Hostapd : The Linux Way to create Virtual Wifi Access Point

NOTE: Although this guide should work in most cases, it is not flawless and may require minor modifications to make the process work for your use case. Please do point out corrections and changes.

UPDATE (22-Oct-2018): Since this post still gets lots of hits despite being 6 years old, I have made some revisions to make it compatible with modern times. Major changes include:

  • Remove useless information
  • Replace ifconfig with ip
  • Replace dhcpd with dnsmasq

HOSTAPD

“hostapd is a user space daemon for access point and authentication servers. “

Hostapd allows you to create software wifi access points with decent amount of configuration options. In rest of this post, we will create a software access point in Linux using hostapd and share your internet to the devices through it. I have used my Thinkpad E570 with ath10k_pci wifi driver under Arch Linux. But the method is also applicable for other Linux distros and supported hardware.

REQUIREMENTS

  • Supported Wireless Card (ie. supports AP mode)
  • If you want to share your internet connection or some other network, it should be on an interface other than the wifi interface your hostapd is bind to.
  • A dhcp server to assign ip addresses to clients. We will use dnsmasq.
  • iptables to forward internet traffic.

CHECKING WIFI CARD SUPPORT

Most modern wireless cards should work with hostapd. To check what modes your card supports, type the following in your terminal:

$ iw list | grep "Supported interface modes" -A 8

You will get something like this:

	Supported interface modes:
		 * IBSS
		 * managed
		 * <strong>AP</strong>
		 * monitor
		 * mesh point
		 * P2P-client
		 * P2P-GO
		 * P2P-device

You want that bold AP (which stands for access point) to show up if you want to use hostapd with your wireless card. Take a look at https://wiki.gentoo.org/wiki/Hostapd for more details.

INSTALLING HOSTAPD

Install Hostapd from your distro’s repo:

#Arch Linux
$ sudo pacman -S hostapd
#Ubuntu
$ sudo apt-get update && sudo apt-get install hostapd

Or Download Hostapd here and compile it.

NOTE: Before proceeding, make sure your network manager (for example NetworkManager or netctl-auto) is not managing your wireless interface.

CONFIGURING HOSTAPD

The /etc/hostapd/hostapd.conf is the main configuration which you need to deal with in order to set up a SoftAP.

This is the minimal configuration setting which will let you test if hostapd is working. Create a file ~/hostapd-test.conf
with the following content:

#change wlan0 to your wireless device
interface=wlan0
driver=nl80211
ssid=test
channel=1

start hostapd by

$ sudo hostapd ~/hostapd-test.conf

Use a wifi device to check if the access point is being detected. You won’t be able to connect to it at this point.
Once hostapd is working fine, its time to configure hostapd with more options.
Here is a brief overview of some of its options:

#sets the wifi interface to use
interface=wlan0
#driver to use, nl80211 works in most cases
driver=nl80211
#sets the ssid of the virtual wifi access point
ssid=myhotspot
#sets the mode of wifi, depends upon the devices you will be using. It can be a,b,g,n. Not all cards support 'n'.
hw_mode=g
#sets the channel for your wifi
channel=6
#macaddr_acl sets options for mac address filtering. 0 means "accept unless in deny list"
macaddr_acl=0
#setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid
ignore_broadcast_ssid=0
#Sets authentication algorithm
#1 - only open system authentication
#2 - both open system authentication and shared key authentication
auth_algs=1
#####Sets WPA and WPA2 authentication (remove this section if you don't need encryption)#####
#wpa option sets which wpa implementation to use
#1 - wpa only
#2 - wpa2 only
#3 - both
wpa=3
#sets wpa passphrase required by the clients to authenticate themselves on the network
wpa_passphrase=KeePGuessinG
#sets wpa key management
wpa_key_mgmt=WPA-PSK
#sets encryption used by WPA
wpa_pairwise=TKIP
#sets encryption used by WPA2
rsn_pairwise=CCMP

So, here is my complete /etc/hostapd/hostapd.conf with WPA authentication.

interface=wlan0
driver=nl80211
ssid=myhotspot
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=KeePGuessinG
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

SETTING UP THE DHCP SERVER

Now that hostapd is running fine, you need to setup a DHCP server to run along with hostapd in order to assign ip address to the devices connecting to the access point. Setting up a dhcp server is quite straightforward for dnsmasq.

Install dhcp server from your distro’s repo.

# Arch Linux
$ sudo pacman -S dnsmasq
# Ubuntu
$ sudo apt-get install dnsmasq

The default /etc/dnsmasq.conf explains all its configuration options pretty well, so I will jump straight to what a simple /etc/dnsmasq.conf should look like

# Interface to bind to
interface=wlan0
# Specify starting_range,end_range,lease_time
dhcp-range=10.0.0.3,10.0.0.20,12h

# Uncomment and modify the following lines if you don't want to forward dns from the host's /etc/resolv.conf
## disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
#no-resolv
## dns addresses to send to the clients
#server=8.8.8.8
#server=8.8.4.4

Start dnsmasq and your clients should be able to connect to the wireless hotspot:

# Setup the interface
$ ip link set wlp5s0 down
$ ip addr flush dev wlp5s0
$ ip link set wlp5s0 up
$ ip addr add 10.0.0.1/24 dev wlan0
# start hostapd
$ sudo killall dnsmasq; dnsmasq
$ sudo hostapd

SHARING THE INTERNET

This final steps involves enabling NAT to share internet (or any network) in one network interface  with the clients connected through hostapd. I just use few lines of iptables to achieve this. Refer to https://wiki.archlinux.org/index.php/Internet_sharing for more information or how to achieve the same using nftables. Ignore this step if all you want to do is setup an internal wifi network and clients don’t need access to any external network.

I have included all the steps to configure wlan interface, enable NAT, start DHCP server and hostapd in the BASH script below.

Copy the content below to the file initSoftAP. (and make changes to file according to your needs)

#!/bin/bash
# Usage: ./initSoftAP
########### Initial wifi interface configuration #############
ip link set $1 down
ip addr flush dev $1
ip link set $1 up
ip addr add 10.0.0.1/24 dev $1

# If you still use ifconfig for some reason, replace the above lines with the following
# ifconfig $1 up 10.0.0.1 netmask 255.255.255.0
sleep 2
###########

########### Start dnsmasq ##########
if [ -z "$(ps -e | grep dnsmasq)" ]
then
 dnsmasq
fi
###########
########### Enable NAT ############
iptables -t nat -A POSTROUTING -o $2 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i $1 -o $2 -j ACCEPT

#Thanks to lorenzo
#Uncomment the line below if facing problems while sharing PPPoE, see lorenzo's comment for more details
#iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

sysctl -w net.ipv4.ip_forward=1
###########
########## Start hostapd ###########
hostapd /etc/hostapd/hostapd.conf
killall dnsmasq

It might be more convenient to use hostapd -B /etc/hostapd/hostapd.conf which runs hostapd in background. (Thanks to Enda for pointing out)

Make this file executable, and run it. The syntax for executing it is

./initSoftAP wifi_card_interface interface_with_internet

chmod +x initSoftAP
./initSoftAP wlan0 eth0

Now your devices should be able to access the internet (or any network) through your hotspot.

Problems, Errors, Feedback or any alternatives? Feel free to reply.

Advertisements

503 thoughts on “Hostapd : The Linux Way to create Virtual Wifi Access Point

  1. Vaibhav

    [root@celab3-8 dhcp]# ./initsoftap.sh wlan0 em1
    net.ipv4.ip_forward = 1
    Internet Systems Consortium DHCP Server 4.2.1-P1
    Copyright 2004-2011 Internet Systems Consortium.
    All rights reserved.
    For info, please visit https://www.isc.org/software/dhcp/
    Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
    Wrote 0 leases to leases file.
    Listening on LPF/wlan0/00:15:e9:2d:07:87/10.0.0.0/24
    Sending on LPF/wlan0/00:15:e9:2d:07:87/10.0.0.0/24
    Sending on Socket/fallback/fallback-net

    I am not obtaining IP adress on the device their is some problem with DHCPD file please help

    Reply
  2. Pingback: How to directly connect two cpmputers via wifi

  3. Auxi

    Thanks for this great tutorial!
    In some point you say “driver=n180211”. I think it should be “driver=nl80211” as you write later.

    Reply
  4. vijay gabale

    I have done most of the steps and devices are able to connect to my laptop hosted access point. However, when I see it in wireshark, the devices are asking for arp response for 10.0.0.1 which they are not able to receive. Any clues?
    Vijay

    Reply
  5. Nasr Said

    my laptop is lenovo z570
    and i have this happend to me !!

    nasr@nasr-Ideapad-Z570:~$ lspci -k | grep -A 3 -i “network”
    02:00.0 Network controller: Intel Corporation Centrino Wireless-N 1000
    Subsystem: Intel Corporation Centrino Wireless-N 1000 BGN
    Kernel driver in use: iwlwifi
    Kernel modules: iwlwifi

    nasr@nasr-Ideapad-Z570:~$ modinfo iwlwifi |grep ‘depend’
    depends: mac80211,cfg80211

    nasr@nasr-Ideapad-Z570:~$ sudo hostapd ~/hostapd.conf
    Configuration file: /home/nasr/hostapd.conf
    nl80211: Failed to set interface wlan0 into AP mode
    nl80211 driver initialization failed.
    ELOOP: remaining socket: sock=4 eloop_data=0xd9b1e0 user_data=0xd9b9a0 handler=0x433940
    ELOOP: remaining socket: sock=6 eloop_data=0xd9e0b0 user_data=(nil) handler=0x43cd90

    so i cannot set my wireless card into master mode!
    any one have solution for this problem ?!

    Reply
    1. nims11 Post author

      note there is no appended ‘&’ in the line starting the hostapd, so dhcpd won’t be killed till hostapd dies.

      Reply
  6. xamtur

    Thanks for your tutorial but my goal is quite different so I ask you some help!
    My need is to create a sever with virtual access point functionality but without internet/intranet connection on eth0 interface. I want that client pcs connected to my server through wifi are only able to receive an ip from my server and reach an internal site, located on the server. I followed your tutorial and everything works like a charm but obviously as soon as I disconnect wired network the wifi network fall down. So how can I modify initSoftAp BASH file?

    Reply
    1. nims11 Post author

      first, just remove the NAT/iptables part. then, take a look at rinetd and add the necessary lines to the script.
      nims11.wordpress.com/2012/09/17/redirect-tcp-connections-with-rinetd

      Reply

How did you feel about this post? Push in your reply!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s