Raspberry WLAN Access Point Tutorial - NicoHood/NicoHood.github.io GitHub Wiki
Archlinux tutorial will follow and will be much simpler.
# Install dependencies
sudo apt-get install hostapd dnsmasq iptables-persistent
# Edit config files (samples below)
sudo nano /etc/network/interfaces
sudo nano /etc/hostapd/hostapd.conf
sudo nano /etc/dnsmasq.d/dnsmasq.conf
sudo nano /etc/sysctl.d/50-hostapd.conf
# Configure iptables
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sudo dpkg-reconfigure iptables-persistent
# Reboot system
sudo reboot# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
iface eth0 inet manual
#allow-hotplug wlan0
#iface wlan0 inet manual
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
allow-hotplug wlan1
iface wlan1 inet manual
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# Interface Settings
interface=wlan0
driver=nl80211
# Wifi AP Settings
ssid=hackallthethings
wpa_passphrase=hackallthethings
hw_mode=g
channel=6
ieee80211n=1
# Encryption Settings
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# Accept all MAC addresses
macaddr_acl=0
# Require clients to know the network name
#ignore_broadcast_ssid=0
# Enable WMM (QoS)
wmm_enabled=1
interface=wlan0 # Use interface wlan0
bind-interfaces # Bind to the interface to make sure we aren't sending things elsewhere
#server=8.8.8.8 # Forward DNS requests to Google DNS
domain-needed # Don't forward short names
bogus-priv # Never forward addresses in the non-routed address spaces.
dhcp-range=192.168.42.100,192.168.42.150,12h
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
sudo apt-get install qrencode rng-tools
sudo nano /usr/local/bin/wlankeygen
sudo chmod +x /usr/local/bin/wlankeygen
sudo crontab -e
mkdir -p ~/bin
nano ~/bin/wlanqrgen
chmod +x ~/bin/wlanqrgen#!/bin/bash
# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
# Generate new wlan password and safe it. Don't use special chars to make it simpler
WLANPSK=$(</dev/random tr -dc '[:graph:]'| head -c 63 )
sed -ie "s/wpa_passphrase=.*/wpa_passphrase=${WLANPSK}/" /etc/hostapd/hostapd.conf
service hostapd reload
echo "New WLAN password was generated and hostapd reloaded."#!/bin/bash
# Read in current setting
# Attention! eval is dangerous if hostapd.conf file can be modified from another user!
# If this script is run as root, one could insert 'ssid="nothing" reboot'
eval $(grep "^wpa_passphrase=" /etc/hostapd/hostapd.conf)
eval $(grep "^ssid=" /etc/hostapd/hostapd.conf)
eval $(grep "^ignore_broadcast_ssid=" /etc/hostapd/hostapd.conf)
hidden="false"
if [ "${ignore_broadcast_ssid}" == "0" ]
then
hidden="true"
fi
# Generate QR code pictures for Android and Windows
qrencode -t PNG -o ~/Pictures/android.png -s 4 "WIFI:T:WPA;S:${ssid};P:${wpa_passphrase};H:${hidden};"
qrencode -t PNG -o ~/Pictures/windows.png -s 4 "WIFI;T:WPA;S:${ssid};P:${wpa_passphrase};H:${hidden};"
# IOS requires a hosted webpage which I do not want to host
# Use the copy to clipboard function for the password and manually connect instead.
qrencode -t PNG -o ~/Pictures/ios.png -s 4 "${wpa_passphrase}"# DO NOT EDIT THIS FILE - edit the master and reinstall.
0 6 * * * /usr/local/bin/wlankeygen
You can also use a python gui to display the current password and its qr codes.
#TODO
sudo apt-get install qrencode python-kivy rng-tools python-configobj
nano /usr/local/bin/guestwlan.py
nano /usr/local/bin/guestwlan.kv- https://learn.adafruit.com/setting-up-a-raspberry-pi-as-a-wifi-access-point?view=all
- https://frillip.com/using-your-raspberry-pi-3-as-a-wifi-access-point-with-hostapd/
- http://elinux.org/RPI-Wireless-Hotspot
- http://www.heise.de/ct/ausgabe/2016-10-Raspberry-Pi-als-Hacking-Werkzeug-fuer-SSL-und-Man-in-the-Middle-Angriffe-3184891.html
- http://www.heise.de/ct/ausgabe/2016-10-Raspberry-Pi-als-Hacking-Werkzeug-fuer-SSL-und-Man-in-the-Middle-Angriffe-3184891.html