Thursday, December 1, 2011

Turn an Ubuntu Linux box a WAP (Wifi Access Point)

I recently helped a friend of mine James Miller setup an Ubuntu Linux box as a wireless access point. I had never done this before, but I found it to be pretty straightforward. Here is the very abbreviated version of the things that need to be done assuming that your wireless driver is supported by the nl80211 interface in the Linux kernel:
  1. Install hostapd
  2. Add a configuration file for hostapd
  3. Modify /etc/network/interfaces to bring up the hostapd config
James and I used an ath5k card to pull this off.

Installing hostapd:
At a root prompt, type: "apt-get install hostapd". Doing so will install all the machinery needed to bring up a WAP, but it will have no configuration.

Creating the config file for hostapd:
In /etc/hostapd/{essid}.conf, use the following contents for an unencrypted WAP:
interface=wlan0
driver=nl80211
ssid={essid} channel=1 # may want to replace with another channel
Of course, you should replace "{essid}" with your actual essid.

Modifying the /etc/network/interfaces file:
You'll need something similar to the following:
auto wlan0
iface wlan0 inet static
  address 192.168.1.1
  netmask 255.255.255.0
  hostapd /etc/hostapd/{essid}.conf

Conclusion:
That should get you a simple unencrypted WAP setup. If you want encryption, you can use hostapd to implement simple WPA2 personal or more interesting WPA2 enterprise style security (among other options). I would strongly recommend at least WPA2 personal (a.k.a. pre-shared key or PSK) encryption unless you have reasons to make it less secure.

Note also that this setup will leave you with your wireless network and other networks on separate layer 2 domains, which means that packets will need to be routed between them. You'll probably also want to get dhcp running so that you don't have to manually configure clients on the wireless network. I am going to leave getting these additional bits working as a exercise for the reader. As a hint, checkout the isc-dhcp-server package and the net.ipv4.forward (for IPv4). You might also want to check out the shorewall package as a nice firewall. :)

Good luck!