16.04.24
This tutorial guides you through setting up a freeBSD Raspberry Pi access point, including performance tweaks for optimal operation. I enjoy playing around with unix, GNU/linux on computers and singleboard computers and instead of the typical raspian based Pi networking project I wanted to try netBSD or freeBSD.
I have really enjoyed playing around with BSD including netBSD, freeBSD and openBSD. I can see why people really rate it. They are very minimal and sane to work with. There is normally a preferred way to do most things and a "secure by default" mentality. That means freeBSD doesn't ship with tonnes of crap by default which is nice.
To follow along you will need a raspberry PI, an external wifi adapter with antenna or you might be comformtable using the Raspberry Pi's inbuilt one. You will need to provide ethernet via the Pi's onboard ethernet port. I have only tested this on a Pi 2 & 4 using an USB wifi networking card.
Email me if you encounter issues or have any improvements or suggestions to improve this. I would also be interested to know about other hardware that this could run faster on.
I downloaded an image from here and you will need to pick the right one for your raspberry PI and flash it to the microSD card using the dd command on linux, pi imager or something like etcher. Once you are logged into the Pi update it and configure your users.
pkg clean -a && pkg upgrade -f
pkg install sudo
visudo
Add the following line to grant all permissions to the user, for example for the freebsd user: freebsd
:
freebsd ALL=(ALL) ALL
Check for "HOSTAP" Capability
ifconfig wlan0 list caps
Bring Up the Interface
sudo ifconfig wlan0 up
Install Necessary Packages
pkg install hostapd dnsmasq unbound
wlans_run0="wlan0"
ifconfig_wlan0="WPA SYNDHCP"
wlans_run0="wlan0"
create_args_wlan0="wlanmode hostap"
ifconfig_wlan0="inet 192.168.0.1 netmask 255.255.255.0 mtu 1492"
dnsmasq_enable="YES"
hostapd_enable="YES"
unbound_enable="YES"
pf_enable="YES"
#pflog_enable="YES"
interface=wlan0
debug=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
driver=nl80211
ssid=DemoAP
hw_mode=g
channel=auto
ieee80211n=1
ieee80211ac=1
wmm_enabled=1
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
beacon_int=100
dtim_period=2
wpa_group_rekey=300
wmm_ac_bk_acm=0
wmm_ac_be_acm=0
wmm_ac_vi_acm=0
wmm_ac_vo_acm=0
net.inet.ip.forwarding=1
kern.sched.preempt_thresh=224
kern.ipc.maxsockbuf=524288
net.inet.tcp.sendspace=32768
net.inet.tcp.recvspace=32768
net.inet.tcp.fastopen.enabled=1
net.inet.tcp.sendbuf_max=524288
net.inet.tcp.recvbuf_max=524288
net.inet.udp.recvbuf_max=262144
net.inet.udp.sendbuf_max=262144
apply changes: sudo sysctl -a
set skip on lo
set limit states 10000
nat on genet0 from wlan0:network to any -> (genet0) #genet0
pfctl -a
no-resolve
interface=wlan0
bind-dynamic
domain-needed
bogus-priv
dhcp-range=192.168.0.50,192.168.0.150,12h
dhcp-option=option:dns-server,192.168.0.1
no-dhcp-interface=lo
port=0
cache-size=1000
dhcp-lease-max=150
server:
interface: 0.0.0.0
access-control: 192.168.0.0/24 allow
verbosity: 1
logfile: "unbound.log"
use-syslog: no
log-queries: yes
num-threads: 4
msg-cache-size: 50m
rrset-cache-size: 100m
prefetch: yes
prefetch-key: yes
forward-zone:
name: "."
forward-addr: 9.9.9.9 # Quad9's primary DNS server
forward-addr: 149.112.112.112 # Quad9's secondary DNS server
service netif restart # Restart network interfaces to apply rc.conf changes
service hostapd restart
service dnsmasq restart
service unbound restart
service pf reload
tcpdump -i wlan0 -qqq
follow this website on neocities