failed because the control process exited with error code.
See "systemctl status hostapd.service" and "journalctl -xe" for details.
pi@nancy01:/etc $ sudo systemctl status hostapd.service
● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Thu 2020-08-13 21:37:14 CDT; 257ms ago
Process: 1979 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=1/FAILURE)
Even though I have the two arrows at the upper right corner of my screen, my hotspot does not show up in my list of networks.
Any idea what the problem might be?
Thanks!
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-08-14 13:31
Hi Milton,

It looks like there is an error in /etc/default/hostapd

As you are using Buster this file is not required so you could delete it or rename it to something else.

But as it's available, it's used. just check that both these lines are correct in the fie

DAEMON_CONF="/etc/hostapd/hostapd.conf"
#DAEMON_OPTS=""

let me know if that helps.
Reply | Reply with quote | Quote | Report to administrator
# Vince 2020-08-08 03:24
Thank you for making this so easy for someone new to linux and raspberry.

Is it possible to activate the 5 GHz also? Eventually I want to install a VPN on the Pi, but am taking it one step at a time.

You've done a good job with the site.
Many thanks.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-08-08 09:57
Hi Vince. No problem, glad you found it useful.
Yes 5ghz can be setup.

in /etc/hostapd/hostapd.conf

change
hw_mode=g to hw_mode=a
channel=6 to channel=36
wmm_enabled=0 to wmm_enabled=1

and add the line:
ieee80211ac=1

also make sure your country is correct as it is more important for 5ghz
country_code=GB

I believe that all you need for a basic 5ghz setup.
The channel can be changed if there are strong 5ghz signals in your area using ch36 causing an unstable connection.

This will work fine with openvpn without any changes.

thanks.
Reply | Reply with quote | Quote | Report to administrator
# Vince 2020-08-14 02:44
Greetings roboberry!

Thank you for the prompt response. Pi running 5GHz.

Could you please assist with my current situation.

Pi3B+ Buster 10

I installed Airvpn hummingbird client on the Pi. It works, as I can see the connect made on their homepage. My android phone also connects to the Pi. The problem is the android has no internet connection. It is not connecting with the tunnel. When I shut down hummingbird, my phone regains internet.

The only errors I see from hummingbird are:
iptables v1.8.2 (legacy): can't initialize iptables table `security': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
ip6tables v1.8.2 (legacy): can't initialize ip6tables table `security': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.

I noted in the instructions the netfilter-persistent program was not going to be installed, deferring to a custom service.

Thank you for giving this a look and insight would be appreciated.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-08-15 11:14
Hi Vince,

The access point directs traffic between eth0 and wlan0. VPN's often create devices like tun0 or bri0 inplace of eth0 so it maybe that the iptable rules in this guide need altering for you.

with the VPN enabled enter: ip a
Check if there is a device other than eth0, wlan0, lo,
if there is something else like tun0 change all references to eth0 in /etc/iptables-hs
and reboot.

It may be that your default route is eth0 so no traffic from your android device is directed to the vpn.

enter route
if the vpn uses tun0 and you see

Destination: default for Iface: eth0 but not for Iface: Tun0 then that may be the issue but i would expect that all traffic to eth0 would be redirect to Tun0 in AirVPN's setup.

Otherwise list the iptables rules and see if there is a conflict between Airvpn's setup and the access point setup

sudo iptables -S

let me know the output to iptables and route if this doesn't help.
Reply | Reply with quote | Quote | Report to administrator
# Same for nftablesTom 2022-04-18 06:25
Hi roboberry,

Thank you for all your information!
I've got the same problem as Vince but with nftables (bullseye). I followed your recipe as stated above on a clean bulleye install. In addition I'm using openvpn and all works well except that connected devices don't have internet access when openvpn is connected to the vpn server. The rpi itself has internet access when openvpn is connected to the vpn server. Only the connected devices don't. They do when openvpn is not running.

When openvpn is connected to then vpn server tun0 appears when entering 'ip a' and/or 'route'.

How should this be solved since bullseye doesn't come natively with iptables?

Thank you in advance!

Tom
Reply | Reply with quote | Quote | Report to administrator
# Same for nftablesroboberry 2022-04-18 11:05
Hi Tom

To use OpenVPN with the access point the NFtables for eth0 need to be changed to tun0.

In /etc/nftables/nft-stat-ap.nft change the three references fot eth0 to tun0

then use the command

sudo nftables -F /etc/nftables/nft-stat-ap.nft

to load the new settings or reboot.

The connected devices will now only get internet if OpenVPN is running.
Reply | Reply with quote | Quote | Report to administrator
# Stefan 2020-07-23 14:21
Your script is fantastic. After trying out so many things this was the final solution and it worked right away.

However, I need to have access to the Pi when I am out and there is just my laptop and the Pi, no other network. Internet is not needed. Currently this seems to be possible only via Wifi. How can I achieve this with ethernet cable? The Pi should accept both wired and wireless connection.

Many many thanks!
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-07-23 18:31
Hi Stefan

Thanks. The setup to the eth0 is not changed so it works the same as if the access point hasn't been setup. So any guide to setting up a direct ethernet link between a Pi and a laptop should be fine as long as changes to Eth0 are done in /etc/dhcpcd.conf and not /etc/network/interfaces.
This guide looks to be suitable if you use Window on the laptop
https://www.circuitbasics.com/how-to-connect-to-a-raspberry-pi-directly-with-an-ethernet-cable/

But as a static ip is being set it won't work if you then connect the Ethernet to your router afterwards unless the router is on the same network ip range as what is set for your eth0 static ip.

hopefully this helps
Reply | Reply with quote | Quote | Report to administrator
# Anders 2020-07-12 23:56
Blimey - it works!

Being a total "noob" (but old as heck) I was about to give up, having tried more than a half dozen online guides that apparently were outdated.
Many thanks - I'll now have proper WiFi signal strength in the mancave :-)
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-07-13 21:25
Hi Anders
You're welcome and thanks for the feedback

It is a bit of a nightmare finding the good info from the bad online, been there many times. I'm glad you have it sorted now.
Reply | Reply with quote | Quote | Report to administrator
# Neobits 2020-07-06 18:50
Thanks for the tutorial! It's really great and well organized.

I've set my RPi4 into an AP (no internet access) without any issue. When I tried to set it back, disabling the services and rebooting, it keeps as if it where in hotspot mode (but no device actually sees the AP). Does it have another turnaround to fix this?

Thanks again!
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-07-06 19:57
Hi Neobits

Have you removed the entries from /etc/dhcpcd.conf as that will stop wifi from working?

#Static Hotspot
nohook wpa_supplicant
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8

You can double check all the services have been disabled with the following lines

sudo systemctl -all list-unit-files hostapd.service
sudo systemctl -all list-unit-files dnsmasq.service
sudo systemctl -all list-unit-files hs-iptables.service

they should all say disabled
Reply | Reply with quote | Quote | Report to administrator
# Neobits 2020-07-07 10:50
Hello again!
It must have been a mistake, I made a new install of the OS, then execute all the procedure in a bash script and the AP is ON. Afterwards, executed another script to put down the AP and turn on the wifi and it's working!

Thanks again for the answer and the tutorial.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-07-07 20:25
Hi Neobits

glad you have it sorted. Once the dhcpcd.conf bits are removed it should connect to your router, presuming /etc/wpa_supplicant/wpa_supplicant.conf has a wifi network setup.

Even if hostapd is still active it will still connect to the router so i'm not sure what your issue was.

Sound like you have a script to activate and deactivate the hotspot. I presume the Autohotspot setup also on this site dosn't fit your needs. The installer script can activate and deactivate the hotspot.
Reply | Reply with quote | Quote | Report to administrator
# Neobits 2020-07-06 21:22
Hi roboberry!

Thanks for your quick answer :)

I've indeed removed the entries in the /etc/dhcpcd.conf and do all the checks you posted.

The first two are disabled while the last one wasn't found. Since I didn't proceed to internet connection, no iptables were written.

Am I still missing something? I've double check the procedure and I can't find my mistake.
Reply | Reply with quote | Quote | Report to administrator
# Kraker 2020-06-18 20:11
hello. i did everything in tutorial and reach the restart piint where my vnc or putty wont connect. i tried For ssh use ssh
For vnc use 192.168.50.10::5900 but no connection. i know is stil up beacuse my samba is on and i can access it. im running headless.i also use ufw and vpn which were before installed.help.
Reply | Reply with quote | Quote | Report to administrator
# Peter Merchant 2020-06-19 13:55
vnc use 192.168.50.10::5900 Should this not just have one :?
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-06-19 14:21
Hi Peter

if you quote the port it is 2 ip::5900,
If you use the default port you can use 1 ip:0

As 5900 is the default either work.
VNC is usually 5800 or 5900 it seemed at least when I done the guide you needed ::5900 as 5800 isn't the default on the Pi.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-06-19 11:15
Hi Kraker

If you have managed to connect successfully to the access point then you may need to confirm what ip address the PI has for Wifi. You will be able to ssh in via eth0 if you are not using a PiZero. If the wifi is the correct ip then it may be ufw needs some changes.

I have not used a firewall with the setup. On the autohotspot script (on the home page) with Firewalled setup it wouldn't except the standard rules and has some mods at the bottom of the article. So maybe there is a similar issue.

Also for the VPN I think that uses a it's own device to route data. So the ip tables will probably need changing from eth0 to whatever your VPN uses. But you should at least be able to ssh VNC into the PI.

Also was there any other custom setting on /etc/dhcpcd.conf for wlan0 that may be conflicting with the setup?
Reply | Reply with quote | Quote | Report to administrator
# Kraker 2020-06-20 11:59
i`ve manage to connect it to a pc. the reason vnc is not working was even if my pi is connected to Ethernet i wouldn't get any connectivity over internet. i`ve reversed back everything and now i`m fine. I want to try again. which things i should be aware for in my case?thanks
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-06-21 12:07
Hi Kraker

It looks like you need to skip the section for ip-tables.
Do the port forwarding in /etc/sysctl.conf but don't do the file /etc/iptables-hs and sudo systemctl enable hs-iptables

Then in ufw setup a rule to route wlan0 to eth0 in the same way the /etc/iptables-hs does.

Im not sure what you need to do for VPN but if connected wifi devices to the access point don't get vpn access and the vpn uses a bride device like br0 then you probably need to change ufw from eth0 to br0.

I haven't done this so I don't know but these would be where I would start.
Reply | Reply with quote | Quote | Report to administrator
# Peter Merchant 2020-05-27 10:08
A stupid little thing I know, but it is a good tutorial. My thing is that it is not dated so when I find a reference like this I do not know if it is current. I have been running my Pi zero W as a AP for a year now, but am having trouble with Hostapd when I upgrade the software. Today's searh is to find the latest version for the R-Pi and upgrade that.
Reply | Reply with quote | Quote | Report to administrator
# Peter Merchant 2020-06-19 14:00
Not 100% sure, but I just rebuilt my AP on Raspbian stretch and it still would not work. Eventually syslog led me to the fact that /etc/default/hostapd had not been updated with the full path of the hostapd.conf file. This needs checking to see if it is a new fault with the hostapd installation, something the problem with the way that I do it.

Jun 18 19:44:00 raspberrypi hostapd[15736]: Configuration file:

Jun 18 19:44:00 raspberrypi hostapd[15736]: Could not open configuration file '' for reading.

Jun 18 19:44:00 raspberrypi hostapd[15736]: Failed to set up interface with
...

This line needed to be added:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-06-19 14:30
Hi Peter

The instruction to add the default path is in the guide. Just above the instruction to unmask.

In Buster the default file is depreciated so not required and hostapd works fine but it is required on stretch and jessie as they don't have the latest version available, or at least not the version Buster uses.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-05-28 14:05
Hi Peter

The article is a couple of years old but is up to date as stated at the top that it works and has been tested on the Raspberry Pi 4 and Raspbian Buster. But I get your point that the default option of created date dosn't help when looking for newer content so I have changed it to modified date.
Reply | Reply with quote | Quote | Report to administrator
# TanKil 2020-05-22 14:44
Hi,

thank you for this nice tutorial.

Everything works fine if I use the access point over wired eth0. But If I use it over wlan0 (wlan0=access point, wlan1=replacement for eth0), I can not reach the other local hosts any more:

"PING 192.168.178.32 (192.168.178.32) 56(84) bytes of data.
From 192.168.178.34 icmp_seq=1 Destination Host Unreachable"

I can reach only remote hosts in internet.
I can ping the local hosts again If I disable the hostapd. But after that the access point doesn't work any more as a result.

Can anyone help?

I use it on a Raspery Pi 3 B+ with Buster.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-05-22 15:50
Hi TanKil

The setup won't work with wlan1 as wifi is disabled. You will need to alter the entries from the guide that were done in /etc/dhcpcd.conf to

denyinterface wlan0
interface wlan0
static ip_address=192.168.50.10/24
nohook wpa_supplicant wlan0

with the ip tables changes to wlan1 then it should work for you.
Reply | Reply with quote | Quote | Report to administrator
# TanKil 2020-05-22 16:46
Hi roboberry,

thanks for the quick reply. I did these settings already. But still no success:


dhcpcd.conf:
interface wlan1
static ip_address=192.168.178.33/24
static routers=192.168.178.1
static domain_name_servers=192.168.178.1 8.8.8.8 8.8.4.4
static domain_search=

denyinterface wlan0
interface wlan0
static ip_address=192.168.178.34/24
nohook wpa_supplicant wlan0


rules for itables:
#!/bin/bash
iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT
exit 0


dnsmasq.conf:
interface=wlan0
bind-dynamic
domain-needed
bogus-priv
dhcp-range=192.168.178.100,192.168.178.150,255.255.255.0,12h # IP range and lease time
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-05-22 18:10
Hi TanKil

I believe the issue is wlan0 & wlan1 both have the same gateway but are on different networks.

I presume your Wifi Router is on 192.168.178.1
so you want the PI to appear on your wifi network as 192.168.178.33 through wlan1

The Hotspot is a different network and gives connected Wifi devices the ip addresses in the dnsmasq.conf dhcp-range. The hotspots IP they connect to is the IP in dhcpcd.conf for wlan0.

The Pi itself will have the IP address your router gives through wlan1.

I would change dnsmasq.conf to
dhcp-range=192.168.50.150,192.168.50.150,255.255.255.0,12h

and dhcpcd.conf for wlan0 to
static ip_address=192.168.50.10/24

and try it again.
Reply | Reply with quote | Quote | Report to administrator
# TanKil 2020-05-22 18:46
Hi robobery,

that is it! It works like a charm!

Thank you!!!
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-05-23 10:22
Hi TanKil
No Probleml, glad you're up and running.
Reply | Reply with quote | Quote | Report to administrator
# Jake 2020-11-04 10:43
Hi, I am finding this tutorial very useful, thanks for sharing!

I am trying to set up rpi4 with wlan0 as permanent AP like you reccomend, and wlan1 via a USB dongle to function like the default "out-of-the-box" raspberry pi os functionality to connect to for example my smartphone in tether mode.

whether the internet is forwarded or not is not essential, but it would be nice to have access to apt update.

I got the Access Point on wlan0 working, but I missed something to get wlan1 working.

in the desktop, when I hover over the network icon, I get:

eth0: link is down
wlan0: STOPPED
wlan1: Not associated
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-11-04 12:51
Hi Jake

You're welcome :)

In dhcpcd.conf the wifi devices have been disabled which is why you get the message you see.

This can be changed so only wlan0 is disabled by changing the entries in /etc/dhcpcd.conf to

denyinterface wlan0
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8
nohook wpa_supplicant wlan0


You will also need to change the iptable rules to use wlan1 instead of eth0

in /etc/iptables-hs change them to

#!/bin/bash
iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
iptables -A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o wlan1 -j ACCEPT

The Pi will decide which device is wlan0 and wlan1 so you may see that switch between internal wifi and usb wifi depending on which one is discovered first. Though this should usually be internal for wlan0.

let me know if you get further issues
Reply | Reply with quote | Quote | Report to administrator
# Jake 2020-11-04 14:09
Hi roboberry, thanks for the swift reply :)

I guess my trouble is to assign the wlan1 to connect to a wifi.

if I put the login information to my tether wifi in the same wpa_supplicant.conf file, giving the following:

```
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=DK

network={
ssid="AndroidAP"
psk="123456789"
}
```

after adding the network ssid, I get a different tooltip hover message:

eth0: link is down
wlan0: Associated with AndroidAP
wlan0: Configured 192.168.50.10/24
wlan1: Not associated

with this configuration, my pi can access the internet, but no longer broadcasts the access point.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-11-04 22:42
Hi Jake

Swift but wrong, how about a slower more measured response.
I have just tested that and it failed too, im sure it worked before Buster. Anyway, a slight mod and remove the deny line.

interface wlan0
nohook wpa_supplicant
static ip_address=192.168.50.10/24
static routers=192.168.50.1
static domain_name_servers=8.8.8.8

now wlan1 will connect to your phones AP

The issue is there is now two default routes and at least on my setup you cant get net access until the the Hotspots route on wlan0 is deleted.

pi@buster16:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.50.1 0.0.0.0 UG 303 0 0 wlan0
default 192.168.1.254 0.0.0.0 UG 304 0 0 wlan1

enter: route del default gw 192.168.50.1

then it shows
pi@buster16:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.254 0.0.0.0 UG 304 0 0 wlan1

Unfortunately you need to do this each boot.
Obviously this can be done with a boot script but it needs to be after the route has been created.

hopefully this helps. If there is another option with the route issue I will let you know.
Reply | Reply with quote | Quote | Report to administrator
# Jake 2020-11-06 01:24
I think you may not have been totally wrong after all - I couldn't get it working and took a fresh image on my sd card.

I got everything working accordingly both with and without 'denyinterface wlan0' needing to run the 'route del default gw 192.168.50.1' in either case.

I noticed that the route comes back every time I plug or unplug the ethernet cable, so I need to figure out the most convenient way to re-run the 'route del' command.

Thank you very much for making this guide, as well as educating me along the process!

After this success, I am now struggling with a challenge, if you have any thoughts, I would be thankful for your input:

I wanted to add a usb-c connection from a guide I found on another website[1], this works great, but with this configuration added as well, I dont get internet on the devices I connect to the PiAccessPoint, although I get internet on the pi itself after deleting the route as above.


[1] hardill.me.uk/wordpress/2019/11/02/pi4-usb-c-gadge t
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-11-06 20:09
Hi Jake , glade your up and running now.
another typo from me i missed the s, it's denyinterfaces wlan0
But you don't need that for this.

The default route will will appear for eth0 but in my case its the same as wlan1 as it's to my router so it's ok. It should be fine as you have a route between wlan0 and wlan1.

You can setup a systemd service to run the delete route once network is up. I have not done that yet but should work if that's any help.

Looking at the usb-c link, interesting setup.
The first issues that stand out is that it uses /etc/network/interfaces.d
dhcpcd is the RPi's network manager so device config should be in /etc/dhcpcd.conf. network/interfaces will conflict with the device setup.

I would try moving the entry for /etc/dnsmasq.d/usb into /etc/dnsmasq.conf under the hotspot entries.

in /etc/dhcpcd.conf
don use the denyinterfaces usb0

but add
interface usb0 (or whaterver shows up for usb in: ip a)
static ip_address=10.55.0.1/24
static routers=10.55.0.254

Then in the script /root/usb.sh
change the line near the bottom:
ifup usb0
to
ip link set dev usb0 up

this is because ifup is a /network/interfaces command ip will work with dhcpcd.conf

I can't guarantee that will work but it's where I would start.
Reply | Reply with quote | Quote | Report to administrator
# Jake 2020-11-06 22:06
Interesting:

pi@raspberrypi:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.55.0.254 0.0.0.0 UG 205 0 0 usb0
default 192.168.50.1 0.0.0.0 UG 303 0 0 wlan0
default 192.168.0.1 0.0.0.0 UG 304 0 0 wlan1
10.55.0.0 0.0.0.0 255.255.255.0 U 205 0 0 usb0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.0.0 0.0.0.0 255.255.255.0 U 304 0 0 wlan1
192.168.50.0 0.0.0.0 255.255.255.0 U 303 0 0 wlan0




In my first try I deleted '/etc/network/interfaces.d' but forgot to put the content in the bottom of /etc/dnsmasq.conf

that resulted in no access through usb, but after

pi@raspberrypi:~ $ sudo route del default gw 10.55.0.254

pi@raspberrypi:~ $ sudo route del default gw 192.168.50.1

I got forwarded internet over wifi, when I then added the forgotten content to /etc/dnsmasq.conf I was able to ssh through usb, but not achieve wifi internet forwarding on.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-11-07 10:53
Hi Jake

Making progress then :)

I would add routing from usb0 to wlan1 to /etc/iptables-hs
iptables -A FORWARD -i wlan1 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i usb0 -o wlan1 -j ACCEPT

for deleting the default route it seems there is a unspecified delay before the ap default route is in the routing table. I have tried removing it with a systemd service at a few points in boot but had no luck. Im sure there is a better way as this seems overkill but anyway I just added a script waits for the default 192.168.50.1 to appear within a 50 second window after the system is fully up and then deletes it.

create sudo nano /etc/systemd/system/routeupdate.service

add this:
[Unit]
Description=Delete Default Route for AP
After=multi-user.target

[Service]
Type=simple
ExecStart=/etc/aproute.sh

[Install]
WantedBy=multi-user.target


then create sudo nano /etc/aproute.sh
#!/bin/bash

x=0
until [ $x -gt 10 ]
do
if route | grep -n "default 192.168.50.1" ;then
route del default gw 192.168.50.1
x == 11
else
x=$((x + 1))
sleep 5
fi
done


then make this script executable
sudo chmod +x /etc/aproute.sh

and enable the service
sudo systemctl enable routeupdate.service

you can add the usb default route but it will only be deleted if the AP route is found.
Reply | Reply with quote | Quote | Report to administrator
# Jake 2020-11-07 12:45
Interesting thoughts; with 2 wifi adaptors, ethernet, and usb networking, there seems to be many ways to utilize the pi in the middle.
I may also look into forwarding ethernet to usb, essentially making the pi a usb-to-ethernet adapter.

while still not having internet through wifi, I am already pondering to increase the utility by setting up the pi-hole software (either by docker or directly on the pi)

Thank you very much for routeupdate.service, that will save me for some manual bash commands!

If I figure out progress in the forwarding of wifi, I will let you know :)
Reply | Reply with quote | Quote | Report to administrator
# Frederik 2020-05-10 17:12
Hi, thanks for the tutorial. I've got the hotspot working (No Internet). The only issue is, that the ip address I retrieve from ifconfig (169.254.214.159) is different from the one I've set (192.168.8.10). For SSH I have to use the ip address I get from ifconfig. Any idea what could cause the issue here? Thanks in advance!
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-05-10 18:28
Hi Frederik

The 169.254 ip is because of an error meaning the correct ip can't be generated.

If you have changed the ip address in /etc/dhcpcd.conf
to
static ip_address=192.168.8.10/24
static routers=192.168.8.1

you also need to change it in /etc/dnsmasq.conf.

The dhcp-range from

dhcp-range=192.168.50.150,192.168.50.200,255.255.255.0,12h
to
dhcp-range=192.168.8.150,192.168.8.200,255.255.255.0,12h

the first 3 digits of the ip need to match ###.###.## what ip has been set. The 4th digit is the range connected devices will receive 150 -200.

This should solve your issue. Let me know if you have further issues.
Reply | Reply with quote | Quote | Report to administrator
# Frederik 2020-05-10 18:47
Hi, thanks for the quick reply. My problem has been solved. Although this wasn't the issue. After checking that all ips started with said address I noticed that I had misspelled ip_address in /etc/dhcpcd.conf. Since "address" is only spelled with one 'd' in german I make that mistake too often.
Sorry for wasting your time, but thanks again for the quick reply.
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-05-10 19:57
Hi Frederik

Ah I can understand the issue :) Glad you have it sorted now. No problem.
Reply | Reply with quote | Quote | Report to administrator
# Bob 2020-04-29 19:41
Hi I have got the hotspot working with an Ip's from 192.168.5.150 to 200. My main network uses Ip addresses in the range 192.168.1.xxx. I can connect to the hotspot with my tablet and thence to the internet. I would like IOT devices connected to the hotspot to be able to connect to devices on my main network and vice versa. I.e. An IOT devices on 192.168.5.60 to send data to an MQTT broker on 192.168.1.119. Can that be done by modifying the hotspot? Could you tell me how to do it please or point me to some guidance.
Either way thank you for a brilliant tutorial that works!
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-04-30 10:40
Hi Bob, Thanks, you're welcome.
Yes it can be done, I have just done a test with a group of Pi's. Any device on the hotspot can access the home network via ssh fine but as it stands the devices on the network had to ssh to the Hotspot Pi first and then ssh to the device connected the hotspot. So to complete the route you would need to add additional routing iptables to route the data via IP address from the IOT device.

You can set any device on the hotspot a static ip by adding the mac address details of the IOT to dnsmasq.
Firstly find the mac address of the IOT device that will be connected to the hotspot
in /etc/dnsmasq.conf enter the line
dhcp-host=xx:xx:xx:xx:xx:xx,192.168.5.60 where xx is the mac address
This IP does not need to be in the 150-200 range of dhcp-range but does have to match the first 3 numbers of the ip ###.###.#

If you are using Raspbian Buster and going to do additional routing then you may want to look at NFtables. Iptables have been depreciated but the rules still work via NFtables. NFtables for routing is the way forward. I will be updating this guide and the other hotspot scripts with NFtables soon. Raspbian Stretch needs IPtables.
Reply | Reply with quote | Quote | Report to administrator
# Chris 2020-04-21 22:29
Thanks, the hotspot is up and running. But I can't get it to route an internet connection form my wlan1. I'm missing somthing since buster version (interfaces) is different from previous raspbians. I have changed your eth0 to wlan1. but what else? some config in dhcpcd or dnsmasq? BR Chris
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-04-21 23:29
Hi Chris

The problem is the wifi connection in dhcpcd is disabled with the nohooks line. If you change your dhcpcd.conf entry to

denyinterface wlan0
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
nohook wpa_supplicant wlan0

then wlan1 will work again.

Raspbian is still using unpredictable network interfaces ie wlan0 wlan1. You can't control if your internal or usb wifi will be wlan0. So you may find they swap between boots.

The predicable network Interfaces feature would give the device name of wl######## where # is your mac address. Then changing wlan0 and wlan1 references to the predictable device names would control which device is the hotspot. But currently predictable is off by default for Raspbian.

Hope this helps.
Reply | Reply with quote | Quote | Report to administrator
# Chris 2020-04-22 22:10
After a couple of tries back and forth between dnsmasq and dhcpcd. I notice that all works well with your example if I remove static routers row in dhcpcd. Thank you so much for helping out and a great guide.

Annoying with buster version and too little formal information on the connections between network/interfaces, dnsmasq and dhcpcd.
Reply | Reply with quote | Quote | Report to administrator
# Chris 2020-04-22 17:26
Thnx for the fast response.
wlan0 is the access point and wlan1 is associated with my wifi network, so I can ssh back to the Pi from a network-connected computer. But I can't reach the internet, neither on the RPi or with my phone connected to the access point Wlan0.

I did the config: #RPiHotspot config - Internet
And added static domain_name_servers=8.8.8.8 to dhcpcd.conf

sudo iptables -S give me:
-A FORWARD -i wlan1 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o wlan1 -j ACCEPT

Something lacking wlan1 to give internet access?
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2020-04-23 13:24
Hi Chris

Thanks for letting me know. I last done the wlan0 to wlan1 setup in Raspbian Stretch so maybe thats an issue with Buster now.

It is difficult to find info. Most guides are old and reference network/interfaces which is depreciated in Raspbian so causes setup issues.

To add to the issue Buster uses NFtables instead of IPtables. Though the guide still uses IPtables which works for now it will be updated shortly to NFtables, just going to release an installer first then will be updating the routing.
Reply | Reply with quote | Quote | Report to administrator
# TC 2020-02-01 11:12
Nice job on the tutorial.

Thanks.
Reply | Reply with quote | Quote | Report to administrator
# Dazz 2019-10-06 09:15
IPtables is also depreciated. NFtables is the new kid in town.
Reply | Reply with quote | Quote | Report to administrator
# Roboberry 2019-10-06 10:04
I wasn't aware of that one. I will check it out. thank you
Reply | Reply with quote | Quote | Report to administrator
# Dazz 2019-10-05 10:27
Hi. Great write up. I found that DAEMON_CONF= is depreciated and support will be removed. Does or should that change your instructions?
Reply | Reply with quote | Quote | Report to administrator
# roboberry 2019-10-05 11:40
Thanks Dazz. I saw that it is going to be depreciated in a future release, so I will look into that when I do some updates to the Autohotspot articles in the near future. I think that is just being dropped and /etc/hostapd/hostapd.conf will be standard. If that's the case that step will be skipped but I will look into in more detail. But thanks for highlighting, easily missed on the install message.

Roboberry.
Reply | Reply with quote | Quote | Report to administrator
# Jannes 2019-08-25 09:14
Hello, my hotspot dont work and I think I know why. Because the /etc/dhcpcd.conf file was empty when I opened it. I think I deleted all accidentally, because Im not good at the terminal and I tried it a few times. Can you give me the content of the file, so I can paste it into my file? (My English isnt very good, sorry)
Reply | Reply with quote | Quote | Report to administrator
# Roboberry 2019-08-25 10:03
Hi Jannes, I have sent you the file via email.
Reply | Reply with quote | Quote | Report to administrator
# Roboberry 2019-08-25 10:27
hi Jannes, I keep getting a return on your email. Can you email me direct admin@ this site and I will send it to you.

This is the dhcpcd.conf file with the comments removed:

# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.
hostname
clientid
persistent
option rapid_commit
option interface_mtu
require dhcp_server_identifier
slaac private

#This section for the static hotspot
#Static Hotspot
nohook wpa_supplicant
interface wlan0
static ip_address=192.168.50.10/24
static routers=192.168.50.1
Reply | Reply with quote | Quote | Report to administrator
# Martin 2019-08-21 08:49
Hi, thanks for the script. I like the new design of your website, but it's a shame, that all those valuable comments below this article dissapeared.
I have one more suggestion. If you set up wifi in /boot/wpa_supplicant.conf on windows - some text editors put windows line endings to this file and that is the issue for the script. So make sure you use dos2unix on wpa_supplicant.conf file.
Reply | Reply with quote | Quote | Report to administrator
# Roboberry 2019-08-21 09:57
Hi Martin

Thanks, I had to change some of the background software which meant the comments couldn't be extracted. All three hotspot scripts have been out there for a few years, so well tested. Most of the issues where user error or feature request any bugs found have been addressed. I plan on updating the trouble shooting section for a bit more self help.

For the wpa_supplicant file. I have only ever put it in the boot folder from a linux machine. If it's created on windows does the Pi happily use it but the hotspot scripts fail to recognise it? Th PI should fail to use it the top 3 config lines are missing.
This article doesn't use wpa_supplicant so I presume you are referring to the auto scripts?
Reply | Reply with quote | Quote | Report to administrator