wifi access point with hostapd (debian jessie)

When running a headless Debian MPD player with pulseaudio, RTP packets flood the wireless network with a lot of traffic.  I use a laptop as a remote multicast client to play music from the MPD server.  Unfortunately, my wife’s laptop (running Windows 7 Professional) barfs and loses its connection to the wireless network every time we play music.  The problem manifests when she uses her laptop as an MPD remote (Cantata).  On a relatively calm wifi connection (no audio playing) she can connect to MPD server and browse the music catalogue.  When she attempts to play a file the multicast flooding from pulseaudio kills her internet connection.

The solution: create a secondary wireless network bridge with hostapd and prevent multicast packets from killing the connection using ebtables.  This post is all about setting up the access point with hostapd.

This solution works because I’ve already got a DHCP server on the network and with a bridged network, the server would forward ethernet packets from the secondary wireless connection to the rest of the LAN. The DHCP server already on the LAN will provide any clients on this wireless network with an IP. It is possible (with dnsmasq and iptables) to use this setup just like your SOHO wireless router: https://seravo.fi/2014/create-wireless-access-point-hostapd

To create the wifi access point, I needed a cheap adapter.  With a little bit of research, I chose the relatively inexpensive TP-LINK TL-WN722N.  It uses an atheros AR9271 chipset which supports AP operation. On my Debian Jessie machine, I had to install the atheros firmware:
apt-get install firmware-atheros

To determine if your wifi adapter supports AP mode, run the following commands to install the iw package and get info on wireless hardware:
apt-get update
apt-get install iw
iw list

If AP is listed as one of the supported interface modes, you should be in good shape.

To bridge the wifi connection to the existing gigabit ethernet connection, we will need to add a bridge. First, we install network bridging utilities:
apt-get update
apt-get install bridge-utils

Second, update networking interface configuration to add a bridge on startup. Edit /etc/network/interfaces to make these changes:

# /etc/network/interfaces

# The primary network interface
allow-hotplug eth0
iface eth0 inet manual

# wifi access point
auto wlan0
iface wlan0 inet manual

# wifi to ethernet network bridge
# configured to get an IP from
# a DHCP server on the LAN
auto br0
iface br0 inet dhcp
bridge_ports eth0 wlan0

Restart networking to enable the changes with the systemctl command:
systemctl restart networking.service

Now we need to configure hostapd to act as an access point. To install hostapd, run the following commands:
apt-get update
apt-get install hostapd

I’ve configured my access point by creating a configuration file at /etc/hostapd/hostapd.conf. The config file doesn’t exist by default. You can inspect the sample config file (with decent documentation) by running this command:
catz /usr/share/doc/hostapd/examples/hostapd.conf.gz

Here’s a look at a working config file for a wireless-n access point.

# wifi interface to use
interface=wlan0
# your ssid
ssid=telperion

# use the nl80211 driver if you have centrino or atheros cards
driver=nl80211

# the ethernet bridge
bridge=br0

# even "n" modes use wireless g
hw_mode=g
country_code=US
ieee80211n=1
ieee80211d=1
channel=2 
# these options can be tuned based on what is in `iw list` 
ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][HT20][SHORT-GI-20] 
# cipher suite info for this connection.
# you should be using WPA2 
wpa=2
wpa_passphrase=MelkorSucks
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
auth_algs=1
macaddr_acl=0

After setting up the config file, we need to make sure that the systemd service script uses the config file. You need to point the DAEMON_CONF environment variable at /etc/hostapd.conf by adding this line to /etc/default/hostapd:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Once the config file, the service file, and the network bridge are appropriately configured, you can install the hostapd service so that it starts at boot with the following command:
systemctl enable hostapd.service

Leave a Reply

Your email address will not be published. Required fields are marked *