A Wi-Fi access point (AP) connects a Thread network to the internet.
A Raspberry Pi 3B (RPi3B) functioning as an OpenThread Border Router (OTBR) may also serve as a Soft Access Point (SoftAP). This SoftAP acts as a DHCP server to assign IPv4 addresses to the RPi3B and any devices used as External Commissioners.
The BeagleBone Black does not have built-in Wi-Fi support, and cannot be used as a Wi-Fi Access Point.
All configuration and terminal commands occur on a RPi3B running OTBR. See Build and Configuration for more information.
The RPi3B must be connected to the internet via Ethernet (eth0
interface, as
displayed in the output of the ifconfig
command) to successfully serve as a
SoftAP.
If you ran the OTBR setup script without disabling NETWORK_MANAGER
, as
described in Build and
Configuration, the Wi-Fi
AP has already been configured. Skip down to Using Network
Manager for more information.
Install packages
Three packages are required:
hostapd
— Allows use of a device's built-in Wi-Fi radio as an APdnsmasq
— A combined DHCP and DNS servertayga
— Stateless NAT64
sudo apt-get install hostapd dnsmasq tayga
Configure static IPv4 addresses
In newer Raspbian versions, interface configuration is handled by dhcpcd
by
default. Disable dhcpcd
for the interface and manually configure static IPv4
addresses for the SoftAP.
- Update
dhcpcd
to ignore thewlan0
(Wi-Fi) interface:- Open the
dhcpcd
configuration file:sudo vim /etc/dhcpcd.conf
- Add the following line to the end of the file:
denyinterfaces wlan0
- Open the
- Configure static IPv4 addresses on the
wlan0
interface:- Create a configuration file for the
wlan0
interface:sudo vim /etc/network/interfaces.d/wlan0
- Add the following configuration parameters to the
wlan0
file:allow-hotplug wlan0
iface wlan0 inet static
address 192.168.1.2
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
- Create a configuration file for the
Configure hostapd
- Create a new
hostapd
configuration file:sudo vim /etc/hostapd/hostapd.conf
Add the following configuration parameters to
hostapd.conf
:# The Wi-Fi interface configured for static IPv4 addresses interface=wlan0 # Use the 802.11 Netlink interface driver driver=nl80211 # The user-defined name of the network ssid=BorderRouter-AP # Use the 2.4GHz band hw_mode=g # Use channel 6 channel=6 # Enable 802.11n ieee80211n=1 # Enable WMM wmm_enabled=1 # Enable 40MHz channels with 20ns guard interval ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40] # Accept all MAC addresses macaddr_acl=0 # Use WPA authentication auth_algs=1 # Require clients to know the network name ignore_broadcast_ssid=0 # Use WPA2 wpa=2 # Use a pre-shared key wpa_key_mgmt=WPA-PSK # The network passphrase wpa_passphrase=12345678 # Use AES, instead of TKIP rsn_pairwise=CCMP
Set this new configuration file as the default daemon:
- Open the default configuration file:
sudo vim /etc/default/hostapd
- Enable the
DAEMON_CONF
parameter and point it to the newhostapd
configuration file:DAEMON_CONF="/etc/hostapd/hostapd.conf"
- Open the default configuration file:
Bootstrap the
hostapd
daemon automatically upon reboot:- Unmask and manually start
hostapd
in case it is masked:sudo systemctl unmask hostapd
sudo systemctl start hostapd
- Create a service configuration file for
hostapd
:sudo vim /etc/systemd/system/hostapd.service
Add the following configuration parameters to
hostapd.service
:[Unit] Description=Hostapd IEEE 802.11 Access Point After=sys-subsystem-net-devices-wlan0.device BindsTo=sys-subsystem-net-devices-wlan0.device [Service] Type=forking PIDFile=/var/run/hostapd.pid ExecStart=/usr/sbin/hostapd -B /etc/hostapd/hostapd.conf -P /var/run/hostapd.pid [Install] WantedBy=multi-user.target
Open the
/etc/rc.local
file:sudo vim /etc/rc.local
Add the following at the end of the file, before the
exit 0
line:sudo service hostapd start
- Unmask and manually start
Verify the access point
Once hostapd
is configured, the SoftAP should be live (though without internet
connectivity).
To verify, reboot the RPi3B:
sudo reboot
After reboot, check for wireless networks on another device. You should see the BorderRouter-AP SSID.
Configure dnsmasq
- For ease of configuration, if a default
dnsmasq
configuration file already exists on your system, move it and create a new one:sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo vim /etc/dnsmasq.conf
Add the following configuration parameters to
dnsmasq.conf
:# The Wi-Fi interface configured for static IPv4 addresses interface=wlan0 # Explicitly specify the address to listen on listen-address=192.168.1.2 # Bind to the interface to make sure we aren't sending things elsewhere bind-interfaces # Forward DNS requests to the Google DNS server=8.8.8.8 # Don't forward short names domain-needed # Never forward addresses in non-routed address spaces bogus-priv # Assign IP addresses between 192.168.1.50 and 192.168.1.150 with a 12 hour lease time dhcp-range=192.168.1.50,192.168.1.150,12h
The
bind9
service might conflict withdnsmasq
during start up. To ensure there is no conflict, update thebind9
service to not start untildnsmasq
has started. Open the/lib/systemd/system/bind9.service
file:sudo vim /lib/systemd/system/bind9.service
Modify the
After
parameter sobind9
starts afterdnsmasq
:"After=network.target dnsmasq.service"
Configure NAT
Network Address Translation (NAT) is a method of translating IP addresses while packets are in transit. NAT64 translates addresses between IPv6 and IPv4.
OTBR uses tayga
for stateless NAT64, iptables
for
stateful NAT44, and combines the two to provide stateful NAT64. This allows
Thread devices to communicate with IPv4 hosts. See the
Tayga documentation for more information.
Configure tayga
- Create the configuration:
- Open the
/etc/tayga.conf
file:sudo vim /etc/tayga.conf
- Update the file with the following configuration:
prefix 64:ff9b::/96 dynamic-pool 192.168.255.0/24 ipv6-addr 2001:db8:1::1 ipv4-addr 192.168.255.1
- Open the
- Enable
tayga
:- Open the
/etc/default/tayga
file:sudo vim /etc/default/tayga
- Change the
RUN
parameter toyes
:RUN="yes"
- Open the
In this configuration, ipv6-addr
is optional. If ipv6-addr
is not defined,
tayga
generates it for you from the prefix
parameter.
Configuration parameters
Parameter | Description |
---|---|
prefix | Since Tayga provides stateless NAT64, a /96 or greater prefix is required to map all of IPv4 to IPv6. This parameter should be an unused /96 prefix from your IPv6 address range. For OTBR, use the Well-Known Prefix (64:ff9b::/96 ) to enable automatic address translation. |
dynamic-pool | Required for Tayga to map IPv6 to IPv4. Set to an IPv4 network. |
ipv6-addr | Required for Tayga to act as an IPv6 router. When using the Well-Known Prefix for the prefix parameter, this address should be one that is not included in prefix . |
ipv4-addr | Required for Tayga to act as an IPv4 router. This address should be one that is included in dynamic-pool . |
Enable forwarding
- Enable IPv4 and IPv6 forwarding:
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding"
- To ensure IPv4 forwarding remains enabled after reboot, also update the
sysctl
configuration file:- Open the
/etc/sysctl.conf
file:sudo vim /etc/sysctl.conf
- Uncomment the IPv4 forwarding parameter and ensure it's set to 1:
net.ipv4.ip_forward=1
- Open the
- Configure NAT with
iptables
:- Enable NAT 44:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- Configure FILTER between the
wlan0
(Wi-Fi) andeth0
(Ethernet) interfaces:sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
- Enable NAT 44:
- Apply these NAT rules automatically upon reboot:
- Save the rules to the
/etc/iptables.ipv4.nat
file:sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
- Open the
/etc/rc.local
file:sudo vim /etc/rc.local
- Add the following at the end of the file, before the
exit 0
line:iptables-restore < /etc/iptables.ipv4.nat
- Save the rules to the
Verify the configuration
- Reboot the Raspberry Pi 3B:
sudo reboot
- After reboot, connect a different device (not the RPi3B) to the BorderRouter-AP Wi-Fi access point.
- Open a browser window on that device and navigate to 192.168.1.2 (the IPv4
address configured for the
wlan0
interface). If the AP configuration is successful, the OTBR Web GUI loads.
The BorderRouter-AP Wi-Fi access point should also provide regular internet connectivity. Verify by visiting or pinging any public website from a device connected to the BorderRouter-AP Wi-Fi access point.
Troubleshooting
If the BorderRouter-AP Wi-Fi access point is not available, check the system status of the RPi3B:
sudo systemctl status
If the status shows the RPi3B in a degraded state, check which services have failed to start:
sudo systemctl --failed
If the AP was set up manually and any of the required OTBR services have failed to start:
- Go back through the configuration steps in Build and Configuration and Wi-Fi Access Point Setup and check for errors.
- Reboot the RPi3B or use the
server
script to stop and restart required OTBR services:
cd ot-br-posix
./script/server NETWORK_MANAGER=0
Using Network Manager
When the AP is automatically setup during installation, it is managed by Network Manager. The OTBR setup script uses the same default values detailed in the manual setup:
- SSID = BorderRouter-AP
- Password = 12345678
Control Network Manager using the
nmcli
command line tool.
For example, to display all information related to the AP once OTBR is up and running:
nmcli -s c show BorderRouter-AP
For more information, see the OTBR Network Manager script.