3

I followed the great tutorial by Ingo to to use my USB dongle as AP.

I just inverted the wlan0 and wlan1 to use the first one to connect as client to my router, and the second one (the dongle) to be my AP. That's the code I changed:

# /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="FASTWEB-5YCW7H"
    psk="XXXXXXXXXXXXX"
}

# /etc/wpa_supplicant/wpa_supplicant-wlan1.conf
country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="ceccHome"
    mode=2
    key_mgmt=WPA-PSK
    psk="XXXXXXXXXXXXX"
    frequency=2412
}

# /etc/systemd/network/08-wlan0.network
[Match]
Name=wlan0
[Network]
DHCP=yes

# /etc/systemd/network/12-wlan1.network
[Match]
Name=wlan1
[Network]
Address=192.168.4.1/24
# IPMasquerade is doing NAT
IPMasquerade=yes
IPForward=yes
DHCPServer=yes
[DHCPServer]
DNS=84.200.69.80 1.1.1.1

Than I changed the permissions as in the tutorial. Now Im stucked in two issues:

  1. when I try to connect to the raspberrypi (zero w) using ssh pi@raspberrypi.local the host is not resolved (while works well with the IP)
  2. My raspberry don't reach internet. If I try to install something I obtain

E: Failed to fetch http://raspbian.raspberrypi.org/raspbian/pool/main/m/mosquitto/mosquitto-clients_1.5.7-1+deb10u1_armhf.deb Could not resolve 'raspbian.raspberrypi.org'

while if I connect my phone to the AP (ceccHome), I can surf the internet without problems.

This is my route -n

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG    1024   0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.1.254   0.0.0.0         255.255.255.255 UH    1024   0        0 wlan0
192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan1

Here more info:

pi@raspberrypi:~ $ ip a; ip r
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:ab:8b:a7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.227/24 brd 192.168.1.255 scope global dynamic wlan0
       valid_lft 86199sec preferred_lft 86199sec
    inet6 fe80::ba27:ebff:feab:8ba7/64 scope link
       valid_lft forever preferred_lft forever
3: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:24:01:9c:da:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.4.1/24 brd 192.168.4.255 scope global wlan1
       valid_lft forever preferred_lft forever
    inet6 fe80::224:1ff:fe9c:da45/64 scope link
       valid_lft forever preferred_lft forever
default via 192.168.1.254 dev wlan0 proto dhcp src 192.168.1.227 metric 1024
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.227
192.168.1.254 dev wlan0 proto dhcp scope link src 192.168.1.227 metric 1024
192.168.4.0/24 dev wlan1 proto kernel scope link src 192.168.4.1

Could somebody help me? Thank you so much

Fra Ore
  • 33
  • 4
  • This Question would be clearer if you posted the ACTUAL content of the files, rather than the here-document script you used to create them. What does `ip a; ip r` show. – Milliways Jun 22 '21 at 01:00
  • 1
    Paste files **into your Question** - also list file permissions (you appear to have ignored that part of "the great tutorial by Ingo") – Milliways Jun 22 '21 at 07:25
  • I will have a look at it, just a moment please. B.t.w., it seems your keyboard is broken. It types sometimes wrong letters. Is it possible to use another one? – Ingo Jun 22 '21 at 09:27
  • I @Ingo thank you so much for your answer! Why do you thing my keyboard is broken? I am using my MAC kb. Maybe the problem is my english not my keyboard – Fra Ore Jun 22 '21 at 10:27
  • 1
    There are some words that do not seem to be mistakes by English spelling because they are written right on other places: intertent, connet, raplay – Ingo Jun 22 '21 at 11:28
  • 1
    You seem strangely reluctant to post the requested diagnostic `ip a; ip r` which would be the first thing most of us would check. – Milliways Jun 22 '21 at 11:47
  • 1
    Thanks @Milliways for your suggestions. I am not practical on stackexchange! I updated my question. Do you need more info? – Fra Ore Jun 22 '21 at 13:13

1 Answers1

3

I have tested it with the same settings you show in your question. It works so far except name resolution you complained with the two points:

  1. when I try to connect to the raspberrypi (zero w) using ssh pi@raspberrypi.local the host is not resolved (while works well with the IP)

This is because Multicast DNS isn't enabled. Just add these three lines to /etc/systemd/network/08-wlan0.network and to /etc/systemd/network/12-wlan1.network at their [Network] sections:

LLMNR=no
MulticastDNS=yes
DNSSEC=no

I have updated the tutorial Access point as WiFi router/repeater with additional WiFi-dongle you have used with this information.

  1. My raspberry don't reach internet. If I try to install something I obtain
    E: Failed to fetch http://raspbian.raspberrypi.org/raspbian/pool/main/m/mosquitto/mosquitto-clients_1.5.7-1+deb10u1_armhf.deb Could not resolve 'raspbian.raspberrypi.org'

The RasPi needs a DNS server address to resolve the name raspbian.raspberrypi.org. Usually it will get it from the DHCP server on its uplink wlan0. Check if it get it. Here is the example of my setup:

~$ resolvectl status wlan0
Link 3 (wlan0)
      Current Scopes: DNS mDNS/IPv4 mDNS/IPv6
DefaultRoute setting: yes
       LLMNR setting: no
MulticastDNS setting: yes
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: yes
  Current DNS Server: 1.1.1.1
         DNS Servers: 1.1.1.1
                      fd00::3681:c4ff:fefc:71a9

If you do not get a DNS Server address from the DHCP server you can add it to the [Network] section at /etc/systemd/network/08-wlan0.network with this line:

DNS=1.1.1.1

There is also a known bug with DNSSEC in Debian Buster. In Debian Bullseye it is disabled by default. The line DNSSEC=no as shown above disables it.

Ingo
  • 40,606
  • 15
  • 76
  • 189
  • Hello @Ingo thank you for your answer. I edited the files as indicated. I can now connect to my raspberry pi by ssh pi@raspberrypi.local But i still have the second error: Could not resolve 'archive.raspberrypi.org' I also added DNS=1.1.1.1 to /etc/systemd/network/08-wlan0.network Here the response of resolvectl status Link 2 (wlan0) Current Scopes: DNS mDNS/IPv4 mDNS/IPv6 DefaultRoute setting: yes LLMNR setting: no MulticastDNS setting: yes DNSOverTLS setting: no DNSSEC setting: allow-downgrade DNSSEC supported: yes Current DNS Server: 1.1.1.1 DNS Servers: 1.1.1.1 192.168.1.254 – Fra Ore Jun 23 '21 at 08:33
  • @FraOre Everything looks good so far. I cannot see why DNS name resolving does not work. Check if you can `ping 1.1.1.1`. With `resolvectl query archive.raspberrypi.org` I get a bunch of ip addresses. – Ingo Jun 23 '21 at 09:49
  • The ping 1.1.1.1 works well. While pi@raspberrypi:~ $ resolvectl query archive.raspberrypi.org archive.raspberrypi.org: resolve call failed: DNSSEC validation failed: signature-expired – Fra Ore Jun 23 '21 at 10:28
  • the DNS resolve the domains if I add `DNSSEC=no` in my /etc/systemd/network/08-wlan0.network file... But i really don't understand why, and if is a valid solution... – Fra Ore Jun 23 '21 at 11:46
  • @FraOre `DNSSEC=no` is a valid solution. There is a known bug in `systemd-resolved` of Debian Buster. It is disabled by default on Debian Bullseye. You should find error messages about it with `systemctl status systemd-resolved.service` and in the journal with `journalctl --boot=0 --unit=systemd-resolved.service`. If this solve your problem please accept the answer with a click on the tick on its left side. This will finish the question and show others that it has a solution and will not pop up again annoying us to look for a solution it already has. – Ingo Jun 23 '21 at 15:22
  • Hi @Ingo, after some weeks I'm here again! I done a lot of nice staff with your suggestions, but I'm stuck on the hostname resolution issue. If I connect my MAC to my home router (where the raspberry is connected too), and do `ping cecchome.local` (cecchome is the new hostname) I can see the response. But with all other devices the host is not resolved. I can only ping by IP. I tried all the configs in "systemd-resolved not searching the local domain" (https://wiki.archlinux.org/title/Systemd-resolved) but no way... Can you help me?! :) – Fra Ore Jul 09 '21 at 21:54
  • 1
    Hi @FraOre, that seems to be a problem with the multicast Domain Name System (**mDNS**) on your network. IOS is known to support it very well but others not always out of the box. But comments are not the right place to answer it. Please create a new question for this. – Ingo Jul 10 '21 at 08:10