The offical document turns out to be a good example of setting up an NAT mode IPv4 only wireless access point. In this post, I will extend the official doc a little bit, by adding the IPv6 stack to the RPi AP. I will also touch on a few lines about enabling 802.11n in hostapd.
The stuff in this post has been tested with Raspberry Pi 2B+, kernel 4.14.24-v7+
First things first, confirm your pi itself has IPv6 connectivity:
ping6 -c4 www.google.com # do this on your pi
Add a static IPv6 address to wlan0, it may look like this in /etc/dhcpcd.conf:
interface wlan0 noipv6rs # optional static ip_address=192.168.42.1/24 static ip6_address=fdb3:2048:4096:1024::1/64 # this should not start with fe80
Tweak /etc/dnsmasq.conf, make sure you add enable-ra directive and a proper dhcp range for IPv6:
enable-ra dhcp-range=fdb3:2048:4096:1024::2,fdb3:2048:4096:1024::10,ra-advrouter
Before we add proper rules to ip6tables, let’s make sure your clients will get IPv6 addresses prefixed with fdb3:2048:4096:1024. Restart dhcpcd and dnsmasq on your pi:
sudo systemctl restart dhcpcd sudo systemctl restart dnsmasq
If nothing goes wrong, connect your clients to the RPi AP to ensure you will obtain the proper IPv6 addresses. (They should have no IPv6 Internet connection yet…)
Now we will allow packet forwarding for IPv6:
sudo sysctl -w net.ipv6.conf.all.forwarding=1
This will temporarily modify that variable. To permanently keep that value, locate the line that contains net.ipv6.conf.all.forwarding in your /etc/sysctl.conf, be sure it is not commented out and is set to 1:
# Uncomment the next line to enable packet forwarding for IPv6 # Enabling this option disables Stateless Address Autoconfiguration # based on Router Advertisements for this host net.ipv6.conf.all.forwarding=1
OKay, finally forward your traffic to the interface that has a global IPv6:
sudo ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo ip6tables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo ip6tables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
I have assumed the interface eth0 is IPv6 routable. But for those who connect to the IPv6 world using a tunnel, say HE tunnel broker, then your IPv6 interface will most likely be he-ipv6 if you have followed their guide. Consult ip -6 addr show to find that very interface.
This time your clients should have IPv6 Internet access.
ping6 -c4 www.google.com # do this on your clients
If it turns out fine, save the ip6tables rules:
sudo sh -c "ip6tables-save > /etc/iptables.ipv6.nat"
and enable it upon startup:
sudo nano /etc/rc.local
ip6tables-restore < /etc/iptables.ipv6.nat # make sure this line is BEFORE "exit 0"
802.11n mode
TL;DR
According to kernel.org, add these lines to your /etc/hostapd.conf.
wme_enabled=1 ieee80211n=1 ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40] # assuming you are using channel=1
The wme is for Wireless Media Extensions. Before you really restart your hostapd, check if your device if capable of setting ht_capb by using
iw list | grep HT
If you see something like
HT20/HT40
RX HT20 SGI
RX HT40 SGI
DSSS/CCK HT40
HT Max RX data rate: 150 Mbps
HT TX/RX MCS rate indexes supported: 0-7, 32
Bitrates (non-HT):
HT20/HT40
RX HT20 SGI
RX HT40 SGI
DSSS/CCK HT40
HT Max RX data rate: 150 Mbps
HT TX/RX MCS rate indexes supported: 0-7, 32
Bitrates (non-HT):Then probably you device will support HT capabilities. Otherwise you should comment the line saying ‘ht_capab=…’ out.
Personally, I don’t use ht_capab settings at all. Because in residential areas, 2.4 GHz channels have become TOO crowded for anyone to consume a huge width of 40 MHz. Unfortunatly most of the your neighbours would not realize this. Although HT+ or HT- capabiltiy does boost your speed especially in open fields where only a few wireless hotspots will be found, it increases the chances of “collision” which results in terrible packet loss in wifi-dense areas. You may want to experiment with configuration with and without ht_capab to find what best suits your environment.
If possible, you may try using 802.11a/c mode to go to 5 GHz channels where it is more likely to be less crowded. I cannot cover this since I have no AP device capable of utilizing 5 GHz channels for the time being.
That’s all of it. If you find any bugs, feel free to comment.