tdwong · April 26, 2023 00:51
diff --git a/00_Raspberry_Pi_4B_as_AP b/00_Raspberry_Pi_4B_as_AP
 Configure Raspberry Pi 4B as an AP

 - use virtual interface wlan0_ap
diff --git a/rpi4b_as_AP.txt b/rpi4b_as_AP.txt
 #
 #
 #

 #
 #@ one-time system configuration

 # sysctl net.ipv4.ip_forward
 net.ipv4.ip_forward = 0
 # sysctl net.ipv4.ip_forward=1
 net.ipv4.ip_forward = 1

 	# echo 1 > /proc/sys/net/ipv4/ip_forward

 # grep ip_forward  /etc/sysctl.conf
 net.ipv4.ip_forward=1

 #
 #@ create iptables rules

 $ IF_WLAN=wlan0_ap
 $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 $ sudo iptables -A FORWARD -i eth0 -o ${IF_WLAN} -m state --state RELATED,ESTABLISHED -j ACCEPT
 $ sudo iptables -A FORWARD -i ${IF_WLAN} -o eth0 -j ACCEPT

 #
 $ sudo iptables -t nat -S
 $ sudo iptables -S

 $ sudo iptables-save
 # Generated by xtables-save v1.8.2 on Wed Aug 19 13:12:41 2020
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 -A FORWARD -i eth0 -o wlan0_ap -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A FORWARD -i wlan0_ap -o eth0 -j ACCEPT
 COMMIT
 # Completed on Wed Aug 19 13:12:41 2020
 # Generated by xtables-save v1.8.2 on Wed Aug 19 13:12:41 2020
 *nat
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 -A POSTROUTING -o eth0 -j MASQUERADE
 COMMIT
 # Completed on Wed Aug 19 13:12:41 2020

 #
 #@ list wifi capability

 # iw info
 # iw list | grep -A6 valid
 	valid interface combinations:
 		 * #{ managed } <= 1, #{ P2P-device } <= 1, #{ P2P-client, P2P-GO } <= 1,
 		   total <= 3, #channels <= 2
 		 * #{ managed } <= 1, #{ AP } <= 1, #{ P2P-client } <= 1, #{ P2P-device } <= 1,
 		   total <= 4, #channels <= 1
 	Device supports scan flush.
 	Device supports randomizing MAC-addr in sched scans.

 #
 #@ show current configuration

 # iw dev wlan0 info
 Interface wlan0
 	ifindex 3
 	wdev 0x1
 	addr dc:a6:32:37:65:2a
 	ssid ATT-MINIONS
 	type managed
 	wiphy 0
 	channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
 	txpower 31.00 dBm
 # ifconfig wlan0
 wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.141  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 2600:1700:cce0:f710:e0ec:4087:b91b:5113  prefixlen 64  scopeid 0x0<global>
        inet6 2600:1700:cce0:f710::32  prefixlen 128  scopeid 0x0<global>
        inet6 fe80::30a3:56f6:6eb1:3c58  prefixlen 64  scopeid 0x20<link>
        ether dc:a6:32:37:65:2a  txqueuelen 1000  (Ethernet)
        RX packets 298123  bytes 30727078 (29.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20102  bytes 2330494 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 #
 #@ create virtual wifi interface
 #
 #	https://superuser.com/q/615664/109777

 # iw dev wlan0 interface add wlan0_ap type __ap

 	## alternative command via phy interface
 	$ sudo iw phy phy0 interface add wlan0_ap type __ap

 	## to remove the interface
 	$ sudo iw dev wlan0_ap del

 # iw dev wlan0_ap info
 Interface wlan0_ap
 	ifindex 4
 	wdev 0x3
 	addr dc:a6:32:37:65:2a
 	type AP
 	wiphy 0
 	channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
 	txpower 31.00 dBm

 # ifconfig wlan0_ap hw ether dc:a6:32:37:65:2b

 # ifconfig wlan0_ap
 wlan0_ap: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether dc:a6:32:37:65:2b  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 #
 #@ configure virtual wifi interface

 # ifconfig wlan0_ap 192.168.240.1/24 up

 # ifconfig wlan0_ap
 wlan0_ap: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.240.1  netmask 255.255.255.0  broadcast 192.168.240.255
        ether dc:a6:32:37:65:2b  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 #
 #@ required software packages

 [optional] # apt-get install -y hostapd dnsmasq

 #
 #@ configure dnsmasq

 # cat > /etc/dnsmasq.conf <<-_eof_
 	# dnsmasq using wlan0_ap
 	dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
 	dhcp-reply-delay=tag:client_is_a_pi,2
 	interface=wlan0_ap
 	server=8.8.8.8  # use Google DNS
 	dhcp-range=192.168.240.50,192.168.240.150,12h   # DHCP IP range & lease time
 _eof_

 #
 #@ configure hostapd (2.7 required for WPA3)

 # cat > /etc/hostapd/hostapd.conf <<-_eof_
 	# hostapd using wlan0_ap
 	interface=wlan0_ap
 	ssid=WPA3-Network
 	hw_mode=g
 	channel=1
 	macaddr_acl=0
 	ignore_broadcast_ssid=0
 	auth_algs=1
 	wpa=2
 	wpa_passphrase=123456789a
 	wpa_key_mgmt=WPA-PSK
 	rsn_pairwise=CCMP
 	driver=nl80211
 	ctrl_interface=/var/run/hostapd
 	ctrl_interface_group=0
 _eof_

 #
 #@ start dnsmasq and hostapd

 # service dnsmasq restart
 root@rpi4b:/home/pi # service dnsmasq status
 ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
   Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2020-08-19 02:12:08 BST; 24s ago
  Process: 6357 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
  Process: 6358 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
  Process: 6367 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
 Main PID: 6366 (dnsmasq)
    Tasks: 1 (limit: 4915)
   Memory: 1.3M
   CGroup: /system.slice/dnsmasq.service
           └─6366 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.d

 Aug 19 02:12:08 rpi4b dnsmasq[6366]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth 
 Aug 19 02:12:08 rpi4b dnsmasq-dhcp[6366]: DHCP, IP range 192.168.240.50 -- 192.168.240.150, lease time 12h
 Aug 19 02:12:08 rpi4b dnsmasq[6366]: using nameserver 8.8.8.8#53
 Aug 19 02:12:08 rpi4b dnsmasq[6366]: reading /run/dnsmasq/resolv.conf
 Aug 19 02:12:08 rpi4b dnsmasq[6366]: using nameserver 8.8.8.8#53
 Aug 19 02:12:08 rpi4b dnsmasq[6366]: using nameserver 192.168.1.254#53
 Aug 19 02:12:08 rpi4b dnsmasq[6366]: using nameserver 2600:1700:cce0:f710::1#53
 Aug 19 02:12:08 rpi4b dnsmasq[6366]: read /etc/hosts - 5 addresses
 Aug 19 02:12:08 rpi4b dnsmasq[6367]: Too few arguments.
 Aug 19 02:12:08 rpi4b systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.

 $ sudo systemctl status hostapd
 $ sudo systemctl unmask hostapd
 $ sudo systemctl enable hostapd
 $ sudo systemctl start  hostapd

 $ sudo systemctl status hostapd
 ● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
   Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2020-08-19 13:26:08 PDT; 2s ago
  Process: 10854 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
 Main PID: 10856 (hostapd)
    Tasks: 1 (limit: 4915)
   Memory: 484.0K
   CGroup: /system.slice/hostapd.service
           └─10856 /usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf

 Aug 19 13:26:08 rpi4b systemd[1]: Starting Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator...
 Aug 19 13:26:08 rpi4b hostapd[10854]: Configuration file: /etc/hostapd/hostapd.conf
 Aug 19 13:26:08 rpi4b hostapd[10854]: wlan0_ap: Could not connect to kernel driver
 Aug 19 13:26:08 rpi4b hostapd[10854]: Using interface wlan0_ap with hwaddr dc:a6:32:37:65:2b and ssid "WPA3-Network"
 Aug 19 13:26:08 rpi4b hostapd[10854]: wlan0_ap: interface state UNINITIALIZED->ENABLED
 Aug 19 13:26:08 rpi4b hostapd[10854]: wlan0_ap: AP-ENABLED
 Aug 19 13:26:08 rpi4b systemd[1]: Started Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.


 	## debug use command line
 	$ sudo dnsmasq --no-daemon --log-queries

 	## use command line
 	$ sudo dnsmasq --interface=wlan0_ap --dhcp-range=192.168.240.50,192.168.240.150,12h --server=8.8.8.8
 	$ sudo hostapd -dd -K -t /etc/hostapd/hostapd.conf

 #
 #@	OPEN ISSUE
 #

 	- Pixel3 can successfully join (via hostapd) and acquire an IP address (via dnsmasq)'
 	  but still shows "Connected, no internet"

 	  -- weird solution:

 		$ sudo tcpdump -iwlan0_ap -xx
	Configure Raspberry Pi 4B as an AP

	- use virtual interface wlan0_ap
	#
	#
	#

	#
	#@ one-time system configuration

	# sysctl net.ipv4.ip_forward
	net.ipv4.ip_forward = 0
	# sysctl net.ipv4.ip_forward=1
	net.ipv4.ip_forward = 1

	# echo 1 > /proc/sys/net/ipv4/ip_forward

	# grep ip_forward /etc/sysctl.conf
	net.ipv4.ip_forward=1

	#
	#@ create iptables rules

	$ IF_WLAN=wlan0_ap
	$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
	$ sudo iptables -A FORWARD -i eth0 -o ${IF_WLAN} -m state --state RELATED,ESTABLISHED -j ACCEPT
	$ sudo iptables -A FORWARD -i ${IF_WLAN} -o eth0 -j ACCEPT

	#
	$ sudo iptables -t nat -S
	$ sudo iptables -S

	$ sudo iptables-save
	# Generated by xtables-save v1.8.2 on Wed Aug 19 13:12:41 2020
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	-A FORWARD -i eth0 -o wlan0_ap -m state --state RELATED,ESTABLISHED -j ACCEPT
	-A FORWARD -i wlan0_ap -o eth0 -j ACCEPT
	COMMIT
	# Completed on Wed Aug 19 13:12:41 2020
	# Generated by xtables-save v1.8.2 on Wed Aug 19 13:12:41 2020
	*nat
	:PREROUTING ACCEPT [0:0]
	:INPUT ACCEPT [0:0]
	:POSTROUTING ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	-A POSTROUTING -o eth0 -j MASQUERADE
	COMMIT
	# Completed on Wed Aug 19 13:12:41 2020

	#
	#@ list wifi capability

	# iw info
	# iw list \| grep -A6 valid
	valid interface combinations:
	* #{ managed } <= 1, #{ P2P-device } <= 1, #{ P2P-client, P2P-GO } <= 1,
	total <= 3, #channels <= 2
	* #{ managed } <= 1, #{ AP } <= 1, #{ P2P-client } <= 1, #{ P2P-device } <= 1,
	total <= 4, #channels <= 1
	Device supports scan flush.
	Device supports randomizing MAC-addr in sched scans.

	#
	#@ show current configuration

	# iw dev wlan0 info
	Interface wlan0
	ifindex 3
	wdev 0x1
	addr dc:a6:32:37:65:2a
	ssid ATT-MINIONS
	type managed
	wiphy 0
	channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
	txpower 31.00 dBm
	# ifconfig wlan0
	wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
	inet 192.168.1.141 netmask 255.255.255.0 broadcast 192.168.1.255
	inet6 2600:1700:cce0:f710:e0ec:4087:b91b:5113 prefixlen 64 scopeid 0x0<global>
	inet6 2600:1700:cce0:f710::32 prefixlen 128 scopeid 0x0<global>
	inet6 fe80::30a3:56f6:6eb1:3c58 prefixlen 64 scopeid 0x20<link>
	ether dc:a6:32:37:65:2a txqueuelen 1000 (Ethernet)
	RX packets 298123 bytes 30727078 (29.3 MiB)
	RX errors 0 dropped 0 overruns 0 frame 0
	TX packets 20102 bytes 2330494 (2.2 MiB)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

	#
	#@ create virtual wifi interface
	#
	# https://superuser.com/q/615664/109777

	# iw dev wlan0 interface add wlan0_ap type __ap

	## alternative command via phy interface
	$ sudo iw phy phy0 interface add wlan0_ap type __ap

	## to remove the interface
	$ sudo iw dev wlan0_ap del

	# iw dev wlan0_ap info
	Interface wlan0_ap
	ifindex 4
	wdev 0x3
	addr dc:a6:32:37:65:2a
	type AP
	wiphy 0
	channel 11 (2462 MHz), width: 20 MHz, center1: 2462 MHz
	txpower 31.00 dBm

	# ifconfig wlan0_ap hw ether dc:a6:32:37:65:2b

	# ifconfig wlan0_ap
	wlan0_ap: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
	ether dc:a6:32:37:65:2b txqueuelen 1000 (Ethernet)
	RX packets 0 bytes 0 (0.0 B)
	RX errors 0 dropped 0 overruns 0 frame 0
	TX packets 0 bytes 0 (0.0 B)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

	#
	#@ configure virtual wifi interface

	# ifconfig wlan0_ap 192.168.240.1/24 up

	# ifconfig wlan0_ap
	wlan0_ap: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
	inet 192.168.240.1 netmask 255.255.255.0 broadcast 192.168.240.255
	ether dc:a6:32:37:65:2b txqueuelen 1000 (Ethernet)
	RX packets 0 bytes 0 (0.0 B)
	RX errors 0 dropped 2 overruns 0 frame 0
	TX packets 0 bytes 0 (0.0 B)
	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

	#
	#@ required software packages

	[optional] # apt-get install -y hostapd dnsmasq

	#
	#@ configure dnsmasq

	# cat > /etc/dnsmasq.conf <<-_eof_
	# dnsmasq using wlan0_ap
	dhcp-mac=set:client_is_a_pi,B8:27:EB:::*
	dhcp-reply-delay=tag:client_is_a_pi,2
	interface=wlan0_ap
	server=8.8.8.8 # use Google DNS
	dhcp-range=192.168.240.50,192.168.240.150,12h # DHCP IP range & lease time
	_eof_

	#
	#@ configure hostapd (2.7 required for WPA3)

	# cat > /etc/hostapd/hostapd.conf <<-_eof_
	# hostapd using wlan0_ap
	interface=wlan0_ap
	ssid=WPA3-Network
	hw_mode=g
	channel=1
	macaddr_acl=0
	ignore_broadcast_ssid=0
	auth_algs=1
	wpa=2
	wpa_passphrase=123456789a
	wpa_key_mgmt=WPA-PSK
	rsn_pairwise=CCMP
	driver=nl80211
	ctrl_interface=/var/run/hostapd
	ctrl_interface_group=0
	_eof_

	#
	#@ start dnsmasq and hostapd

	# service dnsmasq restart
	root@rpi4b:/home/pi # service dnsmasq status
	● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
	Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; vendor preset: enabled)
	Active: active (running) since Wed 2020-08-19 02:12:08 BST; 24s ago
	Process: 6357 ExecStartPre=/usr/sbin/dnsmasq --test (code=exited, status=0/SUCCESS)
	Process: 6358 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
	Process: 6367 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
	Main PID: 6366 (dnsmasq)
	Tasks: 1 (limit: 4915)
	Memory: 1.3M
	CGroup: /system.slice/dnsmasq.service
	└─6366 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.d

	Aug 19 02:12:08 rpi4b dnsmasq[6366]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth
	Aug 19 02:12:08 rpi4b dnsmasq-dhcp[6366]: DHCP, IP range 192.168.240.50 -- 192.168.240.150, lease time 12h
	Aug 19 02:12:08 rpi4b dnsmasq[6366]: using nameserver 8.8.8.8#53
	Aug 19 02:12:08 rpi4b dnsmasq[6366]: reading /run/dnsmasq/resolv.conf
	Aug 19 02:12:08 rpi4b dnsmasq[6366]: using nameserver 8.8.8.8#53
	Aug 19 02:12:08 rpi4b dnsmasq[6366]: using nameserver 192.168.1.254#53
	Aug 19 02:12:08 rpi4b dnsmasq[6366]: using nameserver 2600:1700:cce0:f710::1#53
	Aug 19 02:12:08 rpi4b dnsmasq[6366]: read /etc/hosts - 5 addresses
	Aug 19 02:12:08 rpi4b dnsmasq[6367]: Too few arguments.
	Aug 19 02:12:08 rpi4b systemd[1]: Started dnsmasq - A lightweight DHCP and caching DNS server.

	$ sudo systemctl status hostapd
	$ sudo systemctl unmask hostapd
	$ sudo systemctl enable hostapd
	$ sudo systemctl start hostapd

	$ sudo systemctl status hostapd
	● hostapd.service - Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
	Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
	Active: active (running) since Wed 2020-08-19 13:26:08 PDT; 2s ago
	Process: 10854 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
	Main PID: 10856 (hostapd)
	Tasks: 1 (limit: 4915)
	Memory: 484.0K
	CGroup: /system.slice/hostapd.service
	└─10856 /usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf

	Aug 19 13:26:08 rpi4b systemd[1]: Starting Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator...
	Aug 19 13:26:08 rpi4b hostapd[10854]: Configuration file: /etc/hostapd/hostapd.conf
	Aug 19 13:26:08 rpi4b hostapd[10854]: wlan0_ap: Could not connect to kernel driver
	Aug 19 13:26:08 rpi4b hostapd[10854]: Using interface wlan0_ap with hwaddr dc:a6:32:37:65:2b and ssid "WPA3-Network"
	Aug 19 13:26:08 rpi4b hostapd[10854]: wlan0_ap: interface state UNINITIALIZED->ENABLED
	Aug 19 13:26:08 rpi4b hostapd[10854]: wlan0_ap: AP-ENABLED
	Aug 19 13:26:08 rpi4b systemd[1]: Started Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator.


	## debug use command line
	$ sudo dnsmasq --no-daemon --log-queries

	## use command line
	$ sudo dnsmasq --interface=wlan0_ap --dhcp-range=192.168.240.50,192.168.240.150,12h --server=8.8.8.8
	$ sudo hostapd -dd -K -t /etc/hostapd/hostapd.conf

	#
	#@ OPEN ISSUE
	#

	- Pixel3 can successfully join (via hostapd) and acquire an IP address (via dnsmasq)'
	but still shows "Connected, no internet"

	-- weird solution:

	$ sudo tcpdump -iwlan0_ap -xx