Following relatively recent improvements in the Linux wireless stack and driver support it is now possible to setup a Linux machine as an access point, even if you don’t have an Atheros chipset (which was historically the case). Support is patchy but I would say there is a good chance you can do this if you have purchased a laptop with built in wireless in the last 2 years. It is even possible to set one up with a USB wireless adapter (which even Madwifi couldn’t do) if you have an Ralink chipset.
Why would you want to do this? Well, there aren’t that many reasons considering ISP’s routinely hand out wireless routers these days, but I will give you a couple:-
- A Linux based AP is going to be more flexible than a dedicated router, even if it is running a wireless Linux distribution such as DD-WRT. For instance I have a HG556a as provided by Vodafone, which runs a form of Linux, and as routers go is pretty configurable. However I was trying to route one network to another and get the router to NAT both networks and couldn’t. Setting up static routes on it was easy enough, so all devices on both networks could talk to each other, but that is where it ended. In Linux you would just add an extra MASQUERADE rule and away you go.
- If you want “decent” firewalling i.e. access by exception, egress filtering and logging, don’t rely on a wireless router to do it for you, in most routers it will be difficult/impossible to achieve.
My personal reason for wanting to do this was that as a side effect of using hostapd, the wireless interface is bridged, and I wanted to set-up a transparent bridge firewall as a test bed for customer use cases. To my knowledge it is the only way of bridging a wireless interface in Linux. Wpa_supplicant has a bridge option but online reading suggests it doesn’t work due to managed mode limitations in the mac80211 stack.
So onwards and upwards, according to the mac80211 website there are a number of wireless chip-sets which support AP mode, which I am in possession of:-
- Broadcom BCM4312
- Ralink rt73usb
- Ralink rt2570usb
- Atheros AR5008
Basically there are only 2 wireless chipsets that I have purchased in the last 5 years which don’t support AP mode at the moment, the Intel 3945ABG and Zidas 1211B.
The laptop I wanted to setup as an AP has the aforementioned Intel chip, so of the cards I had available instead, the AR5008 was the best choice for the job, being express card compatible, and therefore relatively unobtrusive.
Once the card is installed, and your laptop/machine rebooted if necessary, the first thing to do is configure the bridge. See the relevant excerpt for /etc/network/interfaces below:-
auto br0 iface br0 inet static address 192.168.1.254 netmask 255.255.255.0 network 192.168.1.0 gateway 192.168.1.252 bridge_ports eth0 wlan0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 brdige_stp off
Be aware that you will probably need to change the wireless interface “wlan1” to either “eth1” or “wlan0” depending on what Ubuntu has named it (ifconfig -a will show you all available interfaces). And, or course, you will need to make the IP/gateway relevant to your own network. Restart networking by typing:
Once that is done install hostapd:
apt-get install hostapd
Then edit /etc/hostapd/hostapd.conf and change accordingly. In order to be succinct I only post the options I changed from default here:
interface=wlan0 bridge=br0 driver=nl80211 ssid=johnlewis hw_mode=g channel=10 wpa_passphrase=yourpassphrase
“Interface” and “bridge” are self explanatory. “Driver” is the hostapd driver you are going to use with the card. For all mac80211 compatible cards this will be the same. “Ssid” is the wireless network id you want to use and “hw_mode” sets whether you are trying to use 5Ghz or not. For some reason this defaults to 5Ghz mode “a” in Ubuntu (a bit crazy since most cards will be 2.4Ghz only). Likewise the channel was set to “60” by default, which I am assuming is a 5Ghz channel since 2.4Ghz in Europe has a maximum of 13 channels AFAIK. “Wpa_passphrase” is the wireless key you want to use with your shiny new wireless network.
Now you are ready to test the AP. Start the daemon initially from the command line to test like so:
hostapd -d /etc/hostapd/hostapd.conf
Try to connect with a wireless client and check your are getting “hand shake completed” somewhere in the output, which indicates the client has connected successfully. When you are confident it is working correctly ctrl + c to exit the daemon and edit /etc/default/hostapd uncommenting “DAEMON=yes”. Type:
service hostapd start
And check hostapd is running:
ps -e |grep hostapd
I have to say performance and reliability is comparable to the aforementioned HG556a, although the signal strength is slightly reduced with an AR5008. Further more you could try enabling 80211.n (ht) if you have an AR5008 as it is compatible. Apart from having to change the pairwise to CCMP I had no trouble enabling it and it is working well.
If you try using an rt73usb chipset, and possibly all of the other compatible chipsets, except the AR5008, you will find that signal strength is reduced a lot probably to the point where it’s unusable unless you are close to your home made wireless router.
With thanks to Matt Rudge for bringing the whole “Linux as an AP” idea back into my head and giving me the onus to check how wireless support had quietly and assuredly moved on since the last time I tried.