Skip to content

How to setup Raspberry Pi as Access Point Router (AP + Hotspot)

How to setup Raspberry Pi as Access Point Router (AP + Hotspot)

[vc_row equal_columns=”true”][vc_column][vc_column_text css=”.vc_custom_1574685089680{margin-bottom: 0px !important;}”]Raspberry Pi (Rpi) 3 has built-in wireless adapter and it can be used as a router. In this guide, Rpi will be connected to your Local Network via Ethernet and it will distribute new IP addresses (DHCP in Raspberry Pi) via WiFi adapter as a HotSpot to any other device that will use Raspberry Pi as router.

This guide expects you to be able to install Raspian OS. When this guide is created, Raspian OS (Linux 9 Stretch) was the up-to-date operating system.[/vc_column_text][vc_column_text css=”.vc_custom_1572872049180{margin-bottom: 0px !important;}”]

Attention: I suggest you to use keyboard and mouse to follow this guide. You will also need internet connection via ethernet to be able to install some services.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][mk_fancy_title tag_name=”h1″ style=”true” color=”#0a0a0a” size=”24″ line_height=”50″ font_weight=”500″ margin_bottom=”0″ font_family=”none”]

1.Installing Services

[/mk_fancy_title][vc_column_text disable_pattern=”false” css=”.vc_custom_1572872090362{margin-top: -20px !important;margin-bottom: 0px !important;}”]We need two major services for this specific system. “dnsmasq” and “hostapd”. Dnsmasq is required to distribute IP addresses and Hostapd is the service that is used  to make Rpi WiFi Adapter to act as hotspot.

Enter the following command in the terminal to install “dnsmasq” and “hostapd”:[/vc_column_text][vc_column_text css=”.vc_custom_1574679215302{background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo apt-get -y install hostapd dnsmasq

[/vc_column_text][vc_column_text css=”.vc_custom_1572872108356{margin-bottom: 0px !important;}”]This command will install both “hostapd” and “dnsmasq” at the same time.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][mk_fancy_title tag_name=”h1″ style=”true” color=”#0f0f0f” size=”24″ line_height=”50″ font_weight=”500″ margin_bottom=”0″ font_family=”none”]

2.Set Static IP Addresses to Distribute

[/mk_fancy_title][vc_column_text css=”.vc_custom_1572872248653{margin-top: -20px !important;margin-bottom: 0px !important;}”]

a.Setting “dhcpcd.conf”

[/vc_column_text][vc_column_text disable_pattern=”false” css=”.vc_custom_1572872270190{margin-bottom: 0px !important;}”]“dnsmasq” service has the features to set DHCP and DNS protocols. Hence, we will set the Rpi to ignore default DHCP settings. Enter the following command to terminal to open “dhcpcd.conf”.[/vc_column_text][vc_column_text css=”.vc_custom_1574679237669{background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo nano /etc/dhcpcd.conf

[/vc_column_text][vc_column_text css=”.vc_custom_1572872289524{margin-bottom: 0px !important;}”]Add the following line to the bottom of the file:[/vc_column_text][vc_column_text css=”.vc_custom_1574679263132{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

denyinterfaces wlan0

[/vc_column_text][mk_image src=”https://peakup.org/wp-content/uploads/2023/12/meeting-manager-hotspot-1.png” image_size=”full” lightbox=”true” frame_style=”gray_border” caption_location=”outside-image” hover_image_overlay=”false” align=”center”][vc_column_text css=”.vc_custom_1572872309310{margin-bottom: 0px !important;}”]When it is done, press “Ctrl + X” to save; press “y” and then “Enter”  to confirm and complete the saving.[/vc_column_text][vc_column_text css=”.vc_custom_1572872358690{margin-bottom: 0px !important;}”]

b.Setting “interfaces”

[/vc_column_text][vc_column_text css=”.vc_custom_1572872411921{margin-bottom: 0px !important;}”]Interfaces will be set to tell how the interafaces will get the corresponding IP Addresses.  Enter the following line to the terminal to open the interface file:[/vc_column_text][vc_column_text css=”.vc_custom_1574679280302{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo nano /etc/network/interfaces

[/vc_column_text][vc_column_text css=”.vc_custom_1572872432042{margin-bottom: 0px !important;}”]Enter the following settings to the bottom of the file:[/vc_column_text][vc_column_text css=”.vc_custom_1574679294982{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

#loopback interface settings

auto lo

iface lo inet loopback

#eth0 settings option 1

#Uncomment next two lines to get available IP from local network

#auto eth0

#iface eth0 inet dhcp

#eth0 settings option 2

#Uncomment next five lines to get static IP from local network

auto eth0

iface eth0 inet static

    address 192.168.0.69

    netmask 255.255.255.0

    gateway 192.168.0.254

#Hotspot interface settings

allow-hotplug wlan0

iface wlan0 inet static

    address 192.168.X.1

    netmask 255.255.255.0

    network 192.168.X.0

    broadcast 192.168.X.255

[/vc_column_text][vc_column_text css=”.vc_custom_1572872451895{margin-bottom: 0px !important;}”]The “X” at the IP addresses is variable (This guide chooses “X” as “42”). Just make sure the addresses here are not same with the local modem’s. Even though, technically, using same IP does not cause any trouble but it would only be confusing for the user (User might not differentiate where a new device gets its IP address.). If Rpi needs static IP uncomment “eth0 settings option 2”, else, “eth0 settings option 1” should be uncommented. If you set an IP address that is already in use by another device, you won’t be able to get an eth0 connection.

The interfaces file should look like the image below:[/vc_column_text][mk_image src=”https://peakup.org/wp-content/uploads/2023/12/meeting-manager-hotspot-2.png” image_size=”full” lightbox=”true” frame_style=”gray_border” caption_location=”outside-image” hover_image_overlay=”false” align=”center”][vc_column_text css=”.vc_custom_1572872468999{margin-bottom: 0px !important;}”]When it is done, save and exit the file.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][mk_fancy_title tag_name=”h1″ style=”true” color=”#0f0f0f” size=”24″ line_height=”50″ font_weight=”500″ margin_bottom=”0″ font_family=”none”]

2. Setting HOSTAPD Configuration

[/mk_fancy_title][vc_column_text disable_pattern=”false” css=”.vc_custom_1572872511879{margin-top: -20px !important;margin-bottom: 0px !important;}”]“hostapd” service is used to broadcast specific SSID around so, other devices can connect to the Rpi with a password. To configure the hotspot settings, “hostapd.conf” file will be edited.[/vc_column_text][vc_column_text css=”.vc_custom_1574679318029{background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo nano /etc/hostapd/hostapd.conf

[/vc_column_text][vc_column_text css=”.vc_custom_1572872527438{margin-bottom: 0px !important;}”]Enter the following settings to the file:[/vc_column_text][vc_column_text css=”.vc_custom_1574679330598{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

interface=wlan0

hw_mode=g

channel=7

wmm_enabled=1

macaddr_acl=0

auth_algs=1

ignore_broadcast_ssid=0

wpa=2

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP

rsn_pairwise=CCMP

ssid=Rpi-Hotspot

wpa_passphrase=password

[/vc_column_text][mk_image src=”https://peakup.org/wp-content/uploads/2023/12/meeting-manager-hotspot-3.png” image_size=”full” lightbox=”true” frame_style=”gray_border” caption_location=”outside-image” hover_image_overlay=”false” align=”center”][vc_column_text css=”.vc_custom_1572872544911{margin-bottom: 0px !important;}”]When it is done, save and exit the file.

We need to tell “hostapd” service where the “hostapd.conf” file is located. So, enter the following command to the terminal:[/vc_column_text][vc_column_text css=”.vc_custom_1574679354973{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo nano /etc/default/hostapd

[/vc_column_text][vc_column_text css=”.vc_custom_1572872598534{margin-bottom: 0px !important;}”]Fine the line (You can use “Ctrl + W” to search for it.):[/vc_column_text][vc_column_text css=”.vc_custom_1574679370051{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

#DAEMON_CONF=””

[/vc_column_text][vc_column_text css=”.vc_custom_1572872633238{margin-bottom: 0px !important;}”]And, edit the line as this:[/vc_column_text][vc_column_text css=”.vc_custom_1574679381190{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

DAEMON_CONF="/etc/hostapd/hostapd.conf"

[/vc_column_text][vc_column_text css=”.vc_custom_1572872668589{margin-bottom: 0px !important;}”]If everything is correct, file should look like this:[/vc_column_text][mk_image src=”https://peakup.org/wp-content/uploads/2023/12/meeting-manager-hotspot-4.png” image_size=”full” lightbox=”true” frame_style=”gray_border” caption_location=”outside-image” hover_image_overlay=”false” align=”center”][vc_column_text css=”.vc_custom_1572872687468{margin-bottom: 0px !important;}”]When it is done, save and exit the file.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][mk_fancy_title tag_name=”h1″ style=”true” color=”#0f0f0f” size=”24″ line_height=”50″ font_weight=”500″ margin_bottom=”0″ font_family=”none”]

4. Setting DNSMASQ

[/mk_fancy_title][vc_column_text disable_pattern=”false” css=”.vc_custom_1572872731792{margin-top: -20px !important;margin-bottom: 0px !important;}”]“dnsmasq” service has the ability to assign specific IP address range to the clients. First, we will get a backup of “dnsmasq.conf” file because it includes very useful information that might be useful in the future.

Enter the following command to the terminal to save a copy of the original “dnsmasq.conf” file:[/vc_column_text][vc_column_text css=”.vc_custom_1574679401022{background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.bak

[/vc_column_text][vc_column_text css=”.vc_custom_1572872745107{margin-bottom: 0px !important;}”]After the original file is secured, enter the following command to the terminal to edit the freshly created “dnsmasq.conf” file:[/vc_column_text][vc_column_text css=”.vc_custom_1574679418383{background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo nano /etc/dnsmasq.conf

[/vc_column_text][vc_column_text css=”.vc_custom_1572872762824{margin-bottom: 0px !important;}”]Enter the following lines to the blank “dnsmasq.conf” file:[/vc_column_text][vc_column_text css=”.vc_custom_1574679437458{background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

interface=wlan0

listen-address=192.168.X.1

bind-interfaces

server=8.8.8.8

domain-needed

bogus-priv

dhcp-range=192.168.X.2,192.168.X.100,24h

[/vc_column_text][vc_column_text css=”.vc_custom_1572872785847{margin-bottom: 0px !important;}”]“X” in the addresses should be same with the what you have set at the “interfaces” settings (In this guide, it is choosen as “42”). Since “192.168.X.1” is reserved for the Rpi, we set the DHCP range from “192.16.X.2” to “192.168.X.100” and they are reserved for 24 hours. Range can be increased or decreased. Other IP addresses (From “192.168.X.101” to “192.168.X.254”) can be used as static IP by the other devices.)

File should look like this:[/vc_column_text][mk_image src=”https://peakup.org/wp-content/uploads/2023/12/meeting-manager-hotspot-5png.png” image_size=”full” lightbox=”true” frame_style=”gray_border” caption_location=”outside-image” hover_image_overlay=”false” align=”center”][vc_column_text css=”.vc_custom_1572872823295{margin-bottom: 0px !important;}”]When it is done, save and exit the file.

With the latest versions of Raspbian, “hostapd” service is installed as “masked” or “inactive. To unmask it, enter the following line to the terminal:[/vc_column_text][vc_column_text css=”.vc_custom_1574679460456{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo systemctl unmask hostapd

[/vc_column_text][vc_column_text css=”.vc_custom_1572872839562{margin-bottom: 0px !important;}”]At this point, Rpi is ready to be used as an Local Access Point. It is “Local” because we didn’t tell Rpi how to direct the network.

You can connect to the “Rpi-Hotspot” network and confirm that the device gets an IP in the range that we have defined in the “dnsmasq.conf”.[/vc_column_text][vc_column_text css=”.vc_custom_1575965254253{margin-bottom: 0px !important;}”]

Attention: You need to reboot the system for the Access Point to work but, before the reboot, we can set the “Packet Forwarding” so we can connect to the internet with a client device.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][mk_fancy_title tag_name=”h1″ style=”true” color=”#0f0f0f” size=”24″ line_height=”50″ font_weight=”500″ margin_bottom=”0″ font_family=”none”]

5. Setting the Internet Connection (NAT Settings)

[/mk_fancy_title][vc_column_text disable_pattern=”false” css=”.vc_custom_1572872934489{margin-top: -20px !important;margin-bottom: 0px !important;}”]Enter the following command in the terminal:[/vc_column_text][vc_column_text css=”.vc_custom_1574679476090{background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo nano /etc/sysctl.conf

[/vc_column_text][vc_column_text css=”.vc_custom_1572872948556{margin-bottom: 0px !important;}”]Search (Ctrl + W) for the following line:[/vc_column_text][vc_column_text css=”.vc_custom_1574679490543{background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

#net.ipv4.ip_forward=1

[/vc_column_text][vc_column_text css=”.vc_custom_1572872969932{margin-bottom: 0px !important;}”]And, uncomment the line (Remove “#”).

File should look like this:[/vc_column_text][mk_image src=”https://peakup.org/wp-content/uploads/2023/12/meeting-manager-hotspot-6png.png” image_size=”full” lightbox=”true” frame_style=”gray_border” caption_location=”outside-image” hover_image_overlay=”false” align=”center”][vc_column_text css=”.vc_custom_1572873100822{margin-bottom: 0px !important;}”]When it is done, save and exit the file.

Now, we configure the Network Address Translation (NAT) between Ethernet and WiFi so, packets can be forwarded from Ethernet to WiFi or vice versa.

Enter the following commands to the terminal:[/vc_column_text][vc_column_text css=”.vc_custom_1574679503919{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT

[/vc_column_text][vc_column_text css=”.vc_custom_1572873119937{margin-bottom: 0px !important;}”]Enter the following command for to the terminal to save the iptables settings to a file:[/vc_column_text][vc_column_text css=”.vc_custom_1574679516067{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

[/vc_column_text][vc_column_text css=”.vc_custom_1572873133009{margin-bottom: 0px !important;}”]You can check the changes by typing:[/vc_column_text][vc_column_text css=”.vc_custom_1574679531850{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo nano /etc/iptables.ipv4.nat

[/vc_column_text][vc_column_text css=”.vc_custom_1572873146976{margin-bottom: 0px !important;}”]File should look like this:[/vc_column_text][mk_image src=”https://peakup.org/wp-content/uploads/2023/12/meeting-manager-hotspot-7.png” image_size=”full” lightbox=”true” frame_style=”gray_border” caption_location=”outside-image” hover_image_overlay=”false” align=”center”][vc_column_text css=”.vc_custom_1572873160258{margin-bottom: 0px !important;}”]Then, open up the “rc.local” file to make it restore the settings at every boot:[/vc_column_text][vc_column_text css=”.vc_custom_1574679545112{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo nano /etc/rc.local

[/vc_column_text][vc_column_text css=”.vc_custom_1572873173215{margin-bottom: 0px !important;}”]Enter the following line before the “exit0” line:[/vc_column_text][vc_column_text css=”.vc_custom_1574679556176{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

iptables-restore < /etc/iptables.ipv4.nat

[/vc_column_text][vc_column_text css=”.vc_custom_1572873185789{margin-bottom: 0px !important;}”]File should look like this:[/vc_column_text][mk_image src=”https://peakup.org/wp-content/uploads/2023/12/meeting-manager-hotspot-8.png” image_size=”full” lightbox=”true” frame_style=”gray_border” caption_location=”outside-image” hover_image_overlay=”false” align=”center”][vc_column_text css=”.vc_custom_1572873204533{margin-bottom: 0px !important;}”]When it is done, save and exit the file.

Enter the following command to reboot Rpi:[/vc_column_text][vc_column_text css=”.vc_custom_1574679568699{margin-top: 20px !important;background-color: #f2f2f2 !important;background-position: center !important;background-repeat: no-repeat !important;background-size: contain !important;border-radius: 5px !important;}”]

sudo reboot

[/vc_column_text][vc_column_text css=”.vc_custom_1572873236975{margin-bottom: 0px !important;}”]The system is ready to roll. You can now connect to the internet through your Rpi (which also distributes the IP addresses.)[/vc_column_text][vc_column_text css=”.vc_custom_1572873295863{margin-bottom: 0px !important;}”]

Attention: If the process is successful, when you enter the “ip route” command in the terminal you should get an output that is similar to this:

If you only get “wlan0” output, there are two possibilities: Either the static IP you set is in use by another device or, you did something wrong in the process.

If you get this output, most likely, you set the hotspot correctly. But, if you still can’t get the internet connection on a client, that means, you made a mistake with NAT settings.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text disable_pattern=”false” css=”.vc_custom_1572953909334{margin-bottom: 0px !important;}”]References

[/vc_column_text][/vc_column][/vc_row]