Using Raspberry Pi as an offline LAN

I have seen several tutorials online that outlines the steps to setup the Raspberry Pi as an offline LAN, however they are all slightly outdated. This guide has all the required steps as of April 4th 2022 when Debian version 11 (bullseye) was released.

At the end of this guide, you will be able to search, find and connect to the network configured on the Raspi – while the Raspi itself will be offline.

I suggest getting started by installing Raspberry Pi OS using the official Raspberry Pi Imager – selecting the option without a desktop environment.

Overview:

  1. Update your awesome Raspberry Pi.
  2. Install required software: iptables, dnsmasq, and hostapd.
  3. Configure a static IP for the built-in Wi-Fi.
  4. Setup the Dynamic Host Configuration Protocol service (DHCP).
  5. Setup the access point and authentication service (hostapd).
  6. Configure the Raspi to operate as a router.
  7. Generate a QR code to easily connect and login to the network.
  8. Lowering the power of the Zero
  9. Reversing the Setup

Update

Use the following to ensure the Raspbian installation is up-to-date:

sudo apt-get update
sudo apt full-upgrade

It is recommended to use full-upgrade as it picks up any dependency changes that may have been made. The full-upgrade does not upgrade from one major release to another.

Check that you have sufficient space for the update with:

df -h t

To free up space you can remove downloaded package files (.deb files) that are auto-saved in /var/cache/apt/archives:

sudo apt clean

Install

Since iptables is no longer installed by default on Bullseye (2021-10-30), you have to install it in addition to the DNS and APD services.

Install all the required software in one go with this command:

sudo apt-get install iptables dnsmasq hostapd

Since these services have not yet been configured, we stop them:

sudo systemctl stop dnsmasq
sudo systemctl stop hostapd

sudo nano /etc/dhcpcd.conf

To configure a static IP address, use the following command to edit the dhcpcd configuration file:

sudo nano /etc/dhcpcd.conf

Append the following (to the bottom of the file):

interface wlan0
static ip_address=192.168.4.1/24

To learn about Wi-Fi network security:

https://www.acrylicwifi.com/en/blog/about-wpa-psk-tkip-ccmp-wi-fi-security-information/

To Undo

Hostadp is a user space daemon software enabling a network interface card to act as an access point and authentication server. 

Rekey Intervals

WPA automatically changes secret keys after a certain period of time. The group rekey interval is the period of time in between automatic changes of the group key, which all devices on the network share. WPA changes the group key so quickly that you won’t even notice the process.

Benefits of Rekeying

The WPA protocol uses rekeying to provide your network with increased security. Constantly rekeying the group key protects your network against intrusion, as the would-be intruder must cope with an ever-changing secret key. Older security standards like WEP do not possess this automatic rekey function, and are therefore less secure.

https://www.techwalla.com/articles/what-is-a-wpa-group-rekey-interval

rsn_pairwise: This controls WPA2’s data encryption, WPA2 is the recommended authentication and encryption suite to use.

Lowering Power Usage

  1. Disconnect everything that is not needed. Just having devices connected increases power consumption.
  2. Change the GL driver to G1 Legacy and then disabling the HDMI port; it will apparently save you about 30% power (when idle).
  3. Turning off the LED activity light.

I also tried disabling the bluetooth, but that prevented the Raspi from setting up the Wi-Fi correctly, as I could never find it’s NAT. So the above steps are the reversible actions I could take to save power.

Open the config.txt file and add this:

/usr/bin/tvservice -o
echo none | sudo tee /sys/class/leds/led0/trigger

Leave a comment