WiFiAP on PI
This is a short setup description of how you could run a WiFi Access Point on a Raspberry.
- Requirements
- Raspberry PI Modell B
- 5V/1A Power Unit
- Logilink WLAN USB 2.0 Nano Adapter 150Mbps
- Debian Wheezy
- Kernel Info:
root@raspberrypi:~# uname -a Linux raspberrypi 3.6.11+ #474 PREEMPT Thu Jun 13 17:14:42 BST 2013 armv6l GNU/Linux
- Wireless Adapter
root@raspberrypi:~# lsusb Bus 001 Device 004: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
- Install additional packages required for hostap:
apt-get install hostapd wireless-tools dnsmasq iw bridge-utils
Sample WiFi Bridge
- /etc/network/interfaces
auto lo iface lo inet loopback allow-hotplug eth01 iface eth0 inet static address 192.168.2.26 broadcast 192.168.2.255 netmask 255.255.255.0 gateway 192.168.2.1 dns-nameservers 192.168.2.1 # default route to access subnet up route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1 eth0 # WLAN Interface allow-hotplug wlan0 iface wlan0 inet manual #Bridging auto br0 iface br0 inet static address 192.168.2.120 broadcast 192.168.2.255 netmask 255.255.255.0 gateway 192.168.2.1 dns-nameservers 192.168.2.1 bridge_ports eth0 wlan0 bridge_fd 0 bridge_stp no
Interfaces after the first reboot
root@raspberrypi:~# ifconfig br0 Link encap:Ethernet HWaddr b8:27:eb:c5:09:fa inet addr:192.168.2.120 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::ba27:ebff:fec5:9fa/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:86 errors:0 dropped:0 overruns:0 frame:0 TX packets:79 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:7597 (7.4 KiB) TX bytes:9633 (9.4 KiB)
eth0 Link encap:Ethernet HWaddr b8:27:eb:c5:09:fa inet addr:192.168.2.26 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:94 errors:0 dropped:0 overruns:0 frame:0 TX packets:79 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11413 (11.1 KiB) TX bytes:10525 (10.2 KiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 7c:dd:90:30:ba:ef UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Hostapd Config
- /etc/hostapd/hostapd.conf
ctrl_interface=/var/run/hostapd ############################### # Basic Config ############################### macaddr_acl=0 auth_algs=1 # Most modern wireless drivers in the kernel need driver=nl80211 driver=nl80211 ########################## # Local configuration... ########################## interface=wlan0 bridge=br0 hw_mode=g channel=1 ssid=MySID macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=3 wpa_passphrase=something-secret wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Test Run - Bridged
hostapd -dd /etc/hostapd/hostapd.conf
Ifconfig after hostapd
root@raspberrypi:~# ifconfig br0 Link encap:Ethernet HWaddr 7c:dd:90:30:ba:ef inet addr:192.168.2.120 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::ba27:ebff:fec5:9fa/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:407 errors:0 dropped:0 overruns:0 frame:0 TX packets:482 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:26003 (25.3 KiB) TX bytes:70678 (69.0 KiB)
eth0 Link encap:Ethernet HWaddr b8:27:eb:c5:09:fa inet addr:192.168.2.26 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:475 errors:0 dropped:0 overruns:0 frame:0 TX packets:547 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:51638 (50.4 KiB) TX bytes:86266 (84.2 KiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
mon.wlan0 Link encap:UNSPEC HWaddr 7C-DD-90-30-BA-EF-00-00-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:71 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:23342 (22.7 KiB) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 7c:dd:90:30:ba:ef UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:66 errors:0 dropped:0 overruns:0 frame:0 TX packets:57 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:9608 (9.3 KiB) TX bytes:11361 (11.0 KiB)
Sample WiFi Access Point
- /etc/network/interfaces
auto lo iface lo inet loopback allow-hotplug eth01 iface eth0 inet static address 192.168.2.26 broadcast 192.168.2.255 netmask 255.255.255.0 gateway 192.168.2.1 dns-nameservers 192.168.2.1 # default route to access subnet up route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1 eth0 # WLAN Interface / AP-Adressraum allow-hotplug wlan0 iface wlan0 inet static address 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255
Interfaces after first reboot
eth0 Link encap:Ethernet HWaddr b8:27:eb:c5:09:fa inet addr:192.168.2.26 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:566 errors:0 dropped:0 overruns:0 frame:0 TX packets:651 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:35754 (34.9 KiB) TX bytes:98412 (96.1 KiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 7c:dd:90:30:ba:ef inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:227 errors:0 dropped:0 overruns:0 frame:0 TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:19953 (19.4 KiB) TX bytes:8509 (8.3 KiB)
DNSMASQ
- /etc/dnsmasq.conf
interface=wlan0 no-dhcp-interface=eth0 dhcp-range=interface:wlan0,192.168.0.210,192.168.0.220,infinite
HOSTAPD
- /etc/hostapd/hostapd.conf
ctrl_interface=/var/run/hostapd ############################### # Basic Config ############################### macaddr_acl=0 auth_algs=1 # Most modern wireless drivers in the kernel need driver=nl80211 driver=nl80211 ########################## # Local configuration... ########################## interface=wlan0 #debugging debug=4 hw_mode=g channel=1 ssid=MySID macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=3 wpa_passphrase=something wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP logger_syslog=1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2
Ifconfig after hostapd
root@raspberrypi:~# ifconfig eth0 Link encap:Ethernet HWaddr b8:27:eb:c5:09:fa inet addr:192.168.2.26 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:566 errors:0 dropped:0 overruns:0 frame:0 TX packets:651 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:35754 (34.9 KiB) TX bytes:98412 (96.1 KiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
mon.wlan0 Link encap:UNSPEC HWaddr 7C-DD-90-30-BA-EF-00-00-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:172 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:57617 (56.2 KiB) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 7c:dd:90:30:ba:ef inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:227 errors:0 dropped:0 overruns:0 frame:0 TX packets:39 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:19953 (19.4 KiB) TX bytes:8509 (8.3 KiB)
Success Log
#Successfull connect / syslog Sep 6 21:44:17 raspberrypi hostapd: wlan0: STA 70:d4:f2:31:75:c4 IEEE 802.11: associated (aid 1) Sep 6 21:44:17 raspberrypi hostapd: wlan0: STA 70:d4:f2:31:75:c4 RADIUS: starting accounting session 540B8020-00000000 Sep 6 21:44:17 raspberrypi hostapd: wlan0: STA 70:d4:f2:31:75:c4 WPA: pairwise key handshake completed (RSN) Sep 6 21:44:17 raspberrypi dnsmasq-dhcp[2072]: DHCPDISCOVER(wlan0) 70:d4:f2:31:75:c4 Sep 6 21:44:17 raspberrypi dnsmasq-dhcp[2072]: DHCPOFFER(wlan0) 192.168.0.214 70:d4:f2:31:75:c4 Sep 6 21:44:18 raspberrypi dnsmasq-dhcp[2072]: DHCPDISCOVER(wlan0) 70:d4:f2:31:75:c4 Sep 6 21:44:18 raspberrypi dnsmasq-dhcp[2072]: DHCPOFFER(wlan0) 192.168.0.214 70:d4:f2:31:75:c4 Sep 6 21:44:19 raspberrypi dnsmasq-dhcp[2072]: DHCPREQUEST(wlan0) 192.168.0.214 70:d4:f2:31:75:c4 Sep 6 21:44:19 raspberrypi dnsmasq-dhcp[2072]: DHCPACK(wlan0) 192.168.0.214 70:d4:f2:31:75:c4 PLAYBOOK-99EE
Optional Firewall Init
#!/bin/bash #Extreme easy #Switch on routing echo "1" > /proc/sys/net/ipv4/ip_forward #Set log level echo "1 4 1 7" > /proc/sys/kernel/printk iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F iptables -X iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #iptables -N my_drop -m comment --comment "Drop Access" #iptables -A my_drop -p ICMP -j LOG --log-prefix "DROP-ICMP " #iptables -A my_drop -p TCP -j LOG --log-prefix "DROP-TCP " #iptables -A my_drop -p UDP -j LOG --log-prefix "DROP-UDP " #iptables -A my_drop -j DROP #iptables -A INPUT -j my_drop #iptables -A FORWARD -j my_drop
HW Test
# iw list
# iwlist scan wlan0
# iw dev wlan0 scan | grep SID
Syslog/Debug
- /etc/rsyslog.conf
!hostapd *.* /var/log/hostapd.log
- /etc/hostap/hostap.conf
#debug Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = excessive.
Interface gone when hostapd stops
*Add /etc/init.d/hostapd ifconfig wlan0 192.168.0.1
Monitoring
Get aircrack-ng
wget http://download.aircrack-ng.org/aircrack-ng-1.2-beta3.tar.gz apt-get install iw sysfsutils libssl-dev kismet libnl-3-dev libnl-3-doc libnl- genl-3-dev tshark cd aircrack-ng-1.2-beta3/ make make install
- 1: Start Airmon Monitor
airmon-ng start wlan0
- 2: Check with aerodump
airodump-ng mon0
- 3:Packet dump:
airodump-ng --bssid 74:31:70:B4:1A:D4 --channel 2 --write meatball mon0
- then (testing)
aireplay-ng -0 3 -a 74:31:70:B4:1A:D4 -c C4:88:E5:B5:1F:79 mon0
- Open Airbase to the world
airbase-ng -e NEWWORLD -c 1 -P mon0
- Redirecting to syslso!
/usr/local/sbin/airbase-ng -e NEWWORLD -c 1 -P mon0 2>&1 | /usr/bin/logger &
Links
Sample INIT Script for airbase-ng
#!/bin/bash CMD="$1" ssid="NEWWORLD" channel="1" interface="mon0" name="airbase-ng" command="/usr/local/sbin/"$name #Get Monitor by ifconfig monif=`/sbin/ifconfig | /bin/grep $interface | /bin/sed -e 's/^ *//' -e 's/ .*//'` #GET PID IF PRESENT pid=`/bin/pidof $name` ################## #Start Init Script ################## #Check for root privileges if (( EUID != 0 )); then echo "This script needs root" exit 1 fi case "$CMD" in 'start') if [ "${interface}" != "$monif" ] then echo "Create monitor interface first" airmon=`/usr/local/sbin/airmon-ng start wlan0` else echo "Interface present = OK" fi #BETA TEST redir="2>&1" logger="/usr/bin/logger" if [ "${pid}" != "" ] then echo "Already running $name " else echo "Starting $name " start-stop-daemon --start --oknodo --background --exec $command \ -- -e $ssid -c $channel -P $interface $redir | $logger fi ;; 'stop') if [ "${interface}" == "${monif}" ] then echo "Stop monitor interface first" airmon=`/usr/local/sbin/airmon-ng stop wlan0` airmon=`/usr/local/sbin/airmon-ng stop mon0` else echo "No interface present = OK" fi if [ "${pid}" != "" ] then `/bin/kill ${pid} ` else echo "$name does not run anymore" fi # stop the daemons ;; *) echo "Usage: $INITNAME { start }" ;; esac echo " "