Difference between revisions of "Software access point"

From ArchWiki
Jump to: navigation, search
Line 4: Line 4:
 
A software access point is used when you want your computer to act as an access point for the local wireless network. It saves you the trouble of getting a separate wireless router.
 
A software access point is used when you want your computer to act as an access point for the local wireless network. It saves you the trouble of getting a separate wireless router.
  
= Things you need =
+
= Overview and Requirements =
 +
 
 +
Setting up an access point actually comprises two parts
 +
* setting up the '''link layer''', so that wireless clients can associate to your computer's "software access point" and send/receive IP packets; this is what the hostapd package will do for you
 +
* setting up the '''network configuration''' on you computer, so that IP data is properly forwarded between your computer and wireless clients
 +
 
 +
The second point is actually the more complicated one, and there's two basic ways for implementing it:
 +
# bridge: create a network ''bridge'' on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
 +
# NAT framework: with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)
 +
 
 +
The bridged approch is more simple, but it requires that any service that's required by your wireless clients (like, DHCP) are available on your computers interface. That means it will nor work if you have a dialup connection (e.g., via PPPoE or a 3G modem).
 +
 
 +
The NAT aproach is more versatile, as it clearly separates wifi clients from your computer; it will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.
 +
 
 +
So, what you will need is:
  
 
You will need:
 
You will need:
 +
* For the actual Wifi link layer:
 +
** prism2/2.5/3 pure pci wireless card or nl80211 compatible cards (e.g. ath9k)
 +
** wireless_tools, hostapd from pacman
 +
* For network setup:
 +
** either bridge-utils (for the bridged setup), or
 +
** iptables and dnsmasq (or dhcp) from pacman
 +
 +
= Steps to implement =
  
* prism2/2.5/3 pure pci wireless card or nl80211 compatible cards (e.g. ath9k)
+
== Wifi Link Layer ==
* wireless_tools, hostapd and bridge-utils from pacman
+
  
== Steps to implement ==
+
The actual Wifi "link" -- including WPA2 authentication -- is established via the hostapd package.
  
 
The config file of hostapd /etc/hostapd/hostapd.conf will help you to put your wireless device into master mode and willing to accept connection from other computers with encrypted password.
 
The config file of hostapd /etc/hostapd/hostapd.conf will help you to put your wireless device into master mode and willing to accept connection from other computers with encrypted password.
Line 17: Line 38:
 
Here is an example from http://www.su-root.co.uk/computing/turn-your-linux-computer-in-a-wireless-access-point-using-hostapd:
 
Here is an example from http://www.su-root.co.uk/computing/turn-your-linux-computer-in-a-wireless-access-point-using-hostapd:
  
  interface=wlan0
+
  interface=wlan0 # must match your wifi interface
  bridge=br0
+
  # bridge=br0   # uncomment only for the bridged setup
  driver=nl80211
+
  driver=nl80211 # change if necessary
 
  logger_stdout=-1
 
  logger_stdout=-1
 
  logger_stdout_level=2
 
  logger_stdout_level=2
  ssid=test
+
  ssid=test       # set to desired WiFi network name
 
  hw_mode=g
 
  hw_mode=g
 
  channel=6
 
  channel=6
 
  auth_algs=3
 
  auth_algs=3
  max_num_sta=5
+
  max_num_sta=255 # max number of clients
  wpa=2
+
  wpa=2           # use WPA2
 
  wpa_passphrase=tryyourbest
 
  wpa_passphrase=tryyourbest
 
  wpa_key_mgmt=WPA-PSK
 
  wpa_key_mgmt=WPA-PSK
Line 33: Line 54:
 
  rsn_pairwise=CCMP
 
  rsn_pairwise=CCMP
  
=== Set up bridge with kernel >= 2.6.33 ===
+
For automatically starting hostapd, add it to the DAEMONS array in the rc.conf file:
 +
 
 +
{{hc|/etc/rc.conf|2=
 +
...
 +
DAEMONS=( ...  hostapd ... )
 +
...
 +
}}
 +
 
 +
 
 +
== Routing Setup ==
 +
 
 +
=== Bridged Setup ===
 +
 
 +
==== Bridged Setup with Kernel >= 2.6.33) ====
 +
 
 
{{Out of date}}
 
{{Out of date}}
 
Due to changes in the kernel since version 2.6.33 [http://bugs.gentoo.org/show_bug.cgi?id=298824 bridges cannot contain an uninitialized interface].
 
Due to changes in the kernel since version 2.6.33 [http://bugs.gentoo.org/show_bug.cgi?id=298824 bridges cannot contain an uninitialized interface].
Line 77: Line 112:
 
   rc.d start hostapd
 
   rc.d start hostapd
  
=== Old way to set up bridge ===
+
==== Old way to set up bridge ====
  
 
before hostapd does its job, eth0, wlan0 and br0 must be up and do not have any address. we can put the following lines in /etc/rc.conf
 
before hostapd does its job, eth0, wlan0 and br0 must be up and do not have any address. we can put the following lines in /etc/rc.conf
Line 94: Line 129:
  
 
{{note|*untested* if your computer stops at the sign of "waiting for IP address" etc, that may be it can not find a dhcp server. so you need to set up one.}}
 
{{note|*untested* if your computer stops at the sign of "waiting for IP address" etc, that may be it can not find a dhcp server. so you need to set up one.}}
 +
 +
=== NAT Setup ===
 +
 +
The description below assumes that
 +
* network 192.168.0.x is used for the Wifi network
 +
* your computer acts as default gateway for that network (on 192.168.0.1), and
 +
* hostapd is attached to interface wlan0
 +
* your computer's internet connection is via ppp0
 +
If you need to use a different subnet, or if your device names are different, then please change the examples below accordingly.
 +
 +
==== Step 1: IP Configuration ====
 +
 +
Ensure that hostapd is running. Then perform these commands:
 +
 +
  ifconfig wlan0 192.168.0.1  # assign IP address to interface used by hostapd
 +
  sysctl net.ipv4.ip_forward=1 # enable IP forwarding
 +
  iptables -P FORWARD ACCEPT  # initialize iptables chains
 +
  iptables -P OUTPUT ACCEPT
 +
  iptables -P INPUT ACCEPT
 +
  iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE # setup NAT
 +
 +
This will establish proper IP forwarding and NAT for all WiFi clients that connect via hostapd.
 +
For more advanced configuration, or if you need to setup NAT with an existing forewall, see [[Simple stateful firewall]].
 +
 +
What's missing still is a DHCP service so clients can automatically acquire the needed settings.
 +
 +
==== Step 2: DHCP Server ====
 +
 +
While any DHCP server will do (like the dhcp package from pacman), the description here is based on the dnsmasq package; it is easier to configure and it provides caching for DNS queries coming from WiFi clients.
 +
 +
# Install the dnsmaq package:
 +
  pacman -Ss dnsmasq
 +
# Uncomment this line in /etc/dnsmasq.conf:
 +
{{hc|/etc/dnsmasq.conf|2=
 +
...
 +
conf-dir=/etc/dnsmasq.d
 +
...
 +
}}
 +
# Create the DHCP config for dnsmasq in a new file /etc/dnsmasq.d/dhcpd
 +
{{hc|/etc/dnsmasq.d/dhcpd|2=
 +
interface=wlan0
 +
dhcp-range=192.168.0.50,192.168.0.150,12h
 +
}}
  
 
== See also ==
 
== See also ==

Revision as of 14:15, 21 October 2012


A software access point is used when you want your computer to act as an access point for the local wireless network. It saves you the trouble of getting a separate wireless router.

Overview and Requirements

Setting up an access point actually comprises two parts

  • setting up the link layer, so that wireless clients can associate to your computer's "software access point" and send/receive IP packets; this is what the hostapd package will do for you
  • setting up the network configuration on you computer, so that IP data is properly forwarded between your computer and wireless clients

The second point is actually the more complicated one, and there's two basic ways for implementing it:

  1. bridge: create a network bridge on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
  2. NAT framework: with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)

The bridged approch is more simple, but it requires that any service that's required by your wireless clients (like, DHCP) are available on your computers interface. That means it will nor work if you have a dialup connection (e.g., via PPPoE or a 3G modem).

The NAT aproach is more versatile, as it clearly separates wifi clients from your computer; it will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.

So, what you will need is:

You will need:

  • For the actual Wifi link layer:
    • prism2/2.5/3 pure pci wireless card or nl80211 compatible cards (e.g. ath9k)
    • wireless_tools, hostapd from pacman
  • For network setup:
    • either bridge-utils (for the bridged setup), or
    • iptables and dnsmasq (or dhcp) from pacman

Steps to implement

Wifi Link Layer

The actual Wifi "link" -- including WPA2 authentication -- is established via the hostapd package.

The config file of hostapd /etc/hostapd/hostapd.conf will help you to put your wireless device into master mode and willing to accept connection from other computers with encrypted password.

Here is an example from http://www.su-root.co.uk/computing/turn-your-linux-computer-in-a-wireless-access-point-using-hostapd:

interface=wlan0 # must match your wifi interface
# bridge=br0    # uncomment only for the bridged setup
driver=nl80211  # change if necessary
logger_stdout=-1
logger_stdout_level=2
ssid=test       # set to desired WiFi network name
hw_mode=g
channel=6
auth_algs=3
max_num_sta=255 # max number of clients
wpa=2           # use WPA2
wpa_passphrase=tryyourbest
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP

For automatically starting hostapd, add it to the DAEMONS array in the rc.conf file:

/etc/rc.conf
...
DAEMONS=( ...  hostapd ... )
...


Routing Setup

Bridged Setup

Bridged Setup with Kernel >= 2.6.33)

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: please use the first argument of the template to provide a brief explanation. (Discuss in Talk:Software access point#)

Due to changes in the kernel since version 2.6.33 bridges cannot contain an uninitialized interface. Because of this we need hostapd to add the wlan interface to the bridge instead.

Requirements:

  • kernel >= 2.6.33
  • hostapd >= 0.7.1
  • bridge-utils

One way to set this up since the changes in rc.conf because of the deprecation of net-tools is to use Netcfg:

Setup a profile in /etc/network.d/ (for example called "bridge").

/etc/network.d/bridge
INTERFACE="br0"
CONNECTION="bridge"
DESCRIPTION="Bridge wired and wireless connection"

# Only add wired interface here, hostapd will add wireless
BRIDGE_INTERFACES="eth0"
IP="dhcp"

In rc.conf make sure you do the following:

  • Add the bridge profile to the NETWORKS list.
  • Make sure you are starting the profiles by adding net-profiles to the DAEMONS list.
  • Start hostapd after net-profiles by adding it to the DAEMONS list.
/etc/rc.conf
NETWORKS=( bridge )

...

DAEMONS=( ... net-profiles hostapd ... )

Reboot the machine and use another computer to see if you can find the "test" wireless connection.

If you do not want to reboot these commands should work:

 netcfg up bridge
 rc.d start hostapd

Old way to set up bridge

before hostapd does its job, eth0, wlan0 and br0 must be up and do not have any address. we can put the following lines in /etc/rc.conf

eth0="eth0 up"
wlan0="wlan0 up"
br0="br0 192.168.0.2 netmask 255.255.255.0 up"
INTERFACES=(lo eth0 wlan0 br0)

in the /etc/conf.d/bridges file, uncomment the lines (change eth1 to wlan0)

bridge_br0="eth0 wlan0"
BRIDGE_INTERFACES=(br0)

we are ready to go, just reboot the machine and use another computer to see if you can find the "test" wireless connection.

Note: *untested* if your computer stops at the sign of "waiting for IP address" etc, that may be it can not find a dhcp server. so you need to set up one.

NAT Setup

The description below assumes that

  • network 192.168.0.x is used for the Wifi network
  • your computer acts as default gateway for that network (on 192.168.0.1), and
  • hostapd is attached to interface wlan0
  • your computer's internet connection is via ppp0

If you need to use a different subnet, or if your device names are different, then please change the examples below accordingly.

Step 1: IP Configuration

Ensure that hostapd is running. Then perform these commands:

  ifconfig wlan0 192.168.0.1   # assign IP address to interface used by hostapd
  sysctl net.ipv4.ip_forward=1 # enable IP forwarding
  iptables -P FORWARD ACCEPT   # initialize iptables chains
  iptables -P OUTPUT ACCEPT
  iptables -P INPUT ACCEPT
  iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE # setup NAT

This will establish proper IP forwarding and NAT for all WiFi clients that connect via hostapd. For more advanced configuration, or if you need to setup NAT with an existing forewall, see Simple stateful firewall.

What's missing still is a DHCP service so clients can automatically acquire the needed settings.

Step 2: DHCP Server

While any DHCP server will do (like the dhcp package from pacman), the description here is based on the dnsmasq package; it is easier to configure and it provides caching for DNS queries coming from WiFi clients.

  1. Install the dnsmaq package:
 pacman -Ss dnsmasq
  1. Uncomment this line in /etc/dnsmasq.conf:
/etc/dnsmasq.conf
...
conf-dir=/etc/dnsmasq.d
...
  1. Create the DHCP config for dnsmasq in a new file /etc/dnsmasq.d/dhcpd
/etc/dnsmasq.d/dhcpd
interface=wlan0
dhcp-range=192.168.0.50,192.168.0.150,12h

See also