To get better control of internet at home, I have build own wifi router.
This article covers, how you can convert your raspberry pi 3 or 4 boxes into a wifi router.
I have used raspbian OS lite 64 bit based on Debian bullseye.
You will need following software to build router
aptitude install hostapd
aptitude install dnsmasq
aptitude install iptables
aptitude install netfilter-persistent
hostapd turns on wireless lan interface into access point.
dnsmasq is used as DHCP service to assign IPs to client machines.
iptables is needed to masquerade traffic from wlan interface to eth interface on raspberry pi
For debugging purpose, I highly recommend to have following tools:
aptitude install dnsutils
aptitude install tcpdump
Lets begin with hostapd config
cat /etc/hostapd/hostapd.conf
country_code=IN
interface=wlan0
driver=nl80211
ieee80211ac=1
ssid=MyHomeSSID
hw_mode=a
channel=48
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=SomeStrongPass
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
Here, driver nl80211, is used for raspberry pi wlan interface for other machines it may vary. Even skipping this is fine sometimes.
hw_mode can g or a depending upon you need 2.4 Ghz or 5 Ghz frequency bands. For me channels between 1-12 worked fine for 2.4 Ghz and for 5Ghz, I tried 35-50 channels. It can vary from country to country.
Next update /etc/default/hostapd file to enable debugging and logging.
cat /etc/default/hostapd
DAEMON_OPTS="-dd -t -f /var/log/hostapd.log"
Size of hostapd.log can grow rapidly at times, so I recommend to setup logrotate on it. Here is logroate config.
cat /etc/logrotate.d/hostapd
/var/log/hostapd.log
{
hourly
size 5M
rotate 5
copytruncate
compress
missingok
notifempty
}
Now start hostapd service
service hostapd start
Check status
service hostapd status
● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet
Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2022-12-19 08:04:46 IST; 1h 34min ago
Docs: man:hostapd(8)
Main PID: 2734 (hostapd)
Tasks: 1 (limit: 4164)
CPU: 141ms
CGroup: /system.slice/hostapd.service
└─2734 /usr/sbin/hostapd -B -P /run/hostapd.pid -B -dd -t -f /var/log/hostapd.log /etc/hostapd/hostapd.conf
Dec 19 08:04:46 brightbox systemd[1]: Starting Access point and authentication server for Wi-Fi and Ethernet...
Dec 19 08:04:46 brightbox systemd[1]: Started Access point and authentication server for Wi-Fi and Ethernet.
Dec 19 08:06:36 brightbox hostapd[2734]: wlan0: STA a2:74:b1:3b:a0:f1 IEEE 802.11: associated
Dec 19 08:06:36 brightbox hostapd[2734]: wlan0: STA a2:74:b1:3b:a0:f1 RADIUS: starting accounting session 4274F62EE81A35E8
Dec 19 08:06:36 brightbox hostapd[2734]: wlan0: STA a2:74:b1:3b:a0:f1 WPA: pairwise key handshake completed (RSN)
Dec 19 08:09:46 brightbox hostapd[2734]: wlan0: STA 30:32:35:57:eb:f2 IEEE 802.11: associated
Dec 19 08:09:47 brightbox hostapd[2734]: wlan0: STA 30:32:35:57:eb:f2 RADIUS: starting accounting session 616A3923E28D3F92
Dec 19 08:09:47 brightbox hostapd[2734]: wlan0: STA 30:32:35:57:eb:f2 WPA: pairwise key handshake completed (RSN)
At this stage you should see SSID broadcast on client devices, such as mobile.
Next, configure /etc/dhcpcd.conf for wlan0. Add following.
interface wlan0
static ip_address=192.168.2.1/24
nohook wpa_supplicant
Now configure dnsmasq for DHCP assignments.
interface=wlan0 # Listening interface
dhcp-range=192.168.2.201,192.168.2.255,255.255.255.0,24h
dhcp-option=option:router,192.168.2.1
dhcp-leasefile=/var/lib/dnsmasq/dnsmasq.leases
Enable IPv4 routing in kernel
cat /etc/sysctl.d/routed-ap.conf
# Enable IPv4 routing
net.ipv4.ip_forward=1
Create iptables rule to access internet from clients connected to new SSID
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Save rule for every reboot
netfilter-persistent save
Finally reboot machine. And upon reboot do connect to SSID to browse internet via newly built router !
I have observed that on my 200mbps ISP internet, I hardly get 30mbps even on 5Ghz band. Could be limitation of raspberry pi wlan as it does not have a external antenna.