8

There are some tutorials to make an access point a WiFi repeater using only the on-board WiFi chip of a Raspberry Pi. But I want to use an additional USB/WiFi dongle as second interface for the up-link to an internet router, in the hope it would simplify the configuration and avoid the limitations of the single interface solution.

How can I setup an access point as WiFi repeater using an additional USB/WiFi dongle?

Ingo
  • 40,606
  • 15
  • 76
  • 189
  • Thanks @Ingo for posting this QA. We're having issues integrating the steps into our RPi build (using pi-gen). I've asked a question here (https://raspberrypi.stackexchange.com/questions/105265/pi-gen-access-point-as-wifi-router-repeater-with-additional-wifi-dongle), if you're available to take a look. – timborden Nov 05 '19 at 16:14

1 Answers1

15

It is known that the Raspberry Pi can spawn an access point and connect as client to another wifi network simultaneously with its on board wifi chip. How to do that you can look at Access point as WiFi repeater, optional with bridge.

But using a second USB/WiFi dongle is simpler and depending on its hardware it may be possible to avoid the limitations of the single interface solution. With systemd-networkd and wpa_supplicant we have everything on the Raspberry Pi to setup what we want. There is no need to install additional software and fiddle with hostapd and dnsmasq. You have to switch to systemd-networkd and then simply set up wpa_supplicant one time for wlan0 as access point and one time for wlan1 as client. Then configure the interfaces and it's done.

Tested with
Raspberry Pi OS (32-bit) with desktop 2020-05-27 updated on 2020-06-27
Updates done with sudo apt update && sudo apt full-upgrade && sudo reboot.

Here you will find the last tested revision for Raspbian Buster Lite.

Enable systemd-networkd

Just follow to Use systemd-networkd for general networking. You can use section "♦ Quick Step". Then come back here.

Configure wpa_supplicant for wlan0 as access point

To configure wpa_supplicant create these files with your settings for country=, ssid=, psk= and maybe frequency= You can just copy and paste this in one block to your command line beginning with cat and including EOF (delimiter EOF will not get part of the file):

rpi ~# cat > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf <<EOF
country=DE
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
update_config=1
p2p_disabled=1

network={
    ssid="RPiNet"
    mode=2
    key_mgmt=WPA-PSK
    psk="verySecretPassword"
    frequency=2412
}
EOF

rpi ~# chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
rpi ~# systemctl disable wpa_supplicant.service
rpi ~# systemctl enable wpa_supplicant@wlan0.service
rpi ~# rfkill unblock wlan

Configure wpa_supplicant for wlan1 as client

rpi ~# cat > /etc/wpa_supplicant/wpa_supplicant-wlan1.conf <<EOF
country=DE
ctrl_interface=DIR=/run/wpa_supplicant GROUP=netdev
update_config=1
p2p_disabled=1

network={
    ssid="TestNet"
    psk="anotherSecretPassword"
}
EOF

rpi ~# chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlan1.conf
rpi ~# systemctl disable wpa_supplicant.service
rpi ~# systemctl enable wpa_supplicant@wlan1.service

Configure interfaces

Create these two files:

rpi ~# cat > /etc/systemd/network/08-wlan0.network <<EOF
[Match]
Name=wlan0
[Network]
Address=192.168.4.1/24
LLMNR=no
DNSSEC=no
MulticastDNS=yes
# IPMasquerade is doing NAT
IPMasquerade=yes
IPForward=yes
DHCPServer=yes
[DHCPServer]
DNS=84.200.69.80 1.1.1.1
EOF

Because we don't have a bridge, we need two different subnets. Be aware that the static ip address for the access point wlan0 belongs to another subnet than that from wlan1. For the connection to the internet router we use network address translation (NAT).

rpi ~# cat > /etc/systemd/network/12-wlan1.network <<EOF
[Match]
Name=wlan1
[Network]
LLMNR=no
DNSSEC=no
MulticastDNS=yes
DHCP=yes
EOF

Reboot.
That's it.


references:
[1] Use systemd-networkd for general networking

Ingo
  • 40,606
  • 15
  • 76
  • 189
  • Ingo - You're setup works perfectly and the installation steps were easy to follow, thank you. Is there any way to add the ability to use the eth0 on the LAN side? – William Meyer Jun 23 '19 at 21:49
  • @WilliamMeyer It is possible to use **eth0** in addition. But what do you mean with using on the LAN side? How should it be used? Together with the access point with same ip address range? I know you can't comment just now at this answer and "answers" used as comments will be deleted. I suggest to make your own question and give a link to my answer as reference. Just click on the button "*Ask Question*" on the top right corner on this side. I will look at it. You can also comment your own question. – Ingo Jun 23 '19 at 22:41
  • @WilliamMeyer And please take the short [Tour](https://raspberrypi.stackexchange.com/tour) and visit the [Help Center](https://raspberrypi.stackexchange.com/help) to get an idea how things work here. – Ingo Jun 23 '19 at 22:42
  • The DNS servers seem to be down. – jake Aug 07 '19 at 13:38
  • @jake Yes, I can confirm it. Very serious! I preferred them because they don't track: https://dns.watch/. Seems someone don't like it ;) – Ingo Aug 07 '19 at 18:42
  • Maybe you should change that. I took me a long time to find the error. Didn't expect it to be an issue with the DNS. I now use the CCC one's: 194.150.168.168. – jake Aug 07 '19 at 22:30
  • 2
    @jake Of course. As you can see I have immediately changed the second DNS server to 1.1.1.1 in the hope that it's a more stable one. In combination it should always working now. – Ingo Aug 13 '19 at 15:05
  • I tried using the `IPMasquerade` option as well, but it only works if I put it in the config file of the hotspot (wlan0). Isn't tat strange? Could you think of any explanation for this? – jake Jan 20 '20 at 00:35
  • 2
    @jake You are right setting it to **wlan0**. I have made the same mistake again. The explanation you can see with `sudo iptables-legacy --table nat --list --verbose` in the source column. It is the subnet from the interface and must be that from **wlan0** 192.168.4.0/24. I have corrected it in the answer. – Ingo Jan 20 '20 at 00:48