Hass io create a SoftAP create_ap/hostapd for IoT dedicated wireless network

johnjones · December 7, 2019, 4:08am

Hi
Since even gov departments (the USA FBI) are now recommending a dedicated network for IoT…

I would very much like to create a Wifi network using the wireless adapter on the raspberry pi
(not routable to the internet just a AP with DHCP running)
then have the wired interface connect to the internet
BOTH networks would be visible to Home Assistant.

the issue is that the docker image only has one network interface.

Would it be possible to update Hass.io with the tools to allow this scenario (hostapd and config) ?

would anyone else like a dedicated wireless network for their things run out of the Hass.io image ?

thanks

John Jones

p.s. I know I can set this up myself on raspbian and am capable of that but I like automatic updates and Hass io

Burningstone · December 7, 2019, 8:47am

I think most people here who want to separate their IoT devices, create a separate VLAN for IoT and block unwanted traffic with firewall rules. I’m doing it the same way.
I don’t know if it is a good idea to use the Pi as an AP and firewall and Hass.io machine. Also the Pi’s WiFi Chip is not really the best in the world, does it even support 5Ghz? Also I don’t know how many wifi devices you have for me it’s sometimes up to 20 wifi devices and I don’t think my Pi could handle this. What I want so say with all this, I recommend getting dedicated network gear for something like this.

johnjones · December 7, 2019, 1:16pm

I don’t think you get it… for myself 1 raspberry pi for each internet thing… the frequency etc is not an issue
many others have done this (created a AP to bridge it to wired network)

what I’m asking is for Hass.io to create the appropriate network interfaces in docker so this can be created by a add on

Burningstone · December 7, 2019, 1:21pm

No, I really don’t get it. You want 1 raspberry pi per IoT device or 1 raspberry pi for all IoT devices?

johnjones · December 8, 2019, 2:29am

how many interfaces does docker have ?

Burningstone · December 8, 2019, 11:27am

Multiple ones dependig on your setup/configuration. You still didn’t answer my question if you want multiple pis or one pi?

johnjones · December 11, 2019, 8:31am

it has one in hass.io which is why its in this forum, I’ll not bother with this forum because of people like you

Burningstone · December 11, 2019, 8:55am

Ou wooow, okay, whatever floats your boat…

You asked a general question and not specific to hass.io

And I provided you an answer to your general question.

I insist that it is not a good idea to use the same Pi as an AP and as your home assistant server, do what you want…

Then make a feature request and if enough people vote for your feature request, the developers might see this and implement it into Hass.io.

hannes23 · December 11, 2019, 12:26pm

I think this is a perfectly fine setup to have the HA raspberry open up a dedicated wifi network for IoT stuff. Like:

    +--------+           +--------+    
    | router |-----------|  rasp  | ----)))  IoT's
    +--------+           +--------+          10.0.0.0/24
        |
       LAN
 192.168.0.0 / 24

This way you can control access from the IoT devices to the internet/cloud and seperate it from your precious LAN.

As you might guess - Iḿ trying to do the same as @johnjones

I am currently thinking of:

 * eth0     = 192.168.0.xx + 10.0.0.1
 * wlan0    = <no IP>
 * bridge0  = wlan0 + eth0

With DHCPd on eth0 for range 10.0.0.0/24.

I think, this might work, but I am not very familiar with docker and it’s iptables rules - maybe this also needs some tweaking.

I let you know, if this will work - will try it in the near future.

Burningstone · December 11, 2019, 1:13pm

I never said that it is not a viable solution, I just expressed my opinion that I don’t think that it is a good idea. Just curious, let’s say you have 50 IoT WiFi devices, wouldn’t this create a high load for the RPi?
What I would also like to know, what do you do with IoT devices that need access to the internet to work like an Amazon Echo? Do you create firewall rules in the pi (creating even more load)?

I think it’s just way easier to create a VLAN dedicated to IoT things, and this is also what most people here do (from what I read), therefore I assume that the demand to get this implemented into Hass.io is quite low.

hannes23 · December 12, 2019, 11:05am

You are right, no doubt.

But my switches are not capable doing VLAN stuff, so I need another deive creating a new AP to seperate it from my LAN - therefore it would be handy if the raspberry could handle this!

BTW: I found a way to create a WIFI AP - this awesome Addon:

Addon - Raspberry Pi as hotspot in hass.io