Turn the Raspberry Pi into a wireless AP
Environmental requirements:
- Raspberry Pi 4B (4GB
- TF card (minimum 16GB)
- One Ethernet cable
- One PC (Mac as an example in this example)
This article has been updated on 2020-11-23 and provides solutions for iptables errors
1 System installation
1.1 Download system image (32bit)
As of now (2020-11-20), the latest version of the Raspberry Pi system mirror of the Tsinghua University open source software mirror station is 2020-08-20 , choose 2020-08-20-raspios-buster-armhf-lite.zip File, download it to the local.
1.2 Download Raspberry Pi Image
This tool is provided by the official Raspberry Fool Raspberry Pi OS will be programmed into the software TF card from Tsinghua source can be downloaded on the latest version is imager_1.4, based on its own operating system, select the appropriate version of downloading, can. Mac system download imager_1.4.dmg , Windows system download imager_1.4.exe , download Ubuntu system imager_1.4_amd64.deb .
1.3 Burn image file to TF card
Generally, a 16GB TF card is sufficient. First, open the Raspberry Pi Image software, and the interface after startup is as follows:
Click the CHOOSE OS button under Operating System and select "Erase"
Then insert the TF card into the card reader, insert the card reader into the USB3.0 interface of the PC, click the CHOOSE SD CARD button under SD Card, and select the TF card just inserted.
Then, click the "WRITE" button to start erasing and formatting the TF card, and wait until the operation is complete.
After formatting is complete, still select "Use custom" in this interface.
And in the pop-up dialog box, find the image file you downloaded earlier, then select the SD card as the TF card just formatted, and finally click "WRITE", and wait for the image burning to complete.
After the programming is completed, a disk system named "boot" will appear, where our system image is ready to be programmed.
2 Configure Raspberry Pi
2.1 Open SSH
Open "boot" with VS Code and create a file named "ssh" in the root directory system. Note that the name of this file is "ssh", all lowercase, no extension, and no content. Once created, just close it. In this way, you can connect to the Raspberry Pi remotely via ssh.
2.2 Connect to Raspberry Pi using SSH
First plug in the Ethernet cable to the Raspberry Pi, and then power it on.
Wait for a while, the general home wireless router has its own management software, I use Xiaomi WiFi. You can view the connected device information through the Xiaomi WiFi APP, find the device called "raspberrypi", click to view the network information, you can get the ip address of the raspberry pi in the home LAN, here is 192.168.31.187, remember With this address, you can then use SSH to access the Raspberry Pi through the terminal.
Start the terminal and enter the command
~ $ ssh [email protected]
During the first visit, the PC will request to record the permission to access this remote device. So please enter "yes" and press Enter, and then we will be asked to enter the login password of the Raspberry Pi account "pi". The default password is "raspberry". After entering it correctly, press Enter to see this welcome page and see The terminal display has changed to the host information of "pi@raspberrypi:", which shows that we successfully entered the Raspberry Pi system through SSH.
2.3 Replacing domestic sources for Raspberry Pi
This must be done, otherwise you will go crazy afterwards.
sudo nano /etc/apt/sources.list
Comment out the contents of the file and add the following
deb http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib
deb-src http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib
Then control-o press Enter to save, and control-x closes.
Similarly, the /etc/apt/sources.list.d/raspi.list
contents of the document are also replaced.
sudo nano /etc/apt/sources.list
The replacement content is:
deb http://mirrors.tuna.tsinghua.edu.cn/raspberrypi/ buster main ui
Then control-o press Enter to save, control-x close
2.4 Update
Execute the update software command in the terminal first.
sudo apt-get update
sudo apt-get dist-upgrade
2.5 Configuration
Execute in the terminal
sudo raspi-config
The configuration interface shown in the figure below will be launched. Use the up and down direction keys on the keyboard to select 5 Localisation Options
and press Enter.
After entering the secondary interface of configuration, select L1 Locale
and press Enter.
At this time, the Raspberry Pi will first return to the terminal environment, and then soon enter the interface shown below.
First of all keys on the screen keyboard or the mouse scroll direction of the Locales to be generated:
area until it finds zh_CN.UTF-8 UTF-8
, then press 空格键
be selected, select the effect that there will be a "*" sign. Please press Enter to complete the selection.
At this time, the interface of "Set the default local environment of the system" as shown in the figure below will appear. Here I choose en_US.UTF-8
Then on this interface, press the "right arrow" button on the keyboard, select it <OK>
, press Enter, the Raspberry Pi will return to the terminal, and a few lines of configuration process information will appear in the interface. Don't worry, just wait for it to be configured. , And then you will return to the initial configuration interface.
Press the "right arrow" button twice, select <Finish>
, and press Enter.
If it is the first configuration, it should restart you, just follow the prompts and restart.
Wait for about 1 minute, then use SSH to log in to the Raspberry Pi.
3 Install RaspAP (manually)
3.1 Principle introduction
First, borrow a picture from the " Configure Wireless Access Point " page on RaspberryPi's official website to explain what role our Raspberry Pi plays in the network as a wireless AP.
Figure RPi
and PC#1
, PC#2
connected in common to the home LAN environment, their IP address ranges are "10.10.0.X", the address range is a figure Router
, they are created to be responsible for the distribution of the "Router" In the local area network environment, they can communicate with each other.
Configured wireless AP RPi
there is another address is "192.168.4.1", while the far right of the picture Laptop
address is "192.168.4.2", that is to say the "Laptop" is a local area network by the "RPi" created In the environment, it can only communicate with "RPi". In this way, if "RPi" can access the external network, "Laptop" can also access the external network with the help of "RPi"; if "RPi" does not have a network cable connected to the external network and cannot access the Internet, then "Laptop" cannot access the external network either , But it can still communicate with the "RPi" LAN.
3.2 Introduction to RaspAP
RaspAP is a graphical management tool that runs on the Raspberry Pi and can use the Raspberry Pi as a wireless AP. After we install RaspAP on the Raspberry Pi, we can easily configure the wireless AP function through the web page.
RaspAP's official website gives a "Quick Installer", which is actually to execute the following command on the Raspberry Pi terminal
curl -sL https://install.raspap.com | bash
After running this command by itself, our Raspberry Pi has some wireless access configuration information listed in the figure above.
Unfortunately, this command is not available here due to network reasons, so we need to use the "manual" method to install and configure.
3.3 RaspAP manual installation steps
For the manual installation instructions, I referred to the steps in the Manual installation page and made some adjustments. My installation steps are listed below.
Step1: Install the necessary dependencies
sudo apt-get install lighttpd git hostapd dnsmasq iptables-persistent vnstat qrencode php7.3-cgi
Step2: Open lighttpd service
sudo lighttpd-enable-mod fastcgi-php
You will see the following output:
Met dependency: fastcgi
Enabling fastcgi-php: ok
Enabling fastcgi: ok
Run "service lighttpd force-reload" to enable changes
Continue to execute instructions:
sudo service lighttpd force-reload
sudo systemctl restart lighttpd.service
Step3: Clone raspap-webgui source code
This source code repository is on GitHub. Due to the network, the download speed is very slow. I have imported this repository to Code Cloud, so the clone address will be different from the command of the official website document.
pi@raspberrypi:~ $ sudo rm -rf /var/www/html
pi@raspberrypi:~ $ sudo git clone https://gitee.com/ursaminor68/raspap-webgui.git /var/www/html
The following output will appear at this time:
Cloning into '/var/www/html'...
remote: Enumerating objects: 19377, done.
remote: Counting objects: 100% (19377/19377), done.
remote: Compressing objects: 100% (10829/10829), done.
remote: Total 19377 (delta 7163), reused 19377 (delta 7163), pack-reused 0
Receiving objects: 100% (19377/19377), 20.96 MiB | 2.46 MiB/s, done.
Resolving deltas: 100% (7163/7163), done.
Seeing this information indicates that the cloning is complete.
Step4: A large wave of instructions
The following instructions are moved from the manual installation guide interface of RaspAP, just execute all the following instructions honestly.
Add sudo permissions to the "www-dtata" user
cd /var/www/html
sudo cp installers/raspap.sudoers /etc/sudoers.d/090_raspap
Create a bunch of RaspAP configuration directory, add the /etc/dhcpcd.conf
document as a basis for the profile.
sudo mkdir /etc/raspap/
sudo mkdir /etc/raspap/backups
sudo mkdir /etc/raspap/networking
sudo mkdir /etc/raspap/hostapd
sudo mkdir /etc/raspap/lighttpd
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
To change the user groups and permissions of some files and directories, just click.
sudo cp raspap.php /etc/raspap
sudo chown -R www-data:www-data /var/www/html
sudo chown -R www-data:www-data /etc/raspap
sudo mv installers/*log.sh /etc/raspap/hostapd
sudo mv installers/service*.sh /etc/raspap/hostapd
sudo chown -c root:www-data /etc/raspap/hostapd/*.sh
Execution here will see the following output:
changed ownership of '/etc/raspap/hostapd/disablelog.sh' from www-data:www-data to root:www-data
changed ownership of '/etc/raspap/hostapd/enablelog.sh' from www-data:www-data to root:www-data
changed ownership of '/etc/raspap/hostapd/servicestart.sh' from www-data:www-data to root:www-data
Continue to execute instructions:
sudo chmod 750 /etc/raspap/hostapd/*.sh
sudo cp installers/configport.sh /etc/raspap/lighttpd
sudo chown -c root:www-data /etc/raspap/lighttpd/*.sh
When executed, you will see the output:
changed ownership of '/etc/raspap/lighttpd/configport.sh' from root:root to root:www-data
Continue to execute instructions:
sudo mv installers/raspapd.service /lib/systemd/system
sudo systemctl daemon-reload
sudo systemctl enable raspapd.service
When executed, you will see the output:
Created symlink /etc/systemd/system/multi-user.target.wants/raspapd.service → /lib/systemd/system/raspapd.service.
Continue to execute instructions:
sudo mv /etc/default/hostapd ~/default_hostapd.old
sudo cp /etc/hostapd/hostapd.conf ~/hostapd.conf.old
sudo cp config/default_hostapd /etc/default/hostapd
sudo cp config/hostapd.conf /etc/hostapd/hostapd.conf
sudo cp config/dnsmasq.conf /etc/dnsmasq.d/090_raspap.conf
sudo cp config/dhcpcd.conf /etc/dhcpcd.conf
sudo cp config/config.php /var/www/html/includes/
Too many instructions, I am afraid to read the serial :)
sudo systemctl stop systemd-networkd
sudo systemctl disable systemd-networkd
sudo cp config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev
sudo cp config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network
echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/90_raspap.conf > /dev/null
sudo sysctl -p /etc/sysctl.d/90_raspap.conf
sudo /etc/init.d/procps restart
See the following output:
[ ok ] Restarting procps (via systemctl): procps.service.
Continue to execute instructions:
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
If you see the following error message after execution:
iptables/1.8.2 Failed to initialize nft: Protocol not supported
Please execute first
sudo reboot
Restart the Raspberry Pi, then your terminal will exit the ssh connection, wait for about 1 minute, and execute ssh login again
ssh [email protected]
Then re-execute
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
If there is no error, you can continue to execute the following instructions
sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/rules.v4
See the following output:
# Generated by xtables-save v1.8.2 on Sat Nov 21 22:43:02 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sat Nov 21 22:43:02 2020
# Generated by xtables-save v1.8.2 on Sat Nov 21 22:43:02 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
COMMIT
# Completed on Sat Nov 21 22:43:02 2020
Then, continue to execute the command:
sudo systemctl unmask hostapd.service
sudo systemctl enable hostapd.service
See the following output:
Synchronizing state of hostapd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable hostapd
Then execute
sudo reboot
The system restarts. Wait for 1~2 minutes. You should be able to see an extra "raspi-webgui" in your wireless network connection signal
Successful installation of RaspAP~~!
4 RaspAP WebGUI
After finding "raspi-webgui" in the wireless signal with the PC, click Connect, and enter the initial password "ChangeMe", then you can enter the address in the browser of the PC:, the http://10.3.14.1
user name admin
and the password are secret
, enter the following screen
because We have previously configured the local language environment as "zh_CN", so what we see is the Chinese interface, which is very kind.
If you don't like the name "raspi-webgui", you can modify it as shown in the figure below.
This way it is easy to remember, and it will not conflict with other wireless AP names that are also made of Raspberry Pi.
The other configuration options basically do not need to be changed except for changing the password. Unless you know exactly what you want to change, it is best not to change at will.
5 Log in to the Raspberry Pi wireless AP with SSH
If your PC is connected to the wireless network AP raspberry pie, then the future can ssh 10.3.141.1
to log Raspberry Pi operating this address. [Emphasis, even if the Raspberry Pi is not connected to the network cable at this time, its wireless AP is also available]
When you use your Raspberry Pi as the driver board of the smart car, if you need to control the Raspberry Pi through a computer, you only need to connect your computer to the Raspberry Pi’s wireless AP signal, and then choose SSH to log in to the Raspberry. Pi, enter the terminal interface of the Raspberry Pi to control the code.