0

I'm trying to setup the RPI3 with these two network features (using built-in hardware only):

  • Isolated network with Wifi Access Point and Ethernet. A) Sharing same domain "pi.lan". B) Sharing one DHCP service/address space, so Ethernet and Wifi clients can talk to each other.
  • Wifi Station connection to another internet Wifi access point, to be able to update and the RPI and install software:

Current approach (suggestions for simplification appreciated!):

  • ap0 - access point
  • br0 - bridging ap0 and eth0, providing DNS and DHCP service, domain pi.lan
  • wlan0 - wifi station

Installed software:

apt-get install hostapd dnsmasq bridge-utils

Here is what I go so far. Adding new interface ap0 for wifi access point, so wlan0 can be used for wifi station:

/etc/udev/rules.d/70-persistent-net.rules (mac same as wlan0, I read that should work):

SUBSYSTEM=="ieee80211", ACTION=="add|change", ATTR{macaddress}=="b8:27:eb:bf:d3:81", KERNEL=="phy0", \
  RUN+="/sbin/iw phy phy0 interface add ap0 type __ap", \
  RUN+="/bin/ip link set ap0 address b8:27:eb:bf:d3:81"

/etc/dhcpcd.conf :

interface br0
static ip_address=10.0.0.1/24
static routers=10.0.0.1
static domain_name_servers=10.0.0.1

/etc/hostapd/hostapd.conf :

interface=ap0
bridge=br0
#driver=nl80211
ssid=accesspoint1
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=notmypassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

/etc/default/hostapd (uncomment this line):

DAEMON_CONF="/etc/hostapd/hostapd.conf"

/etc/wpa_supplicant/wpa_supplicant.conf :

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=US

network={
    ssid="mywifi"
    psk=notmypassowrd
}

/etc/network/interfaces :

source-directory /etc/network/interfaces.d

auto lo br0 ap0 eth0

iface lo inet loopback

iface br0 inet static
    address 10.0.0.1
    network 10.0.0.0
    netmask 255.255.255.0
    bridge_ports ap0 eth0

allow-hotplug wlan0
iface wlan0 inet dhcp
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

iface ap0 inet manual
iface eth0 inet manual

/etc/dnsmasq.conf :

dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
dhcp-reply-delay=tag:client_is_a_pi,2

no-dhcp-interface=lo,wlan0,ap0,eth0
addn-hosts=/etc/hosts_dnsmasq
no-resolv
domain-needed
bogus-priv
domain=pi.lan
expand-hosts
local=/pi.lan/
interface=br0
bind-interfaces
dhcp-range=lan,10.0.0.10,10.0.0.200,12h
#set default gateway
dhcp-option=lan,3,10.0.0.1
#set DNS server
dhcp-option=lan,6,8.8.8.8

cat /etc/hosts_dnsmasq

10.0.0.1        pi
10.0.0.111      laptop

Some useful info I'm using a hypriot docker host as starting point, it adds some additional network stuff which we should not have to mess with, but it appears in the dumps below.

ip -d addr

root@black-pearl:/home/pirate# ip -d addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether b8:27:eb:ea:86:d4 brd ff:ff:ff:ff:ff:ff promiscuity 1
    bridge_slave state disabled priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 8000.b8:27:eb:bf:d3:81 designated_root 8000.b8:27:eb:bf:d3:81 hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:bf:d3:81 brd ff:ff:ff:ff:ff:ff promiscuity 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 192.168.0.129/24 brd 192.168.0.255 scope global wlan0
       valid_lft forever preferred_lft forever
4: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether b8:27:eb:bf:d3:81 brd ff:ff:ff:ff:ff:ff promiscuity 1
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.b8:27:eb:bf:d3:81 designated_root 8000.b8:27:eb:bf:d3:81 hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b8:27:eb:bf:d3:81 brd ff:ff:ff:ff:ff:ff promiscuity 0
    bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 bridge_id 8000.b8:27:eb:bf:d3:81 designated_root 8000.b8:27:eb:bf:d3:81 root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  182.47 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3125 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br0
       valid_lft forever preferred_lft forever
6: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:2f:12:fe:19 brd ff:ff:ff:ff:ff:ff promiscuity 0
    bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 bridge_id 8000.2:42:2f:12:fe:19 designated_root 8000.2:42:2f:12:fe:19 root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  204.32 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3125 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
8: veth5004b64@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether f2:ab:67:74:c6:be brd ff:ff:ff:ff:ff:ff link-netnsid 0 promiscuity 1
    veth
    bridge_slave state forwarding priority 32 cost 2 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.2:42:2f:12:fe:19 designated_root 8000.2:42:2f:12:fe:19 hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

ip route

root@black-pearl:/home/pirate# ip route
default via 192.168.0.1 dev wlan0
10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.129

bridge -d link

root@black-pearl:/home/pirate# bridge -d link
2: eth0 state DOWN : <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
    hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on
4: ap0 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
    hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on
8: veth5004b64 state UP @(null): <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master docker0 state forwarding priority 32 cost 2
    hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on

Problem 1:

When connecting to the RPI access point with another device then it will connect but immediately drop the connection again.

Problem 2:

wlan0 doesn't automatically connect after reboot. Only after ifdown - ifup the wifi station connects e.g.:

ifdown wlan0
ifup wlan0

Problem 3:

After the RPI's wifi station is connected to a router with internet connection then the name resolution seems broken:

root@black-pearl:/home/pirate# ping google.com
ping: google.com: Temporary failure in name resolution
root@black-pearl:/home/pirate# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=20.8 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=20.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=20.0 ms
^C

Problem 4:

When wiring a laptop to eth0 then Laptop get an IP but DNS name resolution doesn't work so I can't ping pi.pi.lan

Any hints are appreciated!!

Ingo
  • 40,606
  • 15
  • 76
  • 189
regexing
  • 3
  • 1
  • 3
  • Possible duplicate of [Setting up an accesspoint on the raspberry pi 3 with debian stretch](https://raspberrypi.stackexchange.com/questions/78978/setting-up-an-accesspoint-on-the-raspberry-pi-3-with-debian-stretch) – Milliways May 26 '18 at 08:53
  • There are some quirks with wifi together with ethernet. In general [a real bridge (OSI layer 2) isn't possible](https://raspberrypi.stackexchange.com/a/81518/79866) with Raspberry Pi. So I'm missing at least a NAT in your config. Why using two interfaces ap0, wlan0 on one wifi device? Haven't seen that before. It is also said that wpa_supplicant should be disabled when using hostapd. OK, let's have a look. Can you please edit your question and add the output from `ip -d addr`, `ip route` and `sudo bridge -d link`. Is it possible to use clean routing instead of faked "bridging"? – Ingo May 26 '18 at 10:18
  • @Ingo I added the debug output you requested and clarified the main objective at the top - whatever get us there will do. Looking through the link you send - interesting! – regexing May 26 '18 at 17:48

1 Answers1

0

I have taken much effort to the answer, so I decided to move it to Access point as WiFi repeater, optional with bridge so I can it make more generic and present as an accepted answer.

Ingo
  • 40,606
  • 15
  • 76
  • 189
  • I have seen sites describing using the built-in wifi for both Station+AP. However I do have another wifi-dongle so for me at least it's an option. The docker bridge is managed by docker somemhow, I added a note that I'm using the hypriot docker host image. I'll probably also should change the title if this post. – regexing May 29 '18 at 02:22
  • @regexing OK, I will look with a second wifi dongle. You wrote: _"I have seen sites describing using the built-in wifi for both Station+AP."_ Do you know where to find such a tutorial? Maybe I'm wrong ... – Ingo May 29 '18 at 11:08
  • Here is one: https://github.com/peebles/rpi3-wifi-station-ap . I googled "rpi3 station+AP", there are others. If it works without second wifi dongle then I'd think this makes a good Medium article that many others may be interested in. – regexing May 29 '18 at 21:12
  • @regexing Interesting, thanks for the link. Seems the hardware is capable to do both things together. I just try it ... – Ingo May 30 '18 at 00:18
  • @regexing I have opened an issue [sudo wpa_cli reconfigure fails with "uap0: IAID conflicts with one assigned to wlan0"](https://github.com/peebles/rpi3-wifi-station-ap/issues/3) – Ingo May 30 '18 at 11:40
  • @regexing I have rewritten the answer using wifi access point and wifi client together on one wifi device. It isn't just yet complete, have to add dnsmasq and routing/bridging. – Ingo Jun 06 '18 at 17:09
  • You're brave for going down this route. One note: if you don't remove the interfaces now managed by systemd from `/etc/network/interfaces`, `/etc/init.d/networking` and systemd-networkd are going to have a battle. I renamed `/etc/wpa_supplicant/wpa_supplicant.conf` → `/etc/wpa_supplicant/wpa_supplicant-wlan0.conf` and found a startup failure in the journal because `/etc/network/interfaces` still contained `wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf`. – blalor Jul 03 '18 at 13:54
  • @blalor I mean *systemd* is the future of modern linux operating systems. Meanwhile the old stuff is very inconsistent and you cannot do demanding setups with default raspbian networking. Look at [dhcpcd vs /etc/network/interfaces](https://raspberrypi.stackexchange.com/a/41187/79866). – Ingo Jul 03 '18 at 19:12
  • @blalor *systemd-networkd* never touches `/etc/network/interfaces`. I've never seen conflicts between disabled *networking.service* and enabled *systemd-networkd*. But to be on the save side I have updated the setup with masking *networking.service* and *dhcpcd.service* instead of only disable them and renamed `/etc/network/interfaces`. If you are sure you will not go back you can also clean up your installation. Look at step 5 on https://raspberrypi.stackexchange.com/a/78788/79866 – Ingo Jul 03 '18 at 19:14
  • Hi @regexing, this answer was already bumped by the community. Is it possible that you accept it? I need it for reference. If you can't accept it I would like to move it to a self answered question. – Ingo Sep 30 '18 at 12:49