How to set up Ubuntu as wireless accesspoint? Announcing the arrival of Valued Associate #679:...

When a candle burns, why does the top of wick glow if bottom of flame is hottest?

Identify plant with long narrow paired leaves and reddish stems

What LEGO pieces have "real-world" functionality?

Extract all GPU name, model and GPU ram

Can a USB port passively 'listen only'?

Output the ŋarâþ crîþ alphabet song without using (m)any letters

51k Euros annually for a family of 4 in Berlin: Is it enough?

Is the Standard Deduction better than Itemized when both are the same amount?

How does the particle を relate to the verb 行く in the structure「A を + B に行く」?

Why aren't air breathing engines used as small first stages

A coin, having probability p of landing heads and probability of q=(1-p) of landing on heads.

How to tell that you are a giant?

Why did the IBM 650 use bi-quinary?

Is it true that "carbohydrates are of no use for the basal metabolic need"?

How can I make names more distinctive without making them longer?

How to bypass password on Windows XP account?

Is there a (better) way to access $wpdb results?

Why didn't this character "real die" when they blew their stack out in Altered Carbon?

Denied boarding although I have proper visa and documentation. To whom should I make a complaint?

Why are Kinder Surprise Eggs illegal in the USA?

How widely used is the term Treppenwitz? Is it something that most Germans know?

ListPlot join points by nearest neighbor rather than order

Echoing a tail command produces unexpected output?

How does debian/ubuntu knows a package has a updated version



How to set up Ubuntu as wireless accesspoint?



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)How to create a wifi hotspot in Ubuntu Server?Is there any way to turn my laptop into a wireless access point for other devices?ubuntu wireless hotspot?How to share internet by creating virtual access point in UbuntuCreating Hotspot from wifiHow to set Ubuntu as wireless accespoint in the GUI way?Setting up ubuntu as a wireless accesspointHow to turn my Dell Mini 10v to become a WiFi hot spot?Looking for a pci wireless card for a ubuntu-based access point. Any recommendations?How to setup a Wireless Access-Point using my laptop's WiFi card?wifi EUB9603H and r8712u driverCan I make Ubuntu server connect to wifi and create an Access point from the same wlan0 interface?Trouble with WPA wifi connection - can connect to wireless networksHow to set up a wi-fi hotspot with an Ubuntu laptop (access point mode)?How to setup an access point for two wireless networks of which one ends on a VPN?How can I configure my headless server to connect to a wireless network automatically?How to lock down connecting to a specific WiFiHow to set up Ubuntu Server as a wireless + ethernet router with IPv4 and IPv6





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







25















How can I set up my WiFi to be used as wireless access point on Ubuntu Server?



I have a local Ubuntu Server, it has a wireless card in it (802.11a/b/g/n) and I really want to set it up as an 802.11n access point since my normal access point does not support N.



It needs to work as a switch as well so I can connect and get DHPC through.



Edit: I don't see Network Manager as a good solution since it depends on a lot of X11 packages, and i don't want that on a server.










share|improve this question




















  • 2





    See my answer to “How to turn my Linux netbook into WiFi AP”

    – Marco
    May 5 '13 at 20:12


















25















How can I set up my WiFi to be used as wireless access point on Ubuntu Server?



I have a local Ubuntu Server, it has a wireless card in it (802.11a/b/g/n) and I really want to set it up as an 802.11n access point since my normal access point does not support N.



It needs to work as a switch as well so I can connect and get DHPC through.



Edit: I don't see Network Manager as a good solution since it depends on a lot of X11 packages, and i don't want that on a server.










share|improve this question




















  • 2





    See my answer to “How to turn my Linux netbook into WiFi AP”

    – Marco
    May 5 '13 at 20:12














25












25








25


8






How can I set up my WiFi to be used as wireless access point on Ubuntu Server?



I have a local Ubuntu Server, it has a wireless card in it (802.11a/b/g/n) and I really want to set it up as an 802.11n access point since my normal access point does not support N.



It needs to work as a switch as well so I can connect and get DHPC through.



Edit: I don't see Network Manager as a good solution since it depends on a lot of X11 packages, and i don't want that on a server.










share|improve this question
















How can I set up my WiFi to be used as wireless access point on Ubuntu Server?



I have a local Ubuntu Server, it has a wireless card in it (802.11a/b/g/n) and I really want to set it up as an 802.11n access point since my normal access point does not support N.



It needs to work as a switch as well so I can connect and get DHPC through.



Edit: I don't see Network Manager as a good solution since it depends on a lot of X11 packages, and i don't want that on a server.







wireless networking server wireless-access-point






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 5 '13 at 19:52









Zignd

5,431103158




5,431103158










asked Aug 6 '10 at 11:15









LassePoulsenLassePoulsen

11.8k83857




11.8k83857








  • 2





    See my answer to “How to turn my Linux netbook into WiFi AP”

    – Marco
    May 5 '13 at 20:12














  • 2





    See my answer to “How to turn my Linux netbook into WiFi AP”

    – Marco
    May 5 '13 at 20:12








2




2





See my answer to “How to turn my Linux netbook into WiFi AP”

– Marco
May 5 '13 at 20:12





See my answer to “How to turn my Linux netbook into WiFi AP”

– Marco
May 5 '13 at 20:12










4 Answers
4






active

oldest

votes


















7














I found a good thread. It should work in Ubuntu 10.04 no problem. Also it is CLI so it doesn't need any X libs at all. :)






share|improve this answer





















  • 1





    The linked thread is actually 41 posts long, and it is not clear at all what the solution to the question is. The answer should be summarized here.

    – Frank Kusters
    Jan 27 '17 at 13:18



















5














Click on your NetworkManager icon in the panel, and choose "Create Wireless network..." You should be able to set this up as a "System" (as opposed to "User") connection.



You say that this is on a server, so perhaps you're accessing the server through SSH only. In that case, you can try some remote X connection; or try to configure NetworkManager through the command line, which should be possible, if non-trivial.






share|improve this answer
























  • Possible, but i don't want NetworkManager

    – LassePoulsen
    Aug 6 '10 at 13:07











  • OMG, it works ! Had problems with WPA1&2 & WEP, but without encryption, it works fine.

    – WitchCraft
    Feb 7 '14 at 11:14



















0














Why not to try by installing hostapd



Install the hostapd package. On ubuntu:



sudo apt-get install hostapd


Source: How to turn Linux machine into a wifi Access Point






share|improve this answer































    -2














    This is a pretty good (if a little outdated [if 2006 is outdated]) article which outlines how to do this from the command line.



    http://www.linux.com/archive/feed/55617



    Assuming your wireless device works OK you can probably dive right in at the bridging section about halfway down.





    Wi-Fi Protected Access version 2 (WPA2) is becoming the de facto standard for securing wireless networks, and a mandatory feature for all new Wi-Fi products certified by the Wi-Fi Alliance. We all know the security weaknesses of its predecessor, WEP; this time they got it right. Here's how to implement the WPA2 protocol on a Linux host and create a secure wireless access point (WAP) for your network.



    Most consumer-grade commercial WAPs operate in the same simple manner: they create a bridge between a wired (Ethernet) network interface and a wireless one. That's exactly what we'll do too. The WAP part will be handled by the hostapd daemon, so you must pick a wireless interface it supports. Among the supported NICs are those with Prism 2/2.5/3, Atheros ar521x, and Prism GT/Duette/Indigo chipsets; a list is available on the hostapd homepage, along with links for Linux drivers for each chipset. I have an Atheros AR5212-based PCI card installed on my WAP, which is supported by hostapd. Although any Pentium (or newer) system will work, some PCI wireless cards require PCI 2.2 to operate, so make sure to check your system's motherboard specifications before buying. You will also need an Ethernet interface that's supported by Linux for connecting your WAP to the LAN; most on-board interfaces will work just fine.



    My setup is based on Debian Testing (Etch), but any GNU/Linux distribution with a recent 2.6 kernel will work. The kernel must support 802.1d Ethernet Bridging (CONFIG_BRIDGE) and Wireless LAN (CONFIG_NET_RADIO). Most default stock kernels have these features enabled, but if you prefer to build your own kernel, make sure to include these options. The only other packages you need to install, besides hostapd, are bridge-utils and wireless-tools. Major GNU/Linux distributions offer binary packages for all these programs, but if you prefer to build them from source, you can find more information on their homepages.



    Before bridging together the two interfaces we must put the wireless interface (in my case ath0; adjust it to match your setup) in hostap or Master mode. Usually this is as simple as running iwconfig ath0 mode Master, but since wlan support in Linux is not yet standardized, some drivers may need additional configuration. If you have an Atheros-based interface you also need to run the following: wlanconfig ath0 destroy; wlanconfig ath0 create wlandev wifi0 wlanmode ap before the iwconfig command. After that, running iwconfig ath0 will return mode:Master, among others.



    Now let's create the bridge. We'll assume that the Ethernet interface is eth0:



    ifconfig eth0 0.0.0.0 up
    ifconfig ath0 0.0.0.0 up
    brctl addbr br0
    brctl addif br0 eth0
    brctl addif br0 ath0


    And for stopping the bridge, you should run:



    ifconfig br0 down
    ifconfig eth0 0.0.0.0 down
    ifconfig ath0 0.0.0.0 down
    brctl delif br0 eth0
    brctl delif br0 ath0
    brctl delbr br0


    You can optionally give an IP address to the br0 interface if you want to access the WAP host from the network, using for instance SSH. Each distribution offers its own way to configure the network; if you use Debian (or any Debian-based distribution, such as Ubuntu) you can wrap up all the previous commands by simply adding the following to your /etc/network/interfaces file:



    auto ath0 br0

    iface ath0 inet manual
    pre-up wlanconfig ath0 destroy
    pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap
    post-down wlanconfig ath0 destroy
    wireless-mode master

    iface br0 inet manual
    bridge_ports eth0 ath0


    Note that ifupdown handles eth0 automatically, so you don't need a separate stanza for it in /etc/network/interfaces. To verify that the bridge is configured correctly, run brctl show. You should get something like this in return:



    bridge name     bridge id               STP enabled     interfaces
    br0 8000.00032f2481f0 no ath0
    eth0


    Before starting to mess with hostapd we need a pass phrase for WPA2. As with all passwords, it should be random and thus hard to guess. A nice way to get a random pass phrase is to visit Gibson Research Corp.'s Ultra High Security Password Generator and use the third password it creates – the one titled 63 random alpha-numeric characters (a-z, A-Z, 0-9). Having a passphrase that includes non-alpha-numeric ASCII characters (e.g. !, @, etc.) might be tempting, but some clients -- namely Windows XP -- don't seem to like them.



    Now create a new text file named /etc/hostapd/wpa_psk and paste your pass phrase as:



    00:00:00:00:00:00 PASSPHRASE


    The first part with the zeros means 'match all MAC addresses,' and does exactly that. You can also use different passphrases for each client by appending a new line to the file with each client's MAC address and its passphrase. Make sure that only root has access to that file by running chmod 600 /etc/hostapd/wpa_psk.



    Now create a backup of hostapd's main configuration file, /etc/hostapd/hostapd.conf, and keep it as a reference by running mv /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig. Create a new hostapd.conf file and paste the following lines into it:



    interface=ath0
    bridge=br0
    driver=madwifi
    logger_syslog=-1
    logger_syslog_level=2
    logger_stdout=-1
    logger_stdout_level=2
    debug=0
    dump_file=/tmp/hostapd.dump
    ctrl_interface=/var/run/hostapd
    ctrl_interface_group=0
    ssid=My_Secure_WLAN
    #macaddr_acl=1
    #accept_mac_file=/etc/hostapd/accept
    auth_algs=3
    eapol_key_index_workaround=0
    eap_server=0
    wpa=3
    wpa_psk_file=/etc/hostapd/wpa_psk
    wpa_key_mgmt=WPA-PSK
    wpa_pairwise=CCMP
    stakey=0


    Replace the parts in italics with information that matches your setup. If you want to allow only specific clients to connect, remove the # character from the two lines above and copy the MAC addresses of those clients to /etc/hostapd/accept, and make this file accessible only by root (chmod 600). For more information about the options used, read the comments in the backup file you created previously (hostapd.conf.orig).



    Start the hostapd daemon (/etc/init.d/hostapd start) and check /var/log/daemon.log to verify that it works. If the daemon does not come up, increase the debug level (option debug= in hostapd.conf) to 4 and try again.



    Now if you scan for available wireless networks from a client, you should see your ESSID. To connect to the WAP from a Linux client, you need to install wpa_supplicant and create a configuration file, wpa_supplicant.conf (in Debian, installed in /etc/wpa_supplicant/) like the following:



    update_config=1
    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=0
    eapol_version=1
    ap_scan=1
    fast_reauth=1

    network={
    ssid="My_Secure_WLAN"
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP
    group=CCMP
    psk="PASSPHRASE"
    priority=5
    }


    Again replace the parts in italics to match your setup and run wpa_supplicant -i eth1 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf (replacing eth1 with your wlan interface name and wext with the appropriate driver for your card; run wpa_supplicant without any options for more information). This command starts wpa_supplicant in the foreground and tries to connect to the WAP. If the output looks like the following, you're all set:



    Trying to associate with 00:11:22:33:44:55 (SSID='My_Secure_WLAN' freq=0 MHz)
    Associated with 00:11:22:33:44:55
    WPA: Key negotiation completed with 00:11:22:33:44:55 [PTK=CCMP GTK=CCMP]
    CTRL-EVENT-CONNECTED - Connection to 00:11:22:33:44:55 completed (auth) [id=0 id_str=]


    Give a static IP address to your wireless interface (or run a DHCP client) and try to ping a host inside your LAN to verify that the connection works.



    Congratulations, you've just built yourself a highly customizable wireless access point. Although this setup is ideal for home or small office usage, you need something more robust in the enterprise, with authentication with a RADIUS server, or even better, a VPN.






    share|improve this answer





















    • 1





      It is a lot outdated... The kernel wireless driver stack have changed since then apparently!

      – LassePoulsen
      Aug 6 '10 at 14:44











    • True, but the bridge and wpa_supplicant stuff which is the raw stuff needed to get it up is useful.

      – popey
      Aug 6 '10 at 15:05






    • 1





      The page is a 404. -1 from me. If you had summed up the info contained in the linke your answer would be still valid.

      – Marco
      May 5 '13 at 22:09











    • Archive.org is your friend... web.archive.org/web/20110830173316/http://www.linux.com/learn/…

      – popey
      May 7 '13 at 8:05











    • Dead link......

      – obayhan
      Aug 28 '17 at 10:17












    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "89"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1385%2fhow-to-set-up-ubuntu-as-wireless-accesspoint%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    4 Answers
    4






    active

    oldest

    votes








    4 Answers
    4






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    7














    I found a good thread. It should work in Ubuntu 10.04 no problem. Also it is CLI so it doesn't need any X libs at all. :)






    share|improve this answer





















    • 1





      The linked thread is actually 41 posts long, and it is not clear at all what the solution to the question is. The answer should be summarized here.

      – Frank Kusters
      Jan 27 '17 at 13:18
















    7














    I found a good thread. It should work in Ubuntu 10.04 no problem. Also it is CLI so it doesn't need any X libs at all. :)






    share|improve this answer





















    • 1





      The linked thread is actually 41 posts long, and it is not clear at all what the solution to the question is. The answer should be summarized here.

      – Frank Kusters
      Jan 27 '17 at 13:18














    7












    7








    7







    I found a good thread. It should work in Ubuntu 10.04 no problem. Also it is CLI so it doesn't need any X libs at all. :)






    share|improve this answer















    I found a good thread. It should work in Ubuntu 10.04 no problem. Also it is CLI so it doesn't need any X libs at all. :)







    share|improve this answer














    share|improve this answer



    share|improve this answer








    edited Jun 7 '15 at 8:33









    David Foerster

    28.7k1367113




    28.7k1367113










    answered Aug 6 '10 at 14:26









    Micheal HarkerMicheal Harker

    1,184615




    1,184615








    • 1





      The linked thread is actually 41 posts long, and it is not clear at all what the solution to the question is. The answer should be summarized here.

      – Frank Kusters
      Jan 27 '17 at 13:18














    • 1





      The linked thread is actually 41 posts long, and it is not clear at all what the solution to the question is. The answer should be summarized here.

      – Frank Kusters
      Jan 27 '17 at 13:18








    1




    1





    The linked thread is actually 41 posts long, and it is not clear at all what the solution to the question is. The answer should be summarized here.

    – Frank Kusters
    Jan 27 '17 at 13:18





    The linked thread is actually 41 posts long, and it is not clear at all what the solution to the question is. The answer should be summarized here.

    – Frank Kusters
    Jan 27 '17 at 13:18













    5














    Click on your NetworkManager icon in the panel, and choose "Create Wireless network..." You should be able to set this up as a "System" (as opposed to "User") connection.



    You say that this is on a server, so perhaps you're accessing the server through SSH only. In that case, you can try some remote X connection; or try to configure NetworkManager through the command line, which should be possible, if non-trivial.






    share|improve this answer
























    • Possible, but i don't want NetworkManager

      – LassePoulsen
      Aug 6 '10 at 13:07











    • OMG, it works ! Had problems with WPA1&2 & WEP, but without encryption, it works fine.

      – WitchCraft
      Feb 7 '14 at 11:14
















    5














    Click on your NetworkManager icon in the panel, and choose "Create Wireless network..." You should be able to set this up as a "System" (as opposed to "User") connection.



    You say that this is on a server, so perhaps you're accessing the server through SSH only. In that case, you can try some remote X connection; or try to configure NetworkManager through the command line, which should be possible, if non-trivial.






    share|improve this answer
























    • Possible, but i don't want NetworkManager

      – LassePoulsen
      Aug 6 '10 at 13:07











    • OMG, it works ! Had problems with WPA1&2 & WEP, but without encryption, it works fine.

      – WitchCraft
      Feb 7 '14 at 11:14














    5












    5








    5







    Click on your NetworkManager icon in the panel, and choose "Create Wireless network..." You should be able to set this up as a "System" (as opposed to "User") connection.



    You say that this is on a server, so perhaps you're accessing the server through SSH only. In that case, you can try some remote X connection; or try to configure NetworkManager through the command line, which should be possible, if non-trivial.






    share|improve this answer













    Click on your NetworkManager icon in the panel, and choose "Create Wireless network..." You should be able to set this up as a "System" (as opposed to "User") connection.



    You say that this is on a server, so perhaps you're accessing the server through SSH only. In that case, you can try some remote X connection; or try to configure NetworkManager through the command line, which should be possible, if non-trivial.







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Aug 6 '10 at 11:33









    loevborgloevborg

    5,63211823




    5,63211823













    • Possible, but i don't want NetworkManager

      – LassePoulsen
      Aug 6 '10 at 13:07











    • OMG, it works ! Had problems with WPA1&2 & WEP, but without encryption, it works fine.

      – WitchCraft
      Feb 7 '14 at 11:14



















    • Possible, but i don't want NetworkManager

      – LassePoulsen
      Aug 6 '10 at 13:07











    • OMG, it works ! Had problems with WPA1&2 & WEP, but without encryption, it works fine.

      – WitchCraft
      Feb 7 '14 at 11:14

















    Possible, but i don't want NetworkManager

    – LassePoulsen
    Aug 6 '10 at 13:07





    Possible, but i don't want NetworkManager

    – LassePoulsen
    Aug 6 '10 at 13:07













    OMG, it works ! Had problems with WPA1&2 & WEP, but without encryption, it works fine.

    – WitchCraft
    Feb 7 '14 at 11:14





    OMG, it works ! Had problems with WPA1&2 & WEP, but without encryption, it works fine.

    – WitchCraft
    Feb 7 '14 at 11:14











    0














    Why not to try by installing hostapd



    Install the hostapd package. On ubuntu:



    sudo apt-get install hostapd


    Source: How to turn Linux machine into a wifi Access Point






    share|improve this answer




























      0














      Why not to try by installing hostapd



      Install the hostapd package. On ubuntu:



      sudo apt-get install hostapd


      Source: How to turn Linux machine into a wifi Access Point






      share|improve this answer


























        0












        0








        0







        Why not to try by installing hostapd



        Install the hostapd package. On ubuntu:



        sudo apt-get install hostapd


        Source: How to turn Linux machine into a wifi Access Point






        share|improve this answer













        Why not to try by installing hostapd



        Install the hostapd package. On ubuntu:



        sudo apt-get install hostapd


        Source: How to turn Linux machine into a wifi Access Point







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 19 '14 at 6:47









        Luzan BaralLuzan Baral

        906915




        906915























            -2














            This is a pretty good (if a little outdated [if 2006 is outdated]) article which outlines how to do this from the command line.



            http://www.linux.com/archive/feed/55617



            Assuming your wireless device works OK you can probably dive right in at the bridging section about halfway down.





            Wi-Fi Protected Access version 2 (WPA2) is becoming the de facto standard for securing wireless networks, and a mandatory feature for all new Wi-Fi products certified by the Wi-Fi Alliance. We all know the security weaknesses of its predecessor, WEP; this time they got it right. Here's how to implement the WPA2 protocol on a Linux host and create a secure wireless access point (WAP) for your network.



            Most consumer-grade commercial WAPs operate in the same simple manner: they create a bridge between a wired (Ethernet) network interface and a wireless one. That's exactly what we'll do too. The WAP part will be handled by the hostapd daemon, so you must pick a wireless interface it supports. Among the supported NICs are those with Prism 2/2.5/3, Atheros ar521x, and Prism GT/Duette/Indigo chipsets; a list is available on the hostapd homepage, along with links for Linux drivers for each chipset. I have an Atheros AR5212-based PCI card installed on my WAP, which is supported by hostapd. Although any Pentium (or newer) system will work, some PCI wireless cards require PCI 2.2 to operate, so make sure to check your system's motherboard specifications before buying. You will also need an Ethernet interface that's supported by Linux for connecting your WAP to the LAN; most on-board interfaces will work just fine.



            My setup is based on Debian Testing (Etch), but any GNU/Linux distribution with a recent 2.6 kernel will work. The kernel must support 802.1d Ethernet Bridging (CONFIG_BRIDGE) and Wireless LAN (CONFIG_NET_RADIO). Most default stock kernels have these features enabled, but if you prefer to build your own kernel, make sure to include these options. The only other packages you need to install, besides hostapd, are bridge-utils and wireless-tools. Major GNU/Linux distributions offer binary packages for all these programs, but if you prefer to build them from source, you can find more information on their homepages.



            Before bridging together the two interfaces we must put the wireless interface (in my case ath0; adjust it to match your setup) in hostap or Master mode. Usually this is as simple as running iwconfig ath0 mode Master, but since wlan support in Linux is not yet standardized, some drivers may need additional configuration. If you have an Atheros-based interface you also need to run the following: wlanconfig ath0 destroy; wlanconfig ath0 create wlandev wifi0 wlanmode ap before the iwconfig command. After that, running iwconfig ath0 will return mode:Master, among others.



            Now let's create the bridge. We'll assume that the Ethernet interface is eth0:



            ifconfig eth0 0.0.0.0 up
            ifconfig ath0 0.0.0.0 up
            brctl addbr br0
            brctl addif br0 eth0
            brctl addif br0 ath0


            And for stopping the bridge, you should run:



            ifconfig br0 down
            ifconfig eth0 0.0.0.0 down
            ifconfig ath0 0.0.0.0 down
            brctl delif br0 eth0
            brctl delif br0 ath0
            brctl delbr br0


            You can optionally give an IP address to the br0 interface if you want to access the WAP host from the network, using for instance SSH. Each distribution offers its own way to configure the network; if you use Debian (or any Debian-based distribution, such as Ubuntu) you can wrap up all the previous commands by simply adding the following to your /etc/network/interfaces file:



            auto ath0 br0

            iface ath0 inet manual
            pre-up wlanconfig ath0 destroy
            pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap
            post-down wlanconfig ath0 destroy
            wireless-mode master

            iface br0 inet manual
            bridge_ports eth0 ath0


            Note that ifupdown handles eth0 automatically, so you don't need a separate stanza for it in /etc/network/interfaces. To verify that the bridge is configured correctly, run brctl show. You should get something like this in return:



            bridge name     bridge id               STP enabled     interfaces
            br0 8000.00032f2481f0 no ath0
            eth0


            Before starting to mess with hostapd we need a pass phrase for WPA2. As with all passwords, it should be random and thus hard to guess. A nice way to get a random pass phrase is to visit Gibson Research Corp.'s Ultra High Security Password Generator and use the third password it creates – the one titled 63 random alpha-numeric characters (a-z, A-Z, 0-9). Having a passphrase that includes non-alpha-numeric ASCII characters (e.g. !, @, etc.) might be tempting, but some clients -- namely Windows XP -- don't seem to like them.



            Now create a new text file named /etc/hostapd/wpa_psk and paste your pass phrase as:



            00:00:00:00:00:00 PASSPHRASE


            The first part with the zeros means 'match all MAC addresses,' and does exactly that. You can also use different passphrases for each client by appending a new line to the file with each client's MAC address and its passphrase. Make sure that only root has access to that file by running chmod 600 /etc/hostapd/wpa_psk.



            Now create a backup of hostapd's main configuration file, /etc/hostapd/hostapd.conf, and keep it as a reference by running mv /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig. Create a new hostapd.conf file and paste the following lines into it:



            interface=ath0
            bridge=br0
            driver=madwifi
            logger_syslog=-1
            logger_syslog_level=2
            logger_stdout=-1
            logger_stdout_level=2
            debug=0
            dump_file=/tmp/hostapd.dump
            ctrl_interface=/var/run/hostapd
            ctrl_interface_group=0
            ssid=My_Secure_WLAN
            #macaddr_acl=1
            #accept_mac_file=/etc/hostapd/accept
            auth_algs=3
            eapol_key_index_workaround=0
            eap_server=0
            wpa=3
            wpa_psk_file=/etc/hostapd/wpa_psk
            wpa_key_mgmt=WPA-PSK
            wpa_pairwise=CCMP
            stakey=0


            Replace the parts in italics with information that matches your setup. If you want to allow only specific clients to connect, remove the # character from the two lines above and copy the MAC addresses of those clients to /etc/hostapd/accept, and make this file accessible only by root (chmod 600). For more information about the options used, read the comments in the backup file you created previously (hostapd.conf.orig).



            Start the hostapd daemon (/etc/init.d/hostapd start) and check /var/log/daemon.log to verify that it works. If the daemon does not come up, increase the debug level (option debug= in hostapd.conf) to 4 and try again.



            Now if you scan for available wireless networks from a client, you should see your ESSID. To connect to the WAP from a Linux client, you need to install wpa_supplicant and create a configuration file, wpa_supplicant.conf (in Debian, installed in /etc/wpa_supplicant/) like the following:



            update_config=1
            ctrl_interface=/var/run/wpa_supplicant
            ctrl_interface_group=0
            eapol_version=1
            ap_scan=1
            fast_reauth=1

            network={
            ssid="My_Secure_WLAN"
            proto=RSN
            key_mgmt=WPA-PSK
            pairwise=CCMP
            group=CCMP
            psk="PASSPHRASE"
            priority=5
            }


            Again replace the parts in italics to match your setup and run wpa_supplicant -i eth1 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf (replacing eth1 with your wlan interface name and wext with the appropriate driver for your card; run wpa_supplicant without any options for more information). This command starts wpa_supplicant in the foreground and tries to connect to the WAP. If the output looks like the following, you're all set:



            Trying to associate with 00:11:22:33:44:55 (SSID='My_Secure_WLAN' freq=0 MHz)
            Associated with 00:11:22:33:44:55
            WPA: Key negotiation completed with 00:11:22:33:44:55 [PTK=CCMP GTK=CCMP]
            CTRL-EVENT-CONNECTED - Connection to 00:11:22:33:44:55 completed (auth) [id=0 id_str=]


            Give a static IP address to your wireless interface (or run a DHCP client) and try to ping a host inside your LAN to verify that the connection works.



            Congratulations, you've just built yourself a highly customizable wireless access point. Although this setup is ideal for home or small office usage, you need something more robust in the enterprise, with authentication with a RADIUS server, or even better, a VPN.






            share|improve this answer





















            • 1





              It is a lot outdated... The kernel wireless driver stack have changed since then apparently!

              – LassePoulsen
              Aug 6 '10 at 14:44











            • True, but the bridge and wpa_supplicant stuff which is the raw stuff needed to get it up is useful.

              – popey
              Aug 6 '10 at 15:05






            • 1





              The page is a 404. -1 from me. If you had summed up the info contained in the linke your answer would be still valid.

              – Marco
              May 5 '13 at 22:09











            • Archive.org is your friend... web.archive.org/web/20110830173316/http://www.linux.com/learn/…

              – popey
              May 7 '13 at 8:05











            • Dead link......

              – obayhan
              Aug 28 '17 at 10:17
















            -2














            This is a pretty good (if a little outdated [if 2006 is outdated]) article which outlines how to do this from the command line.



            http://www.linux.com/archive/feed/55617



            Assuming your wireless device works OK you can probably dive right in at the bridging section about halfway down.





            Wi-Fi Protected Access version 2 (WPA2) is becoming the de facto standard for securing wireless networks, and a mandatory feature for all new Wi-Fi products certified by the Wi-Fi Alliance. We all know the security weaknesses of its predecessor, WEP; this time they got it right. Here's how to implement the WPA2 protocol on a Linux host and create a secure wireless access point (WAP) for your network.



            Most consumer-grade commercial WAPs operate in the same simple manner: they create a bridge between a wired (Ethernet) network interface and a wireless one. That's exactly what we'll do too. The WAP part will be handled by the hostapd daemon, so you must pick a wireless interface it supports. Among the supported NICs are those with Prism 2/2.5/3, Atheros ar521x, and Prism GT/Duette/Indigo chipsets; a list is available on the hostapd homepage, along with links for Linux drivers for each chipset. I have an Atheros AR5212-based PCI card installed on my WAP, which is supported by hostapd. Although any Pentium (or newer) system will work, some PCI wireless cards require PCI 2.2 to operate, so make sure to check your system's motherboard specifications before buying. You will also need an Ethernet interface that's supported by Linux for connecting your WAP to the LAN; most on-board interfaces will work just fine.



            My setup is based on Debian Testing (Etch), but any GNU/Linux distribution with a recent 2.6 kernel will work. The kernel must support 802.1d Ethernet Bridging (CONFIG_BRIDGE) and Wireless LAN (CONFIG_NET_RADIO). Most default stock kernels have these features enabled, but if you prefer to build your own kernel, make sure to include these options. The only other packages you need to install, besides hostapd, are bridge-utils and wireless-tools. Major GNU/Linux distributions offer binary packages for all these programs, but if you prefer to build them from source, you can find more information on their homepages.



            Before bridging together the two interfaces we must put the wireless interface (in my case ath0; adjust it to match your setup) in hostap or Master mode. Usually this is as simple as running iwconfig ath0 mode Master, but since wlan support in Linux is not yet standardized, some drivers may need additional configuration. If you have an Atheros-based interface you also need to run the following: wlanconfig ath0 destroy; wlanconfig ath0 create wlandev wifi0 wlanmode ap before the iwconfig command. After that, running iwconfig ath0 will return mode:Master, among others.



            Now let's create the bridge. We'll assume that the Ethernet interface is eth0:



            ifconfig eth0 0.0.0.0 up
            ifconfig ath0 0.0.0.0 up
            brctl addbr br0
            brctl addif br0 eth0
            brctl addif br0 ath0


            And for stopping the bridge, you should run:



            ifconfig br0 down
            ifconfig eth0 0.0.0.0 down
            ifconfig ath0 0.0.0.0 down
            brctl delif br0 eth0
            brctl delif br0 ath0
            brctl delbr br0


            You can optionally give an IP address to the br0 interface if you want to access the WAP host from the network, using for instance SSH. Each distribution offers its own way to configure the network; if you use Debian (or any Debian-based distribution, such as Ubuntu) you can wrap up all the previous commands by simply adding the following to your /etc/network/interfaces file:



            auto ath0 br0

            iface ath0 inet manual
            pre-up wlanconfig ath0 destroy
            pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap
            post-down wlanconfig ath0 destroy
            wireless-mode master

            iface br0 inet manual
            bridge_ports eth0 ath0


            Note that ifupdown handles eth0 automatically, so you don't need a separate stanza for it in /etc/network/interfaces. To verify that the bridge is configured correctly, run brctl show. You should get something like this in return:



            bridge name     bridge id               STP enabled     interfaces
            br0 8000.00032f2481f0 no ath0
            eth0


            Before starting to mess with hostapd we need a pass phrase for WPA2. As with all passwords, it should be random and thus hard to guess. A nice way to get a random pass phrase is to visit Gibson Research Corp.'s Ultra High Security Password Generator and use the third password it creates – the one titled 63 random alpha-numeric characters (a-z, A-Z, 0-9). Having a passphrase that includes non-alpha-numeric ASCII characters (e.g. !, @, etc.) might be tempting, but some clients -- namely Windows XP -- don't seem to like them.



            Now create a new text file named /etc/hostapd/wpa_psk and paste your pass phrase as:



            00:00:00:00:00:00 PASSPHRASE


            The first part with the zeros means 'match all MAC addresses,' and does exactly that. You can also use different passphrases for each client by appending a new line to the file with each client's MAC address and its passphrase. Make sure that only root has access to that file by running chmod 600 /etc/hostapd/wpa_psk.



            Now create a backup of hostapd's main configuration file, /etc/hostapd/hostapd.conf, and keep it as a reference by running mv /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig. Create a new hostapd.conf file and paste the following lines into it:



            interface=ath0
            bridge=br0
            driver=madwifi
            logger_syslog=-1
            logger_syslog_level=2
            logger_stdout=-1
            logger_stdout_level=2
            debug=0
            dump_file=/tmp/hostapd.dump
            ctrl_interface=/var/run/hostapd
            ctrl_interface_group=0
            ssid=My_Secure_WLAN
            #macaddr_acl=1
            #accept_mac_file=/etc/hostapd/accept
            auth_algs=3
            eapol_key_index_workaround=0
            eap_server=0
            wpa=3
            wpa_psk_file=/etc/hostapd/wpa_psk
            wpa_key_mgmt=WPA-PSK
            wpa_pairwise=CCMP
            stakey=0


            Replace the parts in italics with information that matches your setup. If you want to allow only specific clients to connect, remove the # character from the two lines above and copy the MAC addresses of those clients to /etc/hostapd/accept, and make this file accessible only by root (chmod 600). For more information about the options used, read the comments in the backup file you created previously (hostapd.conf.orig).



            Start the hostapd daemon (/etc/init.d/hostapd start) and check /var/log/daemon.log to verify that it works. If the daemon does not come up, increase the debug level (option debug= in hostapd.conf) to 4 and try again.



            Now if you scan for available wireless networks from a client, you should see your ESSID. To connect to the WAP from a Linux client, you need to install wpa_supplicant and create a configuration file, wpa_supplicant.conf (in Debian, installed in /etc/wpa_supplicant/) like the following:



            update_config=1
            ctrl_interface=/var/run/wpa_supplicant
            ctrl_interface_group=0
            eapol_version=1
            ap_scan=1
            fast_reauth=1

            network={
            ssid="My_Secure_WLAN"
            proto=RSN
            key_mgmt=WPA-PSK
            pairwise=CCMP
            group=CCMP
            psk="PASSPHRASE"
            priority=5
            }


            Again replace the parts in italics to match your setup and run wpa_supplicant -i eth1 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf (replacing eth1 with your wlan interface name and wext with the appropriate driver for your card; run wpa_supplicant without any options for more information). This command starts wpa_supplicant in the foreground and tries to connect to the WAP. If the output looks like the following, you're all set:



            Trying to associate with 00:11:22:33:44:55 (SSID='My_Secure_WLAN' freq=0 MHz)
            Associated with 00:11:22:33:44:55
            WPA: Key negotiation completed with 00:11:22:33:44:55 [PTK=CCMP GTK=CCMP]
            CTRL-EVENT-CONNECTED - Connection to 00:11:22:33:44:55 completed (auth) [id=0 id_str=]


            Give a static IP address to your wireless interface (or run a DHCP client) and try to ping a host inside your LAN to verify that the connection works.



            Congratulations, you've just built yourself a highly customizable wireless access point. Although this setup is ideal for home or small office usage, you need something more robust in the enterprise, with authentication with a RADIUS server, or even better, a VPN.






            share|improve this answer





















            • 1





              It is a lot outdated... The kernel wireless driver stack have changed since then apparently!

              – LassePoulsen
              Aug 6 '10 at 14:44











            • True, but the bridge and wpa_supplicant stuff which is the raw stuff needed to get it up is useful.

              – popey
              Aug 6 '10 at 15:05






            • 1





              The page is a 404. -1 from me. If you had summed up the info contained in the linke your answer would be still valid.

              – Marco
              May 5 '13 at 22:09











            • Archive.org is your friend... web.archive.org/web/20110830173316/http://www.linux.com/learn/…

              – popey
              May 7 '13 at 8:05











            • Dead link......

              – obayhan
              Aug 28 '17 at 10:17














            -2












            -2








            -2







            This is a pretty good (if a little outdated [if 2006 is outdated]) article which outlines how to do this from the command line.



            http://www.linux.com/archive/feed/55617



            Assuming your wireless device works OK you can probably dive right in at the bridging section about halfway down.





            Wi-Fi Protected Access version 2 (WPA2) is becoming the de facto standard for securing wireless networks, and a mandatory feature for all new Wi-Fi products certified by the Wi-Fi Alliance. We all know the security weaknesses of its predecessor, WEP; this time they got it right. Here's how to implement the WPA2 protocol on a Linux host and create a secure wireless access point (WAP) for your network.



            Most consumer-grade commercial WAPs operate in the same simple manner: they create a bridge between a wired (Ethernet) network interface and a wireless one. That's exactly what we'll do too. The WAP part will be handled by the hostapd daemon, so you must pick a wireless interface it supports. Among the supported NICs are those with Prism 2/2.5/3, Atheros ar521x, and Prism GT/Duette/Indigo chipsets; a list is available on the hostapd homepage, along with links for Linux drivers for each chipset. I have an Atheros AR5212-based PCI card installed on my WAP, which is supported by hostapd. Although any Pentium (or newer) system will work, some PCI wireless cards require PCI 2.2 to operate, so make sure to check your system's motherboard specifications before buying. You will also need an Ethernet interface that's supported by Linux for connecting your WAP to the LAN; most on-board interfaces will work just fine.



            My setup is based on Debian Testing (Etch), but any GNU/Linux distribution with a recent 2.6 kernel will work. The kernel must support 802.1d Ethernet Bridging (CONFIG_BRIDGE) and Wireless LAN (CONFIG_NET_RADIO). Most default stock kernels have these features enabled, but if you prefer to build your own kernel, make sure to include these options. The only other packages you need to install, besides hostapd, are bridge-utils and wireless-tools. Major GNU/Linux distributions offer binary packages for all these programs, but if you prefer to build them from source, you can find more information on their homepages.



            Before bridging together the two interfaces we must put the wireless interface (in my case ath0; adjust it to match your setup) in hostap or Master mode. Usually this is as simple as running iwconfig ath0 mode Master, but since wlan support in Linux is not yet standardized, some drivers may need additional configuration. If you have an Atheros-based interface you also need to run the following: wlanconfig ath0 destroy; wlanconfig ath0 create wlandev wifi0 wlanmode ap before the iwconfig command. After that, running iwconfig ath0 will return mode:Master, among others.



            Now let's create the bridge. We'll assume that the Ethernet interface is eth0:



            ifconfig eth0 0.0.0.0 up
            ifconfig ath0 0.0.0.0 up
            brctl addbr br0
            brctl addif br0 eth0
            brctl addif br0 ath0


            And for stopping the bridge, you should run:



            ifconfig br0 down
            ifconfig eth0 0.0.0.0 down
            ifconfig ath0 0.0.0.0 down
            brctl delif br0 eth0
            brctl delif br0 ath0
            brctl delbr br0


            You can optionally give an IP address to the br0 interface if you want to access the WAP host from the network, using for instance SSH. Each distribution offers its own way to configure the network; if you use Debian (or any Debian-based distribution, such as Ubuntu) you can wrap up all the previous commands by simply adding the following to your /etc/network/interfaces file:



            auto ath0 br0

            iface ath0 inet manual
            pre-up wlanconfig ath0 destroy
            pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap
            post-down wlanconfig ath0 destroy
            wireless-mode master

            iface br0 inet manual
            bridge_ports eth0 ath0


            Note that ifupdown handles eth0 automatically, so you don't need a separate stanza for it in /etc/network/interfaces. To verify that the bridge is configured correctly, run brctl show. You should get something like this in return:



            bridge name     bridge id               STP enabled     interfaces
            br0 8000.00032f2481f0 no ath0
            eth0


            Before starting to mess with hostapd we need a pass phrase for WPA2. As with all passwords, it should be random and thus hard to guess. A nice way to get a random pass phrase is to visit Gibson Research Corp.'s Ultra High Security Password Generator and use the third password it creates – the one titled 63 random alpha-numeric characters (a-z, A-Z, 0-9). Having a passphrase that includes non-alpha-numeric ASCII characters (e.g. !, @, etc.) might be tempting, but some clients -- namely Windows XP -- don't seem to like them.



            Now create a new text file named /etc/hostapd/wpa_psk and paste your pass phrase as:



            00:00:00:00:00:00 PASSPHRASE


            The first part with the zeros means 'match all MAC addresses,' and does exactly that. You can also use different passphrases for each client by appending a new line to the file with each client's MAC address and its passphrase. Make sure that only root has access to that file by running chmod 600 /etc/hostapd/wpa_psk.



            Now create a backup of hostapd's main configuration file, /etc/hostapd/hostapd.conf, and keep it as a reference by running mv /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig. Create a new hostapd.conf file and paste the following lines into it:



            interface=ath0
            bridge=br0
            driver=madwifi
            logger_syslog=-1
            logger_syslog_level=2
            logger_stdout=-1
            logger_stdout_level=2
            debug=0
            dump_file=/tmp/hostapd.dump
            ctrl_interface=/var/run/hostapd
            ctrl_interface_group=0
            ssid=My_Secure_WLAN
            #macaddr_acl=1
            #accept_mac_file=/etc/hostapd/accept
            auth_algs=3
            eapol_key_index_workaround=0
            eap_server=0
            wpa=3
            wpa_psk_file=/etc/hostapd/wpa_psk
            wpa_key_mgmt=WPA-PSK
            wpa_pairwise=CCMP
            stakey=0


            Replace the parts in italics with information that matches your setup. If you want to allow only specific clients to connect, remove the # character from the two lines above and copy the MAC addresses of those clients to /etc/hostapd/accept, and make this file accessible only by root (chmod 600). For more information about the options used, read the comments in the backup file you created previously (hostapd.conf.orig).



            Start the hostapd daemon (/etc/init.d/hostapd start) and check /var/log/daemon.log to verify that it works. If the daemon does not come up, increase the debug level (option debug= in hostapd.conf) to 4 and try again.



            Now if you scan for available wireless networks from a client, you should see your ESSID. To connect to the WAP from a Linux client, you need to install wpa_supplicant and create a configuration file, wpa_supplicant.conf (in Debian, installed in /etc/wpa_supplicant/) like the following:



            update_config=1
            ctrl_interface=/var/run/wpa_supplicant
            ctrl_interface_group=0
            eapol_version=1
            ap_scan=1
            fast_reauth=1

            network={
            ssid="My_Secure_WLAN"
            proto=RSN
            key_mgmt=WPA-PSK
            pairwise=CCMP
            group=CCMP
            psk="PASSPHRASE"
            priority=5
            }


            Again replace the parts in italics to match your setup and run wpa_supplicant -i eth1 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf (replacing eth1 with your wlan interface name and wext with the appropriate driver for your card; run wpa_supplicant without any options for more information). This command starts wpa_supplicant in the foreground and tries to connect to the WAP. If the output looks like the following, you're all set:



            Trying to associate with 00:11:22:33:44:55 (SSID='My_Secure_WLAN' freq=0 MHz)
            Associated with 00:11:22:33:44:55
            WPA: Key negotiation completed with 00:11:22:33:44:55 [PTK=CCMP GTK=CCMP]
            CTRL-EVENT-CONNECTED - Connection to 00:11:22:33:44:55 completed (auth) [id=0 id_str=]


            Give a static IP address to your wireless interface (or run a DHCP client) and try to ping a host inside your LAN to verify that the connection works.



            Congratulations, you've just built yourself a highly customizable wireless access point. Although this setup is ideal for home or small office usage, you need something more robust in the enterprise, with authentication with a RADIUS server, or even better, a VPN.






            share|improve this answer















            This is a pretty good (if a little outdated [if 2006 is outdated]) article which outlines how to do this from the command line.



            http://www.linux.com/archive/feed/55617



            Assuming your wireless device works OK you can probably dive right in at the bridging section about halfway down.





            Wi-Fi Protected Access version 2 (WPA2) is becoming the de facto standard for securing wireless networks, and a mandatory feature for all new Wi-Fi products certified by the Wi-Fi Alliance. We all know the security weaknesses of its predecessor, WEP; this time they got it right. Here's how to implement the WPA2 protocol on a Linux host and create a secure wireless access point (WAP) for your network.



            Most consumer-grade commercial WAPs operate in the same simple manner: they create a bridge between a wired (Ethernet) network interface and a wireless one. That's exactly what we'll do too. The WAP part will be handled by the hostapd daemon, so you must pick a wireless interface it supports. Among the supported NICs are those with Prism 2/2.5/3, Atheros ar521x, and Prism GT/Duette/Indigo chipsets; a list is available on the hostapd homepage, along with links for Linux drivers for each chipset. I have an Atheros AR5212-based PCI card installed on my WAP, which is supported by hostapd. Although any Pentium (or newer) system will work, some PCI wireless cards require PCI 2.2 to operate, so make sure to check your system's motherboard specifications before buying. You will also need an Ethernet interface that's supported by Linux for connecting your WAP to the LAN; most on-board interfaces will work just fine.



            My setup is based on Debian Testing (Etch), but any GNU/Linux distribution with a recent 2.6 kernel will work. The kernel must support 802.1d Ethernet Bridging (CONFIG_BRIDGE) and Wireless LAN (CONFIG_NET_RADIO). Most default stock kernels have these features enabled, but if you prefer to build your own kernel, make sure to include these options. The only other packages you need to install, besides hostapd, are bridge-utils and wireless-tools. Major GNU/Linux distributions offer binary packages for all these programs, but if you prefer to build them from source, you can find more information on their homepages.



            Before bridging together the two interfaces we must put the wireless interface (in my case ath0; adjust it to match your setup) in hostap or Master mode. Usually this is as simple as running iwconfig ath0 mode Master, but since wlan support in Linux is not yet standardized, some drivers may need additional configuration. If you have an Atheros-based interface you also need to run the following: wlanconfig ath0 destroy; wlanconfig ath0 create wlandev wifi0 wlanmode ap before the iwconfig command. After that, running iwconfig ath0 will return mode:Master, among others.



            Now let's create the bridge. We'll assume that the Ethernet interface is eth0:



            ifconfig eth0 0.0.0.0 up
            ifconfig ath0 0.0.0.0 up
            brctl addbr br0
            brctl addif br0 eth0
            brctl addif br0 ath0


            And for stopping the bridge, you should run:



            ifconfig br0 down
            ifconfig eth0 0.0.0.0 down
            ifconfig ath0 0.0.0.0 down
            brctl delif br0 eth0
            brctl delif br0 ath0
            brctl delbr br0


            You can optionally give an IP address to the br0 interface if you want to access the WAP host from the network, using for instance SSH. Each distribution offers its own way to configure the network; if you use Debian (or any Debian-based distribution, such as Ubuntu) you can wrap up all the previous commands by simply adding the following to your /etc/network/interfaces file:



            auto ath0 br0

            iface ath0 inet manual
            pre-up wlanconfig ath0 destroy
            pre-up wlanconfig ath0 create wlandev wifi0 wlanmode ap
            post-down wlanconfig ath0 destroy
            wireless-mode master

            iface br0 inet manual
            bridge_ports eth0 ath0


            Note that ifupdown handles eth0 automatically, so you don't need a separate stanza for it in /etc/network/interfaces. To verify that the bridge is configured correctly, run brctl show. You should get something like this in return:



            bridge name     bridge id               STP enabled     interfaces
            br0 8000.00032f2481f0 no ath0
            eth0


            Before starting to mess with hostapd we need a pass phrase for WPA2. As with all passwords, it should be random and thus hard to guess. A nice way to get a random pass phrase is to visit Gibson Research Corp.'s Ultra High Security Password Generator and use the third password it creates – the one titled 63 random alpha-numeric characters (a-z, A-Z, 0-9). Having a passphrase that includes non-alpha-numeric ASCII characters (e.g. !, @, etc.) might be tempting, but some clients -- namely Windows XP -- don't seem to like them.



            Now create a new text file named /etc/hostapd/wpa_psk and paste your pass phrase as:



            00:00:00:00:00:00 PASSPHRASE


            The first part with the zeros means 'match all MAC addresses,' and does exactly that. You can also use different passphrases for each client by appending a new line to the file with each client's MAC address and its passphrase. Make sure that only root has access to that file by running chmod 600 /etc/hostapd/wpa_psk.



            Now create a backup of hostapd's main configuration file, /etc/hostapd/hostapd.conf, and keep it as a reference by running mv /etc/hostapd/hostapd.conf /etc/hostapd/hostapd.conf.orig. Create a new hostapd.conf file and paste the following lines into it:



            interface=ath0
            bridge=br0
            driver=madwifi
            logger_syslog=-1
            logger_syslog_level=2
            logger_stdout=-1
            logger_stdout_level=2
            debug=0
            dump_file=/tmp/hostapd.dump
            ctrl_interface=/var/run/hostapd
            ctrl_interface_group=0
            ssid=My_Secure_WLAN
            #macaddr_acl=1
            #accept_mac_file=/etc/hostapd/accept
            auth_algs=3
            eapol_key_index_workaround=0
            eap_server=0
            wpa=3
            wpa_psk_file=/etc/hostapd/wpa_psk
            wpa_key_mgmt=WPA-PSK
            wpa_pairwise=CCMP
            stakey=0


            Replace the parts in italics with information that matches your setup. If you want to allow only specific clients to connect, remove the # character from the two lines above and copy the MAC addresses of those clients to /etc/hostapd/accept, and make this file accessible only by root (chmod 600). For more information about the options used, read the comments in the backup file you created previously (hostapd.conf.orig).



            Start the hostapd daemon (/etc/init.d/hostapd start) and check /var/log/daemon.log to verify that it works. If the daemon does not come up, increase the debug level (option debug= in hostapd.conf) to 4 and try again.



            Now if you scan for available wireless networks from a client, you should see your ESSID. To connect to the WAP from a Linux client, you need to install wpa_supplicant and create a configuration file, wpa_supplicant.conf (in Debian, installed in /etc/wpa_supplicant/) like the following:



            update_config=1
            ctrl_interface=/var/run/wpa_supplicant
            ctrl_interface_group=0
            eapol_version=1
            ap_scan=1
            fast_reauth=1

            network={
            ssid="My_Secure_WLAN"
            proto=RSN
            key_mgmt=WPA-PSK
            pairwise=CCMP
            group=CCMP
            psk="PASSPHRASE"
            priority=5
            }


            Again replace the parts in italics to match your setup and run wpa_supplicant -i eth1 -D wext -c /etc/wpa_supplicant/wpa_supplicant.conf (replacing eth1 with your wlan interface name and wext with the appropriate driver for your card; run wpa_supplicant without any options for more information). This command starts wpa_supplicant in the foreground and tries to connect to the WAP. If the output looks like the following, you're all set:



            Trying to associate with 00:11:22:33:44:55 (SSID='My_Secure_WLAN' freq=0 MHz)
            Associated with 00:11:22:33:44:55
            WPA: Key negotiation completed with 00:11:22:33:44:55 [PTK=CCMP GTK=CCMP]
            CTRL-EVENT-CONNECTED - Connection to 00:11:22:33:44:55 completed (auth) [id=0 id_str=]


            Give a static IP address to your wireless interface (or run a DHCP client) and try to ping a host inside your LAN to verify that the connection works.



            Congratulations, you've just built yourself a highly customizable wireless access point. Although this setup is ideal for home or small office usage, you need something more robust in the enterprise, with authentication with a RADIUS server, or even better, a VPN.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited 2 mins ago









            karel

            61.1k13132155




            61.1k13132155










            answered Aug 6 '10 at 14:24









            popeypopey

            13.2k74791




            13.2k74791








            • 1





              It is a lot outdated... The kernel wireless driver stack have changed since then apparently!

              – LassePoulsen
              Aug 6 '10 at 14:44











            • True, but the bridge and wpa_supplicant stuff which is the raw stuff needed to get it up is useful.

              – popey
              Aug 6 '10 at 15:05






            • 1





              The page is a 404. -1 from me. If you had summed up the info contained in the linke your answer would be still valid.

              – Marco
              May 5 '13 at 22:09











            • Archive.org is your friend... web.archive.org/web/20110830173316/http://www.linux.com/learn/…

              – popey
              May 7 '13 at 8:05











            • Dead link......

              – obayhan
              Aug 28 '17 at 10:17














            • 1





              It is a lot outdated... The kernel wireless driver stack have changed since then apparently!

              – LassePoulsen
              Aug 6 '10 at 14:44











            • True, but the bridge and wpa_supplicant stuff which is the raw stuff needed to get it up is useful.

              – popey
              Aug 6 '10 at 15:05






            • 1





              The page is a 404. -1 from me. If you had summed up the info contained in the linke your answer would be still valid.

              – Marco
              May 5 '13 at 22:09











            • Archive.org is your friend... web.archive.org/web/20110830173316/http://www.linux.com/learn/…

              – popey
              May 7 '13 at 8:05











            • Dead link......

              – obayhan
              Aug 28 '17 at 10:17








            1




            1





            It is a lot outdated... The kernel wireless driver stack have changed since then apparently!

            – LassePoulsen
            Aug 6 '10 at 14:44





            It is a lot outdated... The kernel wireless driver stack have changed since then apparently!

            – LassePoulsen
            Aug 6 '10 at 14:44













            True, but the bridge and wpa_supplicant stuff which is the raw stuff needed to get it up is useful.

            – popey
            Aug 6 '10 at 15:05





            True, but the bridge and wpa_supplicant stuff which is the raw stuff needed to get it up is useful.

            – popey
            Aug 6 '10 at 15:05




            1




            1





            The page is a 404. -1 from me. If you had summed up the info contained in the linke your answer would be still valid.

            – Marco
            May 5 '13 at 22:09





            The page is a 404. -1 from me. If you had summed up the info contained in the linke your answer would be still valid.

            – Marco
            May 5 '13 at 22:09













            Archive.org is your friend... web.archive.org/web/20110830173316/http://www.linux.com/learn/…

            – popey
            May 7 '13 at 8:05





            Archive.org is your friend... web.archive.org/web/20110830173316/http://www.linux.com/learn/…

            – popey
            May 7 '13 at 8:05













            Dead link......

            – obayhan
            Aug 28 '17 at 10:17





            Dead link......

            – obayhan
            Aug 28 '17 at 10:17


















            draft saved

            draft discarded




















































            Thanks for contributing an answer to Ask Ubuntu!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1385%2fhow-to-set-up-ubuntu-as-wireless-accesspoint%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Why do type traits not work with types in namespace scope?What are POD types in C++?Why can templates only be...

            Will tsunami waves travel forever if there was no land?Why do tsunami waves begin with the water flowing away...

            Simple Scan not detecting my scanner (Brother DCP-7055W)Brother MFC-L2700DW printer can print, can't...