Debian / Ubuntu Linux: Setup Wireless Access Point (WAP) with Hostapd

by on August 25, 2012 · 22 comments· LAST UPDATED July 9, 2014

in , , ,

I've got a spare USB Wireless Adapters (WIFI adapter/dongle) and my ISP router does not support wireless option. How do I turn my home nas server into a wireless access point (WAP) that allows wireless devices to connect to a wired network using Wi-Fi under Debian or Ubuntu Linux operating systems without purchasing additional WPA box?

Tutorial details
DifficultyIntermediate
Root privilegesYes
RequirementsWifi card (USB dongle)
in Maste (AP) mode

You need to use hostapd server as access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. The current version supports Linux:

  1. Host AP
  2. madwifi
  3. mac80211-based

You can use USB or PCI / Mini-PCI based network card. Please note that not all network cards or drivers support AP mode.

Sample setup

  1. wlan0 - Wireless PCI or USB device connected to Linux with a/b/g and WPA2 support in AP mode.
  2. eth0 - Wired ethernet port connected to the upstream router / switch for the Internet access.

Sample network diagram:

Internet
  \
    \\
    |\      +------------+ RJ-11/ADSL-line
      \-----+ ISP Router |                     +--------+
            +------------+ RJ-45 (eth0) -------+ Switch |
             192.168.1.2                       +--------+
             with DNS/DHCPD                    |
             server +                          +----> Laptop wireless
             Firewall                          |
                                               +----> Home nas server with wifi card wlan0 and eth0 wired
                                               |      with 192.168.1.11 static IP
                                               +----> Desktop wired
                                               |
                                               +----> HP Printer wired
                                               |
                                               +----> Andriod tablet wireless
                                               |
                                               +----> Andriod mobile phone wireless and so on

Step #1: Install hostapd

Type the following command:
# apt-get install hostapd
Sample outputs:

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  hostapd
0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.
Need to get 346 kB of archives.
After this operation, 877 kB of additional disk space will be used.
Get:1 http://debian.osuosl.org/debian/ squeeze/main hostapd amd64 1:0.6.10-2 [346 kB]
Fetched 346 kB in 2s (151 kB/s)
Selecting previously deselected package hostapd.
(Reading database ... 267669 files and directories currently installed.)
Unpacking hostapd (from .../hostapd_1%3a0.6.10-2_amd64.deb) ...
Processing triggers for man-db ...
Setting up hostapd (1:0.6.10-2) ...

Step #2: Configure hostapd

Edit /etc/default/hostapd, enter:
# vi /etc/default/hostapd
Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration file and hostapd will be started during system boot:

 
DAEMON_CONF="/etc/hostapd/hostapd.conf"
 

Save and close the file. Next create a text file called /etc/hostapd/hostapd.conf, enter:
Set interface name:

### Wireless network name ###
interface=wlan0
 
### Set your bridge name ###
bridge=br0
 

Set driver name:

 
driver=nl80211
 

Set country name code in ISO/IEC 3166-1 format. This is used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power.

 
### (IN == INDIA, UK == United Kingdom, US == United Stats and so on ) ###
country_code=IN
 

Set your SSID:

 
ssid=nixcraft
 

Set operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g)
hw_mode=g
Set channel number (some driver will only use 0 as value)

 
channel=6
 

Set wpa mode to 2:

 
wpa=2
 

Set your passphrase (WiFi password):

 
wpa_passphrase=MyWiFiPassword
 

Set key and auth optionsmanagement for WPA2:

## Key management algorithms ##
wpa_key_mgmt=WPA-PSK
 
## Set cipher suites (encryption algorithms) ##
## TKIP = Temporal Key Integrity Protocol
## CCMP = AES in Counter mode with CBC-MAC
wpa_pairwise=TKIP
rsn_pairwise=CCMP
 
## Shared Key Authentication ##
auth_algs=1
 
## Accept all MAC address ###
macaddr_acl=0
 

Save and close the file.

How Do I start / stop / restart AP?

Use the following commands:
# /etc/init.d/hostapd start
# /etc/init.d/hostapd stop
# /etc/init.d/hostapd restart

Step #3: Configure /etc/network/interfaces

You can setup wlan0 in standalone mode or bridge it with eth0. The bridge mode will open your wireless client to access rest of the LAN and you will able to connect to the Internet. Most user bridge the wireless interface with the AP's Internet-connected interface.

Set br0 (wlan0+eth0) in bridge mode

You need to install bridge-utils package for configuring the Linux Ethernet bridge:
# apt-get install bridge-utils
Sample outputs:

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  bridge-utils
0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.
Need to get 32.7 kB of archives.
After this operation, 176 kB of additional disk space will be used.
Get:1 http://debian.osuosl.org/debian/ squeeze/main bridge-utils amd64 1.4-5 [32.7 kB]
Fetched 32.7 kB in 1s (25.5 kB/s)
Selecting previously deselected package bridge-utils.
(Reading database ... 267692 files and directories currently installed.)
Unpacking bridge-utils (from .../bridge-utils_1.4-5_amd64.deb) ...
Processing triggers for man-db ...
Setting up bridge-utils (1.4-5) ...

Edit /etc/network/interfaces, enter:
# vi /etc/network/interfaces
Modify or set config as follows:

 
auto lo br0
iface lo inet loopback
 
# wireless wlan0
allow-hotplug wlan0
iface wlan0 inet manual
 
# eth0 connected to the ISP router
allow-hotplug eth0
iface eth1 inet manual
 
# Setup bridge
iface br0 inet static
    bridge_ports wlan0 eth0
    address 192.168.1.11
    netmask 255.255.255.0
    network 192.168.1.0
    ## isp router ip, 192.168.1.2 also runs DHCPD ##
    gateway 192.168.1.2
    dns-nameservers 192.168.1.2
 

Save and close the file. At this stage I recommend that you reboot the computer or restart all services as follows (may not work over remote ssh session):
# /etc/init.d/networking restart
# /etc/init.d/hostapd restart

OR
# reboot

A note about DHCPD server

Since you are running your WAP in bridge (br0) mode, DHCPD is not required on your WAP. It can use DHCPD server located anywhere on the LAN. In this example 192.168.1.2 is an ISP router with DHCPD running on it. If you are not using DHCPD server, setup as follows:

A note about Firewall

You can install a firewall to protect from attacks. See how to install shorewall on Debian or Ubuntu Linux.

How do I troubleshoot WAP problems?

You will find WPA auth log info in /var/log/syslog file:
# tail -f /var/log/syslog
Find out if DHCPD relay working or not:
# tcpdump -n port 67 or port 68
Make sure firewall is not blocking required ports:
# /sbin/iptables -L -n -v | less
Make sure correct mac address are assigned and br0 is up and running:
# ifconfig br0
# ifconfig | grep HW
# brctl show
# brctl showmacs bro

Use these 8 Linux commands to find out wireless network speed, signal strength and other information:

Finally, make sure you use latest version of the following software

  • Linux kernel
  • Wireless card drivers and firmware
  • hostapd
References
TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 22 comments… read them below or add one }

1 Arun Kumar August 25, 2012 at 6:08 pm

Thanks, this is wot am looking for….:-)

Reply

2 Rulet October 11, 2012 at 11:20 am

Hello Arun. Where to get SSID, I mean how to know what to write after ssid= ?

Reply

3 Champa October 25, 2012 at 1:54 pm

SSID is yours to decide. Give it any random name you wish.

Reply

4 naxil November 8, 2012 at 11:56 pm

hello.. i have used compat drivers..
i have eth0 (come from other computers with ubuntu 10,04 and umts dongle (eth2) shared to eth1)… eth1 cable to 2ndpc eth0 (2nd computer with hostapd)

now 2nd computer have wlan0. Hostpad is on running.. but i can’t share eth0 connection to wlan0
i have do
echo 1 > /proc/sys/net/ipv4/ip_forward
and the iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE on 2ndpc
but wlan0 not have the internet?? why??

Reply

5 Misha January 6, 2013 at 4:28 pm

Worked perfectly, thank you!

Reply

6 Juan Carrizo January 11, 2013 at 12:08 am

Dont work in my debian squeeze, need new wireless router :´( Thanks anyway ;)

Reply

7 pvswie January 22, 2013 at 10:11 pm

Hi,
I intend to build a AP based upon a USB wifi adapter.
So far I spend several hours trying to find one that works but was unable to.
This article indicates it exists.
Can anyone provide some USB wifi adapter types (chipset) that work as AP.

Reply

8 sugatang itlog July 10, 2014 at 1:59 am

Very much apprecaited if any those that already tried this could tells us any particular brand and model perhaps for. Thanks!

Reply

9 salem February 3, 2013 at 3:42 am

Hi I’m new on Linux and trying figure our certain things
T tried to use vi editor but it hard to handle
every key i pres it change another line on the file
If you can explain how to make edit and save the line using vi cmmand

Reply

10 nuha April 15, 2014 at 12:40 pm

hii try to use “gedit” than “vi”
it more user friendly

Reply

11 Serge March 4, 2013 at 12:02 pm

2 pvswie

use ‘iw list’ command to check if your adapter support AP mode

Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor

Also browse http://linuxwireless.org/ to find if one you want to buy has AP mode

Reply

12 Vladimir March 4, 2013 at 12:57 pm

Hi,

which usb dongle have you used? Please advize what chipsets work with Ubuntu 12.04 64-bit.

thnx, V.

Reply

13 Kevin May 16, 2013 at 10:15 pm

Hello I wanted to try this out but I was looking at your diagram and got pretty confused. I’m looking to bridge my wlan1 with eth0 so I could hook up a switch to eth0 so my xbox, and win 8 computer can have internet. I have read so many articles, forums and what not I kinda hit a wall. My Linux box is a server with the wireless internet connection. It is always on. So hence why I would like to bridge its internet. You’re guide explains it but in the opposite manner. So would what I want even be possible?

Reply

14 Sergiy Pometun December 13, 2013 at 9:07 am

Thank you! Clear and correct. This is helped me.

Reply

15 Frank January 3, 2014 at 12:32 pm

Useful article, but the ISO country code for the United Kingdom is “GB” – not “UK”.
You’re confusing it with the domain suffix, which is .uk.

Reply

16 pir187 January 28, 2014 at 5:57 am

Hi,

read your post wondering about two things:

- What is this eth1 in /etc/network/interfaces for? Typo?
- Why is eth0 configured AS static but no address is assigned?
- Under which IP address can you reach your AP – not under 192.168.1.11, right?

Looking forward to reading your answer, pir187

Reply

17 Nix Craft July 9, 2014 at 11:02 am

It was a typo on my part. You need to use eth0. Yes, 192.168.1.11 will be used by wireless client to get details such as DNS/router/ip etc.

Reply

18 Devin January 31, 2014 at 8:33 pm

Great guide but I am having issues with the bridge. When I configure the /etc/network/interfaces to include the code above and attempt to reboot the computer, there are issues with networking and I am stuck at the splash screen before login with the “waiting for network configuration…” I have made a few swings and no avail. I am running Ubuntu 13.10. I am attempting to bridge my wlan0 and wlan1 connections.
any assistance will be appriciated!

Reply

19 soumya February 6, 2014 at 12:54 pm

* Starting advanced IEEE 802.11 management hostapd [fail]
why is it failing

Reply

20 nuha April 15, 2014 at 12:24 pm

hi i have some proble here the solution :
#sudo hostapd –d /etc/hostapd/hostapd.conf

then appear the output, you know why, because we just “copy paste” from the source here, then try to erase “space” lin line 3,31,37,40 etc
then it will work

Reply

21 nuha April 15, 2014 at 12:37 pm

dear all,
this is my topology
Legitimate AP – – – – –(wlan1) Rogue AP(wlan0)– – – – – user
i try to make rogue/fake AP using hostapd with mode bridge, because i need to set up topology where : legitimate AP– – – – RAP– – – – User are in one network.
i follow this guidance step by step, then i have a problem
the first, when hostapd have not run the connection between legitimate AP and RAP running well.. but when i restart hostapd and change configure /etc/network/interfaces to make the PC as RAP, then restart the network
something happen, the connection between legitimae AP and RAP become down..
then my user PC stuck at obtaining ip address.

i need your advice

thank you

Reply

22 Raul July 15, 2014 at 4:21 pm

Hi,

I’ve configured everything by the book, to include even changing the “eth0″ type. With that, I still am not seeing the SSID appear (it’s not broadcasting that I’ve configured (within /etc/hostapd/hostapd.conf) in order to connect to it from my other wireless devices. Any thoughts?

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: