WiFiAP on PI

From Coolscript
Revision as of 19:19, 4 March 2023 by Admin (talk | contribs) (→‎HW Test)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

This is a short setup description of how you could run a WiFi Access Point on a Raspberry.

  • Requirements
    • Raspberry PI Modell B
    • 5V/1A Power Unit
    • Logilink WLAN USB 2.0 Nano Adapter 150Mbps
    • Debian Wheezy
  • Kernel Info:
root@raspberrypi:~# uname -a
Linux raspberrypi 3.6.11+ #474 PREEMPT Thu Jun 13 17:14:42 BST 2013 armv6l  GNU/Linux
  • Wireless Adapter
root@raspberrypi:~# lsusb
Bus 001 Device 004: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter
  • Install additional packages required for hostap:
apt-get install hostapd wireless-tools dnsmasq iw bridge-utils

Sample WiFi Bridge

  • /etc/network/interfaces
auto lo
iface lo inet loopback
allow-hotplug eth01
iface eth0 inet static
 address   192.168.2.26
 broadcast 192.168.2.255
 netmask   255.255.255.0
 gateway   192.168.2.1
 dns-nameservers 192.168.2.1
 # default route to access subnet
 up route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1 eth0
# WLAN Interface
allow-hotplug wlan0
iface wlan0 inet manual
#Bridging 
auto br0
iface br0 inet static
 address   192.168.2.120
 broadcast 192.168.2.255
 netmask   255.255.255.0
 gateway   192.168.2.1
 dns-nameservers 192.168.2.1
 bridge_ports eth0 wlan0
 bridge_fd 0
 bridge_stp no

Interfaces after the first reboot

root@raspberrypi:~# ifconfig
br0       Link encap:Ethernet  HWaddr b8:27:eb:c5:09:fa
         inet addr:192.168.2.120  Bcast:192.168.2.255  Mask:255.255.255.0
         inet6 addr: fe80::ba27:ebff:fec5:9fa/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:86 errors:0 dropped:0 overruns:0 frame:0
         TX packets:79 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:7597 (7.4 KiB)  TX bytes:9633 (9.4 KiB)
eth0      Link encap:Ethernet  HWaddr b8:27:eb:c5:09:fa
         inet addr:192.168.2.26  Bcast:192.168.2.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:94 errors:0 dropped:0 overruns:0 frame:0
         TX packets:79 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:11413 (11.1 KiB)  TX bytes:10525 (10.2 KiB)
lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
wlan0     Link encap:Ethernet  HWaddr 7c:dd:90:30:ba:ef
         UP BROADCAST MULTICAST  MTU:1500  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


Hostapd Config

  • /etc/hostapd/hostapd.conf
ctrl_interface=/var/run/hostapd
###############################
# Basic Config
###############################
macaddr_acl=0
auth_algs=1
# Most modern wireless drivers in the kernel need driver=nl80211
driver=nl80211
##########################
# Local configuration...
##########################
interface=wlan0
bridge=br0
hw_mode=g
channel=1
ssid=MySID
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=something-secret
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP


Test Run - Bridged

hostapd -dd /etc/hostapd/hostapd.conf


Ifconfig after hostapd

root@raspberrypi:~# ifconfig
br0       Link encap:Ethernet  HWaddr 7c:dd:90:30:ba:ef
         inet addr:192.168.2.120  Bcast:192.168.2.255  Mask:255.255.255.0
         inet6 addr: fe80::ba27:ebff:fec5:9fa/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:407 errors:0 dropped:0 overruns:0 frame:0
         TX packets:482 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:26003 (25.3 KiB)  TX bytes:70678 (69.0 KiB)
eth0      Link encap:Ethernet  HWaddr b8:27:eb:c5:09:fa
         inet addr:192.168.2.26  Bcast:192.168.2.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:475 errors:0 dropped:0 overruns:0 frame:0
         TX packets:547 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:51638 (50.4 KiB)  TX bytes:86266 (84.2 KiB)
lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
mon.wlan0 Link encap:UNSPEC  HWaddr 7C-DD-90-30-BA-EF-00-00-00-00-00-00-00-00-00-00
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:71 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:23342 (22.7 KiB)  TX bytes:0 (0.0 B)
wlan0     Link encap:Ethernet  HWaddr 7c:dd:90:30:ba:ef
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:66 errors:0 dropped:0 overruns:0 frame:0
         TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:9608 (9.3 KiB)  TX bytes:11361 (11.0 KiB)




Sample WiFi Access Point

  • /etc/network/interfaces
auto lo
iface lo inet loopback
allow-hotplug eth01
iface eth0 inet static
 address   192.168.2.26
 broadcast 192.168.2.255
 netmask   255.255.255.0
 gateway   192.168.2.1
 dns-nameservers 192.168.2.1
 # default route to access subnet
 up route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1 eth0
# WLAN Interface / AP-Adressraum
allow-hotplug wlan0
iface wlan0 inet static
 address 192.168.0.1
 netmask 255.255.255.0
 broadcast 192.168.0.255

Interfaces after first reboot

eth0      Link encap:Ethernet  HWaddr b8:27:eb:c5:09:fa
         inet addr:192.168.2.26  Bcast:192.168.2.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:566 errors:0 dropped:0 overruns:0 frame:0
         TX packets:651 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:35754 (34.9 KiB)  TX bytes:98412 (96.1 KiB)
lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
wlan0     Link encap:Ethernet  HWaddr 7c:dd:90:30:ba:ef
         inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:227 errors:0 dropped:0 overruns:0 frame:0
         TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:19953 (19.4 KiB)  TX bytes:8509 (8.3 KiB)




DNSMASQ

  • /etc/dnsmasq.conf
interface=wlan0
no-dhcp-interface=eth0
dhcp-range=interface:wlan0,192.168.0.210,192.168.0.220,infinite


HOSTAPD

  • /etc/hostapd/hostapd.conf
ctrl_interface=/var/run/hostapd
###############################
# Basic Config
###############################
macaddr_acl=0
auth_algs=1
# Most modern wireless drivers in the kernel need driver=nl80211
driver=nl80211
##########################
# Local configuration...
##########################
interface=wlan0
#debugging
debug=4 
hw_mode=g
channel=1
ssid=MySID
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=something
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
logger_syslog=1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2

Ifconfig after hostapd

root@raspberrypi:~# ifconfig
eth0      Link encap:Ethernet  HWaddr b8:27:eb:c5:09:fa
         inet addr:192.168.2.26  Bcast:192.168.2.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:566 errors:0 dropped:0 overruns:0 frame:0
         TX packets:651 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:35754 (34.9 KiB)  TX bytes:98412 (96.1 KiB)
lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
mon.wlan0 Link encap:UNSPEC  HWaddr 7C-DD-90-30-BA-EF-00-00-00-00-00-00-00-00-00-00
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:172 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:57617 (56.2 KiB)  TX bytes:0 (0.0 B)
wlan0     Link encap:Ethernet  HWaddr 7c:dd:90:30:ba:ef
         inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:227 errors:0 dropped:0 overruns:0 frame:0
         TX packets:39 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:19953 (19.4 KiB)  TX bytes:8509 (8.3 KiB)


Success Log

#Successfull connect / syslog
Sep  6 21:44:17 raspberrypi hostapd: wlan0: STA 70:d4:f2:31:75:c4 IEEE 802.11:  associated (aid 1)
Sep  6 21:44:17 raspberrypi hostapd: wlan0: STA 70:d4:f2:31:75:c4 RADIUS:    starting accounting session 540B8020-00000000
Sep  6 21:44:17 raspberrypi hostapd: wlan0: STA 70:d4:f2:31:75:c4 WPA: pairwise key handshake completed (RSN)
Sep  6 21:44:17 raspberrypi dnsmasq-dhcp[2072]: DHCPDISCOVER(wlan0) 70:d4:f2:31:75:c4
Sep  6 21:44:17 raspberrypi dnsmasq-dhcp[2072]: DHCPOFFER(wlan0) 192.168.0.214 70:d4:f2:31:75:c4
Sep  6 21:44:18 raspberrypi dnsmasq-dhcp[2072]: DHCPDISCOVER(wlan0) 70:d4:f2:31:75:c4
Sep  6 21:44:18 raspberrypi dnsmasq-dhcp[2072]: DHCPOFFER(wlan0) 192.168.0.214 70:d4:f2:31:75:c4
Sep  6 21:44:19 raspberrypi dnsmasq-dhcp[2072]: DHCPREQUEST(wlan0) 192.168.0.214 70:d4:f2:31:75:c4
Sep  6 21:44:19 raspberrypi dnsmasq-dhcp[2072]: DHCPACK(wlan0) 192.168.0.214 70:d4:f2:31:75:c4 PLAYBOOK-99EE

Optional Firewall Init

#!/bin/bash
#Extreme easy
#Switch on routing
echo "1" > /proc/sys/net/ipv4/ip_forward
#Set log level
echo "1 4 1 7" > /proc/sys/kernel/printk
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#iptables -N my_drop -m comment --comment "Drop Access"
#iptables -A my_drop -p ICMP -j LOG --log-prefix "DROP-ICMP "
#iptables -A my_drop -p TCP -j LOG --log-prefix "DROP-TCP "
#iptables -A my_drop -p UDP -j LOG --log-prefix "DROP-UDP "
#iptables -A my_drop -j DROP
#iptables -A INPUT -j my_drop
#iptables -A FORWARD -j my_drop


HW Test

# iw list
# iwlist scan wlan0


# iw dev wlan0 scan | grep SID


Syslog/Debug

  • /etc/rsyslog.conf
!hostapd
*.*                                             /var/log/hostapd.log
  • /etc/hostap/hostap.conf
#debug   Debugging mode: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps,
            4 = excessive.


Interface gone when hostapd stops

*Add  /etc/init.d/hostapd
ifconfig wlan0 192.168.0.1



Monitoring

Get aircrack-ng

wget http://download.aircrack-ng.org/aircrack-ng-1.2-beta3.tar.gz
apt-get install iw sysfsutils libssl-dev kismet libnl-3-dev libnl-3-doc libnl- genl-3-dev tshark
cd aircrack-ng-1.2-beta3/
make
make install


  • 1: Start Airmon Monitor
airmon-ng start wlan0
  • 2: Check with aerodump
airodump-ng mon0
  • 3:Packet dump:
airodump-ng --bssid  74:31:70:B4:1A:D4 --channel 2 --write meatball mon0
    • then (testing)

aireplay-ng -0 3 -a 74:31:70:B4:1A:D4 -c C4:88:E5:B5:1F:79 mon0

  • Open Airbase to the world

airbase-ng -e NEWWORLD -c 1 -P mon0


  • Redirecting to syslso!
/usr/local/sbin/airbase-ng -e NEWWORLD -c 1 -P mon0 2>&1 | /usr/bin/logger &

Links




Sample INIT Script for airbase-ng

#!/bin/bash
CMD="$1"
ssid="NEWWORLD"
channel="1"
interface="mon0"
name="airbase-ng"
command="/usr/local/sbin/"$name
#Get Monitor by ifconfig
monif=`/sbin/ifconfig | /bin/grep $interface | /bin/sed -e 's/^  *//' -e 's/  .*//'`
#GET PID IF PRESENT
pid=`/bin/pidof $name`
##################
#Start Init Script
##################
#Check for root privileges
if (( EUID != 0 )); then
 echo "This script needs root"
 exit 1
fi
case "$CMD" in
'start')
 if [ "${interface}" != "$monif" ]
 then
  echo "Create monitor interface first"
  airmon=`/usr/local/sbin/airmon-ng start wlan0`
 else
  echo "Interface present = OK"
 fi
#BETA TEST
redir="2>&1"
logger="/usr/bin/logger"
if [ "${pid}" != "" ]
then
  echo "Already running $name "
else
 echo "Starting $name "
 start-stop-daemon --start --oknodo --background --exec $command \
      -- -e $ssid -c $channel -P $interface $redir | $logger
fi
;;
'stop')
if [ "${interface}" == "${monif}" ]
then
 echo "Stop monitor interface first"
 airmon=`/usr/local/sbin/airmon-ng stop wlan0`
 airmon=`/usr/local/sbin/airmon-ng stop mon0`
else
 echo "No interface present = OK"
fi
if [ "${pid}" != "" ]
then
  `/bin/kill ${pid} `
else
 echo "$name does not run anymore"
fi
      # stop the daemons
       ;;
*)
       echo "Usage: $INITNAME { start }"
       ;;
esac
echo " "