I‘ve got a spare USB Wireless Adapters (WIFI adapter/dongle) and my ISP router does not support wireless option. How do I turn my home nas server into a wireless access point (WAP) that allows wireless devices to connect to a wired network using Wi-Fi under a Debian or Ubuntu Linux operating systems without purchasing additional WPA box? How do I setup an Access Point (AP) mode Wi-Fi hotspot on a Debian or Ubuntu Linux operating systems?

Tutorial details
Difficulty Intermediate
Root privileges Yes
Requirements Wifi card (USB dongle)
in Maste (AP) mode

You need to use hostapd server as access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. The current version supports Linux:

  1. Host AP
  2. madwifi
  3. mac80211-based

You can use USB or PCI / Mini-PCI based network card. Please note that not all network cards or drivers support AP mode.

Sample setup

  1. wlan0 – Wireless PCI or USB device connected to Linux with a/b/g and WPA2 support in AP mode.
  2. eth0 – Wired ethernet port connected to the upstream router / switch for the Internet access.

Sample network diagram:

    |\      +------------+ RJ-11/ADSL-line
      \-----+ ISP Router |                     +--------+
            +------------+ RJ-45 (eth0) -------+ Switch |
             with DNS/DHCPD                    |
             server +                          +----> Laptop wireless 
             Firewall                          |      
                                               +----> Home nas server with wifi card wlan0 and eth0 wired 
                                               |      with static IP
                                               +----> Desktop wired 
                                               +----> HP Printer wired
                                               +----> Andriod tablet wireless
                                               +----> Andriod mobile phone wireless and so on

Step #1: Install hostapd

Type the following command:
# apt-get install hostapd
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.
Need to get 346 kB of archives.
After this operation, 877 kB of additional disk space will be used.
Get:1 http://debian.osuosl.org/debian/ squeeze/main hostapd amd64 1:0.6.10-2 [346 kB]
Fetched 346 kB in 2s (151 kB/s)   
Selecting previously deselected package hostapd.
(Reading database ... 267669 files and directories currently installed.)
Unpacking hostapd (from .../hostapd_1%3a0.6.10-2_amd64.deb) ...
Processing triggers for man-db ...
Setting up hostapd (1:0.6.10-2) ...

Step #2: Configure hostapd

Edit /etc/default/hostapd, enter:
# vi /etc/default/hostapd
Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration file and hostapd will be started during system boot:


Save and close the file. Next create a text file called /etc/hostapd/hostapd.conf, enter:
Set interface name:

### Wireless network name ###
### Set your bridge name ###

Set driver name:


Set country name code in ISO/IEC 3166-1 format. This is used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power.

### (IN == INDIA, UK == United Kingdom, US == United Stats and so on ) ###

Set your SSID:


Set operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g)
Set channel number (some driver will only use 0 as value)


Set wpa mode to 2:


Set your passphrase (WiFi password):


Set key and auth optionsmanagement for WPA2:

## Key management algorithms ##
## Set cipher suites (encryption algorithms) ##
## TKIP = Temporal Key Integrity Protocol
## CCMP = AES in Counter mode with CBC-MAC
## Shared Key Authentication ##
## Accept all MAC address ###

Save and close the file.

How Do I start / stop / restart AP?

Use the following commands:
# /etc/init.d/hostapd start
# /etc/init.d/hostapd stop
# /etc/init.d/hostapd restart

Step #3: Configure /etc/network/interfaces

You can setup wlan0 in standalone mode or bridge it with eth0. The bridge mode will open your wireless client to access rest of the LAN and you will able to connect to the Internet. Most user bridge the wireless interface with the AP’s Internet-connected interface.

Set br0 (wlan0+eth0) in bridge mode

You need to install bridge-utils package for configuring the Linux Ethernet bridge:
# apt-get install bridge-utils
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.
Need to get 32.7 kB of archives.
After this operation, 176 kB of additional disk space will be used.
Get:1 http://debian.osuosl.org/debian/ squeeze/main bridge-utils amd64 1.4-5 [32.7 kB]
Fetched 32.7 kB in 1s (25.5 kB/s)                     
Selecting previously deselected package bridge-utils.
(Reading database ... 267692 files and directories currently installed.)
Unpacking bridge-utils (from .../bridge-utils_1.4-5_amd64.deb) ...
Processing triggers for man-db ...
Setting up bridge-utils (1.4-5) ...

Edit /etc/network/interfaces, enter:
# vi /etc/network/interfaces
Modify or set config as follows:

auto lo br0
iface lo inet loopback
# wireless wlan0
allow-hotplug wlan0
iface wlan0 inet manual
# eth0 connected to the ISP router
allow-hotplug eth0
iface eth0 inet manual
# Setup bridge 
iface br0 inet static
    bridge_ports wlan0 eth0
    ## isp router ip, also runs DHCPD ##

Save and close the file. At this stage I recommend that you reboot the computer or restart all services as follows (may not work over remote ssh session):
# /etc/init.d/networking restart
# /etc/init.d/hostapd restart

# reboot

A note about DHCPD server

Since you are running your WAP in bridge (br0) mode, DHCPD is not required on your WAP. It can use DHCPD server located anywhere on the LAN. In this example is an ISP router with DHCPD running on it. If you are not using DHCPD server, setup as follows:

A note about Firewall

You can install a firewall to protect from attacks. See how to install shorewall on Debian or Ubuntu Linux.

How do I troubleshoot WAP problems?

You will find WPA auth log info in /var/log/syslog file:
# tail -f /var/log/syslog
Find out if DHCPD relay working or not:
# tcpdump -n port 67 or port 68
Make sure firewall is not blocking required ports:
# /sbin/iptables -L -n -v | less
Make sure correct mac address are assigned and br0 is up and running:
# ifconfig br0
# ifconfig | grep HW
# brctl show
# brctl showmacs br0

Use these 8 Linux commands to find out wireless network speed, signal strength and other information:

Finally, make sure you use latest version of the following software

  • Linux kernel
  • Wireless card drivers and firmware
  • hostapd

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 32 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
32 comments… add one
  • Arun Kumar Aug 25, 2012 @ 18:08

    Thanks, this is wot am looking for….:-)

  • Rulet Oct 11, 2012 @ 11:20

    Hello Arun. Where to get SSID, I mean how to know what to write after ssid= ?

    • Champa Oct 25, 2012 @ 13:54

      SSID is yours to decide. Give it any random name you wish.

  • naxil Nov 8, 2012 @ 23:56

    hello.. i have used compat drivers..
    i have eth0 (come from other computers with ubuntu 10,04 and umts dongle (eth2) shared to eth1)… eth1 cable to 2ndpc eth0 (2nd computer with hostapd)

    now 2nd computer have wlan0. Hostpad is on running.. but i can’t share eth0 connection to wlan0
    i have do
    echo 1 > /proc/sys/net/ipv4/ip_forward
    and the iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE on 2ndpc
    but wlan0 not have the internet?? why??

  • Misha Jan 6, 2013 @ 16:28

    Worked perfectly, thank you!

  • Juan Carrizo Jan 11, 2013 @ 0:08

    Dont work in my debian squeeze, need new wireless router :Β΄( Thanks anyway ;)

  • pvswie Jan 22, 2013 @ 22:11

    I intend to build a AP based upon a USB wifi adapter.
    So far I spend several hours trying to find one that works but was unable to.
    This article indicates it exists.
    Can anyone provide some USB wifi adapter types (chipset) that work as AP.

    • sugatang itlog Jul 10, 2014 @ 1:59

      Very much apprecaited if any those that already tried this could tells us any particular brand and model perhaps for. Thanks!

    • betterLateThanNever Apr 17, 2017 @ 4:31

      Great instructions! I got it working with the following USB WiFi dongle: TP-Link TL-WN321G.

  • salem Feb 3, 2013 @ 3:42

    Hi I’m new on Linux and trying figure our certain things
    T tried to use vi editor but it hard to handle
    every key i pres it change another line on the file
    If you can explain how to make edit and save the line using vi cmmand

    • nuha Apr 15, 2014 @ 12:40

      hii try to use “gedit” than “vi”
      it more user friendly

  • Serge Mar 4, 2013 @ 12:02

    2 pvswie

    use ‘iw list’ command to check if your adapter support AP mode

    Supported interface modes:
    * IBSS
    * managed
    * AP
    * AP/VLAN
    * monitor

    Also browse http://linuxwireless.org/ to find if one you want to buy has AP mode

  • Vladimir Mar 4, 2013 @ 12:57


    which usb dongle have you used? Please advize what chipsets work with Ubuntu 12.04 64-bit.

    thnx, V.

  • Kevin May 16, 2013 @ 22:15

    Hello I wanted to try this out but I was looking at your diagram and got pretty confused. I’m looking to bridge my wlan1 with eth0 so I could hook up a switch to eth0 so my xbox, and win 8 computer can have internet. I have read so many articles, forums and what not I kinda hit a wall. My Linux box is a server with the wireless internet connection. It is always on. So hence why I would like to bridge its internet. You’re guide explains it but in the opposite manner. So would what I want even be possible?

  • Sergiy Pometun Dec 13, 2013 @ 9:07

    Thank you! Clear and correct. This is helped me.

  • Frank Jan 3, 2014 @ 12:32

    Useful article, but the ISO country code for the United Kingdom is “GB” – not “UK”.
    You’re confusing it with the domain suffix, which is .uk.

  • pir187 Jan 28, 2014 @ 5:57


    read your post wondering about two things:

    – What is this eth1 in /etc/network/interfaces for? Typo?
    – Why is eth0 configured AS static but no address is assigned?
    – Under which IP address can you reach your AP – not under, right?

    Looking forward to reading your answer, pir187

    • 🐧 Nix Craft Jul 9, 2014 @ 11:02

      It was a typo on my part. You need to use eth0. Yes, will be used by wireless client to get details such as DNS/router/ip etc.

  • Devin Jan 31, 2014 @ 20:33

    Great guide but I am having issues with the bridge. When I configure the /etc/network/interfaces to include the code above and attempt to reboot the computer, there are issues with networking and I am stuck at the splash screen before login with the “waiting for network configuration…” I have made a few swings and no avail. I am running Ubuntu 13.10. I am attempting to bridge my wlan0 and wlan1 connections.
    any assistance will be appriciated!

  • soumya Feb 6, 2014 @ 12:54

    * Starting advanced IEEE 802.11 management hostapd [fail]
    why is it failing

    • nuha Apr 15, 2014 @ 12:24

      hi i have some proble here the solution :
      #sudo hostapd –d /etc/hostapd/hostapd.conf

      then appear the output, you know why, because we just “copy paste” from the source here, then try to erase “space” lin line 3,31,37,40 etc
      then it will work

  • nuha Apr 15, 2014 @ 12:37

    dear all,
    this is my topology
    Legitimate AP – – – – –(wlan1) Rogue AP(wlan0)– – – – – user
    i try to make rogue/fake AP using hostapd with mode bridge, because i need to set up topology where : legitimate AP– – – – RAP– – – – User are in one network.
    i follow this guidance step by step, then i have a problem
    the first, when hostapd have not run the connection between legitimate AP and RAP running well.. but when i restart hostapd and change configure /etc/network/interfaces to make the PC as RAP, then restart the network
    something happen, the connection between legitimae AP and RAP become down..
    then my user PC stuck at obtaining ip address.

    i need your advice

    thank you

  • Raul Jul 15, 2014 @ 16:21


    I’ve configured everything by the book, to include even changing the “eth0” type. With that, I still am not seeing the SSID appear (it’s not broadcasting that I’ve configured (within /etc/hostapd/hostapd.conf) in order to connect to it from my other wireless devices. Any thoughts?

  • Amit Parajuli May 15, 2015 @ 6:13

    I get message like unable to locate hostpad. What can I do?

    • blyet Jul 24, 2015 @ 14:22

      maybe you’re misspelling hostapd as hostpad?

  • LarryT Jan 3, 2016 @ 13:57

    Very good faq !
    Thank you !
    I just noticed one mistake in the interfaces config :
    # eth0 connected to the ISP router
    allow-hotplug eth0
    iface eth1 inet manual

    ‘should be : iface eth0 inet manual, and not eth1.

    One could add mac filtring howto in hostapd config file too (from https://doc.ubuntu-fr.org/hostapd) :
    # Station MAC address -based authentication
    # 0 = accept unless in deny list
    # 1 = deny unless in accept list
    # 2 = use external RADIUS server (accept/deny lists are searched first)

    # Accept/deny lists are read from separate files

    Very good job anyway :-)

  • Viktor Feb 4, 2016 @ 18:56

    Hi! Thanks so much. I have successfully managed to create the AP, however when I connect to it I don’t have Internet on my phone. I know that I am to supposed to get online, but how do can access internet on my phone after i connect ?


  • VVict0rx Apr 12, 2016 @ 9:52

    great article. But if you someone don’t want to learn, there are also easy ways to set up ap hotspot in linux- few clicks and you there. One of method is ap-hotspot script- easy to set up and gives you lovely notifications about which devices are connecting or disconnecting from your acces point. Second method is network-manager, which will let you to set up hotspot with few very easy steps.

  • Shahid Apr 13, 2016 @ 11:28

    I am looking for the same thing however, I do not want any wired connection. My linux box will connect to my wifi adsl router through usb adapter 1. My other usb adapter 2 will be used for connection giving to the clients. I do not want to spend extra for ap. I am using ubuntu as file server and I would like to use the same machine for wap.
    Any suggestions?

  • Atheros Dec 4, 2016 @ 0:11

    2 pvswie:
    I just ran my new wifi network on this card: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01).
    My computer is small terminal Thin HP e5740e with Intel Atom 1,66 MHz.

    Big thanks to the Author for this Howto.

  • Peter Hillyard Dec 6, 2016 @ 1:15

    I was able to successfully set up a Intel NUC running Ubuntu 14.04 as an AP using


    However, I would like to set the AP on a 5 GHz channel. So I set


    But I get the following output:

    wlan1: IEEE 802.11 Configured channel (48) not found from the channel list of current mode (2) IEEE 802.11a
    wlan1: IEEE 802.11 Hardware does not support configured channel
    Could not select hw_mode and channel. (-3)
    wlan1: interface state UNINITIALIZED->DISABLED
    wlan1: AP-DISABLED
    wlan1: Unable to setup interface.

    Has anyone successfully used Ubuntu 14.04 as a 5 GHz AP using hostapd?

  • ap.setup Jul 17, 2020 @ 19:57

    Helpful, an example, some colleges still allow students to have their own wireless access points (WAPs). They require that the WAPs not hand out private IP addresses (like routers with DHCP/NAT) because it makes it difficult to track down which client is causing problems (eg. virus infections, worms, etc.)

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum