Wifi connected ,now need to create Access Point with private dhcp

I don't want a dumb wifi link, I now need to hand out ip numbers to my own users 10.x.x.1/24
Eventually need openvpn to bridge br-lan (connected) to wlan0 (new AP) using a openVPN
I DO HAVE A USB-WIFI DEVICE wlan0 as shown on my 'ifconfig' output command.
How do I set up an AP with local net 10.xx.xx.1-10.xx.xx.n ?

Here is my ifconfig output (removed loopback and other info)

br-lan    Link encap:Ethernet  HWaddr 14:fF:0f:fF:4f:11  
          inet addr:192.182.0.20  Bcast:192.182.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9311 errors:0 dropped:8 overruns:0 frame:0
          TX packets:3697 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:955452 (933.0 KiB)  TX bytes:1438250 (1.3 MiB)

eth0      Link encap:Ethernet  HWaddr 24:33:03:ee:4e:ff  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:171845 errors:0 dropped:10 overruns:0 frame:0
          TX packets:32806 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:13163310 (12.5 MiB)  TX bytes:33399139 (31.8 MiB)

wlan0     Link encap:Ethernet  HWaddr a4:aF:a1:aF:4F:ff  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
  1. /etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
        option htmode 'VHT80'
        option disabled '0'
        option cell_density '0'

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'sta'
        option network 'wwan2'
        option ssid 'HomeSchoolLibrary'
        option bssid 'A8:8A:FF:BB:44:3A'
        option encryption 'psk2'
        option key '12345678'
  1. /etc/config/network
config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

config interface 'wwan'
        option device 'phy0-sta0'
        option dns '1.1.1.1 8.8.8.8'

config interface 'wwan2'
        option proto 'dhcp'
        option dns '1.1.1.1 8.8.8.8'
  1. /etc/config/firewall
config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'wwan2'
config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'
  1. /etc/config/dhcp
config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

What you want to do is not possible with any Raspberry Pi devices (all models), unless you use an additional wireless radio device (could be a USB wifi stick, ideally one that supports AP mode, or an ethernet connected wifi AP).

The built-in wifi chipset cannot be used in sta + AP modes simultaneously. It is only possible to use one or the other. It is a very low end and very limited capability wifi subsystem.

1 Like

Can you make a wired connection to the source of Internet? Either that or use the Ethernet port as the lan output. As @psherman said you can't have wireless in and out both on the internal radio.

I do have an additioal usb wifi device, I posted the device name as wan0 and found it by downloading drivers for it.

It is one that supports AP mode. So , how do I connect it.

Once it is connected and the related driver packages are installed, you should be able to see it as a radio device. You'll configure it in the wireless config file where you will specify that the SSID should be associated with the lan network.

The original post showed my output after installing a USB WIFI AP mode device.
br-lan is my first device which I successfully connected to free wifi
I also have wan0 a USB WIFI device installed and working

I will repost my ifconfig command output

br-lan    Link encap:Ethernet  HWaddr 14:fF:0f:fF:4f:11  
          inet addr:192.192.0.20  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9311 errors:0 dropped:8 overruns:0 frame:0
          TX packets:3697 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:955452 (933.0 KiB)  TX bytes:1438250 (1.3 MiB)

eth0      Link encap:Ethernet  HWaddr 24:33:03:ee:4e:ff  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:171845 errors:0 dropped:10 overruns:0 frame:0
          TX packets:32806 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:13163310 (12.5 MiB)  TX bytes:33399139 (31.8 MiB)

wlan0     Link encap:Ethernet  HWaddr a4:aF:a1:aF:4F:ff  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.