- Software access point
- Requirements
- Wi-Fi device must support AP mode
- Wireless client and software AP with a single Wi-Fi device
- Configuration
- Wi-Fi link layer
- Network configuration
- Bridge setup
- NAT setup
- Tools
- linux-wifi-hotspot
- RADIUS
- Troubleshooting
- WLAN is very slow
- NetworkManager is interfering
- Cannot start AP mode in 5 GHz band
- See also
- Arch Linux User Repository
- yochananmarqos commented on 2023-05-11 23:13 (UTC)
- muekoeff commented on 2023-05-11 22:55 (UTC) (edited on 2023-05-11 23:30 (UTC) by muekoeff)
- yochananmarqos commented on 2022-09-25 15:20 (UTC)
- adrienrx commented on 2022-09-25 15:01 (UTC)
- seniorkiller commented on 2022-05-15 10:40 (UTC)
- k0r0ng commented on 2021-12-30 20:46 (UTC) (edited on 2021-12-30 22:29 (UTC) by k0r0ng)
- yuyichao commented on 2021-11-08 15:14 (UTC)
- yochananmarqos commented on 2021-09-27 19:45 (UTC)
- sigmacold commented on 2021-09-27 17:54 (UTC) (edited on 2021-09-27 17:54 (UTC) by sigmacold)
Software access point
A software access point, also called virtual router or virtual Wi-Fi, enables a computer to turn its wireless interface into a Wi-Fi access point. It saves the trouble of getting a separate wireless router.
Requirements
Wi-Fi device must support AP mode
You need a nl80211 compatible wireless device, which supports the AP operating mode. This can be verified by running the iw list command, under the Supported interface modes block there should be AP listed:
Wiphy phy1 . Supported interface modes: * IBSS * managed * AP * AP/VLAN * WDS * monitor * mesh point .
Note: Since 2019 most Intel devices will no longer provide AP services on the 5 GHz band, due to the firmware mistakenly leaving the Location-Aware Regulatory (LAR) feature enabled even in AP mode. See #Cannot start AP mode in 5 GHz band.
Wireless client and software AP with a single Wi-Fi device
Creating a software AP is independent from your own network connection (Ethernet, wireless, . ). Many wireless devices even support simultaneous operation both as AP and as wireless «client» at the same time. Using that capability you can create a software AP acting as a «wireless repeater» for an existing network, using a single wireless device. The capability is listed in the following section in the output of iw list :
Wiphy phy1 . valid interface combinations: * # < managed >If you want to use the capability/feature, perhaps because an Ethernet connection is not available, you need to create two separate virtual interfaces for using it. Virtual interfaces for a physical device wlan0 can be created as follows: The virtual interfaces with unique MAC address are created for the network connection ( wlan0_sta ) itself and for the software AP/hostapd "wireless repeater":
# iw dev wlan0 interface add wlan0_sta type managed addr 12:34:56:78:ab:cd # iw dev wlan0 interface add wlan0_ap type managed addr 12:34:56:78:ab:ceRandom MAC address can be generated using macchanger.
Configuration
Setting up an access point consists of two main parts:
- Setting up the Wi-Fi link layer, so that wireless clients can associate to your computer's software access point and exchange IP packets with it.
- Setting up the network configuration on your computer, so that it properly relays IP packets between its own internet connection and the wireless clients.
Wi-Fi link layer
The actual Wi-Fi link is established via the hostapd package, which has WPA2 support.
Adjust the options in hostapd configuration file if necessary. Especially, change the ssid and the wpa_passphrase . See hostapd Linux documentation page for more information.
interface=wlan0_ap bridge=br0 # SSID to be used in IEEE 802.11 management frames ssid=YourWiFiName # Driver interface type (hostap/wired/none/nl80211/bsd) driver=nl80211 # Country code (ISO/IEC 3166-1) country_code=US # Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz) hw_mode=g # Channel number channel=7 # Maximum number of stations allowed max_num_sta=5 # Bit field: bit0 = WPA, bit1 = WPA2 wpa=2 # Bit field: 1=wpa, 2=wep, 3=both auth_algs=1 # Set of accepted cipher suites; disabling insecure TKIP wpa_pairwise=CCMP # Set of accepted key management algorithms wpa_key_mgmt=WPA-PSK wpa_passphrase=Somepassphrase # hostapd event logger configuration logger_stdout=-1 logger_stdout_level=2 # Uncomment and modify the following section if your device supports 802.11n ## Enable 802.11n support #ieee80211n=1 ## QoS support #wmm_enabled=1 ## Use "iw list" to show device capabilities and modify ht_capab accordingly #ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]Tip: You can set up the SSID with UTF-8 characters, so international characters will show properly. The option to enable it is utf8_ssid=1 . Some clients may have problems with recognizing the correct encoding (e.g. wpa_supplicant or Windows 7).
For automatically starting hostapd on boot, enable the hostapd.service .
If you are starting hostapd on boot, make sure the wireless network interface is brought up first, otherwise it will fail. To ensure your wireless interface is ready, edit the unit configuration file and state that it is bound to and should start after your network interface:
/etc/systemd/system/hostapd.service.d/override.conf[Unit] BindsTo=sys-subsystem-net-devices-wlan0.device After=sys-subsystem-net-devices-wlan0.deviceAlso make sure that the interface is not managed by other network managers. If you are using NetworkManager, see NetworkManager#Ignore specific devices.
Warning: The wireless channels allowed for access point operation differ according to geography. Depending on the wireless firmware, you may have to set the region correctly to use legal channels. Do not choose another region, as you may be illegally disturbing network traffic, affecting wireless functionality of your own device and others within its reach! To set the region see Wireless network configuration#Respecting the regulatory domain.
Note: If you have a card based on RTL8192CU chipset, install hostapd-rtl871xdrv AUR and replace driver=nl80211 with driver=rtl871xdrv in the hostapd.conf file.
Network configuration
There are two basic ways for implementing this:
- bridge: creates a network bridge on your computer, wireless clients will appear to access the same network interface and the same subnet that is used by your computer.
- NAT: with IP forwarding/masquerading and DHCP service, wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted. This is similar to a normal Wi-Fi router which is connected to the internet.
The bridge approach is simpler, but it requires that any service that is needed by the wireless clients, in particular DHCP, is available on the computer's external interface. This means it will not work if the external modem which assigns IP addresses, supplies the same one to different clients.
The NAT approach is more versatile, as it clearly separates Wi-Fi clients from your computer and it is completely transparent to the outside world. It will work with any kind of network connection, and (if needed) traffic policies can be introduced using the usual iptables approach.
It is possible to combine these two approaches: for example having a bridge that contains both an ethernet device and the wireless device with a static ip, offering DHCP and setting NAT configured to relay the traffic to an additional network device connected to the WAN.
Bridge setup
You need to create a network bridge and add your network interface (e.g. eth0 ) to it. You should not add the wireless device (e.g. wlan0 ) to the bridge; hostapd will add it on its own.
Tip: You may wish to reuse an existing bridge, if you have one (e.g. used by a virtual machine).
NAT setup
In that article, the device connected to the LAN is net0 . That device would be in this case your wireless device (e.g. wlan0 ).
Tools
linux-wifi-hotspot
The linux-wifi-hotspot AUR package provides a script that can create either a bridged or a NATed access point for internet sharing. It combines hostapd, dnsmasq and iptables for the good functioning of the access point. Includes both command line and gui. The basic syntax to create a NATed virtual network is the following:
# create_ap wlan0 eth0 MyAccessPoint MyPassPhraseAlternatively, the template configuration provided in /etc/create_ap.conf can be adapted to ones need and the script run with:
# create_ap --config /etc/create_ap.confTo use the GUI, run in terminal:
Enable/start the create_ap.service to run the script at boot time with the configuration specified in /etc/create_ap.conf .
Note: In bridge mode, create_ap may conflict at boot time with the current network configuration. In this case, do not configure the IP address of the ethernet interface, neither DHCP nor a statip IP address, in order to facilitate the binding to the bridge.
RADIUS
See [1] for instructions to run a FreeRADIUS server for WPA2 Enterprise.
This article or section needs expansion.
Reason: Seems it is possible to easily create access point with just Network Manager. (Discuss in Talk:Software access point)
Troubleshooting
WLAN is very slow
Frequent causes for a lower than expected throughput include
- An improper choice of operation mode with a hw_mode lower than the one supported can limit the router artificially. Check that a modern operating mode is selected.
- A crowded or otherwise noise afflicted channel can severely degrade performance especially in densely populated areas. Try changing to a different channel or even switch frequencies.
- The availability of too little entropy can lead to poor performance. Consider installing haveged.
NetworkManager is interfering
hostapd may not work, if the device is managed by NetworkManager. You can mask the device using MAC:
/etc/NetworkManager/conf.d/unmanaged.conf
Wifi точка доступа archlinux unmanaged-devices=mac:hwaddr
/etc/NetworkManager/conf.d/unmanaged.conf
Wifi точка доступа archlinux unmanaged-devices=interface-name:ifname
Cannot start AP mode in 5 GHz band
Apparently with the special country code 00 (global), all usable frequencies in the 5Ghz band will have the no-ir (no-initiating-radiation) flag set, which will prevent hostapd from using them. You will need to have wireless-regdb installed and have your country code set to make frequencies allowed in your country available for hostapd.
Note that recent Intel devices have a Location-Aware Regulatory (LAR) feature, which ignores the userspace regulatory database and instead deduces the regulatory region by listening to other nearby access points. This means the devices will not transmit on any 5 GHz frequencies until they have first seen other access points on the 5 GHz frequency bands, preventing any 5 GHz transmission at all in many cases. Older kernels had an option to disable this which was removed in 2019 due to it causing the firmware to crash. Since this removal, Intel cards supporting LAR can no longer be used as access points in the 5 GHz band.
See also
Arch Linux User Repository
@yochananmarqos: Thanks for the pointer and sorry for having missed that.
yochananmarqos commented on 2023-05-11 23:13 (UTC)
@muekoeff: pkgconfig is part of pkgconf which is a member of base-devel . Users are expected to have base-devel installed using the AUR. See AUR: Prerequisites
muekoeff commented on 2023-05-11 22:55 (UTC) (edited on 2023-05-11 23:30 (UTC) by muekoeff)
pkgconfig should be added as makedepends.
yochananmarqos commented on 2022-09-25 15:20 (UTC)
@adrienrx: Do not flag packages out of date unless there is a new stable release available.
Report the issue upstream, it's not a packaging issue.
adrienrx commented on 2022-09-25 15:01 (UTC)
Right now the creation of a hotspot fails after updating manjaro. Apparmor is preventing dnsmasq to work properly.
A workaround on the manjaro forum is to run this command: ╰─ sudo aa-complain -d /etc/apparmor.d/ dnsmasq
I don't think this is a long term workaround as this is for sure impacting the security of the system. Someone on the manjaro forums is saying the profile of the app should be finely tuned instead. Is this package still maintained ?
seniorkiller commented on 2022-05-15 10:40 (UTC)
for some reason i need to manually enter my root password multiple time to create hotspot. i suspect it polkit issue since it prompt me the polkit password thing but not too sure. this happen recently, before i dont need to do anything to start it.
k0r0ng commented on 2021-12-30 20:46 (UTC) (edited on 2021-12-30 22:29 (UTC) by k0r0ng)
warning: directory permissions differ on /usr/share/polkit-1/rules.d/ filesystem: 750 package: 755
yuyichao commented on 2021-11-08 15:14 (UTC)
I've tested this on armv7h, so I think you can add that to the archs as well. Thx.
yochananmarqos commented on 2021-09-27 19:45 (UTC)
sigmacold commented on 2021-09-27 17:54 (UTC) (edited on 2021-09-27 17:54 (UTC) by sigmacold)
Policykit rule needs to be patched "sudo" -> "wheel"
And then the user needs to make sure hes in the wheel group.
Copyright © 2004-2023 aurweb Development Team.
AUR packages are user produced content. Any use of the provided files is at your own risk.