Creating a Wireless Access Point with Debian Linux


A quick and dirty way to recycle an older computer with a wifi adapter.

Adapted from original HowTo (Thanks Matt!) at :
http://mcbridematt.dhs.org/blog/2010/11/21/HOWTO%3A%20HostAP%20%28Master%29%20mode%20for%20Ralink%20rt73%20USB%20wifi

Other sources :
http://en.wikipedia.org/wiki/Bridging_%28networking%29
http://wiki.debian.org/BridgeNetworkConnections
http://linuxwireless.org/en/users/Documentation/hostapd

System requirements

- any computer capable of running Linux Debian 6.0 in console mode
- 1 Ethernet Network Adapter (eth0)
- 1 Wireless Network Adapter (wlan0)

This howto was tested using a USB 54g Wireless Ralink RT25xx based adapter (Belkin F5D7050B)
(Linux driver rt73usb)

See here for compatibility lists :
http://linux-wless.passys.nl/
http://linuxwireless.org/en/users/Devices
http://wiki.debian.org/WiFi

In this howto, we assume that your internet gateway (DSL modem/router and DHCP server) has the following IP address: 192.168.1.1

The clients accessing our Access Point will be offered dynamic IPs by the gateway.

Install your Debian 6.0 system

  • openssh server (if you need remote SSH access)
  • base system

After installation is finished, upon system reboot :

Enable the non-free repository to install this particular wifi adapter’s firmware
# nano /etc/apt/sources.list

append “contrib” and “non-free” to the repos :

deb http://ftp.fr.debian.org/debian/ squeeze main contrib non-free
deb-src http://ftp.fr.debian.org/debian/ squeeze main contrib non-free

deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free

# squeeze-updates, previously known as 'volatile'
deb http://ftp.fr.debian.org/debian/ squeeze-updates main
deb-src http://ftp.fr.debian.org/debian/ squeeze-updates main

 

# apt-get update

(depending on your wireless adapter, you may need another firmware package)
# apt-get install firmware-ralink

Next, install wireless tools, hostapd and bridge-utils
# apt-get install wireless-tools hostapd bridge-utils

Creating the network bridge

We are bridging the eth0 and wlan0 network interfaces, to create the br0 bridge.
We do not assign an IP address to eth0 and wlan0, but only to br0.

Modify network interfaces configuration (make a backup of your old config file first)
# nano /etc/network/interfaces

Note : here I am using static IP for the br0 interface. But you can use dhcp instead.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

auto lo br0
iface lo inet loopback

allow-hotplug eth0
iface eth0 inet manual

allow-hotplug wlan0
iface wlan0 inet manual

# Bridge setup

# for dhcp address
#iface br0 inet dhcp
# bridge_ports eth0 wlan0

# for static ip
iface br0 inet static
bridge_ports eth0 wlan0
# adapt with your network settings
address 192.168.1.250
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.1.1
dns-search localdomain

 

Then reboot.

Wireless Access Point with hostapd

We will be using WPA2 authentication for the best security.

Create hostapd config file :

# nano /etc/hostapd/hostapd.conf

interface=wlan0
driver=nl80211

# YOUR BRIDGE NAME
bridge=br0

# YOUR COUNTRY HERE
country_code=FR
ieee80211d=1

# MODIFY YOUR SSID HERE
ssid=MY_AP

# CHANGE MODE HERE IF NEEDED
hw_mode=g

# CHANGE CHANNEL EVENTUALLY
channel=6

wme_enabled=0
macaddr_acl=0
auth_algs=1

# WE USE WPA2
wpa=2

# MODIFY YOUR PASSPHRASE HERE
wpa_passphrase=mypassphrase12345678

wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

 

Launch hostapd in non-daemon mode, and go try to associate to your newly created AP with another computer
# hostapd -dd /etc/hostapd/hostapd.conf

If everything works ok, make sure hostapd starts as a daemon upon reboot
# nano /etc/default/hostapd

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Secure the configuration file a bit since it contains the WPA passphrase
# chmod 600 /etc/hostapd/hostapd.conf

Have a view at the daemon log to see when a station accesses the AP
# more /var/log/daemon.log | grep hostapd

To see a more complete configuration example for hostapd
$ zmore /usr/share/doc/hostapd/examples/hostapd.conf.gz

SECURITY NOTES

SUGGESTIONS

  • Instead of using an old computer, it is possible to use a plug-computer (Sheevaplug, Seagate Dockstar, etc) for lower energy consumption.
  • Implement a www interface (with php/cgi scripts) to manage our AP’s settings (like in commercial wireless APs).
About these ads

25 thoughts on “Creating a Wireless Access Point with Debian Linux

  1. Pingback: How to make my linux laptop a deticated wifi "adapter" (send all lan to wifi)

  2. Pingback: how can I turn my linux laptop into a wifi hotspot?

  3. tried so hard to get this to work. Tested my RT3070 in ‘normal’ mode and works. Had to black list 2800. But now when I: hostapd -dd /etc/hostapd/hostapd.conf , I get:- nl80211 not found driver initiailasion failed. Is this a driver issue I’m having? Thanks

    • Hi, make sure you’re using a distro with a very recent kernel (for Debian, seek a 3.x kernel from the backports, or use the Debian Testing distro) and a recent hostapd with nl80211 support.

  4. Have tried this on a machine intended to be dedicated to this in a work environment, basically internet comes into the shop on eth0, and eth1, eth2 and wlan0 (+) are used for the client machines.

    However, when I use “bridge_ports eth0 wlan0″ I lose all connectivity to the outside network and while DHCP still works fine (including getting the (openDNS) DNS server address, even the internal pages served from this machine disappear if I use the URL (going via IP works).

    ssh also fails to this machine from a machine connecting via eth0, but clients can connect to eth1 or 2.

    I haven’t yet configured hostapd. Wanted to make sure my net was still working as I suspected that bridging eth0 might kill it – it did.

    Running Debian Squeeze, shorewall etc.

    Any helpful hints? Thanks in advance – and of course thanks for the document.

  5. Hey, thanks for your work! I tried exactly on debian wheezy, but all I got was
    root:~# hostapd -dd /etc/hostapd/hostapd.conf
    random: Trying to read entropy from /dev/random
    Configuration file: /etc/hostapd/hostapd.conf
    Line 2: invalid/unknown driver ‘nl80211 ‘

  6. Hi, I haven’t tried it under Wheezy yet. Maybe it’s your wifi adapter (try modprobe nl80211)
    Also please look at hostapd’s docs/man :)

  7. Wow, you are right, module nl80211 does not exist. I don’t have a wifi adapter, just a built-in module, might that be the reason? To be honest I don’t really know what I should do. man hostapd doesn’t really help… :(

      • 03:00.0 Network controller: Intel Corporation Centrino Ultimate-N 6300 (rev 3e)
        Subsystem: Intel Corporation Centrino Ultimate-N 6300 3×3 AGN
        Flags: bus master, fast devsel, latency 0, IRQ 42
        Memory at f2400000 (64-bit, non-prefetchable) [size=8K]
        Capabilities:
        Kernel driver in use: iwlwifi

  8. Weird, I though I posted that with another account, but it does not turn up…

    03:00.0 Network controller: Intel Corporation Centrino Ultimate-N 6300 (rev 3e)
    Subsystem: Intel Corporation Centrino Ultimate-N 6300 3×3 AGN
    Flags: bus master, fast devsel, latency 0, IRQ 42
    Memory at f2400000 (64-bit, non-prefetchable) [size=8K]
    Capabilities:
    Kernel driver in use: iwlwifi

  9. Pingback: Access point con Debian 6 |

  10. Pingback: Creating a bridge interface eth0 to wlan0

  11. This is awesome, but…

    …every time I try to associate another comp/device to the AP, said comp/device throws an authentication error.

    I’ve checked and rechecked my work, but it’s always exactly the same (not counting immaterial differences such as channel, AP name, country, passphrase, etc.) as what you’ve written up. It got me to wondering, is there a way to use a password instead of a passphrase? AFAIK they’re not the same thing.

    If, in the context of the hostapd.conf file, they ARE the same, then…I dunno. My brain hurts, right now. Any help in identifying my error would be majorly appreciated.

    Thanks in advance,
    Solcintra Jack

  12. ….Never mind, I should have guessed the bridge name was, in fact, NOT immaterial.

    Thanks anyway,
    Solcintra Jack

  13. Hi,

    I want to setup WiFi Soft Access Point at my home. I’m using Cable Internet: I’m connected to my ISP through a Cable Modem, so I have no router. I have a headless power pc box connected to the Cable Modem. That headless box ( called Bubba2 ) is my home server. Bubba2 is connected to the Cable Modem with ethernet card ( eth0 ). Bubba2 get it’s IP address from my ISP DHCP server. Bubba2 has another ethernet connection to my home LAN ( eth1 ). This setup works fine sofar. On Bubba2 I’m running Debian GNU/Linux Wheezy operating system. Bubba2 has two USB ports too. I have ZyXEL NWD2205 USB WiFi adapter that I want to use as a soft Access Point. I have builded a custom kernel 2.6.39.4-13 with compiled rtl8192cu module. iwconfig shows wlan0 when I plug in the wifi adapter. How can I setup in this situation the bridge: et0 – wlan0? And mybe there is another issue with this out there. It seemes that that my kernel doesn’t use the approppriate module, but want to uses some p80211 instead. What can I do to solve these problems?

    • Moreover, I’m trying to test it with hostapd ( installed as Debian Wheezy package ).
      I have a hostapd-test.conf file:
      interface=wlan0
      driver=nl80211
      ssid=test
      channel=1

      When I run:
      hostapd hostapd-test.conf

      I get:
      Configuration file: hostapd-test.conf
      rfkill: Cannot open RFKILL control device
      Could not set interface mon.wlan0 flags: No such device
      nl80211: Failed to set interface wlan0 into AP mode
      nl80211 driver initialization failed.

      What is the problem here? How can I solve this problem?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s