Create a routed Access Point with Raspberry Pi and OpenWrt

In this article, I will show you how to configure your Rapberry Pi 3 into a routed WiFi access point. This configuration is a little bit more complicated than the configuration of my previous post that is available under the following link : https://gremaudpi.emf-informatique.ch/create-a-bridged-access-point-with-raspberry-pi-and-openwrt/

In this configuration, the WiFi clients are on a different subnet than the management workstation. The Raspi will act as a router and forward all packets from the clients to the Lan network using Masquerading (Port Address Translation)

Schema

 

 

Get the current OpenWrt image

 

https://downloads.openwrt.org/

Take the current factory image (openwrt-18.06.2-brcm2708-bcm2710-rpi-3-ext4-factory.img.gz)

Burn the image with etcher

Change LAN IP address of Raspi

 

For this you will need to configure your management workstation IP address to 192.168.1.2 with subnet mask 255.255.255.0.

Then open a browser and access to the default IP of the Raspi (http://192.168.1.1)

ATTENTION : BE AWARE OF USING HTTP AND NOT HTTPS

By default, the password is empty.

Then, navigate to Network – Interfaces and edit LAN interface

Disable DHCP server on this interface

To apply this configuration, you will need to first click on "Save & Apply" and then force apply with "Apply unchecked".

Your Raspi is now available under 192.168.0.30.

You can revert your management workstation Ip configuration to DHCP.

Begin by doing some cleanup

 

Open a browser and access to the new IP address of the Raspi (192.168.0.30)

Navigate to Network – Wireless and remove the default wireless SSID OpenWrt (see below)

Navigate to Network – Firewall, and under "General Settings" delete all Zones and click "Save and apply"

Under "Traffic Rules", check that all rules are gone

Create a new wireless SSID for Guest

 

Navigate to Network - Wireless and add a new SSID called "Guest" associated with a network called "Guest" too.

Click "Save and Apply" and you should now have a brand new SSID (see below)

Click "Enable" to activate the new SSID

 

Configure the new Guest Interface

 

Navigate to Network – Interface and edit the newly created Guest Interface

Under General Setup, change the protocol from "Unmanaged" to "Static address"

Then click "Switch protocol" and configure the IP address and the netmask of the Guest Interface

Assign a DHCP server to this interface and click "Save and Apply"

Create firewall Zones for the interfaces

 

Navigate to Network – Interfaces and edit the LAN Interface

Under "Firewall Settings" create a new zone called LAN (notice that DHCP server should be disabled for the LAN interface)

Click "Save and Apply"

Do the same for Interface Guest. Navigate to Network – Interfaces and edit the Guest Interface

Under "Firewall Settings" create a new zone called Guest (notice that DHCP server should be enabled for the GUEST interface)

Click "Save and Apply"

Configure the firewall

 

Navigate to Network – Firewall, you should now see two zones

Edit the zone "Guest" and configure it as bellow:

  • Name : guest
  • Input : accept
  • Output : accept
  • Forward : accept
  • Masquerading : unchecked
  • MSS clamping : unchecked
  • Covered Network : guest
  • Allow forward to destination zones : lan
  • Allow forward from source zones : empty

Click "Save and Apply"

Edit the zone "Lan" and configure it as bellow:

  • Name : lan
  • Input : accept
  • Output : accept
  • Forward : reject
  • Masquerading : checked
  • MSS clamping : checked
  • Covered Network : lan
  • Allow forward to destination zones : empty
  • Allow forward from source zones : guest

Click "Save and Apply"

The Firewall – Zones Settings should look like this

Click on "Save and Apply"

Navigate to Network - Wireless and enable the newly created SSID "Guest"

Then, check if it works by connecting a wireless device to the "Guest" SSID

That's all folks

This Post Has 34 Comments

    1. Thank a lot Remco. Allways a pleasure to have news from Nederland...

  1. Thank you very much! I was looking around for clear instructions to do exactly the same thing and you saved me hours of wasted time. Now all I need to do is figure out how to limit guest wifi users to just the internet and one local IP. Thanks again.

    1. You are welcome ! No idea how to do this... Maybe add some rules in the firewall ...

  2. Yeah, the devil is always in the details...

  3. Thank you for this article!
    When i 'm connecting to the ssid guest, i dont have access to internet. Did i miss something?

  4. Thanks for this post, it was very helpful.
    I used it to configure ROOter (an OpenWRT variant that supports Mobile Broadband dongles) on the Raspberry Pi.
    I've now effectively got a Mobile Broadband Router that I can use on the road or as a backup Internet connection at home.

  5. I am no longer positive the place you are getting your information, however great topic.

    I needs to spend a while finding out more or working out more.
    Thanks for wonderful info I was searching for this information for my mission.

  6. Can I just say what a comfort to find someone who really understands what they're talking about on the
    net. You certainly realize how to bring an issue to light
    and make it important. More people need to read this and understand this side of your story.

    It's surprising you aren't more popular since you definitely
    have the gift.

  7. Excellent post. I'm facing a few of these issues as well..

  8. I'd like to thank you for the efforts you've put in writing this website.
    I am hoping to see the same high-grade blog posts from you in the future as well.
    In truth, your creative writing abilities has motivated me to get my own, personal site now ;
    )

  9. Hello my loved one! I wish to say that this post is awesome, great written and include approximately all vital infos.
    I'd like to look more posts like this .

  10. magnificent issues altogether, you simply won a new reader.
    What might you suggest in regards to your put up that you made
    a few days ago? Any sure?

  11. Have you ever thought about including a little bit more than just
    your articles? I mean, what you say is important and
    everything. However just imagine if you added some great graphics or video clips
    to give your posts more, "pop"! Your content is excellent but with pics and videos,
    this blog could certainly be one of the most beneficial in its field.
    Terrific blog!

  12. You really make it appear so easy with your presentation but
    I to find this topic to be actually something which I feel I might never understand.
    It seems too complex and extremely wide for me. I am having a look ahead
    to your next put up, I will attempt to get the dangle of it!

  13. I'm amazed, I must say. Seldom do I encounter a blog that's equally educative and entertaining, and let me
    tell you, you have hit the nail on the head. The issue is an issue that
    not enough men and women are speaking intelligently about.
    Now i'm very happy that I found this during my hunt for something
    concerning this.

  14. Why people still make use of to read news papers when in this technological
    globe the whole thing is existing on net?

  15. I really like it when individuals get together and share ideas.
    Great blog, keep it up!

  16. Hi! I realize this is sort of off-topic but I
    had to ask. Does managing a well-established website such as yours require a lot of work?
    I am brand new to operating a blog however I do write in my journal every day.
    I'd like to start a blog so I will be able to share my experience and views online.
    Please let me know if you have any kind of recommendations
    or tips for brand new aspiring blog owners. Thankyou!

  17. I will right away grab your rss feed as I can not in finding your e-mail subscription hyperlink or
    e-newsletter service. Do you have any? Kindly let me
    know in order that I may just subscribe. Thanks.

  18. Thank you for the auspicious writeup. It in fact was a amusement account it.
    Look advanced to far added agreeable from you!
    By the way, how could we communicate?

  19. I am really inspired along with your writing skills and also with the format on your weblog.
    Is that this a paid theme or did you customize it yourself?
    Either way keep up the nice high quality writing,
    it is uncommon to see a nice weblog like this one nowadays..

  20. What a information of un-ambiguity and preserveness of valuable familiarity
    about unpredicted feelings.

  21. Thanks for finally talking about >Create a routed Access Point with Raspberry Pi and OpenWrt - Technical wanderings <Liked it!

  22. Wow, incredible weblog structure! How lengthy have you been running a blog for?

    you make running a blog look easy. The whole glance of your site is fantastic, as well as the content material!

  23. Hey there, You've done an excellent job. I'll
    certainly digg it and personally recommend to
    my friends. I am confident they'll be benefited from this web site.

  24. Good post! We will be linking to this particularly great
    post on our site. Keep up the good writing.

  25. It's awesome to pay a quick visit this site
    and reading the views of all colleagues on the topic of this article, while I am
    also eager of getting experience.

  26. I like it whenever people come together and share
    opinions. Great website, stick with it!

  27. Thank you, I've just been searching for information approximately this subject for a
    while and yours is the greatest I've found out so
    far. However, what in regards to the bottom line?

    Are you positive about the supply?

Leave a Reply to dominoqq online Cancel reply

Close Menu