Rasberry Pi Access Point Bullseye OS

Raspberry Pi model 3 or 4

Create an SD-Card for a Raspberry model 3 or 4 from the Raspbian 32-bit or 64-bit disk images found on the Raspberry Pi organization website. This is done with the Raspberry Pi firmware imaging tool.

Boot the RPi from the SD Card image.

At a command prompt window, first update the operating system to the latest version.

sudo apt update
sudo apt upgrade

Now install the hostapd and dnsmasq applications.

sudo apt -y install hostapd dnsmasq

Install TD-XPAH Drivers

Following the instructions on our 'Installing Drivers' page install the Linux drivers on your Raspberry Pi. This may take some time on the RPi 3 models.

Configure hostapd

Download a configuration file from the Teledatics github server. If you do not need encryption, download the ap_halow_open.conf configuration file. If you would like to use 802.11ah SAE encryption, download the ap_halow_sae.conf configuration file. The file should saved to the /etc/hostapd directory.

Edit the configuration file and change the SSID, Wi-Fi device and encryption keys if any.

sudo nano /etc/hostapd/ap_halow_open.conf

OR

sudo nano /etc/hostapd/ap_halow_sae.conf

Change the Wi-Fi device to wlan1.

interface=wlan1

Change the SSID to your preferred value.

ssid=<your SSID value>

Change the encryption key if using SAE encryption.

wpa_passphrase=<your encryption key>

Optionally you can change the default channel from 925 MHz to another channel of your choosing. To change the channel, first comment out the 925 MHz channel line by adding a '#' character to the beginning of the line. So change...

channel=161

So that it looks like...

#channel=161

Then remove the '#' character from the channel you want. For example...

channel=2

Note that if you want to use a 4 MHz channel, you will also need to change the 'hw_mode' line from 'a' to 'g' so that it looks like...

hw_mode=g

Save the file using the command Ctrl-O and exit nano using the command Ctrl-X.

Edit the file /etc/default/hostapd and change the #DAEMON_CONF="" line to look like...

DAEMON_CONF="/etc/hostapd/ap_halow_open.conf"

OR

DAEMON_CONF="/etc/hostapd/ap_halow_sae.conf"

Make sure the line DAEMON_OPTS= is preceded by a '#' character.

#DAEMON_OPTS=""

Save the file via command Ctrl-O and exit with Ctrl-X.

Configure dnsmasq

Edit the dnsmasq.conf file.

sudo nano /etc/dnsmasq.conf

Add the following lines at the bottom of the file.

interface=wlan1
bind-dynamic 
domain-needed
bogus-priv
dhcp-range=192.168.200.100,192.168.200.200,255.255.255.0,12h

Note that the line:

dhcp-range=<IPv4 from>,<IPv4 to>,<netmask>,<lease time>

Can be changed to values appropriate to your network.

Save the file via command Ctrl-O and exit with Ctrl-X.

Configure dhcpcd.conf

The dhcpcd.conf file must be set to not control the wlan1 interface, since this will be the Access Point interface.

Edit the dhcpcd.conf file.

sudo nano /etc/dhcpcd.conf

Add the follwing lines.

interface wlan1
nohook wpa_supplicant
static ip_address=192.168.200.2/24
static routers=192.168.200.1

Note that that IP address for the TD-XPAH wlan1 device should be within the range of your local LAN IP addresses on the 'static ip_address=<IP/netmask>' line and your LAN gateway should be used on the 'static routers=<IP gateway address>' line.

Save the file via command Ctrl-O and exit with Ctrl-X.

IP Forwarding

Your RPi must be set up to forward IP addresses from your local area network to the IEEE 802.11ah devices. Edit the file /etc/sysctl.conf.

sudo nano /etc/sysctl.conf

Uncomment the forwarding line by removing the '#' character so it looks like this.

net.ipv4.ip_forward=1

Save the file via command Ctrl-O and exit with Ctrl-X.

Add Firewall Rules

Create a directory to contain new firewall rules that will forward IP addresses from your local area network to the 802.11ah devices.

sudo mkdir /etc/nftables

Create a new firewall rules file in this directory.

sudo nano /etc/nftables/nft-halow-ap.nft

Add the following lines to this file.

flush ruleset

table inet ap {
    chain routethrough {
        type nat hook postrouting priority filter; policy accept;
        oifname "eth0" masquerade
    }

    chain fward {
        type filter hook forward priority filter; policy accept;
        iifname "eth0" oifname "wlan1" ct state established,related accept
        iifname "wlan1" oifname "eth0" accept
    }
}

Save the file via command Ctrl-O and exit with Ctrl-X.

Change the permissions on this file.

sudo chmod +x /etc/nftables/nft-halow-ap.nft

Now add this file to the nft tables firewall rules.

sudo nano /etc/nftables.conf

Add the following line at the bottom of the file.

include "/etc/nftables/nft-halow-ap.nft"

Save the file via command Ctrl-O and exit with Ctrl-X.

Enable Automatic Start

Run the following lines to enable automatic startup of the hostapd and dnsmasq daemons.

sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl enable dnsmasq
sudo systemctl enable nftables

Set Region

Run the raspi-config utility and select the correct Wi-Fi country code for your region.

sudo raspi-config

The region list is vailable under the Localization Options -> WLAN Country selection.

Reboot

Reboot your Raspberry Pi and your TD-XPAH Access Point will be active.