This is a first post in a row of several ones dealing with DietPi’s WiFi functionality.
It describes the options of an Ad blocker extension like AdGuard Home resp. Pi-hole and how to combine it with your DietPi WiFi HotSpot.
The WiFi HotSpot of DietPi gives an easy to use subordinated WiFi subnet routet to a superimposed Ethernet LAN. It might be used to implement a guest network. It can also be extended with an Ad blocker to serve as an ad-free WiFi (isolated) subnet.
This blog post is one of a series regarding setup and usage of WiFi subjects:
- DietPi’s WiFi – Part 1: Combining the WiFi HotSpot with an Ad blocker
- DietPi’s WiFi – Part 2: WiFi-to-LAN gateway
- DietPi’s WiFi: Extend network with Bridging – Part 3 (t.b.d.)
Table of contents
1. Introduction
1.1 DietPi’s WiFi HotSpot
The WiFi HotSpot functionality is described in the DietPi documentation: WiFi HotSpot.
It serves as a WiFi access point with these properties:
- connect the hotspot to the LAN area (DHCP client or fixed IP address settable via
dietpi-config) - form a WiFi area with an own configurable subnet (WiFi settings via
dietpi-config) - provide a configurable DHCP server covering the WiFi area
- route the network traffic from the WiFi area to the internet
- block access from the WiFi area to the LAN area and vice versa
The dietpi-software installation has these default values for the WiFi area:
- Subnet: 192.168.42.0 .. 192.168.42.255
- Subnet mask: 255.255.255.0
- Default gateway: 192.168.42.1
As a result, the WiFi HotSpot can serve as an isolated guest access point preventing access to the home network.
1.2 System structures with an Ad blocker
The WiFi HotSpot functionality neither does contain an Ad blocker, nor uses an external Ad blocker by default. DietPi offers the software options Pi-hole and AdGuard Home, so it can be a good practice to activate such an Ad blocker for devices connected to the WiFi area.
Basically, the following architectures can be used:
- Ad blocker integrated into the WiFi Hotspot device (serving only for the WiFi area)
- Ad blocker running as an own device in the WiFi area (serving only for the WiFi area)
- Ad blocker running in the LAN area (serving for the LAN area as well as for the WiFi area)
The following graphic shows this for option 1. (Ad blocker integrated into the WiFi Hotspot device):
The following graphic shows this for option 3. (Ad blocker running in the LAN area):
The following installation and setup chapter shows how to configure these architectural options.
1.3 Onboard WiFi and external WiFi adapters
Some Hardware devices running DietPi do not have onboard WiFi (e.g. Raspberry Pi 2, ODROID N2, NanoPi R5/R6, Orange Pi 5, Radxa ROCK 5), others have onboard WiFi (e.g. Raspberry Pi 4, NanoPi M4v2, Rock Pi S), which is limited in its range, so there are cases to use an add-on WiFi like e.g. a WiFi USB stick.
1.3.1 Check USB detection
The USB detection of the device can be checked by using the command lsusb. The output can be compared without and with the USB stick. Example (WiFi stick in bold):
lsusbroot@hotspot:~# lsusb
Bus 001 Device 004: ID 2001:3319 D-Link Corp. DWA-131 Wireless N Nano Adapter (Rev. E1) [Realtek RTL8192EU]
Bus 001 Device 003: ID 0424:ec00 Microchip Technology, Inc. (formerly SMSC) SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Microchip Technology, Inc. (formerly SMSC) SMC9514 Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
root@hotspot:~#1.3.2 Check kernel device support
Not every of these external devices are supported by the Debian kernel by default. This can be checked in advance by executing the following steps. Futher troubleshooting is described in chapter 4. Issues with external WiFi adapters.
The kernel support can be checked via dietpi-config: If the WiFi adapter is found in the menu option “Network Options: Adapters” (-> WiFi: Available) and a connection to a WLAN can be established, the necessary prerequisites are proven.
2. Installation and setup
The following installation is illustrated with the Ad blocker AdGuard Home, the usage of Pi-hole is done in the same manner. An installation of Unbound, a validating, recursive, caching DNS resolver which increases the internet privacy, is optional.
2.1 Base installation of hotspot and Ad blocker
The base installation is executed with this easy command line (installation with Unbound):
dietpi-software install 60 126 182This installs the WiFi HotSpot (60), AdGuard Home (126) and Unbound (182) within one step.
2.2 Integration of the Ad blocker into the hotspot
As a next step, the Ad blocker (AdGuard Home) needs to be configured to the WiFi HotSpot. After the base installation described in the previous chapter, the WiFi HotSpot uses the so called “Quad9” addresses to be used as the primary DNS server (IPv4: 9.9.9.9, 149.112.112.112). This is the WiFi HotSpot installation configuration within the file /etc/dhcp/dhcpd.conf (option domain-name-servers):
authoritative;
#default-lease-time 43200;
#max-lease-time 86400;
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.250;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
option domain-name "local";
option domain-name-servers 9.9.9.9, 149.112.112.112;
}Remark: The configuration of the file dhcpd.conf match to the graphics given in the introduction chapter.
Now, the configuration file needs to be changed, so that it directs the name servers directive to the IP address running AdGuard Home which is the WiFi HotSpot itself (192.168.42.1):
authoritative;
#default-lease-time 43200;
#max-lease-time 86400;
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.250;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
option domain-name "local";
option domain-name-servers 192.168.42.1;
}Remarks: The final ‘;’ in the line must not be omitted. The real IP address must be used, a placeholder like ‘127.0.0.1’ or ‘localhost’ will not work.
As a final step, the DHCP server is restarted via
systemctl restart isc-dhcp-server.service2.3 Diagnosis
2.3.1 WiFi diagnosis
A basic WiFi diagnosis with some information about the WiFi hardware status can be obtained via iwconfig.
iwconfig wlan0This e.g. shows:
root@hotspot:~# iwconfig wlan0
wlan0 IEEE 802.11 Mode:Master Tx-Power=20 dBm
Retry short limit:7 RTS thr=2347 B Fragment thr:off
Power Management:offIn addition, the IP settings can be obtained via ip.
ip a show wlan0This e.g. shows:
root@hotspot:~# ip a show wlan0
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 64:70:af:fe:08:15 brd ff:ff:ff:ff:ff:ff
inet 192.168.42.1/24 brd 192.168.42.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::6780:dead:affe:4711/64 scope link
valid_lft forever preferred_lft forever2.3.2 Basic services status diagnosis
To diagnose the status of the running services of the hotspot, DHCP server, AdGuard Home and Unbound, the following command can be used:
systemctl status isc-dhcp-server hostapd adguardhome unboundIn addition, the IP address status of the WiFi HotSpot can be monitored via ip a.
2.3.3 Journal diagnosis
Diagnostic messages of the DHCP server can be retrieved from the Linux journal via
journalctl -u isc-dhcp-serverresp.
journalctl -u isc-dhcp-server -u hostapd -u ifup@wlan02.3.4 DHCP address diagnosis
The DHCP server signals the assigned IP addresses within the file /var/lib/dhcp/dhcpd.leases.
cat /var/lib/dhcp/dhcpd.leasesAs an example, its contents might look like this:
root@hotspot:~# cat /var/lib/dhcp/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-4.4.3-P1
# authoring-byte-order entry is generated, DO NOT DELETE
authoring-byte-order little-endian;
lease 192.168.42.11 {
starts 5 2023/12/24 21:34:56;
ends 6 2023/12/25 09:34:56;
cltt 5 2023/12/24 21:34:56;
binding state active;
next binding state free;
rewind binding state free;
hardware ethernet 0c:8b:af:fe:47:11;
uid "\001\014\213\375n\3759";
set vendor-class-identifier = "android-dhcp-12";
client-hostname "Mama smartphone";
}The example shows one assigned IP address 192.168.42.11 to an Android smartphone with a DHCP lease time of twelve hours (option default-lease-time in file dhcpd.conf).
2.4 Example AdGuard: Manage blocklists
In AdGuard Home, a blocklist management is contained which offers predefined lists. The management interface is accessible via port 8083, e.g:
http://hotspot:8083/The default login and password is given in the DietPi AdGuard Home documentation (admin/dietpi).
The configuration dialog can be called via the “Filters” -> “DNS blocklists” menu entry.
Also, DNS whitelists, services blocking, etc. can be set. See the AdGuard Home Wiki for further details.
2.5 Option: Ad blocker located in superimposed network
If there is already an Ad blocker present (e.g. in the superimposed LAN area), this can also be used for the WiFi area. This is achieved with these steps:
- Installation of the DietPi WiFi-HotSpot
- Configuration of the Ad blocker’s IP address in
/etc/dhcp/dhcpd.conf - Restart of the HotSpot (alternative: System reboot)
The installation of the DietPi WiFi-Hotspot (without an Ad blocker) is done via
dietpi-software install 60Often a system reboot is necessary and should be executed to be sure: reboot
In the next step, the IP address of the Ad blocker has to be edited within /etc/dhcp/dhcpd.conf by setting the option domain-name-servers: This is set to option domain-name-servers 9.9.9.9, 149.112.112.112; by default. Assumed is that the router in the LAN area has an IP address of 192.168.178.1 and the Ad blocker has an IP address 192.168.178.2, the contents of the file dhcpd.conf might look like:
authoritative;
#default-lease-time 43200;
#max-lease-time 86400;
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.250;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
option domain-name "local";
option domain-name-servers 192.168.178.2;
}Remarks: The final ‘;’ in the line must not be omitted. The real IP address must be used, a hostname like ‘pihole.fritz.box’ will not work.
3. Hints
3.1 No use of a DHCP functionality in the Ad blocker
It is important, that DHCP functionality which is optional within Ad blockers like Pi-hole or AdGuard Home must be disabled, otherwise this conflicts with the DCHP server installed by the WiFi HotSpot package (isc-dhcp-server).
3.2 Memory issues when handling large block lists
It shall be noted, that in case of large block lists, much RAM is needed on the system running the Ad blocker. This should be monitored, e.g. via htop to avoid poor memory.
The slogan “A lot helps a lot” might not be a perfect idea for blocklists in all cases.
4. Issues with external WiFi adapters
The following USB WiFi adapters were tested on a RPi 4, DietPi v8.24 and Debian Bookworm getting the following results:
| USB ID | Description | WiFi Chip | Result |
| 0bda:8178 | TP-LINK TL-WN823N 802.11 b/g/n | Realtek RTL8192CU | OK |
| 2001:3319 | D-Link DWA-131 802.11 b/g/n | Realtek RTL8192EU | OK |
| 0bda:b812 | BrosTrend AC3 WLAN stick (AC1200) 802.11 b/g/n/ac | Realtek RTL88x2bu | OK (manual driver installation) |
| 148f:5572 | CSL USB 2.0 WLAN Adapter, Mod.-Nr.: 27395 802.11 b/g/n | Ralink RT5572 | OK |
BrosTrend AC1200: Driver installation was necessary. See https://github.com/morrownr/88x2bu-20210702 resp. https://docs.alfa.com.tw/Support/Linux/RTL8812BU for details.
How can I change the subnet and make the Ip address static?
I want the router address to be eg 192.169.111.0
and the Broadcast Ip to be 192.168.111.111
Thanks In advanced.
Do you mean the WiFi area?
If yes, maybe our DietPi documentation helps: https://dietpi.com/docs/software/advanced_networking/#__tabbed_1_3
Enhance your WiFi HotSpot experience with AdGuard Home or Pi-hole! Extend your network’s security and privacy by blocking unwanted ads, trackers, and malware at the DNS level. Enjoy a faster, cleaner internet connection for all your devices. With user-friendly setups, these tools ensure a seamless browsing experience while safeguarding your online activities. Upgrade your HotSpot now for a safer and more efficient online environment.
AdGuard Home resp extensions are really effective in WiFi HotSpot. I appreciate these new features.
Good
Can this be extended to create a mesh WiFi network? eg using an SBC as a WiFi node in various locations around the house, and then being able to walk between rooms and seamlessly switch to the best WiFi node connection?