RPI Station+AP with ap0 bridged to eth0

Question

I'm trying to setup the RPI3 with these two network features (using built-in hardware only):

Isolated network with Wifi Access Point and Ethernet. A) Sharing same domain "pi.lan". B) Sharing one DHCP service/address space, so Ethernet and Wifi clients can talk to each other.
Wifi Station connection to another internet Wifi access point, to be able to update and the RPI and install software:

Current approach (suggestions for simplification appreciated!):

ap0 - access point
br0 - bridging ap0 and eth0, providing DNS and DHCP service, domain pi.lan
wlan0 - wifi station

Installed software:

apt-get install hostapd dnsmasq bridge-utils

Here is what I go so far. Adding new interface ap0 for wifi access point, so wlan0 can be used for wifi station:

/etc/udev/rules.d/70-persistent-net.rules (mac same as wlan0, I read that should work):

SUBSYSTEM=="ieee80211", ACTION=="add|change", ATTR{macaddress}=="b8:27:eb:bf:d3:81", KERNEL=="phy0", \
  RUN+="/sbin/iw phy phy0 interface add ap0 type __ap", \
  RUN+="/bin/ip link set ap0 address b8:27:eb:bf:d3:81"

/etc/dhcpcd.conf :

interface br0
static ip_address=10.0.0.1/24
static routers=10.0.0.1
static domain_name_servers=10.0.0.1

/etc/hostapd/hostapd.conf :

interface=ap0
bridge=br0
#driver=nl80211
ssid=accesspoint1
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=notmypassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

/etc/default/hostapd (uncomment this line):

DAEMON_CONF="/etc/hostapd/hostapd.conf"

/etc/wpa_supplicant/wpa_supplicant.conf :

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=US

network={
    ssid="mywifi"
    psk=notmypassowrd
}

/etc/network/interfaces :

source-directory /etc/network/interfaces.d

auto lo br0 ap0 eth0

iface lo inet loopback

iface br0 inet static
    address 10.0.0.1
    network 10.0.0.0
    netmask 255.255.255.0
    bridge_ports ap0 eth0

allow-hotplug wlan0
iface wlan0 inet dhcp
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

iface ap0 inet manual
iface eth0 inet manual

/etc/dnsmasq.conf :

dhcp-mac=set:client_is_a_pi,B8:27:EB:*:*:*
dhcp-reply-delay=tag:client_is_a_pi,2

no-dhcp-interface=lo,wlan0,ap0,eth0
addn-hosts=/etc/hosts_dnsmasq
no-resolv
domain-needed
bogus-priv
domain=pi.lan
expand-hosts
local=/pi.lan/
interface=br0
bind-interfaces
dhcp-range=lan,10.0.0.10,10.0.0.200,12h
#set default gateway
dhcp-option=lan,3,10.0.0.1
#set DNS server
dhcp-option=lan,6,8.8.8.8

cat /etc/hosts_dnsmasq

10.0.0.1        pi
10.0.0.111      laptop

Some useful info I'm using a hypriot docker host as starting point, it adds some additional network stuff which we should not have to mess with, but it appears in the dumps below.

ip -d addr

root@black-pearl:/home/pirate# ip -d addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN group default qlen 1000
    link/ether b8:27:eb:ea:86:d4 brd ff:ff:ff:ff:ff:ff promiscuity 1
    bridge_slave state disabled priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 8000.b8:27:eb:bf:d3:81 designated_root 8000.b8:27:eb:bf:d3:81 hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether b8:27:eb:bf:d3:81 brd ff:ff:ff:ff:ff:ff promiscuity 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 192.168.0.129/24 brd 192.168.0.255 scope global wlan0
       valid_lft forever preferred_lft forever
4: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether b8:27:eb:bf:d3:81 brd ff:ff:ff:ff:ff:ff promiscuity 1
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.b8:27:eb:bf:d3:81 designated_root 8000.b8:27:eb:bf:d3:81 hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether b8:27:eb:bf:d3:81 brd ff:ff:ff:ff:ff:ff promiscuity 0
    bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 bridge_id 8000.b8:27:eb:bf:d3:81 designated_root 8000.b8:27:eb:bf:d3:81 root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  182.47 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3125 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br0
       valid_lft forever preferred_lft forever
6: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:2f:12:fe:19 brd ff:ff:ff:ff:ff:ff promiscuity 0
    bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 bridge_id 8000.2:42:2f:12:fe:19 designated_root 8000.2:42:2f:12:fe:19 root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  204.32 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3125 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
8: veth5004b64@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether f2:ab:67:74:c6:be brd ff:ff:ff:ff:ff:ff link-netnsid 0 promiscuity 1
    veth
    bridge_slave state forwarding priority 32 cost 2 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.2:42:2f:12:fe:19 designated_root 8000.2:42:2f:12:fe:19 hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535

ip route

root@black-pearl:/home/pirate# ip route
default via 192.168.0.1 dev wlan0
10.0.0.0/24 dev br0 proto kernel scope link src 10.0.0.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.129

bridge -d link

root@black-pearl:/home/pirate# bridge -d link
2: eth0 state DOWN : <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 master br0 state disabled priority 32 cost 100
    hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on
4: ap0 state UP : <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
    hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on
8: veth5004b64 state UP @(null): <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master docker0 state forwarding priority 32 cost 2
    hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on

Problem 1:

When connecting to the RPI access point with another device then it will connect but immediately drop the connection again.

Problem 2:

wlan0 doesn't automatically connect after reboot. Only after ifdown - ifup the wifi station connects e.g.:

ifdown wlan0
ifup wlan0

Problem 3:

After the RPI's wifi station is connected to a router with internet connection then the name resolution seems broken:

root@black-pearl:/home/pirate# ping google.com
ping: google.com: Temporary failure in name resolution
root@black-pearl:/home/pirate# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=20.8 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=20.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=20.0 ms
^C

Problem 4:

When wiring a laptop to eth0 then Laptop get an IP but DNS name resolution doesn't work so I can't ping pi.pi.lan

Any hints are appreciated!!

Possible duplicate of Setting up an accesspoint on the raspberry pi 3 with debian stretch — Milliways, May 26 '18 at 08:53
There are some quirks with wifi together with ethernet. In general a real bridge (OSI layer 2) isn't possible with Raspberry Pi. So I'm missing at least a NAT in your config. Why using two interfaces ap0, wlan0 on one wifi device? Haven't seen that before. It is also said that wpa_supplicant should be disabled when using hostapd. OK, let's have a look. Can you please edit your question and add the output from ip -d addr, ip route and sudo bridge -d link. Is it possible to use clean routing instead of faked "bridging"? — Ingo, May 26 '18 at 10:18
@Ingo I added the debug output you requested and clarified the main objective at the top - whatever get us there will do. Looking through the link you send - interesting! — regexing, May 26 '18 at 17:48

Ingo · Accepted Answer · 2018-11-22T10:01:28.550

0

I have taken much effort to the answer, so I decided to move it to Access point as WiFi repeater, optional with bridge so I can it make more generic and present as an accepted answer.

edited Nov 22 '18 at 10:01

answered May 28 '18 at 09:57

Ingo

42,107
20
85
197

I have seen sites describing using the built-in wifi for both Station+AP. However I do have another wifi-dongle so for me at least it's an option. The docker bridge is managed by docker somemhow, I added a note that I'm using the hypriot docker host image. I'll probably also should change the title if this post. – regexing May 29 '18 at 02:22
@regexing OK, I will look with a second wifi dongle. You wrote: "I have seen sites describing using the built-in wifi for both Station+AP." Do you know where to find such a tutorial? Maybe I'm wrong ... – Ingo May 29 '18 at 11:08
Here is one: https://github.com/peebles/rpi3-wifi-station-ap . I googled "rpi3 station+AP", there are others. If it works without second wifi dongle then I'd think this makes a good Medium article that many others may be interested in. – regexing May 29 '18 at 21:12
@regexing Interesting, thanks for the link. Seems the hardware is capable to do both things together. I just try it ... – Ingo May 30 '18 at 00:18
@regexing I have opened an issue sudo wpa_cli reconfigure fails with "uap0: IAID conflicts with one assigned to wlan0" – Ingo May 30 '18 at 11:40
@regexing I have rewritten the answer using wifi access point and wifi client together on one wifi device. It isn't just yet complete, have to add dnsmasq and routing/bridging. – Ingo Jun 06 '18 at 17:09
You're brave for going down this route. One note: if you don't remove the interfaces now managed by systemd from /etc/network/interfaces, /etc/init.d/networking and systemd-networkd are going to have a battle. I renamed /etc/wpa_supplicant/wpa_supplicant.conf → /etc/wpa_supplicant/wpa_supplicant-wlan0.conf and found a startup failure in the journal because /etc/network/interfaces still contained wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf. – blalor Jul 03 '18 at 13:54
@blalor I mean systemd is the future of modern linux operating systems. Meanwhile the old stuff is very inconsistent and you cannot do demanding setups with default raspbian networking. Look at dhcpcd vs /etc/network/interfaces. – Ingo Jul 03 '18 at 19:12
@blalor systemd-networkd never touches /etc/network/interfaces. I've never seen conflicts between disabled networking.service and enabled systemd-networkd. But to be on the save side I have updated the setup with masking networking.service and dhcpcd.service instead of only disable them and renamed /etc/network/interfaces. If you are sure you will not go back you can also clean up your installation. Look at step 5 on https://raspberrypi.stackexchange.com/a/78788/79866 – Ingo Jul 03 '18 at 19:14
Hi @regexing, this answer was already bumped by the community. Is it possible that you accept it? I need it for reference. If you can't accept it I would like to move it to a self answered question. – Ingo Sep 30 '18 at 12:49

RPI Station+AP with ap0 bridged to eth0

1 Answers1

Linked