Using a RPI 3 as a safe travel access point

I have a RPI 3 running the latest Openwrt. I have a wifi usb - Edimax N150 attached. I followed this procedure https://www.makeuseof.com/tag/raspberry-pi-vpn-travel-router/. However after completing step 4 the wifi SSID Openwrt is there but on connecting to it I get the message no internet connection. The Openwrt wifi will work if I reconnect my ethernet cable. It seems to stall at obtaining IP address. Everything else seems fine. I can ping openwrt from the diagnostics page. I can see my tablet joining the Openwrt wifi on the wireless page. As anyone suceeded in getting this to work? Thanks

I am at the point of starting the setup. I have recently found that my ISP does not support IPV6 addressing. How can I configure for only IPV4? When I have used IPV6 addresses on another piece of software, I received the 'no internet connection'. I suspect that is what you are seeing? Yes, that is an uneducated guess.

Hi thanks for the response - I only use IPv4 so I should not have a problem.

I have looked at the Openwrt wifi that is being broadcast - it shows the correct DHCP server but internal ip, subnet, gateway are all empty.

Would you be able to provide some more details?

  • Which Raspberry Pi exactly do you have' Raspberry Pi 3 B?
  • how are you connecting the Pi to internet?
  • You say you have made it to step 4. This suggests that the Pi had access to internet in the previous steps. Is that right?
  • Does the PI now have internet connection? If you ping from it to an external IP or domain, does it work?

How (or where) did you look at that?

Are you able to sned the output of the following commands? Please use Pre-Formatted text tool </> to include the code, and remember to redact your MAC addresses and any passwords.

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

Hi thanks for post. I have a android app called Wifi Monitor - that gave me the network details. I have the output you requested below - Orbi14 is my home wifi - the idea is that this would be replaced by any wifi I find. Thanks again.

config interface 'loopback'                                     
       option ifname 'lo'                                      
       option proto 'static'                                   
       option ipaddr '127.0.0.1'                               
       option netmask '255.0.0.0'                              
                                                               
config interface 'lan'                                          
       option type 'bridge'                                    
       option proto 'static'                                   
       option netmask '255.255.255.0'                          
       option ip6assign '60'                                   
       option ifname 'eth0'                                    
       option ipaddr '192.168.38.1'                            
                                                               
config interface 'wwan'                                         
       option proto 'dhcp'                                     
       option peerdns '0'                                      
       option dns '8.8.8.8 8.8.4.4'                            
                                                               
config interface 'vpnclient'                                    
       option ifname 'tun0'                                    
       option proto 'none'                                     
       option type 'bridge'                                    
                                   
````config wifi-device 'radio0'                                     
       option type 'mac80211'                                  
       option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc
1:0001/mmc1:0001:1'                                             
       option legacy_rates '1'                                 
       option hwmode '11g'                                     
       option disabled '0'                                     
       option htmode 'HT20'                                    
       option country '00'                                     
       option channel '9'                                      
                                                               
config wifi-device 'radio1'                                     
       option type 'mac80211'                                  
       option hwmode '11g'                                     
       option path 'platform/soc/3f980000.usb/usb1/1-1/1-1.5/1-
1.5:1.0'                                                        
       option disabled '0'                                     
       option legacy_rates '1'                                 
       option htmode 'HT20'                                    
       option channel '3'                                      
       option country 'GB'                                     
                                                               
config wifi-iface                                               
       option device 'radio0'                                  
       option mode 'ap'                                        
       option ssid 'OpenWrt'                                   
       option encryption 'psk2'                                
       option key ''                                   
       option network 'lan'                                    
                                                               
config wifi-iface                                               
       option ssid 'ORBI14'                                    
       option encryption 'psk2'                                
       option device 'radio1'                                  
       option mode 'sta'                                       
       option bssid ''                        
       option key ''                       
       option network 'wwan'                                   
``config dnsmasq                                                  
       option domainneeded '1'                                 
       option boguspriv '1'                                    
       option filterwin2k '0'                                  
       option localise_queries '1'                             
       option rebind_protection '1'                            
       option rebind_localhost '1'                             
       option local '/lan/'                                    
       option domain 'lan'                                     
       option expandhosts '1'                                  
       option nonegcache '0'                                   
       option authoritative '1'                                
       option readethers '1'                                   
       option leasefile '/tmp/dhcp.leases'                     
       option resolvfile '/tmp/resolv.conf.auto'               
       option nonwildcard '1'                                  
       option localservice '1'                                 
                                                               
config dhcp 'lan'                                               
       option interface 'lan'                                  
       option dhcpv6 'server'                                  
       option ra 'server'                                      
       option ignore '1'                                       
       option ra_management '1'                                
                                                               
config dhcp 'wan'                                               
       option interface 'wan'                                  
       option ignore '1'                                       
                                                               
config odhcpd 'odhcpd'                                          
       option maindhcp '0'                                     
       option leasefile '/tmp/hosts/odhcpd'                    
       option leasetrigger '/usr/sbin/odhcpd-update'           
       option loglevel '4'                                     
                                                               
config dhcp 'Guest'                                             
       option start '100'                                      
       option leasetime '12h'                                  
       option limit '150'                                      
       option interface 'Guest'                                
``config defaults                                                 
       option syn_flood '1'                                    
       option input 'ACCEPT'                                   
       option output 'ACCEPT'                                  
       option forward 'REJECT'                                 
                                                               
config include                                                  
       option path '/etc/firewall.user'                        
                                                               
config zone                                                     
       option name 'Lan'                                       
       option input 'ACCEPT'                                   
       option output 'ACCEPT'                                  
       option masq '1'                                         
       option mtu_fix '1'                                      
       option forward 'REJECT'                                 
       option network 'lan'                                    
                                                               
config zone                                                     
       option name 'wan'                                       
       option input 'ACCEPT'                                   
       option output 'ACCEPT'                                  
       option forward 'REJECT'                                 
       option masq '1'                                         
       option mtu_fix '1'                                      
       option network 'wan wan6 ORBI14'  `

Sorry I did not answer all your questions.
1 Raspberry 3B.
2 I followed the MakeUseOf procedure - setup on ethernet then flipped to wifi at step 4.
3 Yes - it's fully internet connected when the ethernet cable is attached.
4 The Pi is on my wifi network (no ethernet cable attached) and I can ping it from my android tablet. Fing sees the Pi has Edimax technology with fits with the idea that the radio1 I created will pick up whatever wifi is broadcasting.

You should replace ORBI1 with wwan.

By the way, your choice of channels isn't good. Try to stick to 1, 6 and 11.

Thanks for checking these files. I changed ORBI to wwan and moved both wirelesses to channel 1 - which is quite clear on my network. No success however. I see the OpenWrt wifi ssid but if I connect my phone I still get the error no internet connection. My android tablet gets stuck at obtaining ip address for Openwrt. I can inspect the Pi at the ORBI address on Luci. It shows my tablet trying to connect then it disappears. Why does Openwrt not assign ip addresses? Thanks for your help.

Not that it will solve the issue, but it's better to have each wifi on a different channel.

What happens if you set a static IP for the tablet or any client?

I have set my tablet to static. No difference - in Luci I can see the tablet starting to join (and showing the new static address) then it falls off stuck at obtaining ip address. Could it be I have a conflict on ip address settings?

I don't think so. Even if the upstream router gives the PI wwan an IP in the same network as the AP you created, then clients still should be able to connect to the PI but routing wouldn't work.

It could be something with the driver. I'm not the best person to diagnose drivers, so my primitive advice would be to swap the WiFi adaptros (make the on-board one for the STA and the other for AP), and see which one will work. Or you could wait until Monday, maybe someone will be able to help you.

Hi No success swopping radios - just to say I swopped them in /etc/config/wireless by changing ap and sta and also swopping psk's and ssid's (is that what you wanted?). Openwrt was still there but still stuck at obtaining ip address. Naturally I lost the Edimax device so could not check on Luci. Seems I am so close but something is wrong. Strange that on the MUO web site under the comments no one said it did not work!

But you have the LAN interface, right? The idea was to check if the USB device is working properly.

You should avoid editing configuration files directly unless you are sure what you re doing. Changing things form LuCI or uci commands i safer.

I don't know about this particular guide, but the the concept itself should work. It could be very well something with the USB device driver.

Also if and when you get past that point, leave the VPN till the very end, just to make sure all devices work first before adding the complication of the VPN.

I am not sure what your question means. I had the ssid Openwrt broadcasting but no internet. Should I have checked more? I am afraid I still find LuCi a bit of a mystery as I cannot understand the relationship between networks, interfaces, etc - is there a simple guide somewhere? Thanks for all your help!

What I was trying to figure is whether it's that issue USB WLAN adapter (or driver), or with something else in the setup for WWLAN Sta + AP, hence the trial of swapping them.

And when clients have no access to internet, it's usually a good idea to try to ping a public IP form within OpenWrt itself (LuCI or SSH). This helps to figure out whether the problem is at the upstream or downstream connection.

I'm confused now what works and what doesn't. If you have the PI connected to internet via cable, and providing AP via the USB adapter, do the clients have internet or not?

OK basically there are:

  • Physical interfaces: These are the actual interfaces on your device, such as the WAN or LAN ports or network cards.
  • "Virtual" interfaces: This is a layer of interfaces that use the actual physical interfaces, so that you can "bridge" more than one interface together and have them working as one. The networks are made of these interfaces. For example, in a typical router with a switch and APs, you would have the default configuration with a bridge of the 4 LAN ports and the APs combined in a network interface called LAN
  • Zones: These are the firewall zones, as you assign a zone of each network. In a defualt set up, these zones are given the same name of their networks (e.g. lan zone for WAN network, and lan zone for LAN network), but that's not a must.

image

As for the guide, I'm not sure if there is a quick one, but the documentations are here

Hi thanks for all this info - I very much appreciate your efforts to help me. I will try to answer your question tomorrow. I can connect the pi to ethernet via cable in it's current mode. Then swop ap and sta and with the pi cable connected see what the status is.

Hi when the pi is connected through the ethernet cable I have an internet connection and can get onto the web. When I swop the sta and ap then I lose the ORBI ip address for the pi and there is no ssid Openwrt. So I cannot contact the pi at all.

If I now add the internet cable back this also fails to link to the pi - no ip address no openwrt.

I have done some research on the driver. If I do lsusb I can see the N150 adaptor - the driver displayed is RTL8188cus. From the Openwrt package list I am using RTL8192cu - there is no RTL8188cus in the package list. I did find some web sites which said 8192cu was okay.
There is a RTL8188eu - I will try that! Maybe someone will be able to comment on this. Thanks for helping.