Simple Wireless Repeater with Raspbian Jessie

Run raspi-config:

  1. create a new strong! password, and
  2. create a different hostname (rpt-rpi)

1. Setting the Wireless Interfaces wlan0 & wlan1

We must use the interface the Edimax is assigned to for the Access Point (AP), and the other adapter to communicate to the Router.

Run iwconfig and note the “Nickname” of the adapters to get an idea of what adapter was assigned to wlan0 and wlan1.

2. Installing a Host Access Data Point Daemon (hostapd)

The hostapd module package from Debian/Jessie cannot handle the so called managed mode of the Edimax WiFi adapter, so we’re going to install one that is working with that adapter.

tar -zxvf v2.0.tar.gz
cd RTL8188-hostapd-2.0/hostapd
sudo make
sudo make install

Freeze the automatic updating of this package:

sudo apt-mark hold hostapd

3. Installing and Setting up a DHCP server for the AP

Install the package and edit the two configuration files /etc/dhcp/dhcpd.conf and /etc/default/isc-dhcp-server which we will need to configure:

sudo apt-get install isc-dhcp-server
sudo nano /etc/dhcp/dhcpd.conf

Find the following two lines and comment them out by putting a ‘#’ in front of them:

#option domain-name "";
#option domain-name-servers,;

Find the line that has authoritative , and make it active by removing the ‘#’ in front of it:


Setup the DHCP server with the subnet information for our access point. Thus, go to the end of the file and add this by copy & paste:

subnet netmask {
 option broadcast-address;
 option routers;
 default-lease-time 600;
 max-lease-time 7200;
 option domain-name "RPT-RPi";
 option domain-name-servers,;

Note that I used the same name as the hostname (hostname name is lower case though). Save the file and close the editor.

Edit the isc-dhcp-server configuration file and assign the AP wlan interface:

$sudo nano /etc/default/isc-dhcp-server

4. Installing the Network Interfaces

source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet manual

# TP-link adapter (Router i/f)
allow-hotplug wlan0
   iface wlan0 inet manual
   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

# Edimax adapter (AP)
allow-hotplug wlan1
   iface wlan1 inet manual
#   wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

I found that allow-hotplug wlan1 is not necessary, and I also had to specify a static IP to wlan0 so that it connected to Internet:

# TP-link adapter (Router i/f)
allow-hotplug wlan0
#iface wlan0 inet manual
iface wlan0 inet static
    wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

# Edimax adapter (AP)
#allow-hotplug wlan1
# iface wlan1 inet manual

Note that we disabled the wpa_supplicant for the AP. It does not need it, but we do need it for the Router i/f.

Edit the supplicant file to add info for the router interface:

$sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
      ssid="Your Router SSID"
      psk="Your Router’s password"

5. Configuring dhcpcd

Edit the dhcpcd (dhcp-client-daemon) configuration file:

$sudo nano /etc/dhcpcd.conf
   # Repeater settings
   # Static IP configuration for eth0
   #interface eth0
   # do not assign anything for eth0

   # static IP configuration for AP
   # this is the Edimax adapter
   interface wlan1
   static ip_address=

6. Setting up hostadp

$sudo nano /etc/hostapd/hostapd.conf

# Basic configuration
ssid= <XXXX>
# WPA and WPA2 configuration
wpa_passphrase= <My_passphrase>
# Hardware configuration
# Other Settings

Make the following changes:

  1. Change interface=wlan1
  2. Change ssid=RPT-RPi
  3. Change wpa_passphrase=to your AP password
  4. Optional, change the channel= to the least congested one if you know how to.

7. Setting up the Network Address Translation & Filtering

The last step we need to do before we can start to use the Repeater is setting up the address translation and filtering for all three interfaces.

Create the file we will use to load the rules from at boot time:

sudo touch /etc/iptables/rules.v4

Flush the rules currently in iptables memory:

sudo iptables -F
sudo iptables -t nat -F
sudo iptables -X

Load the new rules for the repeater:

sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT

And save them from memory into a file so then can be loaded at boot:

sudo sh -c "iptables-save > /etc/iptables/rules.v4"

The next step is to install IP forwarding:

$sudo nano /etc/sysctl.conf
   # Uncomment the next line

8. Setting up the Boot Sequence

There is a race situation messing with the order of the boot process for the packages we just installed. There are other ways, this is simple and works. Run the following to avoid the automatic starting at boot:

$sudo update-rc.d hostapd remove
$sudo update-rc.d isc-dhcp-server remove
# Add the right startup sequence to /etc/rc.local
$sudo nano /etc/rc.local

# start the Repeater packages here so everything will start in order
printf "Reloading iptables"
iptables-restore < /etc/iptables/rules.v4
sleep 1
printf "Starting hostapd"
service hostapd start
sleep 1
printf "Starting the DHCP server"
service isc-dhcp-server start

Reboot the Pi. Carefully watch the console boot messages for clues.

Log in and run ifconfig to see if you have the correct IP addresses for wlan0 and wlan1.
Run iwconfig to check if wlan0 is indeed connected to the router. Run route to see if the defaults for wlan0 and wlan1 are the same.

Ping and then ping an outside website or server by using the hostname. 

If that is all successful, you just created a simple pass-through wireless Repeater that can also be used to extend the wireless router range for your clients in bad wireless spots. You can also use this Repeater to give visitors to your home access the internet without giving out your own main SSID password. If that is your main purpose, you may want to investigate in USB Wireless adapters with an antenna.

This Repeater solution is simple, because there are no sophisticated rules and filters for iptables, so browsing complex websites may not work, and there is no protection other than the SSID password. The good news is that the range for snooping is limited.