How to turn a Raspi into a Wi-Fi access point using only NetWorkManager

Simply turning the Raspberry Pi’s Wi-Fi into an access point has always been achieved by installing hostapd and dnsmasq. With the current OS, network management is now NetworkManager and can be achieved without using other applications. And it is easy.

*NetworkManager has been standard on the Raspberry Pi OS since October 2023. (Previously dhcpcd)

If you turn your Raspberry Pi into a Wi-Fi access point, you can connect another machine or smartphone directly to the Raspberry Pi and operate it.
For clarity, we will show you how to connect another machine to the network environment built on the Raspberry Pi via Wi-Fi.

Environment of this time

  • PL-R4 (Compute Module 4)
  • Raspberry Pi OS bullseye 64bit
  • Internet access via wired LAN cable

This environment is for setting up ComputeModule4 Wi-Fi as an access point. To make it an access point, Wi-Fi is not set up for normal Internet connection.

The OS is in an updated state at the time of writing.

sudo apt update && sudo apt full-upgrade -y

If dnsmasq is installed, it should be stopped & disabled or removed to avoid batting.
NetworkManager is available by instance with dnsmasq running.

The same configuration can be used for Raspberry Pi 4 and 5, not only for industrial Raspi.
The Internet side is connected to the Raspberry Pi with a wired LAN cable.

NetworkManager Commands

Use commands to configure Wi-Fi settings in NetworkManager.

It can also be configured graphically on the terminal, like raspi-config. (nmtui=Network Manager Text User Interface)

  • Graphical configuration tool in nmtui terminal
  • Configuration tool with nmcli command

This time, the nmcli command is used to set up the system.

The following commands are useful
You may want to run it as a confirmation during the setup process.

nmcli dev status (nmcli device)
nmcli connection show (nmcli connection)
nmcli connection show wlan0
nmcli connection show AP名

Configuration file location

When a new access point is set up, it is created under /etc/NetworkManager/system-connections/. (location of the persistent profile)

sudo nano /etc/NetworkManager/system-connections/rpi_ap.nmconnection

It is described like this.

[connection]
id=rpi_ap
uuid=********-****-****-****-************
type=wifi
interface-name=wlan0
permissions=

[wifi]
band=bg
mac-address-blacklist=
mode=ap
ssid=raspida-lan
[wifi-security]
key-mgmt=wpa-psk
pairwise=ccmp;
proto=rsn;
psk=password
[ipv4]
address1=192.168.2.1/24
dns-search=
method=shared
[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=auto
[proxy]

addr-gen-mode=stable-privacy dns-search= method=auto [proxy]

You can edit the file directly, but I don’t recommend it; the UUID will change and so on, so let’s use the nmcli command.

Set up with the nmcli command.

Here is the main issue.

To make it an access point, we will create a connection point called rpi_ap as an example, instead of the usual eth0 or wlan0, and set it up so that the smartphone (PC) can connect to wlan0 on the Raspi.

Use the nmcli command.
The command format was a bit complicated because there were many options and command options could be omitted.

nmcli format

nmcli [OPTIONS...] { help | general | networking | radio | connection | device | agent | monitor } [COMMAND] [ARGUMENTS...]

Command options that can be omitted from the input can be as few as one character; subtle abbreviations such as con and dev are also available, so it is easier to type them using command completion (TAB key).

Example of omission

  nmcli connection show rpi_ap

nmcli c s rpi_ap

I guess you can get used to it, but at first it is easier to understand if you set it up in full text.

Create and configure a Wi-Fi access point-ization profile

Create a profile for the access point. If you create a new one, you can write the settings together on a single line.

The final configuration was set up with the following one line.
Optional settings are the ssid name (raspida-lan) and password (“password”).

sudo nmcli connection add type wifi ifname wlan0 con-name rpi_ap autoconnect yes \
ssid raspida-lan \
802-11-wireless.mode ap \
802-11-wireless.band bg \
ipv4.method shared ipv4.address 192.168.2.1/24 \
wifi-sec.key-mgmt wpa-psk \
wifi-sec.pairwise ccmp \
wifi-sec.proto rsn \
wifi-sec.psk "password"

And finally, the settings are reflected.

sudo nmcli connection up rpi_ap

Explanation of configuration options

I will explain a little about the meaning of the command examples.

sudo nmcli connection add type wifi ifname wlan0 con-name rpi_ap autoconnect yes
The connection type is Wi-Fi, interface is wlan0, connection AP name is rpi_ap, and autoconnect is yes. autoconnect (auto connect) is NO by default (basic). We enable the autoconnect setting because we need to do the connection up command every time.

ssid raspida-lan
I have named the SSID raspida-lan. This is arbitrary text. You will connect to the Wi-Fi with this name.

The Wi-Fi authentication method is also set together.
802-11-wireless~ from or wifi-sec~ part is the Wi-Fi authentication method, IP address, etc. Is this much necessary?
Please change it according to your network environment.

802-11-wireless.mode ap
802-11-wireless.band bg
ipv4.method shared ipv4.address 192.168.*.1/24
wifi-sec.key-mgmt wpa-psk
wifi-sec.pairwise ccmp
wifi-sec.proto rsn
wifi-sec.psk "password"

The mode is set to AP (access point), the band is b/g, and the ipv4.method is set to shared instead of manual (manual) before setting the IP address.

The reason for SHARED is to distribute IP addresses to clients (smartphones and PCs) connected to the access point.
When NetworkManager alone is set to MANUAL, local addresses (169.254~) are distributed.

The IP address is 192.168.*.1/24for clarity. I have set * so that it does not cover my home Wi-Fi.

Since the ring authentication method is WPA2, we set up the environment with RSN as the protocol and AES (≒ CCMP) as the cipher method.

To set it up later

If you want to set it after the conf file has been created, use the nmcli modifycommand to add it.

Setting Example:

nmcli connection modify rpi_ap ipv4.method manual ipv4.addresses 192.168.2.1/24 \
nmcli connection modify rpi_ap 802-11-wireless-security.key-mgmt wpa-psk \
nmcli connection modify rpi_ap 802-11-wireless-security.psk "任意パスワード" \
nmcli connection modify rpi_ap 802-11-wireless-security.pairwise ccmp \
nmcli connection modify rpi_ap 802-11-wireless-security.proto rsn
nmcli connection modify rpi_ap 802-11-wireless.band a \
nmcli connection modify rpi_ap 802-11-wireless.channel 12

Reflection of settings

Once you have set up everything you need, establish the connection. (Reflects corrections & additions)

sudo nmcli connection up AP名

Restarting the service can also reflect this.

You can also restart the service to reflect the modification. Usually, connection up is sufficient.

sudo systemctl restart NetworkManager.service

Confirm list view and content settings

The list can be displayed with the show command. The show command (nmcli connection show rpi_ap) specifying the access point name (rpi_ap in this case) will display the access point settings.

nmcli connection show
nmcli connection show rpi_ap

If there are any missing parts, you can set them up by following the earlier nmcli con modify〜.

Delete Access Point command

To delete an access point, use the delete command.
If you make a mistake, you may want to start over. Delete it and then re-create it.

sudo nmcli connection delete rpi_ap

Let’s connect!

Once the access point is set up, try connecting from another PC or smartphone.

Example of connecting to an access point with SSID set to ikkadan-lan on another Raspi.

Example of connecting to an access point with SSID set to raspida-lan on an iPhone.

You can see that IP addresses are also assigned within the specified range. In this example, we set it up at 192.168.2.1/24.

Only NetworkManager was used.

It is easy and convenient to turn Wi-Fi into an access point using only NetworkManager.

Compared to the previous combination of dhcpcd+hosted+dnsmasq, it seems easier in terms of the number of hands.

The nmcli command can also be used in a shell script (.sh), so it would be useful to put together your own configuration method.
The nmtui command is not mentioned here. while it is easy to understand because it can be configured in the GUI, it is not immediately reflected unless the connection up command is finally done. However, it is easy to forget to activate it because it is not immediately reflected until the connection up command.

Although it is a setup that executes a command, it is not that tricky since it requires only one line.

This was a method of turning a Raspi into a Wi-Fi access point configured with NetworkManager.


記事寄稿:ラズパイダ

非エンジニアでも楽しく扱えるRaspberry Pi 情報サイト raspida.com を運営。ラズベリーパイに長年触れた経験をもとに、ラズベリーパイを知る人にも、これから始めたいと興味を持つ人にも参考になる情報・トピックを数多く発信。PiLinkのサイトへは産業用ラズベリーパイについて技術ブログ記事を寄稿。