Following relatively recent improvements in the Linux wireless stack and driver support it is now possible to setup a Linux machine as an access point, even if you don’t have an Atheros chipset (which was historically the case). Support is patchy but I would say there is a good chance you can do this if you have purchased a laptop with built in wireless in the last 2 years. It is even possible to set one up with a USB wireless adapter (which even Madwifi couldn’t do) if you have an Ralink chipset.
Why would you want to do this? Well, there aren’t that many reasons considering ISP’s routinely hand out wireless routers these days, but I will give you a couple:-
- A Linux based AP is going to be more flexible than a dedicated router, even if it is running a wireless Linux distribution such as DD-WRT. For instance I have a HG556a as provided by Vodafone, which runs a form of Linux, and as routers go is pretty configurable. However I was trying to route one network to another and get the router to NAT both networks and couldn’t. Setting up static routes on it was easy enough, so all devices on both networks could talk to each other, but that is where it ended. In Linux you would just add an extra MASQUERADE rule and away you go.
- If you want “decent” firewalling i.e. access by exception, egress filtering and logging, don’t rely on a wireless router to do it for you, in most routers it will be difficult/impossible to achieve.
My personal reason for wanting to do this was that as a side effect of using hostapd, the wireless interface is bridged, and I wanted to set-up a transparent bridge firewall as a test bed for customer use cases. To my knowledge it is the only way of bridging a wireless interface in Linux. Wpa_supplicant has a bridge option but online reading suggests it doesn’t work due to managed mode limitations in the mac80211 stack.
So onwards and upwards, according to the mac80211 website there are a number of wireless chip-sets which support AP mode, which I am in possession of:-
- Broadcom BCM4312
- Ralink rt73usb
- Ralink rt2570usb
- Atheros AR5008
Basically there are only 2 wireless chipsets that I have purchased in the last 5 years which don’t support AP mode at the moment, the Intel 3945ABG and Zidas 1211B.
The laptop I wanted to setup as an AP has the aforementioned Intel chip, so of the cards I had available instead, the AR5008 was the best choice for the job, being express card compatible, and therefore relatively unobtrusive.
Once the card is installed, and your laptop/machine rebooted if necessary, the first thing to do is configure the bridge. See the relevant excerpt for /etc/network/interfaces below:-
auto br0 iface br0 inet static address 192.168.1.254 netmask 255.255.255.0 network 192.168.1.0 gateway 192.168.1.252 bridge_ports eth0 wlan0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 brdige_stp off
Be aware that you will probably need to change the wireless interface “wlan1” to either “eth1” or “wlan0” depending on what Ubuntu has named it (ifconfig -a will show you all available interfaces). And, or course, you will need to make the IP/gateway relevant to your own network. Restart networking by typing:
/etc/init.d/networking restart
Once that is done install hostapd:
apt-get install hostapd
Then edit /etc/hostapd/hostapd.conf and change accordingly. In order to be succinct I only post the options I changed from default here:
interface=wlan0 bridge=br0 driver=nl80211 ssid=johnlewis hw_mode=g channel=10 wpa_passphrase=yourpassphrase
“Interface” and “bridge” are self explanatory. “Driver” is the hostapd driver you are going to use with the card. For all mac80211 compatible cards this will be the same. “Ssid” is the wireless network id you want to use and “hw_mode” sets whether you are trying to use 5Ghz or not. For some reason this defaults to 5Ghz mode “a” in Ubuntu (a bit crazy since most cards will be 2.4Ghz only). Likewise the channel was set to “60” by default, which I am assuming is a 5Ghz channel since 2.4Ghz in Europe has a maximum of 13 channels AFAIK. “Wpa_passphrase” is the wireless key you want to use with your shiny new wireless network.
Now you are ready to test the AP. Start the daemon initially from the command line to test like so:
hostapd -d /etc/hostapd/hostapd.conf
Try to connect with a wireless client and check your are getting “hand shake completed” somewhere in the output, which indicates the client has connected successfully. When you are confident it is working correctly ctrl + c to exit the daemon and edit /etc/default/hostapd uncommenting “DAEMON=yes”. Type:
service hostapd start
And check hostapd is running:
ps -e |grep hostapd
I have to say performance and reliability is comparable to the aforementioned HG556a, although the signal strength is slightly reduced with an AR5008. Further more you could try enabling 80211.n (ht) if you have an AR5008 as it is compatible. Apart from having to change the pairwise to CCMP I had no trouble enabling it and it is working well.
If you try using an rt73usb chipset, and possibly all of the other compatible chipsets, except the AR5008, you will find that signal strength is reduced a lot probably to the point where it’s unusable unless you are close to your home made wireless router.
With thanks to Matt Rudge for bringing the whole “Linux as an AP” idea back into my head and giving me the onus to check how wireless support had quietly and assuredly moved on since the last time I tried.
References:
You’re welcome :) great post. I am looking into doing this myself, due to the fact that I currently have 5 x access points set up here with complicated routing requirements. The standard Netgears are not coping with the traffic very well!
Hi,
I’m quite keen to do this also and I have a similar wireless card. I’m interested to know whether you have it operating in wireless-N mode or just in G? Reason being that you refer to “enabling 80211.n” at the end of the tutorial.
Thanks.
I had it working in N mode, didn’t get to test the throughput properly though as all my other cards are G only. The relevant bit of the config file is
# ieee80211n: Whether IEEE 802.11n (HT) is enabled
# 0 = disabled (default)
# 1 = enabled
ieee80211n=1
The chipset I have is an AR5008 if I remember rightly, the range won’t be as good as a shop bought AP, but it is “nearly” as good. Hope this helps you Ross.
Hi John,
Thanks for pointing me in the right direction regarding the wireless N mode. However I’m stuck earlier than that. I have configured it as you have described and I can see the AP from a client node and connect and authenticate but I can’t even ping the AP from the host. I’ve configured the host with a static IP – 192.168.1.23/24 but no network connectivity. No debugging output from hostapd either. Here is the log from hostapd:
# hostapd -K ./Desktop/hostapd.conf
Configuration file: ./Desktop/hostapd.conf
Using interface wlan0 with hwaddr 74:XX:3a:XX:ac:8a and ssid ‘ServerWifi’
wlan0: STA 00:XX:77:93:XX:44 IEEE 802.11: authenticated
wlan0: STA 00:XX:77:93:XX:44 IEEE 802.11: associated (aid 1)
wlan0: STA 00:XX:77:93:XX:44 RADIUS: starting accounting session 4E44E98F-00000000
wlan0: STA 00:XX:77:93:XX:44 WPA: pairwise key handshake completed (WPA)
wlan0: STA 00:XX:77:93:XX:44 WPA: group key handshake completed (WPA)
^C
As you can see the client authenticates correctly however thats as far as it goes. Any ideas on what might be going wrong? (Ubuntu Desktop 11.04 32 bit)
Hi Ross,
The only obvious differences in the config file are that you have “wpa=1” when I have “wpa=2” and you have wmm enabled when I don’t. I have a feeling if you change the wpa value it may sort it out. My config is at http://pastebin.com/WGbg1UXp for you to compare. Don’t worry about the “bridge” being commented at the start the last time I used it I didn’t put it into a bridge.
If you are still stuck I will fire it up again at my end and pastebin my interfaces and hostapd.conf for you to use verbatim (except for interface names).
PS my hostapd.conf and interfaces files
http://pastebin.com/CVstVxsj
http://pastebin.com/EzEv8nB6
Hi John,
I thought I’d post back and say that I’ve managed to get everything to work! I’ve tried to do this very thing over the years a number of times but have been unsuccessful. I also wanted to post my final config which has been working well over the last couple of weeks with multiple household users using it without issue.
My hostapd.conf: http://pastebin.com/teZd3t3N
My /etc/network/interfaces file: http://pastebin.com/uEK13SBp
Note loading hostapd using the interfaces script file was what was recommended in the documentation rather than loading as a daemon. Other things I managed to get to work were DNS, DHCP and firewall settings. I also recommend the android app “Wifi Analyzer” which helped me to find a suitable channel for my network.
Thanks for all your help.
Hi Ross,
Glad you got there in the end. Don’t know if I was much help beyond proving it can be done in the first place, and giving you a starting point. Was clearly a nice little project for you, and a good sense of satisfaction, I would imagine, when you finally got it working.
Take care,
John.