Turn the Raspberry Pi into a wireless AP

Turn the Raspberry Pi into a wireless AP

Environmental requirements:

• Raspberry Pi 4B （4GB
• TF card (minimum 16GB)
• One Ethernet cable
• One PC (Mac as an example in this example)

This article has been updated on 2020-11-23 and provides solutions for iptables errors

1 System installation

1.1 Download system image (32bit)

As of now (2020-11-20), the latest version of the Raspberry Pi system mirror of the Tsinghua University open source software mirror station is 2020-08-20 , choose 2020-08-20-raspios-buster-armhf-lite.zip File, download it to the local.

1.2 Download Raspberry Pi Image

This tool is provided by the official Raspberry Fool Raspberry Pi OS will be programmed into the software TF card from Tsinghua source can be downloaded on the latest version is imager_1.4, based on its own operating system, select the appropriate version of downloading, can. Mac system download imager_1.4.dmg , Windows system download imager_1.4.exe , download Ubuntu system imager_1.4_amd64.deb .

1.3 Burn image file to TF card

Generally, a 16GB TF card is sufficient. First, open the Raspberry Pi Image software, and the interface after startup is as follows:

Click the CHOOSE OS button under Operating System and select "Erase"

Then insert the TF card into the card reader, insert the card reader into the USB3.0 interface of the PC, click the CHOOSE SD CARD button under SD Card, and select the TF card just inserted.

Then, click the "WRITE" button to start erasing and formatting the TF card, and wait until the operation is complete.

After formatting is complete, still select "Use custom" in this interface.

And in the pop-up dialog box, find the image file you downloaded earlier, then select the SD card as the TF card just formatted, and finally click "WRITE", and wait for the image burning to complete.

After the programming is completed, a disk system named "boot" will appear, where our system image is ready to be programmed.

2 Configure Raspberry Pi

2.1 Open SSH

Open "boot" with VS Code and create a file named "ssh" in the root directory system. Note that the name of this file is "ssh", all lowercase, no extension, and no content. Once created, just close it. In this way, you can connect to the Raspberry Pi remotely via ssh.

2.2 Connect to Raspberry Pi using SSH

First plug in the Ethernet cable to the Raspberry Pi, and then power it on.

Wait for a while, the general home wireless router has its own management software, I use Xiaomi WiFi. You can view the connected device information through the Xiaomi WiFi APP, find the device called "raspberrypi", click to view the network information, you can get the ip address of the raspberry pi in the home LAN, here is 192.168.31.187, remember With this address, you can then use SSH to access the Raspberry Pi through the terminal.

Start the terminal and enter the command

~ $ ssh [email protected]

During the first visit, the PC will request to record the permission to access this remote device. So please enter "yes" and press Enter, and then we will be asked to enter the login password of the Raspberry Pi account "pi". The default password is "raspberry". After entering it correctly, press Enter to see this welcome page and see The terminal display has changed to the host information of "pi@raspberrypi:", which shows that we successfully entered the Raspberry Pi system through SSH.

2.3 Replacing domestic sources for Raspberry Pi

This must be done, otherwise you will go crazy afterwards.

sudo nano /etc/apt/sources.list

Comment out the contents of the file and add the following

deb http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib
deb-src http://mirrors.tuna.tsinghua.edu.cn/raspbian/raspbian/ buster main non-free contrib

Then control-o press Enter to save, and control-x closes.

Similarly, the /etc/apt/sources.list.d/raspi.listcontents of the document are also replaced.

sudo nano /etc/apt/sources.list

The replacement content is:

deb http://mirrors.tuna.tsinghua.edu.cn/raspberrypi/ buster main ui

Then control-o press Enter to save, control-x close

2.4 Update

Execute the update software command in the terminal first.

sudo apt-get update
sudo apt-get dist-upgrade

2.5 Configuration

Execute in the terminal

sudo raspi-config

The configuration interface shown in the figure below will be launched. Use the up and down direction keys on the keyboard to select 5 Localisation Optionsand press Enter.

After entering the secondary interface of configuration, select L1 Localeand press Enter.

At this time, the Raspberry Pi will first return to the terminal environment, and then soon enter the interface shown below.

First of all keys on the screen keyboard or the mouse scroll direction of the Locales to be generated:area until it finds zh_CN.UTF-8 UTF-8, then press 空格键be selected, select the effect that there will be a "*" sign. Please press Enter to complete the selection.

At this time, the interface of "Set the default local environment of the system" as shown in the figure below will appear. Here I choose en_US.UTF-8

Then on this interface, press the "right arrow" button on the keyboard, select it <OK>, press Enter, the Raspberry Pi will return to the terminal, and a few lines of configuration process information will appear in the interface. Don't worry, just wait for it to be configured. , And then you will return to the initial configuration interface.

Press the "right arrow" button twice, select <Finish>, and press Enter.

If it is the first configuration, it should restart you, just follow the prompts and restart.

Wait for about 1 minute, then use SSH to log in to the Raspberry Pi.

3 Install RaspAP (manually)

3.1 Principle introduction

First, borrow a picture from the " Configure Wireless Access Point " page on RaspberryPi's official website to explain what role our Raspberry Pi plays in the network as a wireless AP.

Figure RPiand PC#1, PC#2connected in common to the home LAN environment, their IP address ranges are "10.10.0.X", the address range is a figure Router, they are created to be responsible for the distribution of the "Router" In the local area network environment, they can communicate with each other.

Configured wireless AP RPithere is another address is "192.168.4.1", while the far right of the picture Laptopaddress is "192.168.4.2", that is to say the "Laptop" is a local area network by the "RPi" created In the environment, it can only communicate with "RPi". In this way, if "RPi" can access the external network, "Laptop" can also access the external network with the help of "RPi"; if "RPi" does not have a network cable connected to the external network and cannot access the Internet, then "Laptop" cannot access the external network either , But it can still communicate with the "RPi" LAN.

3.2 Introduction to RaspAP

RaspAP is a graphical management tool that runs on the Raspberry Pi and can use the Raspberry Pi as a wireless AP. After we install RaspAP on the Raspberry Pi, we can easily configure the wireless AP function through the web page.

RaspAP's official website gives a "Quick Installer", which is actually to execute the following command on the Raspberry Pi terminal

curl -sL https://install.raspap.com | bash

After running this command by itself, our Raspberry Pi has some wireless access configuration information listed in the figure above.

Unfortunately, this command is not available here due to network reasons, so we need to use the "manual" method to install and configure.

3.3 RaspAP manual installation steps

For the manual installation instructions, I referred to the steps in the Manual installation page and made some adjustments. My installation steps are listed below.

Step1: Install the necessary dependencies

sudo apt-get install lighttpd git hostapd dnsmasq iptables-persistent vnstat qrencode php7.3-cgi

Step2: Open lighttpd service

sudo lighttpd-enable-mod fastcgi-php

You will see the following output:

Met dependency: fastcgi
Enabling fastcgi-php: ok
Enabling fastcgi: ok
Run "service lighttpd force-reload" to enable changes

Continue to execute instructions:

sudo service lighttpd force-reload
sudo systemctl restart lighttpd.service

Step3: Clone raspap-webgui source code

This source code repository is on GitHub. Due to the network, the download speed is very slow. I have imported this repository to Code Cloud, so the clone address will be different from the command of the official website document.

pi@raspberrypi:~ $ sudo rm -rf /var/www/html
pi@raspberrypi:~ $ sudo git clone https://gitee.com/ursaminor68/raspap-webgui.git /var/www/html

The following output will appear at this time:

Cloning into '/var/www/html'...
remote: Enumerating objects: 19377, done.
remote: Counting objects: 100% (19377/19377), done.
remote: Compressing objects: 100% (10829/10829), done.
remote: Total 19377 (delta 7163), reused 19377 (delta 7163), pack-reused 0
Receiving objects: 100% (19377/19377), 20.96 MiB | 2.46 MiB/s, done.
Resolving deltas: 100% (7163/7163), done.

Seeing this information indicates that the cloning is complete.

Step4: A large wave of instructions

The following instructions are moved from the manual installation guide interface of RaspAP, just execute all the following instructions honestly.

Add sudo permissions to the "www-dtata" user

cd /var/www/html
sudo cp installers/raspap.sudoers /etc/sudoers.d/090_raspap

Create a bunch of RaspAP configuration directory, add the /etc/dhcpcd.confdocument as a basis for the profile.

sudo mkdir /etc/raspap/
sudo mkdir /etc/raspap/backups
sudo mkdir /etc/raspap/networking
sudo mkdir /etc/raspap/hostapd
sudo mkdir /etc/raspap/lighttpd
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null

To change the user groups and permissions of some files and directories, just click.

sudo cp raspap.php /etc/raspap
sudo chown -R www-data:www-data /var/www/html
sudo chown -R www-data:www-data /etc/raspap
sudo mv installers/*log.sh /etc/raspap/hostapd
sudo mv installers/service*.sh /etc/raspap/hostapd
sudo chown -c root:www-data /etc/raspap/hostapd/*.sh

Execution here will see the following output:

changed ownership of '/etc/raspap/hostapd/disablelog.sh' from www-data:www-data to root:www-data
changed ownership of '/etc/raspap/hostapd/enablelog.sh' from www-data:www-data to root:www-data
changed ownership of '/etc/raspap/hostapd/servicestart.sh' from www-data:www-data to root:www-data

Continue to execute instructions:

sudo chmod 750 /etc/raspap/hostapd/*.sh
sudo cp installers/configport.sh /etc/raspap/lighttpd
sudo chown -c root:www-data /etc/raspap/lighttpd/*.sh

When executed, you will see the output:

changed ownership of '/etc/raspap/lighttpd/configport.sh' from root:root to root:www-data

Continue to execute instructions:

sudo mv installers/raspapd.service /lib/systemd/system
sudo systemctl daemon-reload
sudo systemctl enable raspapd.service

When executed, you will see the output:

Created symlink /etc/systemd/system/multi-user.target.wants/raspapd.service → /lib/systemd/system/raspapd.service.

Continue to execute instructions:

sudo mv /etc/default/hostapd ~/default_hostapd.old
sudo cp /etc/hostapd/hostapd.conf ~/hostapd.conf.old
sudo cp config/default_hostapd /etc/default/hostapd
sudo cp config/hostapd.conf /etc/hostapd/hostapd.conf
sudo cp config/dnsmasq.conf /etc/dnsmasq.d/090_raspap.conf
sudo cp config/dhcpcd.conf /etc/dhcpcd.conf
sudo cp config/config.php /var/www/html/includes/

Too many instructions, I am afraid to read the serial :)

sudo systemctl stop systemd-networkd
sudo systemctl disable systemd-networkd
sudo cp config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev
sudo cp config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network

echo "net.ipv4.ip_forward=1" | sudo tee /etc/sysctl.d/90_raspap.conf > /dev/null
sudo sysctl -p /etc/sysctl.d/90_raspap.conf
sudo /etc/init.d/procps restart

See the following output:

[ ok ] Restarting procps (via systemctl): procps.service.

Continue to execute instructions:

sudo iptables -t nat -A POSTROUTING -j MASQUERADE

If you see the following error message after execution:

iptables/1.8.2 Failed to initialize nft: Protocol not supported

Please execute first

sudo reboot

Restart the Raspberry Pi, then your terminal will exit the ssh connection, wait for about 1 minute, and execute ssh login again

ssh [email protected]

Then re-execute

sudo iptables -t nat -A POSTROUTING -j MASQUERADE

If there is no error, you can continue to execute the following instructions

sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/rules.v4

See the following output:

# Generated by xtables-save v1.8.2 on Sat Nov 21 22:43:02 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sat Nov 21 22:43:02 2020
# Generated by xtables-save v1.8.2 on Sat Nov 21 22:43:02 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
COMMIT
# Completed on Sat Nov 21 22:43:02 2020

Then, continue to execute the command:

sudo systemctl unmask hostapd.service
sudo systemctl enable hostapd.service

See the following output:

Synchronizing state of hostapd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable hostapd

Then execute

sudo reboot

The system restarts. Wait for 1~2 minutes. You should be able to see an extra "raspi-webgui" in your wireless network connection signal

Successful installation of RaspAP~~!

4 RaspAP WebGUI

After finding "raspi-webgui" in the wireless signal with the PC, click Connect, and enter the initial password "ChangeMe", then you can enter the address in the browser of the PC:, the http://10.3.14.1user name adminand the password are secret, enter the following screen

because We have previously configured the local language environment as "zh_CN", so what we see is the Chinese interface, which is very kind.
If you don't like the name "raspi-webgui", you can modify it as shown in the figure below.

This way it is easy to remember, and it will not conflict with other wireless AP names that are also made of Raspberry Pi.

The other configuration options basically do not need to be changed except for changing the password. Unless you know exactly what you want to change, it is best not to change at will.

5 Log in to the Raspberry Pi wireless AP with SSH

If your PC is connected to the wireless network AP raspberry pie, then the future can ssh 10.3.141.1to log Raspberry Pi operating this address. [Emphasis, even if the Raspberry Pi is not connected to the network cable at this time, its wireless AP is also available]

When you use your Raspberry Pi as the driver board of the smart car, if you need to control the Raspberry Pi through a computer, you only need to connect your computer to the Raspberry Pi’s wireless AP signal, and then choose SSH to log in to the Raspberry. Pi, enter the terminal interface of the Raspberry Pi to control the code.