Setting up a Routed Wireless Access Point with Raspberry Pi 4B

To set up a routed wireless access point with Raspberry Pi 4B is very interesting. The Raspberry Pi is shipped together with some integrated wireless actually, manufactured by Raspberry Pi Trading Ltd. The performance of the integrated wireless is fair but not good enough. It supports 802.11a/b/g/n/ac, but it’s a little unstable.

To enable a more stable 802.11ac/ax wireless network, I believe some extended antenna wireless card is required. My choice is the EDUP 802.11ac EP-AC1686, which is the cheapest RTL8812BU chipset. Because I would take the 1Gps wired port as the upstream of the Raspberry Pi network, the 1300Mbps 802.11ac wireless network is good enough.

Hardware

Software

install the wireless card driver
- plug-in the usb 3.0 device, prepare source code, the driver source code for realtek network chips could be downloaded from here.
- compile and install the driver, follow the instructions in source code README. You should verify the driver is successfully installed via following command, and fetch the device name start with wlx.
```
$ iwconfig
```
If your wifi device is not found, you may need to unblock that,
```
(root)# rfkill unblock wlan
```
- turn on cpu overlock, disable the bluetooth and integrated wireless, add following lines to the /boot/config.txt in Raspberry Pi 4. The file-system path /boot may be mounted in read-only mode, you could re-mount that.
```
# overlocking
arm_freq=1500
over_voltage=2
# disable integrated wifi and bluetooth
dtoverlay=disable-wifi
dtoverlay=disable-bt
```

configure the network

dhcpcd static address for wireless card, append following lines to file /etc/dhcpcd.conf, replace key information with yourself settings.

interface %wlx_device_name%
static ip_address=%ap_ipv4_address%/24
nohook wpa_supplicant

dnsmasq dhcp service and dns service, install the dnsmasq first,

(root)# apt install dnsmasq

then replace the /etc/dnsmasq.conf file with following lines.

# dns cache size
cache-size=4096
# never forward plain names (without a dot or domain part)
domain-needed
# local domain name
domain=wlan
# local address
interface=%wlx_device_name%
address=/rpi.wlan/%ap_ipv4_address%
# don't poll for changes in /etc/resolv.conf
no-poll
# don't use /etc/resolv.conf or any other file
no-resolv
# dhcp related configuration
dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
dhcp-reply-delay=tag:client_is_a_pi,2
dhcp-range=%ipv4_address_start%,%ipv4_address_end%,%netmask%,6h

hostapd ap service binary, install the hostapd first,

(root)# apt install hostapd
(root)# systemctl unmask hostapd
(root)# systemctl enable hostapd

edit the /etc/hostapd/hostapd.conf file.

country_code=%2_char_country_code%
interface=%wlx_device_name%
driver=nl80211
# hidden network
ssid=%wifi_ssid%
ignore_broadcast_ssid=1
# 802.11a/n/ac
hw_mode=a
# channel=0 # auto detect channel
channel=40 # 80hz channel 36-48, center = 42
ieee80211d=1
ieee80211n=1
ieee80211ac=1
# features should be aligned with your wifi device, the following is for RTL8812BU
ht_capab=[LDPC][HT40-][MAX-AMSDU-7935][SHORT-GI-20][SHORT-GI-40]
vht_capab=[RXLDPC][HTC-VHT][MAX-MPDU-11454][SHORT-GI-80]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
# wmm quality control for 802.11n/ac
wmm_enabled=1
# wpa2 auth
macaddr_acl=0
auth_algs=1
wpa=2
wpa_passphrase=%network_passphrase%
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP

iptables network forwarding, install iptables,

(root)# apt install netfilter-persistent iptables-persistent

add ipv4 forwarding, edit file /etc/sysctl.d/ipv4-forward.conf,

net.ipv4.ip_forward=1

add masquerade iptables rule and save it as persistent rules,

(root)# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
(root)# netfilter-persistent save

reboot your Raspberry Pi 4 and enable your ap
```
(root)# reboot
```

References

Published Aug 21, 2021

Flying code monkeyAlex Jiang on Twitter