Difference between revisions of "Software access point"

From ArchWiki
Jump to: navigation, search
(wikify some external links, use https for archlinux.org)
(Wifi Link Layer: improved wording, formatted and clarified note about RTL8192CU chipset)
(20 intermediate revisions by 10 users not shown)
Line 1: Line 1:
 
[[ru:Software Access Point]]
 
[[ru:Software Access Point]]
 
[[Category:Wireless Networking]]
 
[[Category:Wireless Networking]]
 +
{{Article summary start}}
 +
{{Article summary text|Basic setup of wifi access point.}}
 +
{{Article summary heading|Related}}
 +
{{Article summary wiki|Network Configuration}}
 +
{{Article summary wiki|Wireless Setup}}
 +
{{Article summary wiki|Ad-hoc networking}}
 +
{{Article summary wiki|Internet Sharing}}
 +
{{Article summary end}}
 +
A software access point is used when you want your computer to act as an wifi access point for the local wireless network. It saves you the trouble of getting a separate wireless router.
  
A software access point is used when you want your computer to act as an access point for the local wireless network. It saves you the trouble of getting a separate wireless router.
+
== Requirements ==
  
= Overview and Requirements =
+
* A nl80211 compatible wireless device (e.g. ath9k)
 +
 
 +
== Overview ==
  
 
Setting up an access point comprises two main parts:
 
Setting up an access point comprises two main parts:
* Setting up the '''link layer''', so that wireless clients can associate to your computer's "software access point" and send/receive IP packets from/to your computer; this is what the hostapd package will do for you
+
* Setting up the '''wifi link layer''', so that wireless clients can associate to your computer's "software access point" and send/receive IP packets from/to your computer; this is what the hostapd package will do for you.
 
* Setting up the '''network configuration''' on you computer, so that your computer will properly relay IP packets from/to its own Internet connection from/to wireless clients.
 
* Setting up the '''network configuration''' on you computer, so that your computer will properly relay IP packets from/to its own Internet connection from/to wireless clients.
 
The second point is actually the more complicated one, and there's two basic ways for implementing it:
 
# bridge: create a network ''bridge'' on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
 
# NAT framework: with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)
 
 
The bridged approch is more simple, but it requires that any service that's needed by your wireless clients (like, DHCP) is available on your computers external interface. That means it will not work if you have a dialup connection (e.g., via PPPoE or a 3G modem) or if you're using a cable modem that will supply exactly one IP address to you via DHCP.
 
 
The NAT aproach is more versatile, as it clearly separates wifi clients from your computer and it's completely transparent to the outside world. It will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.
 
 
So, what you will need is:
 
* For the actual Wifi link layer:
 
** prism2/2.5/3 pure pci wireless card or nl80211 compatible cards (e.g. ath9k)
 
** wireless_tools, hostapd from pacman
 
* For the network setup:
 
** either bridge-utils (for the bridged setup), or
 
** iptables and dnsmasq (or dhcp) from pacman
 
 
= Steps to implement =
 
  
 
== Wifi Link Layer ==
 
== Wifi Link Layer ==
  
The actual Wifi "link" -- including WPA2 authentication -- is established via the hostapd package:
+
The actual Wifi link is established via the {{Pkg|hostapd}} package (available in the [[official repositories]]). The package has WPA2 support.
  pacman -S hostapd
 
  
The config file of hostapd /etc/hostapd/hostapd.conf will help you to put your wireless device into master mode and willing to accept connection from other computers with encrypted password.
+
Adjust the options in ''hostapd'' configuration file if necessary. Especially, change the {{ic|ssid}} and the {{ic|wpa_passphrase}}.
  
Here is an example from http://www.su-root.co.uk/computing/turn-your-linux-computer-in-a-wireless-access-point-using-hostapd:
+
{{hc|/etc/hostapd/hostapd.conf|<nowiki>
 +
ssid=YourWifiName
 +
wpa_passphrase=Somepassphrase
 +
interface=wlan0
 +
bridge=br0
 +
auth_algs=3
 +
channel=7
 +
driver=nl80211
 +
hw_mode=g
 +
logger_stdout=-1
 +
logger_stdout_level=2
 +
max_num_sta=5
 +
rsn_pairwise=CCMP
 +
wpa=2
 +
wpa_key_mgmt=WPA-PSK
 +
wpa_pairwise=TKIP CCMP
 +
</nowiki>}}
  
interface=wlan0 # must match your wifi interface
+
For automatically starting hostapd, [[Daemon|enable]] the {{ic|hostapd.service}}.
# bridge=br0    # uncomment only for the bridged setup
 
driver=nl80211  # change if necessary
 
logger_stdout=-1
 
logger_stdout_level=2
 
ssid=test      # set to desired WiFi network name
 
hw_mode=g
 
channel=6
 
auth_algs=3
 
max_num_sta=255 # max number of clients
 
wpa=2          # use WPA2
 
wpa_passphrase=tryyourbest
 
wpa_key_mgmt=WPA-PSK
 
wpa_pairwise=TKIP CCMP
 
rsn_pairwise=CCMP
 
  
For automatically starting hostapd, add it to the DAEMONS array in the rc.conf file:
+
{{Note|If you have a card based on RTL8192CU chipset, you will have to build [http://anarsoul.blogspot.com.es/2013/08/access-point-with-raspberry-pi-and.html this] patched version of ''hostapd'' and replace {{ic|1=driver=nl80211}} with {{ic|1=driver=rtl871xdrv}} in the {{ic|hostapd.conf}} file.}}
  
{{hc|/etc/rc.conf|2=
+
== Network configuration ==
...
 
DAEMONS=( ...  hostapd ... )
 
...
 
}}
 
  
== Routing Setup ==
+
There are two basic ways for implementing this:
 +
# '''bridge''': create a network ''bridge'' on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
 +
# '''NAT''': with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)
  
=== Bridged Setup ===
+
The bridge approach is simpler, but it requires that any service that's needed by your wireless clients (like, DHCP) is available on your computers external interface. That means it will not work if you have a dialup connection (e.g., via PPPoE or a 3G modem) or if you're using a cable modem that will supply exactly one IP address to you via DHCP.
  
==== Bridged Setup with Kernel >= 2.6.33) ====
+
The NAT aproach is more versatile, as it clearly separates wifi clients from your computer and it's completely transparent to the outside world. It will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.
 
 
{{Out of date}}
 
Due to changes in the kernel since version 2.6.33 [http://bugs.gentoo.org/show_bug.cgi?id=298824 bridges cannot contain an uninitialized interface].
 
Because of this we need hostapd to add the wlan interface to the bridge instead.
 
 
 
Requirements:
 
* kernel >= 2.6.33
 
* hostapd >= 0.7.1
 
* bridge-utils
 
 
 
One way to set this up since the [https://bbs.archlinux.org/viewtopic.php?id=120549 changes in rc.conf] because of the deprecation of [https://www.archlinux.org/news/deprecation-of-net-tools/ net-tools] is to use [[Netcfg]]:
 
 
 
Setup a profile in /etc/network.d/ (for example called "bridge").
 
 
 
{{hc|/etc/network.d/bridge|2=
 
INTERFACE="br0"
 
CONNECTION="bridge"
 
DESCRIPTION="Bridge wired and wireless connection"
 
 
 
# Only add wired interface here, hostapd will add wireless
 
BRIDGE_INTERFACES="eth0"
 
IP="dhcp"}}
 
  
In rc.conf make sure you do the following:
+
Of course, it is possible to ''combine both things''. For that, studying both articles would be necessary. Example: Like having a bridge that contains both an ethernet device and the wireless device with an static ip, offering DHCP and setting NAT configured to relay the traffic to an additional network device - that can be ppp or eth.
  
* Add the bridge profile to the NETWORKS list.
+
=== Bridge Setup ===
* Make sure you are starting the profiles by adding net-profiles to the DAEMONS list.
 
* Start hostapd after net-profiles by adding it to the DAEMONS list.
 
  
{{hc|/etc/rc.conf|2=
+
You need to create a network ''bridge'' and add your network interface (e.g. {{ic|eth0}}) to it. You '''should not''' add the wireless device (e.g. {{ic|wlan0}}) to the bridge; hostapd will add it on its own.
NETWORKS=( bridge )
 
  
...
+
If you use [[netctl]], see [[Bridge with netctl]] for details (just do not add {{ic|tap0}} used in that example).
 
 
DAEMONS=( ... net-profiles hostapd ... )
 
}}
 
 
 
Reboot the machine and use another computer to see if you can find the "test" wireless connection.
 
 
 
If you do not want to reboot these commands should work:
 
 
 
  netcfg up bridge
 
  rc.d start hostapd
 
 
 
==== Old way to set up bridge ====
 
 
 
before hostapd does its job, eth0, wlan0 and br0 must be up and do not have any address. we can put the following lines in /etc/rc.conf
 
 
 
eth0="eth0 up"
 
wlan0="wlan0 up"
 
br0="br0 192.168.0.2 netmask 255.255.255.0 up"
 
INTERFACES=(lo eth0 wlan0 br0)
 
 
 
in the /etc/conf.d/bridges file, uncomment the lines (change eth1 to wlan0)
 
 
 
bridge_br0="eth0 wlan0"
 
BRIDGE_INTERFACES=(br0)
 
 
 
we are ready to go, just reboot the machine and use another computer to see if you can find the "test" wireless connection.
 
 
 
{{note|*untested* if your computer stops at the sign of "waiting for IP address" etc, that may be it can not find a dhcp server. so you need to set up one.}}
 
  
 
=== NAT Setup ===
 
=== NAT Setup ===
  
The description below assumes that
+
See [[Internet Sharing]] for details.
* network 192.168.0.x is used for the Wifi network
 
* your computer acts as default gateway for that network (on 192.168.0.1), and
 
* hostapd is attached to interface wlan0
 
* your computer's internet connection is via ppp0
 
If you need to use a different subnet, or if your device names are different, then please change the examples below accordingly.
 
  
==== Step 1: IP Configuration ====
+
On that article, the device connected to the lan is {{ic|net0}}. That device would be in this case your wireless device (e.g. {{ic|wlan0}}).
  
Ensure that hostapd is running (run /etc/rd.c/hostapd start). Then perform these commands:
+
== Scripts ==
  
  ifconfig wlan0 192.168.0.1  # assign IP address to interface used by hostapd
+
[https://bbs.archlinux.org/viewtopic.php?pid=1269258 create_ap] script combines {{Pkg|hostapd}}, [[dnsmasq]] and [[iptables]] to create a NATed Access Point.
  sysctl net.ipv4.ip_forward=1 # enable IP forwarding
 
  iptables -P FORWARD ACCEPT  # initialize iptables chains
 
  iptables -P OUTPUT ACCEPT
 
  iptables -P INPUT ACCEPT
 
  iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE # setup NAT
 
  
This will establish proper IP forwarding and NAT for all WiFi clients that connect via hostapd.
+
== Troubleshooting ==
For more advanced configuration, or if you need to setup NAT with an existing forewall, see [[Simple stateful firewall]].
 
  
What's missing still is a DHCP service so clients can automatically acquire the needed settings.
+
===WLAN is very slow===
  
==== Step 2: DHCP Server ====
+
This could be caused by low entropy. Consider installing [[haveged]].
  
While any DHCP server will do (like the dhcp package from pacman), the description here is based on the dnsmasq package; it is easier to configure and it provides caching for DNS queries coming from WiFi clients.
+
===NetworkManager is interfering===
  
Install the dnsmasq package:
+
hostapd may not work, if the device is managed by NetworkManager. You can mask the device:
  pacman -S dnsmasq
 
Uncomment this line in /etc/dnsmasq.conf:
 
{{hc|/etc/dnsmasq.conf|2=
 
...
 
conf-dir=/etc/dnsmasq.d
 
...
 
}}
 
Create the DHCP config for dnsmasq in a new file /etc/dnsmasq.d/dhcpd
 
{{hc|/etc/dnsmasq.d/dhcpd|2=
 
interface=wlan0
 
dhcp-range=192.168.0.50,192.168.0.150,12h
 
}}
 
  
Then start dnsmasq by running
+
{{hc|/etc/NetworkManager/NetworkManager.conf|<nowiki>
  /etc/rc.d/dnsmasq start
+
[keyfile]
 
+
unmanaged-devices=mac:<hwaddr>
At this points, WiFi clients should be able to connect to your network, then acquire the network config via DHCP, and then send/receive data using your computer as a NATted router.
+
</nowiki>}}
 
 
= Troubleshooting =
 
==WLAN is very slow==
 
This could be caused by low entropy. Consider installing [[haveged]].
 
  
= See also =
+
== See also ==
  
 
* [http://wireless.kernel.org/RTFM-AP hostapd Linux documentation page]
 
* [http://wireless.kernel.org/RTFM-AP hostapd Linux documentation page]
 
* [[Router]]
 
* [[Router]]
 
* [http://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/ Hostapd : The Linux Way to create Virtual Wifi Access Point]
 
* [http://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/ Hostapd : The Linux Way to create Virtual Wifi Access Point]
 +
* [http://xyne.archlinux.ca/notes/network/dhcp_with_dns.html tutorial and script for configuring a subnet with DHCP and DNS]

Revision as of 21:08, 1 November 2013

Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary wiki Template:Article summary end A software access point is used when you want your computer to act as an wifi access point for the local wireless network. It saves you the trouble of getting a separate wireless router.

Requirements

  • A nl80211 compatible wireless device (e.g. ath9k)

Overview

Setting up an access point comprises two main parts:

  • Setting up the wifi link layer, so that wireless clients can associate to your computer's "software access point" and send/receive IP packets from/to your computer; this is what the hostapd package will do for you.
  • Setting up the network configuration on you computer, so that your computer will properly relay IP packets from/to its own Internet connection from/to wireless clients.

Wifi Link Layer

The actual Wifi link is established via the hostapd package (available in the official repositories). The package has WPA2 support.

Adjust the options in hostapd configuration file if necessary. Especially, change the ssid and the wpa_passphrase.

/etc/hostapd/hostapd.conf
ssid=YourWifiName
wpa_passphrase=Somepassphrase
interface=wlan0
bridge=br0
auth_algs=3
channel=7
driver=nl80211
hw_mode=g
logger_stdout=-1
logger_stdout_level=2
max_num_sta=5
rsn_pairwise=CCMP
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP

For automatically starting hostapd, enable the hostapd.service.

Note: If you have a card based on RTL8192CU chipset, you will have to build this patched version of hostapd and replace driver=nl80211 with driver=rtl871xdrv in the hostapd.conf file.

Network configuration

There are two basic ways for implementing this:

  1. bridge: create a network bridge on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
  2. NAT: with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)

The bridge approach is simpler, but it requires that any service that's needed by your wireless clients (like, DHCP) is available on your computers external interface. That means it will not work if you have a dialup connection (e.g., via PPPoE or a 3G modem) or if you're using a cable modem that will supply exactly one IP address to you via DHCP.

The NAT aproach is more versatile, as it clearly separates wifi clients from your computer and it's completely transparent to the outside world. It will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.

Of course, it is possible to combine both things. For that, studying both articles would be necessary. Example: Like having a bridge that contains both an ethernet device and the wireless device with an static ip, offering DHCP and setting NAT configured to relay the traffic to an additional network device - that can be ppp or eth.

Bridge Setup

You need to create a network bridge and add your network interface (e.g. eth0) to it. You should not add the wireless device (e.g. wlan0) to the bridge; hostapd will add it on its own.

If you use netctl, see Bridge with netctl for details (just do not add tap0 used in that example).

NAT Setup

See Internet Sharing for details.

On that article, the device connected to the lan is net0. That device would be in this case your wireless device (e.g. wlan0).

Scripts

create_ap script combines hostapd, dnsmasq and iptables to create a NATed Access Point.

Troubleshooting

WLAN is very slow

This could be caused by low entropy. Consider installing haveged.

NetworkManager is interfering

hostapd may not work, if the device is managed by NetworkManager. You can mask the device:

/etc/NetworkManager/NetworkManager.conf
[keyfile]
unmanaged-devices=mac:<hwaddr>

See also