A Wi-Fi access point (AP) connects a Thread network to the internet.
A Raspberry Pi 3B (RPi3B) functioning as an OpenThread Border Router (OTBR) may also serve as a Soft Access Point (SoftAP). This SoftAP acts as a DHCP server to assign IPv4 addresses to the RPi3B and any devices used as External Commissioners.
The BeagleBone Black does not have built-in Wi-Fi support, and cannot be used as a Wi-Fi Access Point.
All configuration and terminal commands occur on a RPi3B running OTBR. See Build and Configuration for more information.
The RPi3B must be connected to the internet via Ethernet (eth0 interface, as
displayed in the output of the ifconfig command) to successfully serve as a
SoftAP.
If you ran the OTBR setup script without disabling NETWORK_MANAGER, as
described in Build and
Configuration, the Wi-Fi
AP has already been configured. Skip down to Using Network
Manager for more information.
Install packages
Three packages are required:
hostapd— Allows use of a device's built-in Wi-Fi radio as an APdnsmasq— A combined DHCP and DNS servertayga— Stateless NAT64
sudo apt-get install hostapd dnsmasq taygaConfigure static IPv4 addresses
In newer Raspbian versions, interface configuration is handled by dhcpcd by
default. Disable dhcpcd for the interface and manually configure static IPv4
addresses for the SoftAP.
- Update
dhcpcdto ignore thewlan0(Wi-Fi) interface:- Open the
dhcpcdconfiguration file:sudo vim /etc/dhcpcd.conf - Add the following line to the end of the file:
denyinterfaces wlan0
- Open the
- Configure static IPv4 addresses on the
wlan0interface:- Create a configuration file for the
wlan0interface:sudo vim /etc/network/interfaces.d/wlan0 - Add the following configuration parameters to the
wlan0file:allow-hotplug wlan0iface wlan0 inet staticaddress 192.168.1.2netmask 255.255.255.0network 192.168.1.0broadcast 192.168.1.255
- Create a configuration file for the
Configure hostapd
- Create a new
hostapdconfiguration file:sudo vim /etc/hostapd/hostapd.conf Add the following configuration parameters to
hostapd.conf:# The Wi-Fi interface configured for static IPv4 addresses interface=wlan0 # Use the 802.11 Netlink interface driver driver=nl80211 # The user-defined name of the network ssid=BorderRouter-AP # Use the 2.4GHz band hw_mode=g # Use channel 6 channel=6 # Enable 802.11n ieee80211n=1 # Enable WMM wmm_enabled=1 # Enable 40MHz channels with 20ns guard interval ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] # Accept all MAC addresses macaddr_acl=0 # Use WPA authentication auth_algs=1 # Require clients to know the network name ignore_broadcast_ssid=0 # Use WPA2 wpa=2 # Use a pre-shared key wpa_key_mgmt=WPA-PSK # The network passphrase wpa_passphrase=12345678 # Use AES, instead of TKIP rsn_pairwise=CCMP
Set this new configuration file as the default daemon:
- Open the default configuration file:
sudo vim /etc/default/hostapd - Enable the
DAEMON_CONFparameter and point it to the newhostapdconfiguration file:DAEMON_CONF="/etc/hostapd/hostapd.conf"
- Open the default configuration file:
Bootstrap the
hostapddaemon automatically upon reboot:- Unmask and manually start
hostapdin case it is masked:sudo systemctl unmask hostapdsudo systemctl start hostapd - Create a service configuration file for
hostapd:sudo vim /etc/systemd/system/hostapd.service Add the following configuration parameters to
hostapd.service:[Unit] Description=Hostapd IEEE 802.11 Access Point After=sys-subsystem-net-devices-wlan0.device BindsTo=sys-subsystem-net-devices-wlan0.device [Service] Type=forking PIDFile=/var/run/hostapd.pid ExecStart=/usr/sbin/hostapd -B /etc/hostapd/hostapd.conf -P /var/run/hostapd.pid [Install] WantedBy=multi-user.target
Open the
/etc/rc.localfile:sudo vim /etc/rc.localAdd the following at the end of the file, before the
exit 0line:sudo service hostapd start
- Unmask and manually start
Verify the access point
Once hostapd is configured, the SoftAP should be live (though without internet
connectivity).
To verify, reboot the RPi3B:
sudo rebootAfter reboot, check for wireless networks on another device. You should see the BorderRouter-AP SSID.
Configure dnsmasq
- For ease of configuration, if a default
dnsmasqconfiguration file already exists on your system, move it and create a new one:sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.origsudo vim /etc/dnsmasq.conf Add the following configuration parameters to
dnsmasq.conf:# The Wi-Fi interface configured for static IPv4 addresses interface=wlan0 # Explicitly specify the address to listen on listen-address=192.168.1.2 # Bind to the interface to make sure we aren't sending things elsewhere bind-interfaces # Forward DNS requests to the Google DNS server=8.8.8.8 # Don't forward short names domain-needed # Never forward addresses in non-routed address spaces bogus-priv # Assign IP addresses between 192.168.1.50 and 192.168.1.150 with a 12 hour lease time dhcp-range=192.168.1.50,192.168.1.150,12h
The
bind9service might conflict withdnsmasqduring start up. To ensure there is no conflict, update thebind9service to not start untildnsmasqhas started. Open the/lib/systemd/system/bind9.servicefile:sudo vim /lib/systemd/system/bind9.serviceModify the
Afterparameter sobind9starts afterdnsmasq:"After=network.target dnsmasq.service"
Configure NAT
Network Address Translation (NAT) is a method of translating IP addresses while packets are in transit. NAT64 translates addresses between IPv6 and IPv4.
OTBR uses tayga for stateless NAT64, iptables for
stateful NAT44, and combines the two to provide stateful NAT64. This allows
Thread devices to communicate with IPv4 hosts. See the
Tayga documentation for more information.
Configure tayga
- Create the configuration:
- Open the
/etc/tayga.conffile:sudo vim /etc/tayga.conf - Update the file with the following configuration:
prefix 64:ff9b::/96 dynamic-pool 192.168.255.0/24 ipv6-addr 2001:db8:1::1 ipv4-addr 192.168.255.1
- Open the
- Enable
tayga:- Open the
/etc/default/taygafile:sudo vim /etc/default/tayga - Change the
RUNparameter toyes:RUN="yes"
- Open the
In this configuration, ipv6-addr is optional. If ipv6-addr is not defined,
tayga generates it for you from the prefix parameter.
Configuration parameters
| Parameter | Description |
|---|---|
prefix | Since Tayga provides stateless NAT64, a /96 or greater prefix is required to map all of IPv4 to IPv6. This parameter should be an unused /96 prefix from your IPv6 address range. For OTBR, use the Well-Known Prefix (64:ff9b::/96) to enable automatic address translation. |
dynamic-pool | Required for Tayga to map IPv6 to IPv4. Set to an IPv4 network. |
ipv6-addr | Required for Tayga to act as an IPv6 router. When using the Well-Known Prefix for the prefix parameter, this address should be one that is not included in prefix. |
ipv4-addr | Required for Tayga to act as an IPv4 router. This address should be one that is included in dynamic-pool. |
Enable forwarding
- Enable IPv4 and IPv6 forwarding:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" - To ensure IPv4 forwarding remains enabled after reboot, also update the
sysctlconfiguration file:- Open the
/etc/sysctl.conffile:sudo vim /etc/sysctl.conf - Uncomment the IPv4 forwarding parameter and ensure it's set to 1:
net.ipv4.ip_forward=1
- Open the
- Configure NAT with
iptables:- Enable NAT 44:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE - Configure FILTER between the
wlan0(Wi-Fi) andeth0(Ethernet) interfaces:sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPTsudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
- Enable NAT 44:
- Apply these NAT rules automatically upon reboot:
- Save the rules to the
/etc/iptables.ipv4.natfile:sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" - Open the
/etc/rc.localfile:sudo vim /etc/rc.local - Add the following at the end of the file, before the
exit 0line:iptables-restore < /etc/iptables.ipv4.nat
- Save the rules to the
Verify the configuration
- Reboot the Raspberry Pi 3B:
sudo reboot
- After reboot, connect a different device (not the RPi3B) to the BorderRouter-AP Wi-Fi access point.
- Open a browser window on that device and navigate to 192.168.1.2 (the IPv4
address configured for the
wlan0interface). If the AP configuration is successful, the OTBR Web GUI loads.
The BorderRouter-AP Wi-Fi access point should also provide regular internet connectivity. Verify by visiting or pinging any public website from a device connected to the BorderRouter-AP Wi-Fi access point.
Troubleshooting
If the BorderRouter-AP Wi-Fi access point is not available, check the system status of the RPi3B:
sudo systemctl statusIf the status shows the RPi3B in a degraded state, check which services have failed to start:
sudo systemctl --failedIf the AP was set up manually and any of the required OTBR services have failed to start:
- Go back through the configuration steps in Build and Configuration and Wi-Fi Access Point Setup and check for errors.
- Reboot the RPi3B or use the
serverscript to stop and restart required OTBR services:
cd ot-br-posix./script/server NETWORK_MANAGER=0
Using Network Manager
When the AP is automatically setup during installation, it is managed by Network Manager. The OTBR setup script uses the same default values detailed in the manual setup:
- SSID = BorderRouter-AP
- Password = 12345678
Control Network Manager using the
nmcli
command line tool.
For example, to display all information related to the AP once OTBR is up and running:
nmcli -s c show BorderRouter-APFor more information, see the OTBR Network Manager script/script/_network_manager).