## Saturday, July 13, 2013

### Setup a Wireless Access Point with Linux Mint 15 (Olivia)

In these days of tablets, smartphones and other "connected" devices, the ability to share a fast wired Internet connection via wi-fi can be very useful, specially at home or small offices. Wireless routers aren't very expensive and are simple enough to install – yet I have always thought they're kind of wasteful, considering most computers today ship with wi-fi interfaces, or can be fitted with USB cards that sell for pennies.

With Linux, wi-fi interfaces can be configured to operate in master mode, so they can accept client connections just like a dedicated router would. This is a huge improvement over "ad-hoc" wi-fi network sharing, because:
1. Many mobile devices do not connect to "ad-hoc" access points;
2. The WEP authentication standard used on those connections is known to be flawed, in contrast to the newer WPA standard used in "master mode" connections.
Today I updated my desktop to the latest Linux Mint 15 (Olivia), and as I went about configuring a Wireless Access Point (WAP) on it for my other devices, I took the time to document my changes to the system, so I can more easily reproduce them in future upgrades – and hopefully, also help others to setup a WAP with Mint.

The procedure I came up with was largely inspired by this blog post. It assumes the existence of a wired interface eth0 (which provides access to the Internet) and a mac80211-compatible wireless interface wlan0 (which will be configured to accept client connections in "master mode").

First open a command prompt and start a root session with su, then follow the steps below:

Step 1: Install Applications

Type the command below to install the required services:
apt-get install hostapd dnsmasq

As it is the services will be automatically started when the computer boots, but we need better control than that. So change the default settings to manual start:
update-rc.d -f hostapd remove
update-rc.d -f dnsmasq remove


Step 2: Configuration Files

Create or update the following config files with the contents below:

/etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=hotspot # Your WAP name, change it to something more unique
hw_mode=g
channel=6 # You may want to change this if the channel is too crowded
wpa=1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
wpa_ptk_rekey=600


/etc/dnsmasq.conf
# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
no-resolv
# Interface to bind to
interface=wlan0
# Specify starting_range,end_range,lease_time
dhcp-range=10.0.0.3,10.0.0.20,12h
# dns addresses to send to the clients
server=8.8.8.8
server=8.8.4.4


Step 3: Interface Scripts

/etc/network/if-up.d/wapstart
#!/bin/sh

WIRE=eth0
WIFI=wlan0

# Only run script for wired interface
if [ ! "$IFACE" = "$WIRE" ]
then
exit 0
fi

# Setup wireless interface
ifconfig $WIFI up 10.0.0.1 netmask 255.255.255.0 # Start dnsmasq /etc/init.d/dnsmasq start #Enable NAT iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table nat --append POSTROUTING --out-interface$WIRE -j MASQUERADE
iptables --append FORWARD --in-interface $WIFI -j ACCEPT # Start the Wireless Access Point service /etc/init.d/hostapd start exit 0  /etc/network/if-post-down.d/wapstop #!/bin/bash WIRE=eth0 WIFI=wlan0 # Only run script for wired interface if [ ! "$IFACE" = "$WIRE" ] then exit 0 fi # Stops Wireless Access Point services /etc/init.d/hostapd stop /etc/init.d/dnsmasq stop # Asked nice the first time... killall dnsmasq killall hostapd ifconfig$WIFI down

Make sure to create the scripts from the root account, so they'll have the right ownership. Also don't forget to give them running permission:
chmod +x /etc/network/if-up.d/wapstart
chmod +x /etc/network/if-post-down.d/wapstop


Usage

After performing the steps above, you should be able to start the WAP by stopping and restarting the wired interface:
ifconfig eth0 down
ifconfig eth0 up

From now on it will also be automatically started at boot time.

Troubleshooting

If your devices can see and connet to the wireless hotspot, but they cannot access the Internet, enter the command below:
sysctl -w net.ipv4.ip_forward=1

This will update kernel settings to enable IP forwarding, and only has to be issued once.

Depending on your distribution, hostapd may require that the wireless interface be either turned "on" in the network manager applet (e.g. Mint 15), or excluded from Network Manager control (e.g. Kubuntu 14.04). In the second case add the following to /etc/NetworkManager/NetworkManager.conf:
[keyfile]

Also check /etc/init.d/hostapd for whether the variable DAEMON_CONF is set; if not, set it to the path of the config file:
DAEMON_CONF=/etc/hostapd/hostapd.conf

If nothing else works, you can try to find the cause by running hostapd directly instead of in service mode, with extra logging options enabled. For example:
hostapd -d /etc/hostapd/hostapd.conf


1. Hi.. I tried to configure the wireless access point following above procedure.. I am able to see the network in the list and connect to it.. However, I m not able to connect to internet using this network.. Could you please help me in this regard..
Thanks..

2. Hi Anonymous,

It's hard to guess what is wrong without poking around the system. I can advise you on some tests you can make:

First, check whether the machine running the WAP can connect to the Internet.

Run "ifconfig -a" and check if your interfaces are correctly set up (both wired and wireless interfaces have inet addresses, values are correct etc).

Use the command below to check whether hostapd and dnsmasq are running:

ps aux | egrep 'dnsmasq|hostapd'

This command should return two entries for dnsmasq and one for hotsapd.

Finally, run the commands in the wapstart script manually on a terminal session, one at a time, and check if any error message comes up.

Try to narrow down what exactly is the problem, then google for a solution. This is what I'd do in your place; I'm not an expert either, so aside from the above your guesses are as good as mine.

3. This sort generally don't work if there is Firewall enabled in host machine.

I already have script which fires AP when wireless is enabled and stops AP on disabling the wireless. but it don't work whenever the firewall is enabled.
hope someone finds solution. I am also working on it.

4. Hi Helio Perroni Filho,

I'm quiet new to linux and not really an expert in programming. I'm having difficulties find a decent tutorial web page in order for me to create the interface scripts in step 3. Any chance you help?

Also I've performed the previous steps will this not create problems if not all modification are done?

Thanks.

5. This comment has been removed by a blog administrator.

6. Hi Anon,

The scripts in step 3 can be used as-is, just copy them from the post and paste to new text files in your machine's filesystem as described. Anyone who has used a computer before should be able to do that, it's not a Linux-specific skill.

It's only the hostapd.conf file at step 2 that needs to be edited. At the very least, you should provide a proper password; also remove the comments, as the hostap daemon won't run otherwise.

As far as I'm aware the steps in this tutorial represent the bare minimal necessary to make wi-fi hosting work. I very much doubt you could leave anything out and still get it to work (quite the opposite in all likelihood), but as always "your mileage may vary".

7. Hi i receive the following hostapd error:

Completing interface initialization
Mode: IEEE 802.11g Channel: 1 Frequency: 2412 MHz
nl80211: Set freq 2412 (ht_enabled=0 sec_channel_offset=0)
nl80211: Failed to set channel (freq=2412): -16 (Device or resource busy)
Could not set channel for kernel driver
wlan0: Unable to setup interface.

8. I'm having problem with obtaining an ip address. the cell phone detect the network and do the authentication but cannot obtain an ip address..

9. Hello. I worked! Thank you! But, If I want to use my wireless card on my laptop to connect to some wifi, How can i disable the WAP?

1. Running the wapstop script manually should do the trick.

10. I'm trying to set up a network that distributes the internet connection that I get through a usb modem in /dev/ttyUSB0. To do this I've tried following your steps but exchanging eth0 to ppp0 but when I run ifconfig ppp0 down
ifconfig ppp0 up
it results in my internet connection going down and I have to disconnect and dial up again to restore it.
Any ideas?

11. Thank you very much for these instructions/tutorial, they worked perfectly for me in the end (see below).

One thing I would like to point out for others: NAT will not work unless packet forwarding by the kernel is enabled. Being a noob, I did not realize this and I spent a long time scratching my head and double-checking things that had nothing wrong with them until I worked this out. In the end I ran Wireshark (network analyzer) on wlan0 and saw there was no return traffic - that led me to learn about iptables and thus figure out the problem.

Command to turn on packet forwarding (does not survive re-boot):

echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/sysctl.conf:
To make change permanent - edit /etc/sysctl.conf like so:
net.ipv4.ip_forward = 1

12. thanks buddy this wrked flawlessly on mint 16 petra