Skip to content

Hostapd

Jump to bottom
xxooxxooxx edited this page Aug 15, 2023 · 21 revisions

Hostapd

cat /etc/apt/sources.list

deb http://ftp.debian.org/debian/ buster main contrib non-free
deb-src http://ftp.debian.org/debian/ buster main contrib non-free

deb http://security.debian.org/debian-security buster/updates main contrib non-free
deb-src http://security.debian.org/debian-security buster/updates main contrib non-free

deb http://ftp.debian.org/debian/ buster-updates main contrib non-free
deb-src http://ftp.debian.org/debian/ buster-updates main contrib non-free

deb http://deb.debian.org/debian buster-backports main contrib non-free

apt update 
apt install iw lshw hostapd bridge-utils firmware-misc-nonfree 

apt -y install haveged
systemctl start haveged
systemctl enable haveged
cat /proc/sys/kernel/random/entropy_avail

lsusb
...
Bus 002 Device 002: ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter
...

iw list
...
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
                 * mesh point

...

vi /etc/default/grub
GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"

update-grub

vi /etc/network/interfaces

allow-hotplug eth0
iface eth0 inet manual

auto br0
iface br0 inet static
        address 192.168.0.143
        netmask 255.255.255.0
        gateway 192.168.0.1
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
        bridge_maxwait 0
  • WPA-PSK
vi /etc/hostapd/hostapd.conf

interface=wlan0_ap
bridge=br0
driver=nl80211
ssid=ssidname
utf8_ssid=1
preamble=1

#2.4G
hw_mode=g
channel=6
ieee80211n=1
wmm_enabled=1

ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]

#5G
#hw_mode=a
#ieee80211n=1
#ieee80211d=1
#ieee80211ac=1
#wmm_enabled=1
#channel=36

country_code=US
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
disassoc_low_ack=0
wpa=2
wpa_passphrase=passwd
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
  • EAP-PEAP
apt -y install ssl-cert
make-ssl-cert generate-default-snakeoil --force-overwrite

#wpa_key_mgmt=WPA-PSK
#wpa_key_mgmt=WPA-EAP
wpa_key_mgmt=WPA-PSK WPA-EAP

ieee8021x=1
eapol_version=1
eap_server=1
eap_user_file=/etc/hostapd/hostapd.eap_user
server_cert=/etc/ssl/certs/ssl-cert-snakeoil.pem
private_key=/etc/ssl/private/ssl-cert-snakeoil.key

vi /etc/hostapd/hostapd.eap_user

*  PEAP
"user1"  MSCHAPV2  "password"  [2]
"user2"  MSCHAPV2  "password"  [2]

https://wiki.archlinux.org/title/Software_access_point_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)

  • NUC (Ubuntu&NetworkManager)
apt install macchanger

vi /etc/systemd/system/restore-interface@.service

[Unit]
Description=Restore an interface %i
Wants=network.target
Before=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/sbin/iw phy phy0 interface add %i type managed
#ExecStartPost=/sbin/ip address add 10.10.10.1/24 dev %i ###NAT###
#ExecStartPre=/sbin/iw phy phy0 interface add %i type managed
#ExecStart=/usr/bin/macchanger -r %i
#ExecStartPost=/sbin/iwconfig %i power off

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl enable restore-interface@wlan0_ap
systemctl start restore-interface@wlan0_ap
systemctl status restore-interface@wlan0_ap

vi /lib/systemd/system/hostapd.service
add to [Unit]

After=NetworkManager.service
Requires=restore-interface@wlan0_ap.service

add to [Service]

ExecStartPre=/bin/sleep 10
ExecStart=...
  • NAT
apt instasll udhcpd
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE
  • con show
sudo iw dev wlan0_ap station dump
  • 5G
36, 44, 52, 60, 100, 108, 116, 124, 132, 140,149, 157, 184, 192
"no IR" ("No Initial Radiation") means the card can't work as AP on this channel.

https://wireless.wiki.kernel.org/en/users/documentation/iw#getting_station_statistics

Clone this wiki locally