Raspberry Pi ZeroW as a WiFi Router

Has anyone used a Raspberry Pi ZeroW (or another Pi, plus a USB WiFi adapter) as a WiFi router?

As my existing WiFi router already connects to the internet using a USB mobile broadband modem, this might suit me more than most people, but there is an OpenWrt image for the Raspbery Pi:

formatting link
My cause for looking down this path is that I want to set up a HTTPS to HTTP proxy on the router to serve all HTTPS connections to computers on my local network via unencrypted HTTP. This is because all the stupid websites forcing HTTPS (when it isn't needed) are making it difficult to keep all the software on my various computers compatible with the various and ever-changing encryption protocols required.

Currently I'm using a Netgear DGN2200 router, with OpenWrt installed. However for starters there insn't enough Flash storage space (8MB) to install all the software required to run the proxy, and beyond that it's doubtful that the 32MB RAM and 300MHz CPU would be able to do the job without slowing everything down.

formatting link
The Raspberry Pi ZeroW with a 1GHz CPU and 512MB RAM should be fast enough, and as I'm only using WiFi and USB in the existing router, it should have all the hardware that I need built in. It would use less power as well.

The main thing that I'm worried about though is the WiFi range. I should be able to solder on a connector for an external antenna as described here:

formatting link
However looking deeper it seems that my existing router may have more transmitting power (28.11dBm) than the Pi ZeroW (17.0dBm).

I don't really want a significant drop in my WiFi range, so would it be better to use a Pi Zero (non-W) and a USB WiFi adapter? In which case, which WiFi adapters should I look for to suit this application?

Years ago I compared the WiFi transmitting power specifications from FCC tests for various different WiFi routers in order to get an idea of what's "good". As noted above, the Pi ZeroW compares poorly to the router that I chose before based on this comparison. However I'm not sure if I might be failing to consider other important figures from the tests (besides the antenna, which will be changed for the Pi ZeroW).

In case it helps, or to satisfy any curiosity, here is the list of router transmitting power with the Pi ZeroW added:

Raspberry Pi ZeroW -17.0dBm maximum WiFi (any channel/standard) -2017

Netgear DGN2200 -28.11dBm on chn. 6 802.11g, 22.56dBm on chn. 6 802.11b -Two antennas -2010

Linksys WAP200 -18.51dBm on chn. 6 802.11g, 16.55dBm on chn. 6 802.11 -2007

D-Link DIR300 A1 -24.98dBm chn. 11 802.11b, 23.19dBm chn. 11 802.11g -2007

Billion BiPAC 7300G -21.07dBm chn. 6 802.11b, 15.14dBm chn. 6 802.11g -2007

Motorola SBG900i -16.05dBm chn. 1 802.11b -2003

Apple AirPort Extreme A1034 -18.4dBm chn. 11 802.11b? -2003

Reply to
Computer Nerd Kev
Loading thread data ...

FWIW I suspect you'll cause yourself more grief trying to strip TLS from all traffic than having to cope with (what should be) a tiny number of b0rked TLS problems ...

Reply to
Andy Burns

Yes, I do it with the standard Stretch Raspbian on a PiZeroW and a PiB+ plus USB wifi dongle.

Wow.. madness. Just keep your shit up to date.

Reply to

I have not personally done so. I know (of) some people (1 or two degrees removed) that have done so. The general consensus seems to be

1) that it will function and 2) that the wireless radio on the Pi has a tendency to burn out (or otherwise be under powered) for use in an Access Point. They resoundingly recommend the little USB dongle that is an AP with a small rubber duck antenna.

I've heard of this type of config being used for a LOT of things, not just AP use cases. (Sniffers, intrusion detection, reconnaissance, etc.)

My biggest concern would be the bandwidth and any constraint / contention for the USB bus.

I've pontificated the same or a slight variation on the theme. My use case is for newer clients to connect to older servers that can't be updated. It sounds like you're primarily worried about older clients that can't step up to the new standards.

sslstrip comes to mind. I've not used it before. Check it out.

I'd also consider Squid as it supports bump-in-the-wire SSL interception. (You need to put a cert in client device's trusted Root CAs, but that shouldn't be a problem for you.)

I'd think you could configure Squid to strip HTTPS and / or provide a consistent maintainable HTTPS / TLS / SSL that your devices can support while it can step up to talk to what ever level of security on the outside. Plus, it can cache things for you. ;-)

I'm sure that there are other options. That's jut what jump out at the moment.

You have your opinion, and I have mine. I see no reason to debate which is correct.

Feel free to ask questions if you want to have a technical discussion (with as few opinions as possible).

I get the impression that a Pi Zero W might not be the best choice. But that a regular Pi might be acceptable. Or some comparable SBC.

I don't know if or how it would effect the burnout that I was mentioning above.

I've got to say, I would take a look at some of the GL-iNet's small router / AP boards. I think they've got some close to regular Pi prices, run OpenWRT, have external antennas, and can be powered via Power over Ethernet.

Remember, Tx power is not all that it's cracked up to be. Sometimes you get better overall service with more lower power devices than fewer higher power devices.

I think I would use the USB WiFi adapter in favor of the WiFi adapter built into the Pi Zero.

Interesting data. Thank you for sharing.

Reply to
Grant Taylor

Great, any observations comparing the Pi ZeroW with the Pi B+'s WiFi dongle, or a normal WiFi router?

That would mean picking up development of at least one application which I have not found a good maintained equivalent for, plus keeping one thing up to date will always be easier than keeping everything up to date.

Anyway, it's a road that I want to go down having already got plenty fed up with trying to keep things that don't deal in secure information SSL compatible. If it's a dead end, I'm willing to find out the hard way.

Reply to
Computer Nerd Kev

Thanks, I didn't think there would be a risk of it actually burning out. That would be no good.

When you say "the", does that suggest a specific model?

That's a good point. Currently I'm only getting a maximum download speed under 300KBytes/s via mobile broadband, and I don't do that much bulk data transfer on the local network. I do want to move from

3G to 4G though.

Yes, old clients that web servers won't talk to are my only worry.

Thanks, I'll look into that.

formatting link

Gah, I actually searched for "squid" and almost clicked the Wikipedia page about the things with "large eyes, eight arms and two tentacles". :)

Ah, this looks better:

formatting link

Interesting, that does seem a bit more elegant, though I'm not really concerned about anyone tapping into my local network traffic (even if they crack my WiFi, they'd have to be on my property in order to get close enough to pick up the signal).

Alright I let myself go a little bit, but the first ten responses if I say that I want to do x in order to strip HTTPS wouldn't be about x, but would be asking why I want to strip HTTPS.

I'm following you with the WiFi burn-out issue. But otherwise, I know that a 1GHz Pentium III is plenty powerful enough to handle the SSL, so a 1GHz Pi Zero should be powerful enough as well. So even if I don't use the Pi ZeroW's WiFi, I don't see a need to put more electricity and money into a faster Pi.

OK, will do. Though the key thing is the CPU power and RAM, otherwise I could just stick with my DGN2200 for this HTTPS to HTTP proxy (the lower electricity usage is just a bonus from using the Pi).

Umm, well I was hoping to keep to just one device in place of the existing router, which is doing the job fine on its own. I know the cost of a Pi ZeroW isn't much, but I would prefer less to configure and less to go wrong.

Thanks. To me that's suggesting a Pi Zero (non-W) with a USB WiFi adapter yet to be determined. I'll have a look at what's available for them.

Reply to
Computer Nerd Kev

Just a tangential point...

Don?t forget that a highly directional (dish) antenna can be used to eavesdrop or participate in a wireless LAN that is far too distant for use by a typical low gain antenna.

Reply to
Michael J. Mahon

It works well for light traffic.

How many devices? The Pi0 can handle ten or so gamers concurrently fetching small text files but two or three downloading graphics makes it sweat...

Proxying tends to eat memory - and if you start swapping to external storage you'll impinge bandwith.

You might need the bigger pi just for the memory.

The low power Wifi is a big plus.

A a general rule the more powerful the wifi signal the slower the transfer as high power devices are in range of a greater number of competitors for the channels - so they have to back-off more. One powerful device can slow an entire neighborhood including itself.

Aim for the signal to -just- cover the area you need and no more.

Better to have two or three strategically placed low power (Pi?) APs on wired connections; never use WiFi extenders, each one you add halves throughput.


Reply to

It would be fine for one or two clients in a small area, but it's WiFi and processing power isn't up handling a home full of devices.

[Snip list of routers]

Get yourself a decent router, I recommend ASUS, got a RT-ac68U which is superb. It's a fibre router, but I did have to use with USB 4G dongles for a month after moving house.


Reply to

That was counting anyone with a highly directional antenna. :)

I looked into using cantenna designs to connect distant buildings via WiFi once - you'd need one at both ends in order to have some sort of hope. Plus anyone parked by the road for any period of time out here would be highly suspicous even before you put a big dish on the roof into the picture. Other houses are at kilometer distances away.

Reply to
Computer Nerd Kev

It's just me, so two at most (if I leave something downloadling / updating while I'm using my laptop, or am transferring between computers). Though the 3G (soon to be 4G) mobile broadband modem is on the USB bus as well, I don't know if that would be worse for performance than the Ethernet adapter. I'm guessing that it's unlikely to be a problem though - and I usually don't do any form of streaming.

Hmm, and swapping to Flash memory on the Pi's SD card wouldn't be ideal for longevity either.

Given the price, it might make sense to try it with the Pi Zero first. If it works, it will use less power as well, if it doesn't, then I haven't wasted much money on the Pi Zero anyway.

Ah well, there are no other WiFi networks in range out here in the middle of nowhere so I can pump out all the WiFi power that I can get. :) - Some compensation for all the struggle to pick up mobile broadband signal...

The existing set-up proves that I don't need to do that, so I'd prefer to stick with a single unit and have less to go wrong, update, etc.

Reply to
Computer Nerd Kev

My home = one or two clients at any one time. Only PCs.

That router has half the RAM of the Pi Zero and a lower CPU clock (though two cores instead of one). I'm sure it's fine for doing the current job of my DGN2200, but I wouldn't consider changing that if it wasn't for the need to run the HTTPS to HTTP software, and hence I started looking outside the range of available routers.

formatting link

Reply to
Computer Nerd Kev

On Wed, 17 Apr 2019 00:01:43 +0000 (UTC), snipped-for-privacy@telling.you.invalid (Computer Nerd Kev) declaimed the following:

You might be surprised... My primary TV and satellite box, cell-phone, four Nooks, a couple of R-Pi 3B, Wii-U (and an older Wii once I get it back from my father's stored junk) are all WiFi clients (the cell-phone actually routes data connections over the WiFi in preference to GSM) -- I hardwire the laptop and main computer, but both have WiFi client capability. Fortunately my three Blu-Ray players were explicitly purchased without WiFi

-- and I'm not going to run CAT-5/6 to the rooms with the TVs/BD players.

Reply to
Dennis Lee Bieber

Yeah I know, and then there are the IOT devices. In my case though I really do just have the PCs. I often take the remarkable decision to fix things instead of replace them, which keeps my technology stagnant in the first place, and I don't bother with Smartphones or Smart TVs.

Hence the trouble with HTTPS in the first place. If I have a working system that doesn't need to communicate securly, I want to keep using it as-is. I don't want to upgrade this, which means upgrading that, which means changing this, which means buying a new that, and so on...

Reply to
Computer Nerd Kev

You can configure Apache httpd as a reverse proxy for sites and leverage it's ability to modify HTML as it passes through. So you can bust HTTPS sites down to HTTP.

I'm guessing that this is much of what sslstrip does.

Reply to
Grant Taylor

Thanks, my first option will be to try the No-HTTPS Perl script which was posted in alt.sources late last year. I had a go at setting this up on the existing router, but I soon ran out of Flash while installing dependancies for Perl and decided that the odds of it having enough RAM and CPU speed to do the job weren't high enough to bother trying to sort something out with a USB memory stick.

A Pi ZeroW is on its way. I might see how I go with the onboard WiFi for starters, Perhaps putting a heatsink on the WiFi chip will help against the burn-out issues as it's presumably due to something overheating. The router could be positioned better for WiFi if I set up an outdoor directional antenna for the mobile broadband modem, which I need to do anyway. the WiFi only really has to cover a few rooms (though one has some metal cladding in the way).

Reply to
Computer Nerd Kev

Computer Nerd Kev wrote, on 20-04-2019 03:32:

I saw that earlier in the thread but that seemed like bullshit where they manually tried to boost the power to the wifi chip, maybe removing a resistor somewhere or otherwise cranking up the voltage, I don't know. Don't do that, obviously.

Bandwidth will be the issue, wifi up & down on all channels (uplink, clients) going over 1 shared USB2 connection, including storage traffic if you want something a little more reliable than an sd card. Maybe you figured out it will suffice in your situation but I fear for the practical result.

Of course, putting this all together won't be a one time job, you'll have to maintain it and that would ultimately put me off; you're just shifting the work to a dead end.

Fine for a "can it be done" hobby project.

Reply to
A. Dumas

Clock speed is pretty immaterial, it is a dedicated router chipset, with gigabit Ethernet, a/b/c/g/n/ac WiFi, and is vastly better as a router than a general purpose Pi Zero W with everything going over a single USB bus.

Well you wont find anything better at doing WiFi routing than a WiFi router.


Reply to

yep and the 68u is an older model.

the more recent 86u includes hardware encryption, giving a huge boost to vpn performance.


Reply to

Don't try to make sense of the Asus model numbering.


formatting link
Broadcom BCM4706 (600 MHz, 1 core)


formatting link
Broadcom BCM4708C0 (1 GHz, 2 cores)


formatting link
Broadcom BCM4708A0 (800 MHz, 2 cores)

RT-AC68U Extreme

formatting link
Broadcom BCM4906 (1.8 GHz, 2 cores) VPN Acceleration using hardware encryption


formatting link
Broadcom BCM4906 (1.8 GHz, 2 cores) VPN Acceleration using hardware encryption

My favorite ASUS firmware mutation:

formatting link

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.