-
-
Notifications
You must be signed in to change notification settings - Fork 794
FAQs
This has been written to address some frequently asked questions among users of RaspAP.
- What do all these settings in the UI do? Changing them seems to have no effect.
- My custom
hostapd.conf
/php.ini
is gone. Help! - I changed the admin password and forgot what it was. Help!
- What are the steps to upgrade RaspAP?
- RaspAP control panel works but there is no WiFi after reboot.
- Do I need the RaspAP service to run at boot?
- How do I integrate RaspAP with Pi-hole?
- Can I integrate RaspAP with Adguard Home?
- Can I configure RaspAP to work with a captive portal?
- Why can't I access wireless mode 'N' (802.11n)?
- How do I prepare the SD card to connect to WiFi in headless mode?
- Managed mode AP doesn't work on the Pi Zero W. Help!
- Can I use wlan0 and wlan1 rather than eth0 for my AP?
- Can I use RaspAP as a monitor only, without changing my configuration?
- WiFi scanning doesn't work or I get the error
cannot execute "wpa_cli reconfigure"
. Help! - Can the Quick Installer accept the default options without prompting me?
- Can I configure an alternate port for RaspAP's web service?
- Can I use RaspAP with my custom dnsmasq configuration?
- OpenVPN fails to start and/or I have no internet. Help!
- OpenVPN works but I have partial or no internet access. Help!
- How do I exclude NAT rules from IP traffic on localhost?
- Why is the 802.11ac 5GHz option disabled in Configure hotspot?
- I think my country allows 5 GHz AP channels. Can I test this?
- Why is the maximum throughput of my 802.11n AP reduced by half?
- How do I remove RaspAP?
RaspAP manipulates several daemons, services and helper programs behind the scenes for you. In the footer of each management panel is a helpful "Information provided by..." label. These indicate which Linux daemon and/or program is being modified by the UI. Learning what these services are and how they work will go a long way toward demystifying things.
For example, two of the best starting points for understanding hostapd
(the service that implements 802.11 AP management) include the hostapd Linux documentation page and hostapd Wifi homepage.
Important: After you choose Save settings for hostapd
or dhcpcd
, these services must be stopped and restarted for your changes to take effect. If you're not sure if your AP is behaving as expected, enable logging in the Advanced options of Configure hotspot and check the output.
The installer applies a "known good" default configuration to some services, including hostapd
. It will also, optionally, optimize php by changing a very limited number of settings. Your custom configurations haven't been lost however; they've been moved to the backups directory in /etc/raspap/backups
.
You are free to SSH in to restore those files to their rightful position. However, you may need to ensure that the RaspAP modifications are applied to your own custom configurations.
Login credentials are stored in /etc/raspap/raspap.auth
. The password is encrypted and cannot be edited manually. However, deleting this file with sudo rm /etc/raspap/raspap.auth
will restore the default admin password.
Upgrading your existing install without changing your configuration is very straightforward. To upgrade to the latest release version, simply run the Quick Installer with the --upgrade
option:
curl -sL https://install.raspap.com | bash -s -- --upgrade
The installer upgrade is idempotent, meaning it can be repeated an arbitrary number of times and the result will be as if it had been done only once. For example, previously installed packages will be skipped if their state is unchanged.
Alternatively, you can install a specific version by referencing a tag:
sudo git fetch --tags
sudo git checkout 2.4
A tag is a pointer that isn't connected to the main development tree that git knows about. As a result, git will reply that you're in a 'detached HEAD' state. This isn't a big deal, it just means that you have a specific version of the code that isn't connected to the git tree.
If you want the latest bleeding edge commits from the master branch, use the following:
sudo git checkout master
sudo git pull origin master
If you've customized your installation by editing config.php
, update the release version in this file:
sudo nano /var/www/html/includes/config.php
Change the first line to the release version, save the file and exit. Note: RASPI_VERSION
is only used on the About page; it does not affect any other functionality.
define('RASPI_VERSION', '2.4');
Finally, give the lighttpd service a kick with:
sudo systemctl restart lighttpd.service
Whichever method you choose (installer upgrade, specific release or latest updates), your RaspAP configuration won't be changed.
This problem often occurs when another program tries to reconfigure hostapd at startup. It can also happen when your RPi is configured as both a WiFi client and access point, known as a 'managed mode' AP. To address this, RaspAP has added a systemd
init service to bring up networking services in a predictable order and timing after the Linux kernel is booted. You can check the status of this service with:
sudo systemctl status raspapd.service
The raspapd.service
is optionally installed and enabled by the Quick Installer. It is also included in the manual setup steps.
If you are using your RPi as a client on a WiFi network (also known as managed mode) and hosting an access point simultaneously, the raspapd.service
will ensure that your hotspot is active after a reboot. It does this by detecting WiFi client AP mode, adding the uap0
interface and starting up networking services in a specific order.
If your RPi is configured with wired ethernet (eth0
) or you haven't experienced problems with the AP starting on boot, you can disable the RaspAP daemon like so:
sudo systemctl disable raspapd.service
There have been several discussions around integrating RaspAP with Pi-hole, with the end goal of hosting a complete AP and ad-blocker on a single device. Both projects rely on dnsmasq
, so integration between them is tricky. One workaround is proposed here.
Another option is to configure RaspAP to use a Pi-Hole installation on a separate device. Go to RaspAP's DHCP Server > Advanced page and enable the "Upstream DNS Server" option, add your Pi-Hole's DNS, save settings and restart dnsmasq.
Update: By popular demand, RaspAP has released its own ad blocking facility. Feedback is welcome.
Yes, you can run RaspAP and Adguard Home on the same device. Change Adguard Home’s listening port to 5300
and bind to 127.0.0.1
, then go to RaspAP's > DHCP Server > Advanced page and enable the "Upstream DNS Server". Add 127.0.0.1#5300
as an upstream DNS Server. Save settings and restart dnsmasq. Tip via @firestrife23
Yes, the nodogsplash project works just fine with RaspAP and is recommended over other methods. A detailed setup guide is available here.
On the Configure hotspot > Security tab, be sure to select CCMP for the Encryption Type. Save the settings and restart the hotspot. The wireless mode should be reported on clients as 802.11b/g/n.
RaspAP:
PHY Mode: 802.11n
Channel: 1
Network Type: Infrastructure
Security: WPA2 Personal
Signal / Noise: -49 dBm / -86 dBm
Transmit Rate: 73
If using TKIP for encryption with WPA, you will be restricted to 54 Mb/s. This is because the IEEE 802.11n draft prohibits using high throughput with WEP or TKIP ciphers.
Since May 2016, Raspbian has been able to copy wifi details from /boot/wpa_supplicant.conf
into /etc/wpa_supplicant/wpa_supplicant.conf
to automatically configure wireless network access.
An example wpa_supplicant.conf
file is shown below. Replace the fields with your settings:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=your_ISO-3166_two-letter_country_code
network={
ssid="my_SSID"
psk="my_PSK"
key_mgmt=WPA-PSK
}
See this walkthrough where the installation is described in detail.
Yes, this is supported by RaspAP. In this scenario, you may wish to use the wlan0
interface as a wireless client with wlan1
as the AP interface. Follow the steps below to enable this configuration:
- Bind the two adapters with the interface names
wlan0
andwlan1
. - Select
wlan1
as the AP interface in Hotspot and Save Settings. - Do not enable the Wifi AP (AP-STA) mode option. This is only needed when the client and AP are utilizing the same wlan adapter.
- (Re)start the hotspot.
ℹ️ Important: Be aware that external WiFi adapters (ie, USB "dongles") vary greatly in terms of hardware capabilities and driver support. Many do not have support for AP mode, require a powered USB hub, manual driver and/or firmware installation or are otherwise not well suited for this application.
Recommended adapters such as the Edimax 7811Un and Ralink RT5370 work out of the box with Raspberry OS (32-bit) Buster Lite. Adapters that require compiling of third-party drivers or other workarounds can be problematic. For this reason, you must verify your adapter before reporting an issue with this feature.
Yes, RaspAP has support for a so-called "monitor mode". In config.php
change the setting RASPI_MONITOR_ENABLED
to true
. This disables the ability to modify settings, start/stop daemons, shutdown or reboot the RPi. RaspAP will continue to report interface statistics, service settings and data usage as normal.
On some configurations, the Configure WiFi client panel may appear empty. This project uses the wpa_supplicant
command line client wpa_cli
to populate a list of available wireless networks. If you can't execute this from the shell, neither can the web UI. For example, the results of this command:
sudo wpa_cli -i wlan0 scan_results
Failed to connect to non-global ctrl_ifname: wlan0 error: No such file or directory
indicate a problem with the socket used to communicate with wpa_supplicant
. You may also encounter errors such as "Could not connect to wpa_supplicant: wlan0 - re-trying".
If this happens, first check the contents of wpa_supplicant
with sudo cat etc/wpa_supplicant/wpa_supplicant.conf
. You should see, at minimum, the following:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
The above is present on clean installs of Raspbian. If you've made changes to this file, ensure that these lines appear first. Next, reinitialize the socket with:
sudo wpa_supplicant -B -Dnl80211,wext -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0
substituting wlan0
with your wireless interface, if necessary. You should then be able to perform scans as expected.
Yes, the Quick Installer has a non-interactive mode that lets you perform unattended setups. This mode assumes "yes" as an answer to all prompts. You can do an unattended install of RaspAP by appending the --yes
command-line option, like so:
curl -sL https://install.raspap.com | bash -s -- --yes
The options -y
or --assume-yes
are also accepted and have the same result.
Yes, you can now do this from the Advanced tab in System. Manual steps for changing lighttpd's default port are included below.
Edit /etc/lighttpd/lighttpd.conf
and change the following line:
server.port = 8080
then give the service a kick...
sudo systemctl restart lighttpd.service
You can then access RaspAP as before with the new port number in the URI, for example, http://raspberrypi.local:8080. This will allow you run another web server alongside lighttpd, if that is your goal.
Yes, RaspAP supports this through the use of dnsmasq.d
. The primary /etc/dnsmasq.d/090_raspap.conf
managed by the UI includes the following directive to enable your custom .conf files:
conf-dir=/etc/dnsmasq.d
Configuration files placed in this directory will be used by the dnsmasq service and are untouched by the UI.
RaspAP supports OpenVPN clients by uploading a valid .ovpn file to /etc/openvpn/client
and, optionally, creating a login.conf
file with your client auth credentials. Additionally, in line with the project's default configuration, the following iptables rules are added to forward traffic from OpenVPN's tun0
interface to your configured wireless interface (wlan0
is the default):
-A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o tun0 -j ACCEPT
It is your responsibility to provide a valid .ovpn file; RaspAP does not attempt to validate the settings or RSA keys contained in this file. If OpenVPN fails to start, check for errors with sudo systemctl status openvpn-client@client
and journalctl --identifier openvpn
.
Issues like this are frequently reported. Begin by confirming the status of your connection:
$ sudo systemctl status openvpn-client@client
● openvpn-client@client.service - OpenVPN tunnel for client
Loaded: loaded (/lib/systemd/system/openvpn-client@.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-06-12 15:45:41 CDT; 1min 39s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 2689 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 2200)
Memory: 1.1M
CGroup: /system.slice/system-openvpn\x2dclient.slice/openvpn-client@client.service
└─2689 /usr/sbin/openvpn --suppress-timestamps --nobind --config client.conf
You can also use journalctl --identifier openvpn
to identify any errors. If your internet access is intermittent or otherwise degraded with the openvpn-client
active, the next step is to test your connection for packet loss and latency. There are many Linux tools you can use to diagnose your network. mtr
is a good choice as it combines functionality of the traceroute and ping programs. Install and use it to perform your own evaluation:
sudo apt install mtr -y
sudo mtr -rwc 50 -i 0.2 -rw duckduckgo.com
Start: 2020-06-13T11:42:26+0100
HOST: raspberrypi Loss% Snt Last Avg Best Wrst StDev
1.|-- 192.168.1.254 0.0% 50 26.8 27.1 26.5 31.4 0.8
2.|-- somerouter.net 88.0% 50 392.0 390.4 362.1 596.7 1.2
The results are reported as round-trip response times in milliseconds and the percentage of packet loss. If you see loss and/or latency like the above example, report it to your VPN provider or find another one. Read this for more on interpreting mtr results.
Protip: free VPNs are frequently oversubscribed and usually not worth the trouble.
RaspAP's Quick Installer configures network-address-translation (NAT) with iptables rules, so that the RPi can act as an internet gateway to multiple hosts on a local network with a single public IP address. This is done by rewriting the addresses of IP packets as they pass through the NAT system. Many access points, including RaspAP, use a combination of IP forwarding and masquerading to achieve this.
In some cases, NAT rules applied to localhost
can interfere with other services running on an RPi. An example is the Plex Media Server, which has an API that listens on localhost. As of this writing, the Plex API has been built to not authenticate communication between service processes of the server. This can cause a failure to communicate with the Plex API or similar add-on services on your RPi.
The solution is to add a NAT rule ahead of the rule RaspAP installs to not apply NAT to connections destined to 127.0.0.0/8:
$ sudo iptables -t nat -I POSTROUTING -d 127.0.0.0/8 -j ACCEPT
The resulting iptables chain should look something like this:
$ sudo iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 31 packets, 4810 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 31 packets, 4810 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 23 packets, 1338 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
17 999 ACCEPT all -- * * 0.0.0.0/0 127.0.0.0/8
2422 158K MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
Refer to this issue.
Short answer: because of wireless regulatory restrictions for your country. If the AC option is disabled on your RPi, there are two small configuration changes you can make to enable it. First, configure your RPi's wireless regulatory domain with sudo iw reg set US
. Next, on the Advanced tab of Configure hotspot, choose "United States" as the country code and save settings. You can now choose 802.11ac from the wireless mode select on the Basic tab.
Choosing the AC wireless mode will populate the supported 5 GHz channels for you.
Longer answer: AC support is not simply a function of your device's hardware capabilities. It must also take into account regulatory restrictions of the wireless spectrum. The regulatory info for brcmfmac
, the kernel driver that supports the Broadcom wireless chipset, is embedded in the firmware of RPi models 3B+ and 4. There are lots of international issues with WiFi that restrict channel use, transmission power, etc. on a regional and per-country basis. As a result, only combinations of certain frequencies (channels) and countries are capable of hosting an AC access point with the RPi's wireless adapter.
If the country configured on your RPi does not allow use of a particular segment of the 5 GHz wireless spectrum, an AC configured AP will fail to start. Errors like these are common:
nl80211: Failed to set channel (freq=5180): -22 (Invalid argument)
hostapd: Could not set channel for kernel driver
In testing, stable AP's on the RPi's supported AC channels were only reliably obtained with 'US' as the regulatory domain. To get a list of the supported channels on your RPi for the 2.4 and 5 GHz bands, use iw phy phy0 channels
. Refer to this issue.
Yes, you can. In the spirit of experimentation, this project allows you to override RaspAP's default configuration. The file wireless.json contains the regulatory domains and channels for the 2.4 and 5 GHz bands. Add a valid ISO Alpha-2 country code to the list of 5Ghz_max48ch
countries and save the file. Next, edit includes/config.php
and add the same country to this constant:
// Constant for the 5GHz wireless regulatory domain
define('RASPI_5GHZ_ISO_ALPHA2', array('US'));
The Configure hotspot page will now let you select AC as a wireless mode option for your country. If you succeed in creating a stable AP, feel free to share your results in this issue.
Note: it is recommended to monitor logs such as dmesg
and the hostapd error log (available in the Logfile output tab of RaspAP) while doing this. Bug reports like "AC doesn't work" and/or troubleshooting requests will not be considered. No hard feelings.
In order to achieve optimal throughput with 802.11n, the wireless stream must operate at a 40 MHz wide channel on the 2.4 GHz band. A 20 MHz channel will restrict you to 72 Mbps. Your hostapd.conf
might have the required settings, but this is no guarantee of a 40 MHz channel.
In practice, this can be quite difficult due to interference on the 2.4 GHz band. There are many things that will cause an AP to fallback to 20 MHz. The most common reason is if an AP detects another wireless network within 40 MHz, i.e. two channels, of its own channel. For example, if an AP is set to channel 6, another network operating anywhere from channel 4 to 8 will trigger a fallback. hostapd will usually report a fallback like so:
20/40 MHz operation not permitted on channel pri=3 sec=7 based on overlapping BSSes
For more information on optimizing 802.11n, refer to this resource.
Generally speaking, the 5 GHz band has substantially greater capacity due to more non-overlapping radio channels and less radio interference as compared to the 2.4 GHz band.
We have provided an uninstall script to remove RaspAP cleanly, and also restore any backups of your configuration that were created before RaspAP was installed. The uninstall script is located in installers/uninstall.sh
. To start the uninstaller, simply run the following from the project root folder (default location is /var/www/html
):
cd /var/www/html
sudo installers/uninstall.sh