Raspberry Pi Wireless Access Point

A Raspberry Pi wireless access point is a great way to extend the length of your Wi-Fi coverage and provide additional access into your network.

Raspberry Pi WiFi Access Point VPN v3

In this tutorial, we will show you how to set up a wireless access point, and how to configure the multiple packages that allow users to connect to your access point as if it was a router itself.

You will need to keep in mind that a Wi-Fi dongle most likely won’t be able to handle as much traffic as a regular router. Meaning you should avoid allowing too many connections to the device to stop it from becoming too overburdened and slow.

While you can use any Wifi dongle that supports being enabled as an access point our tutorial will directly focus on how to set this up for the Raspberry Pi 3’s Wi-Fi Module. If you are using an earlier model of the Raspberry Pi you can purchase a Wi-Fi adapter that supports being utilized as an access point from numerous websites, make sure you research before buying to make sure it works on the Raspberry Pi.

This tutorial can be combined well with our VPN Access Point tutorial. The VPN access point tutorial will show how to set up an OpenVPN client and redirect all traffic through that client.

Equipment List

Below are all the bits and pieces that I used for this Raspberry Pi Wireless Access Point tutorial, there is nothing super special that you will need to be able to complete this.

Recommended

Optional

Setting up the Wireless Access Point

As with most tutorials I do, this one just uses a clean version of Raspbian that has been updated to the latest packages.

To set up the Raspberry Pi wireless access point we will be making the use of two packages. These two packages are hostapd and dnsmasq. hostapd is the package that allows us to utilize a Wi-Fi device as an access point, in our case, we will be utilizing this to turn the Raspberry Pi 3’s Wi-Fi into our access point.

dnsmasq acts as both a DHCP and DNS server so that we can assign IP addresses and process DNS requests through our Raspberry Pi itself.

Luckily dnsmasq is easy to set up and configure. It also has the advantage that it is somewhat lightweight in comparison to isc-dhcp-server and bind9 packages.

Remember for this you will need to be utilizing an ethernet network connection and not your Wi-Fi connection.

1. Before we get started installing and setting up our packages, we will first run an update on the Raspberry Pi by running the following two commands.

sudo apt update
sudo apt upgrade

2. With that done we can now install our two packages, run the following command to install hostapd, dnsmasq and iptables.

sudo apt install hostapd dnsmasq iptables

3. Now that we have the packages installed we don’t want them running yet as we haven’t configured them correctly.

Stop the packages from running by utilizing the following two commands in the terminal. These commands will tell the system manager to stop the dnsmasq and hostapd services.

sudo systemctl stop hostapd
sudo systemctl stop dnsmasq

4. With hostapd and dnsmasq now stopped we will want to modify our dhcpd configuration so that we can take control of the wlan0 interface.

With this file, we will be setting ourselves a static IP Address as well as telling it not to make use of the wpa_supplicant file so we can configure it purely as an access point to our device.

Run the following command on your Raspberry Pi to begin modifying the dhcpcd.conf file.

sudo nano /etc/dhcpcd.conf

5. Within this file we need to add the following line to the bottom, this will set up our wlan0 interface to the way we want it for our tutorial.

If you have upgraded to Raspbian Stretch then wlan0 may need to be changed, if you are using the Raspberry Pi 3 or the Pi Zero W’s inbuilt wifi you can continue using wlan0. Use the ifconfig command to see what the new names are, they’re likely quite long. You will need to update any reference to the new values throughout this tutorial.

interface wlan0
    static ip_address=192.168.220.1/24
    nohook wpa_supplicant

Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.

6. Now we need to restart our dhcpd service so it will load in all our configuration changes. To do this run the following command to reload the dhcpd service.

sudo systemctl restart dhcpcd

7. Next, we need to adjust our hostapd configuration, to do this we need to begin editing the config file with the following command.

sudo nano /etc/hostapd/hostapd.conf

8. In this file we need to write out the following lines, these basically set up how we want to interact with the wlan device. The only real lines you should worry about in this file is the ssid= line and the wpa_passphrase= line.

As a general rule of thumb, you should try and make your WPA Passphrase longer than 6 characters to help keep your connection secure.

NOTE: If you are doing this tutorial with a different Wi-Fi device then the inbuilt Pi 3 one, you may have to also change the driver= line to the best driver for your device, Google will be your friend for working out what the best driver to use is.

interface=wlan0
driver=nl80211

hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=0
macaddr_acl=0
ignore_broadcast_ssid=0

auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# This is the name of the network
ssid=Pi3-AP
# The network passphrase
wpa_passphrase=pimylifeup

Remember to change wpa_passphrase to your own password, make sure you set it to something secure so random people can’t just connect into your Wi-Fi access point.

Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.

9. With that done we should now have our hostapd configuration, but before it can be used we need to edit two files. These files are what hostapd will read to find our new configuration file.

To begin editing the first of these two files run the following command.

sudo nano /etc/default/hostapd

10. In this file, we need to find the following line and replace it.

Find:

#DAEMON_CONF="" 

Replace with:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.

11. Now we need to edit the second configuration file, this file is located within the init.d folder. We can edit the file with the following command:

sudo nano /etc/init.d/hostapd

12. In this file, we need to find the following line and replace it.

Find:

DAEMON_CONF= 

Replace with:

DAEMON_CONF=/etc/hostapd/hostapd.conf

Now we can save and quit out of the file by pressing Ctrl +X then pressing Y and then Enter.

13. With hostapd now set up, we need to move onto setting up dnsmasq. Before we begin editing its configuration file we will rename the current one as we don’t need any of its current configurations.

We can do this with the following mv command on our Raspberry Pi.

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

14. Now that the original configuration file has been renamed we can begin by creating our own new configuration file. We will create and edit the new file with the nano command.

sudo nano /etc/dnsmasq.conf

15. To this file add the following lines.

These lines tell the dnsmasq service how to handle all the connections coming through and what interface it should be handling them for.

interface=wlan0       # Use interface wlan0  
server=1.1.1.1       # Use Cloudflare DNS  
dhcp-range=192.168.220.50,192.168.220.150,12h # IP range and lease time  

Now we can save and quit out of the file by pressing Ctrl + X then pressing Y and then Enter.

16. Next, we need to configure your Raspberry Pi so that it will forward all traffic from our wlan0 connection over to our ethernet connection.

First, we must enable it through the sysctl.conf configuration file, so let’s begin editing it with the following command.

sudo nano /etc/sysctl.conf

17. Within this file, you need to find the following line and remove the # from the beginning of it.

Find:

#net.ipv4.ip_forward=1

Replace with:

net.ipv4.ip_forward=1

18. Now since we are impatient and don’t want to wait for it to enable on next boot we can run the following command to activate it immediately.

sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"

19. With IPv4 Forwarding now enabled we can configure a NAT between our wlan0 interface and our eth0 interface. Basically, this will forward all traffic from our access point over to our ethernet connection.

Run the following commands to add our new rules to the iptable.

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

20. The iptable is flushed on every boot of the Raspberry Pi so we will need to save our new rules somewhere so they are loaded back in on every boot.

To save our new set of rules run the following command.

sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"

21. Now with our new rules safely saved somewhere we need to make this file be loaded back in on every reboot. The most simple way to handle this is to modify the rc.local file.

Run the following command to begin editing the file.

sudo nano /etc/rc.local

22. Now we are in this file, we need to add the line below. Make sure this line appears above exit 0. This line basically reads the settings out of our iptables.ipv4.nat file and loads them into the iptables.

Find:

exit 0

Add above “exit 0”:

sudo hostapd /etc/hostapd/hostapd.conf &
iptables-restore < /etc/iptables.ipv4.nat

Now we can save and quit out of the file by pressing CTRL + X then pressing Y and then ENTER.

23. Finally, all we need to do is start the two services and enable them in systemctl. Run the following two commands.

sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd
sudo service dnsmasq start

24. Now you should finally have a fully operational Raspberry Pi wireless access point, you can ensure this is working by using any of your wireless devices and connecting to your new access point using the SSID and WPA Passphrase that was set earlier on in the tutorial.

To ensure everything will run smoothly it’s best to try rebooting now. This will ensure that everything will successfully re-enable when the Raspberry Pi is started back up. Run the following command to reboot the Raspberry Pi.

sudo reboot

This is yet another great project for the Raspberry Pi that can be extended to make it an extremely useful utility. As I mentioned above you can make this a WiFi access node where you can route all the internet traffic through a VPN.

I hope this Raspberry Pi Wireless access point tutorial has helped you be able to expand your wireless network. If you come across any issues or have some feedback related to this tutorial, then please don’t hesitate to leave a comment below.

76 Comments

  1. Avatar for Adam K
    Adam K on

    Whereas I had used this guide and others successfully for quite some time, I have not been able to establish a successful AP (and subsequently VPN AP) since the last major OS update. Issues with setting consistently the wifi country, wpa_supplicant, etc. As of 9-6-22, Rasp supports NetworkManager, and using that to set up the AP has been successful and MUCH easier. Even routing the AP through a VPN is basically handled automatically through nftables. Perhaps consider the NetworkManager method instead of the dhcpcd method?

    1. Avatar for Emmet
      Emmet on
      Editor

      Hi Adam,

      Sorry to hear that you have been having issues with this guide and the current version of Raspberry Pi OS.

      Thank you for your suggestion, I will look into writing a guide that uses NetworkManager instead and offer is as an alternative to this one.

      Cheers,
      Emmet

    2. Avatar for Adam K
      Adam K on

      It’s not an issue with the guide – my understanding is its a glitch with the newest OS. Supposedly raspi-config in that the newest version cannot pull the wifi country code from the wpa_supplicant if there is a nohook set on an interface, which then renders wifi unusable. It’s inconsistent though, as some people experience it and others apparently don’t. NetworkManager appears not to experience the issue, at least for now.

  2. Avatar for Ravindra
    Ravindra on

    On RPi 4 B with Bullseye-arm64:
    I had to add:
    sudo apt install iptables
    at the beginning of 19.

    then added not on but two lines above exit 0 in 22.

    sudo hostapd /etc/hostapd/hostapd.conf&
    iptables-restore < /etc/iptables.ipv4.nat

    Now it works!!
    Thanks!

    1. Avatar for tuukkato
      tuukkato on

      Just setting up Raspi 4 B with Bullsey 64bit – I confirm Ravindra’s observation – recommend inserting that suggestion to the original article ! T

    2. Avatar for Prairiedog
      Prairiedog on

      After following to the letter everything works until I reboot. If I add to /etc/rc.local

      sudo systemctl stop hostapd
      sudo systemctl start hostapd

      it will work. This is a back method I am sure. How should I make it clean?

    3. Avatar for Emmet
      Emmet on
      Editor

      Hi,

      Can you try getting the status of hostapd while it is broken (Before you run the two commands to stop and start the service).

      You can retrieve the status of the hostapd service by running the following command.

      sudo systemctl status hostapd

      Cheers,
      Emmet

    4. Avatar for Prairiedog
      Prairiedog on

      without the reset –

      sudo systemctl status hostapd
      ● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet
           Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; vendor preset: enabled)
           Active: active (running) since Mon 2022-08-29 19:10:34 CDT; 1min 19s ago
             Docs: man:hostapd(8)
          Process: 456 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS ${DAEMON_CONF} (code=exit>
         Main PID: 481 (hostapd)
            Tasks: 1 (limit: 780)
              CPU: 145ms
           CGroup: /system.slice/hostapd.service
                   └─481 /usr/sbin/hostapd -B -P /run/hostapd.pid -B /etc/hostapd/hostapd.conf
      
      Aug 29 19:10:34 raspberrypi systemd[1]: Starting Access point and authentication server for Wi-Fi and Etherne>
      Aug 29 19:10:34 raspberrypi hostapd[456]: Configuration file: /etc/hostapd/hostapd.conf
      Aug 29 19:10:34 raspberrypi hostapd[456]: Using interface wlan0 with hwaddr b8:27:eb:12:89:6d and ssid "Pi3-A>
      Aug 29 19:10:34 raspberrypi hostapd[456]: wlan0: interface state UNINITIALIZED->ENABLED
      Aug 29 19:10:34 raspberrypi hostapd[456]: wlan0: AP-ENABLED
      Aug 29 19:10:34 raspberrypi systemd[1]: Started Access point and authentication server for Wi-Fi and Ethernet.
    5. Avatar for Emmet
      Emmet on
      Editor

      Hmm there isn’t anything super obvious as to why hostapd won’t be working correctly.

      Unless for some reason hostapd is starting up before the network stack is fully up. Will try and find time to find a better workaround, but for now what you are using should work fine.

      Cheers,
      Emmet

    6. Avatar for aa22
      aa22 on

      I can also confirm the same issue as prairiedog. AP does not broadcast after reboot. Successful broadcast after restarting hostapd, but furthermore I cannot connect to the AP – won’t assign IP address.

  3. Avatar for Jeroen
    Jeroen on

    Hi!

    I did this to my old raspberry Pi 1 B+ last week and just now I took an old EeePc 4G, installed debian with console only and did the exact same thing 🙂 Working pretty solid!

  4. Avatar for Alan
    Alan on

    I’ve had it running for over a year, backed up my SD card and put it away so as not to loose it. It’s better than the version on raspberrypi.org, something in the setup is more clear. I’ve downloaded hundreds of gigabytes through it.

  5. Avatar for Gavin
    Gavin on

    Great article. I’ve tried a different version of this on another site that didn’t work – but this one worked first time.

  6. Avatar for Anon
    Anon on

    A couple notes to consider:
    1 – Setup the DNS Server to be a VPN/Secure DNS server to help guard against DNS leaks (this would be in place of 1.1.1.1).
    2 – Limit the DHCP to, say, 10 (192.168.220.20 throught .30) as the Pi can only do so much (unless you have a better/newer pi).

  7. Avatar for Alan Corey
    Alan Corey on

    Works better than the one on the Pi site. I’ve had it up and running off EasyTether for 5 days. Now I’m looking for a way to impose a daily bandwidth quota on a specific MAC address whose excessive use got me into this mess. I guess I should poke around the iptables site.

  8. Avatar for karloliveryoung
    karloliveryoung on
    Premium

    Hi,

    Thanks for the tutorial but i’m running into a problem when i input:
    sudo service hostapd start

    I receive:
    Failed to start hostapd.service: Unit hostapd.service is masked.

    Thanks.

    1. Avatar for karloliveryoung
      karloliveryoung on
      Premium

      Hi,

      So I found this and it is now working:

      sudo systemctl unmask hostapd
      sudo systemctl enable hostapd
      sudo systemctl start hostapd

      Thanks!

    2. Avatar for TK
      TK on

      This did not work for me. I got the same error message, but some digging told me that the driver was wrong. Made no sense as that IS the driver. I ended up just commenting out the driver line in hostapd.conf to see if that would work (since wlan0 was functioning without hostapd started). Lo and behold, it’s working now as I’m typing this from a computer connected to my Pi.

  9. Avatar for Tomas
    Tomas on

    In step 5 you say:

    “If you have upgraded to Raspbian Stretch then wlan0 may need to be changed”

    I do have Raspbian stretch, but I’m unsure what to do in this step. Change wlan0 into what?

    1. Avatar for Gus
      Gus on
      Editor

      Hi Tomas,

      When Raspbian Stretch first released they had predictable network names switched on which caused the network names to be different. As stated in the step, ifconfig can be used to find the new name.

      However, they have since reverted the change so you can continue using wlan0.

      I hope this helps.

  10. Avatar for Pifan
    Pifan on

    Worked like charm

    Thank you

    Raspberry Pi2 + TP-Link Wifi Adapter

  11. Avatar for ko0oke
    ko0oke on

    i have a problem when doning sudo service hostapd start to start the AP it start for 20 Second then it stop ?? any solotion

    1. Avatar for Gus
      Gus on
      Editor

      Hey ko0oke,

      When it stops does it report any issues?

      Cheers

  12. Avatar for Alistair
    Alistair on

    Hello,

    What is the second command to be run in step 5?

    1. Avatar for Gus
      Gus on
      Editor

      Hey Alistair,

      That was a leftover from the guide as we have been updating this to work better with newer versions of Raspbian. There is no second command to run.

      Cheers

  13. Avatar for Azsde
    Azsde on

    I had an issue with dnsmasq not running at startup, here’s how i fixed it:

    Step 1, edit the file /lib/systemd/system/dnsmasq.service:

    sudo nano /lib/systemd/system/dnsmasq.service

    Add the following line before “ExecStartPre=/sur/sbin/dnsmasq –test”:

    ExecStartPre=/bin/sleep 30

    Save and exit

    Step 2, enable automatic startup

    sudo systemctl enable dnsmasq.service

    Reboot and it should be working.

    sudo systemctl enable dnsmasq.service

  14. Avatar for Yuuki
    Yuuki on

    Hi, love this project! Made it work on Jessie, but now I have to try it again on Stretch and it’s a bit tough, particularly at step 6 where configuring the static IP address is not accomplished in the same way anymore.

    Help would be really appreciated! Thanks for all the cool stuff you do to keep our Pis an active and productive project.

    1. Avatar for Leuy
      Leuy on

      The whole stretch static IP thing drove me bonkers. Eventually I found out enough to understand that the debian network guys don’t expect the new dhcpcd stuff to work for everyone, just people who want things to be mostly automatic.

      If you want to continue to do things the old way, using the /etc/network/interfaces file, just disable dhcpcd and enable traditional debian networking.

      sudo systemctl disable dhcpcd
      sudo systemctl enable networking

      Then pretend you are on Jessie or before.

  15. Avatar for Joe Elliott
    Joe Elliott on

    Great tutorial. I had to remove “[DSSS_CCK-40]” from the ht_capab list in order for it to work…I’m not sure why.

    I’m also seeing speeds that are pretty reduced from my home wifi. (20mbs vs+50mbs) anyone have a good answer to why?

  16. Avatar for Timothy
    Timothy on

    hello, I get to the part where it shows up under connections under wifi on my phone, but when i connect it says “no internet connection” but ethernet is set up and its connected to my home wifi network any suggestions?

    1. Avatar for Porscha Lucio
      Porscha Lucio on

      I am also having the same problem.

  17. Avatar for Robert
    Robert on

    Hi,
    I have the problem that my Huawei Smartphone and other devices lost the Pi Wifi after a few hours and i can not connect to them.
    I restart the Pi2 with the Wifi Dongle Edimax and after a few Moment i can connect to the Pi.
    Any reason why this?

  18. Avatar for Yuuki Sakai
    Yuuki Sakai on

    Wonderful tutorial, thank you for helping me with something a new user can start off with.

    I’d love to run through this, but I’m concerned that if I turn my RPI into a WiFi hotspot that I’ll lose the pi’s regular WiFi functionality when I want to switch back to using my pi through the home router (not supplying a connection to my other devices through the pi). Is this so?

    Thanks

  19. Avatar for Karl
    Karl on

    Hi,

    First off I’d like to thank you for the tutorial, I’ve managed get the AP and VPN setup but I’m having trouble with DNS leak. When I test for DNS leak I see both google and my ISP (BT), I’ve added the lines:

    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf

    at the bottom of the xxxxxxx.ovpn file and this now gives me just my ISP during DNS leak test.

    My question is can I change to my own specified DNS setting rather than the ones provided by my router?

    Thanks

    1. Avatar for Evan Thompson
      Evan Thompson on

      Not sure if this will be any help but it sounds similar to the problem I’ve had.

      Run the following commands
      sudo apt-get install bind9
      sudo nano /etc/bind/named.conf.options

      Add the following lines to named.conf.options

      forwarders {
      8.8.8.8;
      8.8.4.4;
      };

      This will ensure that Google DNS are used.

      Then run the following commands:
      sudo service bind9 restart
      sudo update-rc.d bind9 enable

      I found that the DNS leak test only found Google DNS (reported as Belgium).
      This seems to allow me to access NowTV, but unfortunately Amazon Prime is still not working.

  20. Avatar for Andy McGirr
    Andy McGirr on

    I have completed the above set up without too much issue.

    However despite running the hostapd and dnsmasq service the Pi3-AP is not sowing up in my list of available connections?

    Please advise

    1. Avatar for Bill
      Bill on

      I have the same problem. I completed the tutorial without issue but it is not showing up as an available connection on any of my devices

    2. Avatar for Phil
      Phil on

      Same here, all seemed to install fine. But access point doesn’t seem to be broadcasting. Any ideas?

    3. Avatar for Tarik
      Tarik on

      Before running

      sudo service hostapd start

      you should run

      sudo service hostapd stop

      and then run

      sudo service hostapd start

      It starts working this way.

    4. Avatar for Jon Howard
      Jon Howard on

      I am running in to the same issue. Tutorial runs perfect. AP not showing up. sudo service hostapd stop and sudo service hostapd start don’t seem to fix it. Any suggestions?

Leave a Reply

Your email address will not be published. Required fields are marked *