Difference between revisions of "Software access point"

From ArchWiki
Jump to: navigation, search
(added troubleshooting section/ slow wlan -> install haveged for more entropy)
m (added links to related pages)
(15 intermediate revisions by 8 users not shown)
Line 1: Line 1:
 
[[ru:Software Access Point]]
 
[[ru:Software Access Point]]
 
[[Category:Wireless Networking]]
 
[[Category:Wireless Networking]]
 +
{{Article summary start}}
 +
{{Article summary text|Basic setup of wifi access point.}}
 +
{{Article summary heading|Related}}
 +
{{Article summary wiki|Network Configuration}}
 +
{{Article summary wiki|Wireless Setup}}
 +
{{Article summary wiki|Ad-hoc networking}}
 +
{{Article summary wiki|Internet Share}}
 +
{{Article summary end}}
 +
A software access point is used when you want your computer to act as an wifi access point for the local wireless network. It saves you the trouble of getting a separate wireless router.
  
A software access point is used when you want your computer to act as an access point for the local wireless network. It saves you the trouble of getting a separate wireless router.
+
== Requirements ==
  
= Overview and Requirements =
+
* A nl80211 compatible wireless device (e.g. ath9k)
 +
 
 +
== Overview ==
  
 
Setting up an access point comprises two main parts:
 
Setting up an access point comprises two main parts:
* Setting up the '''link layer''', so that wireless clients can associate to your computer's "software access point" and send/receive IP packets from/to your computer; this is what the hostapd package will do for you
+
* Setting up the '''wifi link layer''', so that wireless clients can associate to your computer's "software access point" and send/receive IP packets from/to your computer; this is what the hostapd package will do for you.
 
* Setting up the '''network configuration''' on you computer, so that your computer will properly relay IP packets from/to its own Internet connection from/to wireless clients.
 
* Setting up the '''network configuration''' on you computer, so that your computer will properly relay IP packets from/to its own Internet connection from/to wireless clients.
 
The second point is actually the more complicated one, and there's two basic ways for implementing it:
 
# bridge: create a network ''bridge'' on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
 
# NAT framework: with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)
 
 
The bridged approch is more simple, but it requires that any service that's needed by your wireless clients (like, DHCP) is available on your computers external interface. That means it will not work if you have a dialup connection (e.g., via PPPoE or a 3G modem) or if you're using a cable modem that will supply exactly one IP address to you via DHCP.
 
 
The NAT aproach is more versatile, as it clearly separates wifi clients from your computer and it's completely transparent to the outside world. It will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.
 
 
So, what you will need is:
 
* For the actual Wifi link layer:
 
** prism2/2.5/3 pure pci wireless card or nl80211 compatible cards (e.g. ath9k)
 
** wireless_tools, hostapd from pacman
 
* For the network setup:
 
** either bridge-utils (for the bridged setup), or
 
** iptables and dnsmasq (or dhcp) from pacman
 
 
= Steps to implement =
 
  
 
== Wifi Link Layer ==
 
== Wifi Link Layer ==
  
The actual Wifi "link" -- including WPA2 authentication -- is established via the hostapd package:
+
The actual Wifi link is established via the {{Pkg|hostapd}} package. That package is compatible with WPA2.
  pacman -S hostapd
 
  
The config file of hostapd /etc/hostapd/hostapd.conf will help you to put your wireless device into master mode and willing to accept connection from other computers with encrypted password.
+
[[pacman|Install]] the {{Pkg|hostapd}} package from the [[Official Repositories|official repositories]].
  
Here is an example from http://www.su-root.co.uk/computing/turn-your-linux-computer-in-a-wireless-access-point-using-hostapd:
+
Create the config file of hostapd {{ic|/etc/hostapd/hostapd.conf}}.  
  
interface=wlan0 # must match your wifi interface
+
Adjust the options as necessary. Especially, change the {{ic|ssid}} and the {{ic|wpa_passphrase}}.
# bridge=br0   # uncomment only for the bridged setup
+
{{hc|/etc/hostapd/hostapd.conf|<nowiki>
driver=nl80211 # change if necessary
+
ssid=YourWifiName
logger_stdout=-1
+
wpa_passphrase=Somepassphrase
logger_stdout_level=2
+
interface=wlan0
ssid=test      # set to desired WiFi network name
+
bridge=br0
hw_mode=g
+
auth_algs=3
channel=6
+
channel=7
auth_algs=3
+
driver=nl80211
max_num_sta=255 # max number of clients
+
hw_mode=g
wpa=2           # use WPA2
+
logger_stdout=-1
wpa_passphrase=tryyourbest
+
logger_stdout_level=2
wpa_key_mgmt=WPA-PSK
+
max_num_sta=5
wpa_pairwise=TKIP CCMP
+
rsn_pairwise=CCMP
rsn_pairwise=CCMP
+
wpa=2
 +
wpa_key_mgmt=WPA-PSK
 +
wpa_pairwise=TKIP CCMP
 +
</nowiki>}}
  
For automatically starting hostapd, add it to the DAEMONS array in the rc.conf file:
+
For automatically starting hostapd, [[Daemon|enable]] the {{ic|hostapd.service}}.
  
{{hc|/etc/rc.conf|2=
+
== Network configuration ==
...
 
DAEMONS=( ...  hostapd ... )
 
...
 
}}
 
  
== Routing Setup ==
+
There are two basic ways for implementing this:
 +
# '''bridge''': create a network ''bridge'' on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
 +
# '''NAT''': with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)
  
=== Bridged Setup ===
+
The bridge approach is more simple, but it requires that any service that's needed by your wireless clients (like, DHCP) is available on your computers external interface. That means it will not work if you have a dialup connection (e.g., via PPPoE or a 3G modem) or if you're using a cable modem that will supply exactly one IP address to you via DHCP.
  
==== Bridged Setup with Kernel >= 2.6.33) ====
+
The NAT aproach is more versatile, as it clearly separates wifi clients from your computer and it's completely transparent to the outside world. It will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.
 
 
{{Out of date}}
 
Due to changes in the kernel since version 2.6.33 [http://bugs.gentoo.org/show_bug.cgi?id=298824 bridges cannot contain an uninitialized interface].
 
Because of this we need hostapd to add the wlan interface to the bridge instead.
 
 
 
Requirements:
 
* kernel >= 2.6.33
 
* hostapd >= 0.7.1
 
* bridge-utils
 
 
 
One way to set this up since the [http://bbs.archlinux.org/viewtopic.php?id=120549 changes in rc.conf] because of the deprecation of [http://www.archlinux.org/news/deprecation-of-net-tools/ net-tools] is to use [[Netcfg]]:
 
 
 
Setup a profile in /etc/network.d/ (for example called "bridge").
 
 
 
{{hc|/etc/network.d/bridge|2=
 
INTERFACE="br0"
 
CONNECTION="bridge"
 
DESCRIPTION="Bridge wired and wireless connection"
 
 
 
# Only add wired interface here, hostapd will add wireless
 
BRIDGE_INTERFACES="eth0"
 
IP="dhcp"}}
 
 
 
In rc.conf make sure you do the following:
 
 
 
* Add the bridge profile to the NETWORKS list.
 
* Make sure you are starting the profiles by adding net-profiles to the DAEMONS list.
 
* Start hostapd after net-profiles by adding it to the DAEMONS list.
 
 
 
{{hc|/etc/rc.conf|2=
 
NETWORKS=( bridge )
 
 
 
...
 
 
 
DAEMONS=( ... net-profiles hostapd ... )
 
}}
 
 
 
Reboot the machine and use another computer to see if you can find the "test" wireless connection.
 
 
 
If you do not want to reboot these commands should work:
 
 
 
  netcfg up bridge
 
  rc.d start hostapd
 
 
 
==== Old way to set up bridge ====
 
 
 
before hostapd does its job, eth0, wlan0 and br0 must be up and do not have any address. we can put the following lines in /etc/rc.conf
 
 
 
eth0="eth0 up"
 
wlan0="wlan0 up"
 
br0="br0 192.168.0.2 netmask 255.255.255.0 up"
 
INTERFACES=(lo eth0 wlan0 br0)
 
  
in the /etc/conf.d/bridges file, uncomment the lines (change eth1 to wlan0)
+
Of course, it is possible to ''combine both things''. For that, studying both articles would be necessary. Example: Like having a bridge that contains both an ethernet device and the wireless device with an static ip, offering DHCP and setting NAT configured to relay the traffic to an additional network device - that can be ppp or eth.
  
bridge_br0="eth0 wlan0"
+
=== Bridge Setup ===
BRIDGE_INTERFACES=(br0)
 
  
we are ready to go, just reboot the machine and use another computer to see if you can find the "test" wireless connection.
+
You need to create a network ''bridge'' and add your network interface (e.g. {{ic|eth0}}) to it. You '''should not''' add the wireless device (e.g. {{ic|wlan0}}) to the bridge; hostapd will add it on its own.  
  
{{note|*untested* if your computer stops at the sign of "waiting for IP address" etc, that may be it can not find a dhcp server. so you need to set up one.}}
+
If you use [[netctl]], see [[Bridge with netctl]] for details (just do not add {{ic|tap0}} used in that example).
  
 
=== NAT Setup ===
 
=== NAT Setup ===
  
The description below assumes that
+
See [https://bbs.archlinux.org/viewtopic.php?pid=1269258 create_ap]. This script combines {{Pkg|hostapd}}, [[dnsmasq]] and [[iptables]] to create a NATed Access Point.
* network 192.168.0.x is used for the Wifi network
 
* your computer acts as default gateway for that network (on 192.168.0.1), and
 
* hostapd is attached to interface wlan0
 
* your computer's internet connection is via ppp0
 
If you need to use a different subnet, or if your device names are different, then please change the examples below accordingly.
 
  
==== Step 1: IP Configuration ====
+
See [[Internet Share]] for details.
  
Ensure that hostapd is running (run /etc/rd.c/hostapd start). Then perform these commands:
+
On that article, the device connected to the lan is {{ic|net0}}. That device would be in this case your wireless device (e.g. {{ic|wlan0}}).
  
  ifconfig wlan0 192.168.0.1  # assign IP address to interface used by hostapd
+
== Troubleshooting ==
  sysctl net.ipv4.ip_forward=1 # enable IP forwarding
 
  iptables -P FORWARD ACCEPT  # initialize iptables chains
 
  iptables -P OUTPUT ACCEPT
 
  iptables -P INPUT ACCEPT
 
  iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE # setup NAT
 
  
This will establish proper IP forwarding and NAT for all WiFi clients that connect via hostapd.
+
===WLAN is very slow===
For more advanced configuration, or if you need to setup NAT with an existing forewall, see [[Simple stateful firewall]].
 
  
What's missing still is a DHCP service so clients can automatically acquire the needed settings.
+
This could be caused by low entropy. Consider installing [[haveged]].
 
 
==== Step 2: DHCP Server ====
 
 
 
While any DHCP server will do (like the dhcp package from pacman), the description here is based on the dnsmasq package; it is easier to configure and it provides caching for DNS queries coming from WiFi clients.
 
 
 
Install the dnsmasq package:
 
  pacman -S dnsmasq
 
Uncomment this line in /etc/dnsmasq.conf:
 
{{hc|/etc/dnsmasq.conf|2=
 
...
 
conf-dir=/etc/dnsmasq.d
 
...
 
}}
 
Create the DHCP config for dnsmasq in a new file /etc/dnsmasq.d/dhcpd
 
{{hc|/etc/dnsmasq.d/dhcpd|2=
 
interface=wlan0
 
dhcp-range=192.168.0.50,192.168.0.150,12h
 
}}
 
  
Then start dnsmasq by running
+
===NetworkManager is interfering===
  /etc/rc.d/dnsmasq start
 
  
At this points, WiFi clients should be able to connect to your network, then acquire the network config via DHCP, and then send/receive data using your computer as a NATted router.
+
hostapd may not work, if the device is managed by NetworkManager. You can mask the device:
  
= Troubleshooting =
+
{{hc|/etc/NetworkManager/NetworkManager.conf|<nowiki>
==WLAN is very slow==
+
[keyfile]
This could be caused by low entropy. Consider installing [[haveged]].
+
unmanaged-devices=mac:<hwaddr>
 +
</nowiki>}}
  
= See also =
+
== See also ==
  
 
* [http://wireless.kernel.org/RTFM-AP hostapd Linux documentation page]
 
* [http://wireless.kernel.org/RTFM-AP hostapd Linux documentation page]
 
* [[Router]]
 
* [[Router]]
 
* [http://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/ Hostapd : The Linux Way to create Virtual Wifi Access Point]
 
* [http://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/ Hostapd : The Linux Way to create Virtual Wifi Access Point]
 +
* [http://xyne.archlinux.ca/notes/network/dhcp_with_dns.html tutorial and script for configuring a subnet with DHCP and DNS]

Revision as of 12:02, 17 August 2013

Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary end A software access point is used when you want your computer to act as an wifi access point for the local wireless network. It saves you the trouble of getting a separate wireless router.

Requirements

  • A nl80211 compatible wireless device (e.g. ath9k)

Overview

Setting up an access point comprises two main parts:

  • Setting up the wifi link layer, so that wireless clients can associate to your computer's "software access point" and send/receive IP packets from/to your computer; this is what the hostapd package will do for you.
  • Setting up the network configuration on you computer, so that your computer will properly relay IP packets from/to its own Internet connection from/to wireless clients.

Wifi Link Layer

The actual Wifi link is established via the hostapd package. That package is compatible with WPA2.

Install the hostapd package from the official repositories.

Create the config file of hostapd /etc/hostapd/hostapd.conf.

Adjust the options as necessary. Especially, change the ssid and the wpa_passphrase. 

/etc/hostapd/hostapd.conf
ssid=YourWifiName
wpa_passphrase=Somepassphrase
interface=wlan0
bridge=br0
auth_algs=3
channel=7
driver=nl80211
hw_mode=g
logger_stdout=-1
logger_stdout_level=2
max_num_sta=5
rsn_pairwise=CCMP
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP

For automatically starting hostapd, enable the hostapd.service.

Network configuration

There are two basic ways for implementing this:

  1. bridge: create a network bridge on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
  2. NAT: with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)

The bridge approach is more simple, but it requires that any service that's needed by your wireless clients (like, DHCP) is available on your computers external interface. That means it will not work if you have a dialup connection (e.g., via PPPoE or a 3G modem) or if you're using a cable modem that will supply exactly one IP address to you via DHCP.

The NAT aproach is more versatile, as it clearly separates wifi clients from your computer and it's completely transparent to the outside world. It will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.

Of course, it is possible to combine both things. For that, studying both articles would be necessary. Example: Like having a bridge that contains both an ethernet device and the wireless device with an static ip, offering DHCP and setting NAT configured to relay the traffic to an additional network device - that can be ppp or eth.

Bridge Setup

You need to create a network bridge and add your network interface (e.g. eth0) to it. You should not add the wireless device (e.g. wlan0) to the bridge; hostapd will add it on its own.

If you use netctl, see Bridge with netctl for details (just do not add tap0 used in that example).

NAT Setup

See create_ap. This script combines hostapd, dnsmasq and iptables to create a NATed Access Point.

See Internet Share for details.

On that article, the device connected to the lan is net0. That device would be in this case your wireless device (e.g. wlan0).

Troubleshooting

WLAN is very slow

This could be caused by low entropy. Consider installing haveged.

NetworkManager is interfering

hostapd may not work, if the device is managed by NetworkManager. You can mask the device: 

/etc/NetworkManager/NetworkManager.conf
[keyfile]
unmanaged-devices=mac:<hwaddr>

See also

Retrieved from "https://wiki.archlinux.org/index.php?title=Software_access_point&oldid=271434"