Debian / Ubuntu Linux: Setup Wireless Access Point (WAP) with Hostapd

last updated in Categories , , ,

I‘ve got a spare USB Wireless Adapters (WIFI adapter/dongle) and my ISP router does not support wireless option. How do I turn my home nas server into a wireless access point (WAP) that allows wireless devices to connect to a wired network using Wi-Fi under a Debian or Ubuntu Linux operating systems without purchasing additional WPA box? How do I setup an Access Point (AP) mode Wi-Fi hotspot on a Debian or Ubuntu Linux operating systems?

Tutorial details
Root privilegesYes
RequirementsWifi card (USB dongle)
in Maste (AP) mode

You need to use hostapd server as access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS authentication server. The current version supports Linux:

  1. Host AP
  2. madwifi
  3. mac80211-based

You can use USB or PCI / Mini-PCI based network card. Please note that not all network cards or drivers support AP mode.

Sample setup

  1. wlan0 – Wireless PCI or USB device connected to Linux with a/b/g and WPA2 support in AP mode.
  2. eth0 – Wired ethernet port connected to the upstream router / switch for the Internet access.

Sample network diagram:

    |\      +------------+ RJ-11/ADSL-line
      \-----+ ISP Router |                     +--------+
            +------------+ RJ-45 (eth0) -------+ Switch |
             with DNS/DHCPD                    |
             server +                          +----> Laptop wireless 
             Firewall                          |      
                                               +----> Home nas server with wifi card wlan0 and eth0 wired 
                                               |      with static IP
                                               +----> Desktop wired 
                                               +----> HP Printer wired
                                               +----> Andriod tablet wireless
                                               +----> Andriod mobile phone wireless and so on

Step #1: Install hostapd

Type the following command:
# apt-get install hostapd
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.
Need to get 346 kB of archives.
After this operation, 877 kB of additional disk space will be used.
Get:1 squeeze/main hostapd amd64 1:0.6.10-2 [346 kB]
Fetched 346 kB in 2s (151 kB/s)   
Selecting previously deselected package hostapd.
(Reading database ... 267669 files and directories currently installed.)
Unpacking hostapd (from .../hostapd_1%3a0.6.10-2_amd64.deb) ...
Processing triggers for man-db ...
Setting up hostapd (1:0.6.10-2) ...

Step #2: Configure hostapd

Edit /etc/default/hostapd, enter:
# vi /etc/default/hostapd
Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration file and hostapd will be started during system boot:


Save and close the file. Next create a text file called /etc/hostapd/hostapd.conf, enter:
Set interface name:

### Wireless network name ###
### Set your bridge name ###

Set driver name:


Set country name code in ISO/IEC 3166-1 format. This is used to set regulatory domain. Set as needed to indicate country in which device is operating. This can limit available channels and transmit power.

### (IN == INDIA, UK == United Kingdom, US == United Stats and so on ) ###

Set your SSID:


Set operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g)
Set channel number (some driver will only use 0 as value)


Set wpa mode to 2:


Set your passphrase (WiFi password):


Set key and auth optionsmanagement for WPA2:

## Key management algorithms ##
## Set cipher suites (encryption algorithms) ##
## TKIP = Temporal Key Integrity Protocol
## CCMP = AES in Counter mode with CBC-MAC
## Shared Key Authentication ##
## Accept all MAC address ###

Save and close the file.

How Do I start / stop / restart AP?

Use the following commands:
# /etc/init.d/hostapd start
# /etc/init.d/hostapd stop
# /etc/init.d/hostapd restart

Step #3: Configure /etc/network/interfaces

You can setup wlan0 in standalone mode or bridge it with eth0. The bridge mode will open your wireless client to access rest of the LAN and you will able to connect to the Internet. Most user bridge the wireless interface with the AP’s Internet-connected interface.

Set br0 (wlan0+eth0) in bridge mode

You need to install bridge-utils package for configuring the Linux Ethernet bridge:
# apt-get install bridge-utils
Sample outputs:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 15 not upgraded.
Need to get 32.7 kB of archives.
After this operation, 176 kB of additional disk space will be used.
Get:1 squeeze/main bridge-utils amd64 1.4-5 [32.7 kB]
Fetched 32.7 kB in 1s (25.5 kB/s)                     
Selecting previously deselected package bridge-utils.
(Reading database ... 267692 files and directories currently installed.)
Unpacking bridge-utils (from .../bridge-utils_1.4-5_amd64.deb) ...
Processing triggers for man-db ...
Setting up bridge-utils (1.4-5) ...

Edit /etc/network/interfaces, enter:
# vi /etc/network/interfaces
Modify or set config as follows:

auto lo br0
iface lo inet loopback
# wireless wlan0
allow-hotplug wlan0
iface wlan0 inet manual
# eth0 connected to the ISP router
allow-hotplug eth0
iface eth0 inet manual
# Setup bridge 
iface br0 inet static
    bridge_ports wlan0 eth0
    ## isp router ip, also runs DHCPD ##

Save and close the file. At this stage I recommend that you reboot the computer or restart all services as follows (may not work over remote ssh session):
# /etc/init.d/networking restart
# /etc/init.d/hostapd restart

# reboot

A note about DHCPD server

Since you are running your WAP in bridge (br0) mode, DHCPD is not required on your WAP. It can use DHCPD server located anywhere on the LAN. In this example is an ISP router with DHCPD running on it. If you are not using DHCPD server, setup as follows:

A note about Firewall

You can install a firewall to protect from attacks. See how to install shorewall on Debian or Ubuntu Linux.

How do I troubleshoot WAP problems?

You will find WPA auth log info in /var/log/syslog file:
# tail -f /var/log/syslog
Find out if DHCPD relay working or not:
# tcpdump -n port 67 or port 68
Make sure firewall is not blocking required ports:
# /sbin/iptables -L -n -v | less
Make sure correct mac address are assigned and br0 is up and running:
# ifconfig br0
# ifconfig | grep HW
# brctl show
# brctl showmacs br0

Use these 8 Linux commands to find out wireless network speed, signal strength and other information:

Finally, make sure you use latest version of the following software

  • Linux kernel
  • Wireless card drivers and firmware
  • hostapd

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

31 comment

  1. hello.. i have used compat drivers..
    i have eth0 (come from other computers with ubuntu 10,04 and umts dongle (eth2) shared to eth1)… eth1 cable to 2ndpc eth0 (2nd computer with hostapd)

    now 2nd computer have wlan0. Hostpad is on running.. but i can’t share eth0 connection to wlan0
    i have do
    echo 1 > /proc/sys/net/ipv4/ip_forward
    and the iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE on 2ndpc
    but wlan0 not have the internet?? why??

  2. Hi,
    I intend to build a AP based upon a USB wifi adapter.
    So far I spend several hours trying to find one that works but was unable to.
    This article indicates it exists.
    Can anyone provide some USB wifi adapter types (chipset) that work as AP.

    1. Very much apprecaited if any those that already tried this could tells us any particular brand and model perhaps for. Thanks!

    2. Great instructions! I got it working with the following USB WiFi dongle: TP-Link TL-WN321G.

  3. Hi I’m new on Linux and trying figure our certain things
    T tried to use vi editor but it hard to handle
    every key i pres it change another line on the file
    If you can explain how to make edit and save the line using vi cmmand

  4. 2 pvswie

    use ‘iw list’ command to check if your adapter support AP mode

    Supported interface modes:
    * IBSS
    * managed
    * AP
    * AP/VLAN
    * monitor

    Also browse to find if one you want to buy has AP mode

  5. Hi,

    which usb dongle have you used? Please advize what chipsets work with Ubuntu 12.04 64-bit.

    thnx, V.

  6. Hello I wanted to try this out but I was looking at your diagram and got pretty confused. I’m looking to bridge my wlan1 with eth0 so I could hook up a switch to eth0 so my xbox, and win 8 computer can have internet. I have read so many articles, forums and what not I kinda hit a wall. My Linux box is a server with the wireless internet connection. It is always on. So hence why I would like to bridge its internet. You’re guide explains it but in the opposite manner. So would what I want even be possible?

  7. Useful article, but the ISO country code for the United Kingdom is “GB” – not “UK”.
    You’re confusing it with the domain suffix, which is .uk.

  8. Hi,

    read your post wondering about two things:

    – What is this eth1 in /etc/network/interfaces for? Typo?
    – Why is eth0 configured AS static but no address is assigned?
    – Under which IP address can you reach your AP – not under, right?

    Looking forward to reading your answer, pir187

    1. It was a typo on my part. You need to use eth0. Yes, will be used by wireless client to get details such as DNS/router/ip etc.

  9. Great guide but I am having issues with the bridge. When I configure the /etc/network/interfaces to include the code above and attempt to reboot the computer, there are issues with networking and I am stuck at the splash screen before login with the “waiting for network configuration…” I have made a few swings and no avail. I am running Ubuntu 13.10. I am attempting to bridge my wlan0 and wlan1 connections.
    any assistance will be appriciated!

    1. hi i have some proble here the solution :
      #sudo hostapd –d /etc/hostapd/hostapd.conf

      then appear the output, you know why, because we just “copy paste” from the source here, then try to erase “space” lin line 3,31,37,40 etc
      then it will work

  10. dear all,
    this is my topology
    Legitimate AP – – – – –(wlan1) Rogue AP(wlan0)– – – – – user
    i try to make rogue/fake AP using hostapd with mode bridge, because i need to set up topology where : legitimate AP– – – – RAP– – – – User are in one network.
    i follow this guidance step by step, then i have a problem
    the first, when hostapd have not run the connection between legitimate AP and RAP running well.. but when i restart hostapd and change configure /etc/network/interfaces to make the PC as RAP, then restart the network
    something happen, the connection between legitimae AP and RAP become down..
    then my user PC stuck at obtaining ip address.

    i need your advice

    thank you

  11. Hi,

    I’ve configured everything by the book, to include even changing the “eth0” type. With that, I still am not seeing the SSID appear (it’s not broadcasting that I’ve configured (within /etc/hostapd/hostapd.conf) in order to connect to it from my other wireless devices. Any thoughts?

  12. Very good faq !
    Thank you !
    I just noticed one mistake in the interfaces config :
    # eth0 connected to the ISP router
    allow-hotplug eth0
    iface eth1 inet manual

    ‘should be : iface eth0 inet manual, and not eth1.

    One could add mac filtring howto in hostapd config file too (from :
    # Station MAC address -based authentication
    # 0 = accept unless in deny list
    # 1 = deny unless in accept list
    # 2 = use external RADIUS server (accept/deny lists are searched first)

    # Accept/deny lists are read from separate files

    Very good job anyway :-)

  13. Hi! Thanks so much. I have successfully managed to create the AP, however when I connect to it I don’t have Internet on my phone. I know that I am to supposed to get online, but how do can access internet on my phone after i connect ?


  14. great article. But if you someone don’t want to learn, there are also easy ways to set up ap hotspot in linux- few clicks and you there. One of method is ap-hotspot script- easy to set up and gives you lovely notifications about which devices are connecting or disconnecting from your acces point. Second method is network-manager, which will let you to set up hotspot with few very easy steps.

  15. Hi
    I am looking for the same thing however, I do not want any wired connection. My linux box will connect to my wifi adsl router through usb adapter 1. My other usb adapter 2 will be used for connection giving to the clients. I do not want to spend extra for ap. I am using ubuntu as file server and I would like to use the same machine for wap.
    Any suggestions?

  16. 2 pvswie:
    I just ran my new wifi network on this card: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01).
    My computer is small terminal Thin HP e5740e with Intel Atom 1,66 MHz.

    Big thanks to the Author for this Howto.

  17. I was able to successfully set up a Intel NUC running Ubuntu 14.04 as an AP using


    However, I would like to set the AP on a 5 GHz channel. So I set


    But I get the following output:

    wlan1: IEEE 802.11 Configured channel (48) not found from the channel list of current mode (2) IEEE 802.11a
    wlan1: IEEE 802.11 Hardware does not support configured channel
    Could not select hw_mode and channel. (-3)
    wlan1: interface state UNINITIALIZED->DISABLED
    wlan1: AP-DISABLED
    wlan1: Unable to setup interface.

    Has anyone successfully used Ubuntu 14.04 as a 5 GHz AP using hostapd?

    Still, have a question? Get help on our forum!