Wireless AP on Raspberrey Pi 2 & Alpine Linux

Alpine Linux for Raspberry PI is my favorite mainly because of the “diskless mode”, which ensures that my sdcard won’t be touched except boot and “lbu commit” hence minor wear-n-tear for the media.

This article is the phase-1 of the building of an AP with MTIM proxy + ssl_bump. Stay tuned for squid3 + ssl_bump and other configuration

Setup: RASPBERRY PI 2 Model B + alpine-rpi-3.4.2-armhf.rpi.tar.gz

Alpine install for PI was pretty straight-forward except following issues:

#1 DHCP timeout issue that randomly leaving LAN from getting a valid IP address. The fix is adding a “udhcpc_opts -t 12” in the “eth0” section of “/etc/network/interfaces” (as shown below).

auto eth0
iface eth0 inet dhcp
        hostname pi-router
        udhcpc_opts -t 12

#2 Remote login for “root” was denied by default. The fix is changing the “PermitRootLogin” flag to “yes” in the “/etc/ssh/sshd_config”.

sed -i -e 's|^#PermitRootLogin .*$|PermitRootLogin yes|' /etc/ssh/sshd_config

Now you just need to run the following script to turn your PI into a cool wi-fi access-point.

# customize the script & run as root
# wget -q -O - http://your_site/scripts/pi2-ap.txt | sh
 
apk update
apk add iptables hostapd dnsmasq
 
### add wireless card
 
cat >> /etc/network/interfaces << '__EOF__'
auto wlan0
iface wlan0 inet static
	address 192.168.3.1
	netmask 255.255.255.0
__EOF__
 
ifup wlan0
 
### configure hostapd
 
cat > /etc/hostapd/hostapd.conf << '__EOF__'
interface=wlan0
driver=nl80211
ssid=RASPBERRY
hw_mode=g
channel=9
max_num_sta=64
macaddr_acl=0
auth_algs=1
wpa=2
wpa_passphrase=r@spberry
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
wpa_pairwise=TKIP CCMP
__EOF__
 
### configure dnsmasq
 
cat > /etc/dnsmasq.conf << '__EOF__'
interface=wlan0
dhcp-range=192.168.3.10,192.168.3.99,255.255.255.0,infinite
__EOF__
 
### enable ipv4 forward
 
echo 1 > /proc/sys/net/ipv4/ip_forward
 
cat >> /etc/sysctl.conf << '__EOF__'
net.ipv4.ip_forward=1
__EOF__
 
### enable NAT
 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
 
/etc/init.d/iptables save
 
service dnsmasq start
service hostapd start
 
rc-update add iptables
rc-update add dnsmasq
rc-update add hostapd
 
lbu commit

You should have a working AP (access point) now 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *