Hostapd : The Linux Way to create Virtual Wifi Access Point

NOTE: Although this guide should work in most cases, it is not flawless and still requires few minor modifications to make the process bug-free. Please do point out corrections and changes.

(After you are done with this post, please do checkout my Python Hostapd Client)

I was recently looking into ways to use my laptop’s wifi adapter as a wireless access point to enable my phone (Nokia E63) and playstation portable to connect to the internet through it. Ad-hoc feature may be used to share internet through wifi, but it doesn’t work with many phones and my PSP. I found connectify and virtual router for Windows which served this purpose, unsatisfactorily. Other than the reasons like Virtual Router not detecting my 3g modem and Connectify (free version) not allowing me to set desired ssid for my virtual access point, the biggest issue with these two was the limited modes available for the access point. Both the programs offered only WPA2-PSK encryption for infrastructure mode and WEP and open encryption for ad-hoc modes. Many devices connect only through infrastructure mode and support for WPA2-PSK is absent in few devices (including the PSP). Also, since I am a Linux user, I needed something else.

This is where hostapd kicks in.


“hostapd is a user space daemon for access point and authentication servers. “

In simple words, hostapd allows you to create software wifi access points allowing decent amount of configuration options. In rest of this post, I will show how to create a software access point in Linux using hostapd and share your internet to the devices through it. I have used my Lenovo Z560 with ath9k wifi driver under Arch Linux and have also tested it under Ubuntu 11.10. But the method is also applicable for other Linux distros and supported hardware.

If the method works/doesn’t work for a non-Atheros wifi card, please do comment.


  • Supported Wireless Card (ie. supports master mode)
  • An internet connection you want to share. (not strictly a neccessity)
  • A linux distro


First of all, you will need to find if your wireless card is supported by hostapd.

To check what kernel driver is in use for your wireless card, type the follwing in the terminal

lspci -k | grep -A 3 -i "network"

Look for the section in the output which corresponds to your Wireless controller. In my case, it is

06:00.0 Network controller: Atheros Communications Inc. AR9285 Wireless Network Adapter (PCI-Express) (rev 01)
Subsystem: Lenovo Device 30a1
Kernel driver in use: ath9k

The Bold part is my kernel driver in use. It will vary depending on your wifi card and driver you are using.

Now get the interface details of your wireless driver by

modinfo ath9k | grep 'depend'

replace ath9k by your wifi kernel driver you determined in the last step. In my case, the output was

depends: ath9k_hw,mac80211,ath9k_common,ath,cfg80211

modinfo says my Kernel driver supports mac80211 interface which is supported by hostapd which implies that my wifi card is compatible with hostapd.

Supported wireless cards/drivers


Install Hostapd from your distro’s repo

#Arch Linux
sudo pacman -S hostapd
sudo  apt-get update && sudo apt-get install hostapd
#Should be available in official repo of your distro

Or Download Hostapd here and compile it.


The /etc/hostapd/hostapd.conf is the main configuration which you need to deal with in order to set up a SoftAP.

This is the minimal configuration setting which will let you test if hostapd is working. Create a file ~/hostapd-test.conf
with the following content:

#change wlan0 to your wireless device

start hostapd by

sudo hostapd ~/hostapd-test.conf

Use a wifi device to check if the access point is being detected. You won’t be able to connect to it at present.
Once hostapd is working fine, its time to configure hostapd with more options.
Here is a brief overview of some of its options:

#sets the wifi interface to use, is wlan0 in most cases
#driver to use, nl80211 works in most cases
#sets the ssid of the virtual wifi access point
#sets the mode of wifi, depends upon the devices you will be using. It can be a,b,g,n. Setting to g ensures backward compatiblity.
#sets the channel for your wifi
#macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"
#setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid
#Sets authentication algorithm
#1 - only open system authentication
#2 - both open system authentication and shared key authentication

#####Sets WPA and WPA2 authentication#####
#wpa option sets which wpa implementation to use
#1 - wpa only
#2 - wpa2 only
#3 - both
#sets wpa passphrase required by the clients to authenticate themselves on the network
#sets wpa key management
#sets encryption used by WPA
#sets encryption used by WPA2


#####Sets WEP authentication#####
#WEP is not recommended as it can be easily broken into
wep_key0=qwert    #5,13, or 16 characters
#optionally you may also define wep_key2, wep_key3, and wep_key4

#For No encryption, you don't need to set any options

So, here is my complete /etc/hostapd/hostapd.conf with WPA authentication options.



Alternative Method: I recommend using dnsmasq over dhcpd for this scenario mainly due to the ease in configuring it. I have continued this post from this point in a new separate post which uses dnsmasq instead of dhcpd. If you have any reason to choose dhcpd over dnsmasq or if dnsmasq isn’t working for you, then carry on.

Now that hostapd is running fine, you need to setup a DHCP server to run along with hostapd in order to assign ip address to the devices connecting to the access point. Setting up a dhcp server is quite straightforward.

Install dhcp server from your distro’s repo.

#Arch Linux
sudo pacman -S dhcp
sudo  apt-get update && sudo apt-get install isc-dhcp-server
sudo yum -y install dhcp

edit /etc/dhcpd.conf (for arch linux) or /etc/dhcp/dhcpd.conf (for Ubuntu) to

ddns-update-style none;
ignore client-updates;
option local-wpad code 252 = text;

subnet netmask {
# --- default gateway
option routers;
# --- Netmask
option subnet-mask;
# --- Broadcast Address
option broadcast-address;
# --- Domain name servers, tells the clients which DNS servers to use.
option domain-name-servers,,;
option time-offset
default-lease-time 1209600;
max-lease-time 1814400;

options are easy to understand and you may change it according to your needs (if required).


The final steps involves enabling NAT to share internet in one network interface  with the clients connected through hostapd.

I have included all the steps to configure wlan interface, enable NAT, start DHCP server and hostapd in the BASH script below

Let the name of this file be initSoftAP.
Copy the BASH file below to the file initSoftAP.(and make changes to file according to your system)

#Initial wifi interface configuration
ifconfig $1 up netmask
sleep 2
###########Start DHCP, comment out / add relevant section##########
#Thanks to Panji
#Doesn't try to run dhcpd when already running
if [ "$(ps -e | grep dhcpd)" == "" ]; then
dhcpd $1 &
#Enable NAT
iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface $2 -j MASQUERADE
iptables --append FORWARD --in-interface $1 -j ACCEPT

#Thanks to lorenzo
#Uncomment the line below if facing problems while sharing PPPoE, see lorenzo's comment for more details
#iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

sysctl -w net.ipv4.ip_forward=1
#start hostapd
hostapd /etc/hostapd/hostapd.conf 1>/dev/null
killall dhcpd

Script Changes (12/9/12) : Added check for already running dhcpd process (Thanks to Panji), Added an optional line to fix issues related to PPPoE connection sharing (See lorenzo’s comment)

It might be more convenient to use hostapd -B /etc/hostapd/hostapd.conf which runs hostapd in background. (Thanks to Enda for pointing out)

Make this file executable, and run it. The syntax for executing it is

./initSoftAP wifi_card_interface interface_with_internet

chmod +x initSoftAP
./initSoftAP wlan0 eth0

The “wifi_card_interface” will be wlan0 most of the cases. For “interface_with_internet“, since I want to share internet from my ethernet network interface, I used eth0. If I ever want to share internet from my 3g modem, I use ppp0. (These values need not be same for everyone)
You may see available network interfaces by

ifconfig -a


  • If dhcpd is failing to start and throwing errors like No subnet declaration for wlan0, take a look at these comments by Mahesh and Charlie. Either use dnsmasq, or try adding the following to the  /etc/default/isc-dhcp-server file

option netbios-name-servers

  • Raspberry Pi users might want to take a look at Denis Kökeny’s comment.

Problems, Errors, Feedback or any alternatives? Feel free to reply.

465 thoughts on “Hostapd : The Linux Way to create Virtual Wifi Access Point


    Hi there Your current web page starts up honestly slow if you ask me, I not really know who’s problem is
    that however wikipedia starts fairly quick. Anyways, I appreciate you for creating an extraordinarily wonderful article.
    I think this has already been seriously helpful to individual who visit
    here. I personally ought to say that you have done wonderful job with
    this and additionally expect to find more wonderful
    things through you. To obtain additional information by posts you
    publish, I’ve book-marked this web site.

  2. wajda

    root@localhost:~# ./initSoftAP wlan0 eth0
    Internet Systems Consortium DHCP Server 4.2.2
    Copyright 2004-2011 Internet Systems Consortium.
    All rights reserved.
    For info, please visit
    Wrote 0 leases to leases file.
    net.ipv4.ip_forward = 1

    No subnet declaration for wlan0 (no IPv4 addresses).
    ** Ignoring requests on wlan0. If this is not what
    you want, please write a subnet declaration
    in your dhcpd.conf file for the network segment
    to which interface wlan0 is attached. **

    Not configured to listen on any interfaces!
    ^Cdhcpd: žádný proces nenalezen
    root@localhost:~# ifconfig
    eth0 Link encap:Ethernet HWadr 90:e6:ba:57:35:7c
    inet adr: Všesměr: Maska:
    inet6-adr: fe80::92e6:baff:fe57:357c/64 Rozsah:Linka
    RX packets:1324 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1510 errors:0 dropped:0 overruns:0 carrier:1
    kolizí:0 délka odchozí fronty:1000
    RX bytes:531070 (518.6 KiB) TX bytes:198137 (193.4 KiB)

    lo Link encap:Místní smyčka
    inet adr: Maska:
    inet6-adr: ::1/128 Rozsah:Počítač
    RX packets:45 errors:0 dropped:0 overruns:0 frame:0
    TX packets:45 errors:0 dropped:0 overruns:0 carrier:0
    kolizí:0 délka odchozí fronty:0
    RX bytes:2356 (2.3 KiB) TX bytes:2356 (2.3 KiB)
    what can i do with this ??! thanks :)

  3. Alva

    Greetings Google works good but your site is loading slowly
    which had taken about one minute to actually load, I don’t know if it is my personal problem or your site problems.
    Nevertheless, I have to thank you very much for placing excellent content.
    Most people who actually visited this page must have found
    this short article absolutely valuable. I really hope I will
    be able to get even more awesome things and I should complement by stating you have carried out
    wonderful writing. To obtain additional understanding by articles which
    you publish, I have added this web site.


    Hi there I don’t know whether or not it’s me or perhaps your blog site but it’s launching
    sluggish to me, it took me like a few minutes to load up however , digg does work totally to me.
    However , thanks for submitting fantastic article. Almost
    everyone who found this site really should have noticed this informative
    article absolutely beneficial. I am hoping I will be able to find even more amazing information and
    I should compliment your site simply by stating you have done fantastic work.
    To get more understanding through content which you post, I actually have book marked the site.

  5. Debbie Fields

    My AP is broadcasting, however it is stuck “obtaining IP addy”
    any thoughts?
    +rtl871x_sta_deauth_ops, ff:ff:ff:ff:ff:ff is deauth, reason=2
    Using interface wlan0 with hwaddr nbb:bb:bb:bb:bb and ssid ‘putang’
    rtl871x_set_hidden_ssid ignore_broadcast_ssid:0, ‘putang’,11
    ****************************************when i try to connect it reads :
    +rtl871x_get_sta_wpaie, nn:nn:nn:nn:nn is sta’s address
    wlan0: STA bb:bb:bb:bb:bb IEEE 802.11: associated
    wlan0: AP-STA-CONNECTED nn:nn:nn:nn:nn
    wlan0: STAbb:bb:bb:bb:bb RADIUS: starting accounting session 5611F8AC-00000000
    wlan0: STA bb:bb:bb:bb:bb WPA: pairwise key handshake completed (RSN)
    wlan0: STA bb:bb:bb:bb:bb IEEE 802.11: disassociated
    wlan0: AP-STA-DISCONNECTED nn:nn:nn:nn:nn
    +rtl871x_sta_deauth_ops, ff:ff:ff:ff:ff:ff is deauth, reason=2

  6. Alexandros des Burgus

    For the guys with Ubuntu or Ubuntu derivative: There is also an GUI alternative to this hostapd method to set-up a VWAP: It’s called kde-nm-connection-editor and you can find it in the Ubuntu Software Centre.

    (PS: In case you installed it.) After you’ve open it, click ‘Add’ and select in the list Wired (shared) if your laptop/pc is connected to internet via ethernet or click Wireless (shared) if it’s connected to internet via Wifi. The configuration screen of it is so easy that even the average Apple user can configure it, so I won’t explain that.


    Hello there Your web site loads up seriously slow if you
    ask me, I am not sure who’s problem is that although facebook starts up relatively immediate.

    Anyways, Thank you for creating an incredibly superb article.
    Everyone who actually came to this site really should have observed this short article
    honestly valuable. I hope I’ll be able to find a lot more remarkable stuff and I should really compliment simply by
    telling you have done awesome work. I ‘ve got you book-marked to see blog you publish.


    Not sure why you have included the killall dhcpd command in your script …. how will the client get an ip address if the dhcpd process is not running ?


How did you feel about this post? Push in your reply!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s