RTL8188(ETV/EUS/ES) driver is not activated the concurrent mode on the latest Armbian(4.19.y), so it couldn't be worked the client and the access point modes simultaneously. Under this latest OS version, I will try to make the new RTL8188(ETV/EUS/ES) driver to compile from the source code. Please also refer to the previous blog content for using OrangePiPC as a router on this site.
Hardware and OS
OrangePiPC: ARMBIAN 5.70 stable Debian GNU/Linux 9 (stretch) 4.19.13-sunxi + RTL8188ETV(EUS/EU)USB-Wifi dongle
Refference site
Compile and install the wifi driver on Allwinner SoC
http://linux-sunxi.org/Wifi#Debian.2Fubuntu_with_NetworkManager
http://randomstuffidosometimes.blogspot.com/2016/03/rtl8192cu-and-rtl8188cus-in-station-and.html
RTL8188 driver source on Github
https://github.com/capitalfuse/rtl8188eus/tree/v5.2.2.4
this is foolked from "https://github.com/quickreflex/rtl8188eus/tree/v5.2.2.4" and modified.
Download Armbian(OrangePiPC)
https://dl.armbian.com/orangepipc/
Please check your download kernel version also distribute the linux header files for compiling from the source sode.
New application
hostapd has been installed as default, the following application should be installed.
dnsmasq : DNS・DHCP Server
iptables-persistent:iptables loads the rule at the system start up
$ sudo apt-get install dnsmasq iptables-persistent
On the way of installing iptables-persistent, input "yes" for making the rule files of IP4 and IP6.
Working flow
Working flow will be the followings,
-
Configure the network interfaces
-
Deactivate services related to NetworkManager
-
Install linux header files for compiling
-
Confirm the added network interface
-
Configure hostapd(access point daemon)
-
Configure dnsmasq
-
Setting NAT and iptables rule
1. Configure the network interfaces
edit the file /etc/network/interfaces
for configuring the network interfaces
$ sudo pico /network/interfaces
Contents like the following,
# Wired adapter #1
allow-hotplug eth0
#no-auto-down eth0
iface eth0 inet dhcp
#address 192.168.0.100
#netmask 255.255.255.0
#gateway 192.168.0.1
dns-nameservers 8.8.8.8 8.8.4.4
# hwaddress ether # if you want to set MAC manually
# pre-up /sbin/ifconfig eth0 mtu 3838 # setting MTU for DHCP, static just: mtu 3838
# Wireless adapter #1
# Armbian ships with network-manager installed by default. To save you time
# and hassles consider using 'sudo nmtui' instead of configuring Wi-Fi settings
# manually. The below lines are only meant as an example how configuration could
# be done in an anachronistic way:
#
#---- Realtek 8188eu wlan interface AP (access defined in /etc/hostapd/hostapd.conf)
allow-hotplug wlan1
iface wlan1 inet static
address 11.22.33.44
netmask 255.255.255.0
network 11.22.33.0
#gateway 192.168.0.1
#dns-nameservers 8.8.8.8 8.8.4.4
# wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# Disable power saving on compatible chipsets (prevents SSH/connection dropouts over WiFi)
#wireless-mode Managed
#wireless-power off
#----Realtek 8188eu wlan interface client
allow-hotplug wlan0
iface wlan0 inet dhcp
#address 192.168.10.164
#netmask 255.255.255.0
#network 192.168.10.0
#gateway 192.168.10.1
dns-nameservers 8.8.8.8 8.8.4.4
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
# Disable power saving on compatible chipsets (prevents SSH/connection dropouts over WiFi)
#wireless-mode Managed
#wireless-power off
# Local loopback
auto lo
iface lo inet loopback
wlan1: an access point, wlan0: a client connecting with internet.
wlan0 STA mode authorizes the encryption passphrase made of wpa_supplicant, so edit
wpa_supplicant.conf
Make the encryption passphrase from the combination of the access point (SSID) and the passphrase
$ wpa_passphrase MYSSID passphrase
network={
ssid="MYSSID"
#psk="passphrase"
psk=59e0d07fa4c7741797a4e394f38a5c321e3bed51d54ad5fcbd3f84bc7415d73d
}
Copy and paste the above output.
$ sudo pico /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant
ctrl_interface_group=0
update_config=1
network={
ssid="MYSSID"
#psk="passphrase"
psk=59e0d07fa4c7741797a4e394f38a5c321e3bed51d54ad5fcbd3f84bc7415d73d
key_mgmt=WPA-PSK
priority=99
}
2. Deactivate services related to NetworkManager
Following these services should be deactivated to use systemctl mask command.
NetworkManager-dispatcher.service
NetworkManager-wait-online.service
NetworkManager.service
$ sudo systemctl mask NetworkManager
Ho to check these services to be deactivated.
$ systemctl list-unit-files
3. Install linux header files for compiling
Install linux header files corresponding with your linux kernel version to compile source code.
The followings explain how to check kernel version, search linux-headers and install.
$ uname -a
Linux orangepipc 4.19.13-sunxi #5.70 SMP Sat Jan 12 15:43:21 CET 2019 armv7l GNU/Linux
$ apt search linux-header
linux-headers-next-sunxi/stretch,now 5.70 armhf
Linux kernel headers for 4.19.13-sunxi on armhf
$ sudo apt install linux-headers-next-sunxi
Next, clone or download the souce codes from github.
Change the directory cloned or downloaded folder, and make compile and install.
This repository is folked from the original and fixed some codes and bugs. Please also check the following site to confirm the diff.
(Main modified point is the activated concurrent mode.)
https://github.com/capitalfuse/rtl8188eus/commit/4eb5cffbb106255db771a9d5c453f43be6b0edfa
$ git clone --single-branch --branch v5.2.2.4 https://github.com/capitalfuse/rtl8188eus.git
$ cd rtl8188eus
$ make
$ sudo make install
Delete default driver of rtl8188eu.
$ sudo rm -rf /lib/modules/`uname -r`/kernel/drivers/net/wireless/rtl8188eu
Finally, System restart.
$ sudo reboot
4. Confirm the added network interface
Confirm an additional network interface "phy1" and "Supported interface modes" including "* AP"
$ sudo iw list
Wiphy phy1
max # scan SSIDs: 9
max scan IEs length: 2304 bytes
max # sched scan SSIDs: 0
max # match sets: 0
max # scan plans: 1
max scan plan interval: -1
max scan plan iterations: 0
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* monitor
* P2P-client
* P2P-GO
.........
.........
.........
Also check an additional interface of wlan1 to use iwconfig and ifconfig commnds.
Note) Contents displays after finished all settings.
$ sudo iwconfig
wlan0 IEEE 802.11bgn ESSID:"xxxxxxxxxxxxx" Nickname:"< WIFI@REALTEK>"
Mode:Managed Frequency:2.442 GHz Access Point: xx:xx:xx:xx:xx:xx
Bit Rate:150 Mb/s Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Encryption key:****-****-****-****-****-****-****-**** Security mode:open
Power Management:off
Link Quality=81/100 Signal level=46/100 Noise level=0/100
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
lo no wireless extensions.
eth0 no wireless extensions.
wlan1 IEEE 802.11bgn ESSID:"access_point" Nickname:"< WIFI@REALTEK>"
Mode:Master Frequency:2.442 GHz Access Point: xx:xx:xx:xx:xx:xx
Bit Rate:72.2 Mb/s Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=82/100 Signal level=53/100 Noise level=0/100
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
dummy0 no wireless extensions.
Confirm wlan0 from ifconfig command.
Note) Contents displays after finished all settings.
$ sudo ifconfig
..............
..............
..............
wlan0: flags=4163< UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.xx.xx netmask 255.255.255.0 broadcast 192.168.xx.255
inet6 xxxxxxxx prefixlen 64 scopeid 0x20< link>
ether xx:xx:xx:xx:xx:xx txqueuelen 1000 (Ethernet)
RX packets 292375 bytes 345689076 (329.6 MiB)
RX errors 0 dropped 8334 overruns 0 frame 0
TX packets 188019 bytes 40135541 (38.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan1: flags=4163< UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 11.22.33.44 netmask 255.255.255.0 broadcast 11.22.33.255
inet6 fe80::ccd2:9bff:fe3f:401d prefixlen 64 scopeid 0x20< link>
ether aa:bb:cc:dd:ee:ff txqueuelen 1000 (Ethernet)
RX packets 235863 bytes 43983417 (41.9 MiB)
RX errors 0 dropped 3949 overruns 0 frame 0
TX packets 305252 bytes 338888122 (323.1 MiB)
TX errors 0 dropped 304 overruns 0 carrier 0 collisions 0
5. Configure hostapd(access point daemon)
Set the hostapd config file at starting it's daemon to load.
$ sudo pico /etc/default/hostapd
Uncomment the line of DAEMON_CONF="/etc/hostapd/hostapd.conf"
# Defaults for hostapd initscript
#
# See /usr/share/doc/hostapd/README.Debian for information about alternative
# methods of managing hostapd.
#
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration
# file and hostapd will be started during system boot. An example configuration
# file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz
#
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Make the hostapd config file.
$ sudo pico /etc/hostapd/hostapd.conf
Set the ssid,
wpa_passphrase
and so on. "
interface" should be wlan0 or wlan1 confirmed from $sudo iwconfig.
##### hostapd configuration file ##############################################
interface=wlan1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=access_point
channel=5
# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0)
# and/or WPA2 (full IEEE 802.11i/RSN):
# bit0 = WPA
# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled)
wpa=2
preamble=1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
rsn_pairwise=CCMP
wpa_passphrase=pass_phrase
#wpa_psk=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
# Enable internal EAP server for EAP-WSC (part of Wi-Fi Protected Setup)
#eap_server=1
#wpa_psk_radius=1
# Station MAC address -based authentication
# Please note that this kind of access control requires a driver that uses
# hostapd to take care of management frame processing and as such, this can be
# used with driver=hostap or driver=nl80211, but not with driver=atheros.
# 0 = accept unless in deny list
# 1 = deny unless in accept list
# 2 = use external RADIUS server (accept/deny lists are searched first)
macaddr_acl=0
accept_mac_file=/etc/hostapd/hostapd.accept
deny_mac_file=/etc/hostapd/hostapd.deny
# bit 0 = Open System Authentication
# bit 1 = Shared Key Authentication (requires WEP)
auth_algs=1
##### Wi-Fi Protected Setup (WPS) #############################################
##### default configuration #######################################
driver=nl80211
beacon_int=100
hw_mode=g
ieee80211n=1
# QoS support ->1
wmm_enabled=0
ht_capab=[SHORT-GI-20][SHORT-GI-40]
max_num_sta=100
#country_code=JP
If hostapd has some problems, also compile from the source code. In the below figure,the green lines shows how to process WPA/WPA2 authorization in hostapd as a minimum function.
https://w1.fi/hostapd/
6. Configure dnsmasq
To distribute IP adresses for clients, DHCP server should be installed. Dnsmasq has this function (already installed).
Configure dnsmasq.conf
file.
$ sudo pico /etc/dnsmasq.conf
Deactivated DHCP function on Dnsmasq for default use, to activate DHCP function, set parameters in /etc/dnsmasq.conf .
# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
#port=5353
# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# unnecessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link unnecessarily.
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
no-resolv
# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/11.22.33.44
server=8.8.8.8
server=8.8.4.4
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/mydomain.net/
# Add domains which you want to force to an IP address here.
# The example below send any host in double-click.net to a local
# web-server.
#address=/double-click.net/127.0.0.1
address=/myhome.gw/11.22.33.44
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=wlan1
# Or you can specify which interface _not_ to listen on
#except-interface=
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
listen-address=127.0.0.1
listen-address=11.22.33.44
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
bind-interfaces
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=thekelleys.org.uk
domain=mydomain.net
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
dhcp-range=11.22.33.44,11.22.33.200,12h
# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
dhcp-host=aa:bb:cc:dd:ee:ff,11.22.33.44
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries
# Log lots of extra information about DHCP transactions.
#log-dhcp
# Include another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
#conf-dir=/etc/dnsmasq.d
# Include all the files in a directory except those ending in .bak
#conf-dir=/etc/dnsmasq.d,.bak
# Include all files in a directory which end in .conf
#conf-dir=/etc/dnsmasq.d/,*.conf
dhcp-host should be match with wlan1 hardware address (confirm from $sudo ifconfig
).
dhcp-range should be match with /etc/network/interfaces .
7. Setting NAT and iptables rule
Clients connected to the access point conduct to one IP address by NAT.
$ sudo pico /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
Uncomment "net.ipv4.ip_forword=1".
For activating the above seting,
$ sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
Bridge wlan0 and wlan1 by iptables commands
$ sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
$ sudo iptables -A FORWARD -i wlan0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT
How to confirm iptables current settings.
$ sudo iptables -t nat -S
$ sudo iptables -S
To load the above iptables settings at system startup automatically, save the current iptables rules to the rules.v4 file made by iptables-persistent.
$ sudo sh -c "iptables-save > /etc/iptables/rules.v4"
System restart and confirm wlan1 AP from iwconfig or ifconfig commands.
Please also check the same article in forum site.