Setup Hotspot on Raspberry Pi OS with second usb wifi connected to Freifunk
# Tested on Raspberry 400 with latest Raspberry Pi OS (64-bit) bullseye
# This is a list of all needed commands
# You should fairly know what you do
# Predictable names in raspi-config does not work on internal devices
# We rename our network devices ourselves
sudo su
# Show network devices and their MAC adresses
ip l
# Internal wifi has the same MAC in the beginning like eth0
export MAC_WLAN_INT=xx:xx:xx:xx:xx:xx
export MAC_WLAN_USB=xx:xx:xx:xx:xx:xx
cat << EOF > /etc/systemd/network/19-onboard_wifi_hotspot.link
[Match]
MACAddress=$MAC_WLAN_INT
[Link]
Name=hotspot
EOF
cat << EOF > /etc/systemd/network/20-freifunk.link
[Match]
MACAddress=$MAC_WLAN_USB
[Link]
Name=freifunk
EOF
# Reboot
sudo su
# check, if your changes are working
ip l
# Set SSID of Freifunk Router as a range extender
export FREIFUNK=freifunk.net
# Set Hotspot Password
export PW="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
# Set Hotspot SSID
export SSID="XXXXXXXX"
# Set country code in the Format DE (Germany) or US or ....
export COUNTRY-CODE="XX"
apt update
apt install dnsmasq hostapd
cat << EOF >> /etc/network/interfaces
# Freifunk
auto freifunk
iface freifunk inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
EOF
cat << EOF >> /etc/wpa_supplicant/wpa_supplicant.conf
network={
ssid="$FREIFUNK"
scan_ssid=1
key_mgmt=NONE
}
EOF
systemctl restart networking
cat << EOF >> /etc/dhcpcd.conf
# Hotspot_Settings
interface hotspot
static ip_address=192.168.1.1/24
nohook wpa_supplicant
EOF
systemctl restart dhcpcd
mv /etc/dnsmasq.conf /etc/dnsmasq.conf_$(date +%Y%m%e%H%M%S)
cat << EOF > /etc/dnsmasq.conf
# DHCP-Server active for Hotspot
interface=hotspot
# DHCP-Server not activ for
no-dhcp-interface=eth0 freifunk
# IPv4-Adressrange and Lease-Time, infinite is perhaps better than 24h lease time
dhcp-range=192.168.1.100,192.168.1.200,255.255.255.0,24h
# DNS
dhcp-option=option:dns-server,192.168.1.1
EOF
#dnsmasq --test -C /etc/dnsmasq.conf
systemctl restart dnsmasq
systemctl enable dnsmasq
systemctl status dnsmasq
cat << EOF > /etc/hostapd/hostapd.conf
# Hotspot Settings
# Interface
interface=hotspot
# Wifi-Configuration
ssid=$SSID
channel=1
hw_mode=g
ieee80211n=1
ieee80211d=1
country_code=$COUNTRY-CODE
wmm_enabled=1
# Wifi-Encryption
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=$PW
EOF
chmod 600 /etc/hostapd/hostapd.conf
cat << EOF >> /etc/default/hostapd
# Hotspot_Setting
RUN_DAEMON=yes
DAEMON_CONF="/etc/hostapd/hostapd.conf"
EOF
systemctl unmask hostapd
systemctl start hostapd
systemctl enable hostapd
systemctl status hostapd
cat << EOF >> /etc/sysctl.conf
# Hotspot_Setting
net.ipv4.ip_forward=1
EOF
# Minimal Firewallsettings, will be extended in the future
cat << EOF >> /etc/nftables.conf
table ip nat {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname "eth0" counter masquerade
oifname "freifunk" counter masquerade
}
}
EOF
systemctl start nftables
systemctl enable nftables.service
# Deactivate sudo without password, very important for security!!!
# Be carefull!!! Danger of locking out yourself from sudo!!!!
# As a backupsolution, start a second terminal, gain root:
sudo su
cp /etc/sudoers.d/010_pi-nopasswd .
# If your username is pi change the line to:
visudo /etc/sudoers.d/010_pi-nopasswd pi ALL=(ALL) ALL
# else
yourusername ALL=(ALL) ALL