How to setup a wireless access point: Difference between revisions

From Alpine Linux
(added note about testing)
(Cleaned up some redundant bits, cleared up some formatting and brought this to a production ready state.)
 
(15 intermediate revisions by 9 users not shown)
Line 1: Line 1:
{{Draft}}
== Install needed packages ==
This page will show a step by step guide to setting up Alpine Linux as a secure wireless access point.  Basic steps are to:
# Install needed packages
# Insure your wireless card is detected and in master/ap mode
# Setup bridge between eth0 and wlan0
# Setup encryption on wlan0
# Setup hostapd
# Associate clients!


{{Note|As of this document's writing this document has not been fully tested since the 2 wireless cards I've got don't fully support master mode in Linux yet...}}
* hostapd
* bridge (optional)


== Install needed packages ==
== Check that the card is detected ==
apk add hostapd wireless-tools wpa_supplicant
 
Run cat /proc/net/dev to see which cards are detected.
 
If no cards are available, check what driver the card uses and modprobe it.


== Check that card is detected ==
Check that the card is in master mode.
Simplest way is to check /proc/net/dev and see which are detected there.  If not, check what driver the card uses, modprobe it.  Last, check that card is in master mode, which is different for each card (hint: google is your friend here)


== Setup Bridge ==
== Setup Bridge ==
{{:Setting Up a bridge}}


== Setup Encryption ==
If your wireless access point is NOT also intended to be a router, you may wish to bridge an ethernet interface to the wireless interface.
Edit /etc/hostapd/hostapd.wpa_psk and insert the following, replacing PASSPHRASE with the WPA_PSK key you would like to use (remove keys that you don't want to use):
 
00:00:00:00:00:00 PASSPHRASE
This can be particularly advantageous where you are setting up multiple access points with a shared SSID, as this allows the APs to share an address space, and avoids wireless clients having to change DHCP lease when they move from access point to access point.
 
Setup the bridge by editing <samp>/etc/network/interfaces</samp>. Assuming you wish to bridge the access point to the ethernet device <samp>eth0</samp>, you can add something like this:
 
<pre>
auto br0
iface br0 inet dhcp
  hostname alpine
  bridge-ports eth0
</pre>
 
Comment out any existing lines configuring <samp>eth0</samp> as this should now be handled via the bridge configuration. It is not necessary to mention <samp>wlan0</samp> here, as <samp>hostapd</samp> will take care of adding the device to the bridge later.
 
Please see [[Bridge]] for more information on network bridges.


== Setup hostapd ==
== Setup hostapd ==


Edit /etc/hostapd/hostapd.conf and replace entries that need to be such as interface, bridge, driver, ssid, etc.
[http://w1.fi/hostapd/ hostapd] is the daemon that hosts the access point. What follows are example configurations, but further configuration options are available, and you should read the documentation for details.
Example file below:
 
Edit /etc/hostapd/hostapd.conf and make the necessary changes such as interface, bridge, driver, ssid, etc.
 
For example:
  interface=wlan0
  interface=wlan0
  bridge=br0
  bridge=br0
Line 48: Line 59:
  wpa_key_mgmt=WPA-PSK
  wpa_key_mgmt=WPA-PSK
  wpa_pairwise=CCMP
  wpa_pairwise=CCMP
If you wish to use MAC address filtering, uncomment the above 2 lines, create /etc/hostapd/accept (with 600 permissions) and add the allowed clients' MAC address to the file.<br />
 
If you wish to use MAC address filtering, uncomment the lines starting with macaddr_acl and accept_mac_file, create /etc/hostapd/accept (with permissions set to 600) and add the allowed clients' MAC address to the file.<br />
 
=== Authentication ===
 
Edit /etc/hostapd/hostapd.wpa_psk and insert the following, replacing PASSPHRASE with the WPA_PSK key you would like to use (remove keys that you don't want to use):
00:00:00:00:00:00 PASSPHRASE
 
== Start the Service ==
Start hostapd.
Start hostapd.
/etc/init.d/hostapd start
 
{{Cmd|rc-service hostapd start}}


== Associate clients ==
== Associate clients ==
Depending on the client OS software, either just associate the client, or once again see google :).
Associate a few clients to test.
 
[[Category:Networking]]

Latest revision as of 18:24, 24 September 2025

Install needed packages

  • hostapd
  • bridge (optional)

Check that the card is detected

Run cat /proc/net/dev to see which cards are detected.

If no cards are available, check what driver the card uses and modprobe it.

Check that the card is in master mode.

Setup Bridge

If your wireless access point is NOT also intended to be a router, you may wish to bridge an ethernet interface to the wireless interface.

This can be particularly advantageous where you are setting up multiple access points with a shared SSID, as this allows the APs to share an address space, and avoids wireless clients having to change DHCP lease when they move from access point to access point.

Setup the bridge by editing /etc/network/interfaces. Assuming you wish to bridge the access point to the ethernet device eth0, you can add something like this: 

auto br0
iface br0 inet dhcp
  hostname alpine
  bridge-ports eth0

Comment out any existing lines configuring eth0 as this should now be handled via the bridge configuration. It is not necessary to mention wlan0 here, as hostapd will take care of adding the device to the bridge later.

Please see Bridge for more information on network bridges.

Setup hostapd

hostapd is the daemon that hosts the access point. What follows are example configurations, but further configuration options are available, and you should read the documentation for details.

Edit /etc/hostapd/hostapd.conf and make the necessary changes such as interface, bridge, driver, ssid, etc.

For example: 

interface=wlan0
bridge=br0
driver=hostap
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
debug=0
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=SecureSSID
#macaddr_acl=1
#accept_mac_file=/etc/hostapd/accept
auth_algs=3
eapol_key_index_workaround=0
eap_server=0
wpa=3
wpa_psk_file=/etc/hostapd/hostapd.wpa_psk
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP

If you wish to use MAC address filtering, uncomment the lines starting with macaddr_acl and accept_mac_file, create /etc/hostapd/accept (with permissions set to 600) and add the allowed clients' MAC address to the file.

Authentication

Edit /etc/hostapd/hostapd.wpa_psk and insert the following, replacing PASSPHRASE with the WPA_PSK key you would like to use (remove keys that you don't want to use): 

00:00:00:00:00:00 PASSPHRASE

Start the Service

Start hostapd.

rc-service hostapd start

Associate clients

Associate a few clients to test.

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=How_to_setup_a_wireless_access_point&oldid=31001"