I have a workstation I use as a home server. It acts as a file server, a web server, an OpenVPN provider, and a router. When I discovered hostapd, I knew that I wanted my little server to also provide wireless access.
hostapd is a piece of software that allows a linux box with a supported wireless card to act as an access point instead of a client: other wireless devices, such as laptops and smart phones, can connect to it just as they would connect to a wireless router.
Hardware
After doing some research, the wireless network card I chose was the TP-LINK TL-WDN4800. It was reasonably priced, supported both 2.4GHz and 5GHz, and had native linux support using the ATH9k drivers.
Installation
Setting up the software was pretty easy. On Debian, all it took was:
sudo aptitude install wireless-tools iw hostapd crda
The default configuration file works reasonably well, and is useful for ensuring that the other elements of an access point / router set up are working before introducing security complications. After I made sure that my clients could associate without a password, obtain a DHCP lease, and get out to the internet, I then changed the configuration to require a passphrase.
Software
There are a few tools I found to be helpful. The first lists all the SSIDs in
range: /sbin/iwlist scan. This will show you the name of each access point
your card can see, as well as channel, frequency, and bitrates:
$ /sbin/iwlist scan
wlan0 Scan completed :
Cell 01 - Address: 00:00:AB:CD:EF:00
Channel:1
Frequency:2.412 GHz (Channel 1)
Quality=63/70 Signal level=-47 dBm
Encryption key:on
ESSID:"Example"
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
36 Mb/s; 48 Mb/s; 54 Mb/s
Mode:Master
Extra:tsf=00000002919ecdc3
Extra: Last beacon: 2160ms ago
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : PSK
In this case, the access point is named "Example", has a password configured, and is running in the 2.4GHz spectrum.
The other tool I found to be useful is /sbin/iw list. This will give you all
the details about your wireless interfaces. Here is the output for the
TL-WDN4800:
$ /sbin/iw list
Wiphy phy0
Band 1:
Capabilities: 0x11ef
RX LDPC
HT20/HT40
SM Power Save disabled
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 8 usec (0x06)
HT TX/RX MCS rate indexes supported: 0-23
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (20.0 dBm)
* 2472 MHz [13] (20.0 dBm)
* 2484 MHz [14] (disabled)
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Band 2:
Capabilities: 0x11ef
RX LDPC
HT20/HT40
SM Power Save disabled
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 8 usec (0x06)
HT TX/RX MCS rate indexes supported: 0-23
Frequencies:
* 5180 MHz [36] (23.0 dBm)
* 5200 MHz [40] (23.0 dBm)
* 5220 MHz [44] (23.0 dBm)
* 5240 MHz [48] (23.0 dBm)
* 5260 MHz [52] (23.0 dBm) (passive scanning, no IBSS, radar detection)
* 5280 MHz [56] (23.0 dBm) (passive scanning, no IBSS, radar detection)
* 5300 MHz [60] (23.0 dBm) (passive scanning, no IBSS, radar detection)
* 5320 MHz [64] (23.0 dBm) (passive scanning, no IBSS, radar detection)
* 5500 MHz [100] (disabled)
* 5520 MHz [104] (disabled)
* 5540 MHz [108] (disabled)
* 5560 MHz [112] (disabled)
* 5580 MHz [116] (disabled)
* 5600 MHz [120] (disabled)
* 5620 MHz [124] (disabled)
* 5640 MHz [128] (disabled)
* 5660 MHz [132] (disabled)
* 5680 MHz [136] (disabled)
* 5700 MHz [140] (disabled)
* 5745 MHz [149] (30.0 dBm)
* 5765 MHz [153] (30.0 dBm)
* 5785 MHz [157] (30.0 dBm)
* 5805 MHz [161] (30.0 dBm)
* 5825 MHz [165] (30.0 dBm)
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
max # scan SSIDs: 4
max scan IEs length: 2257 bytes
Coverage class: 0 (up to 0m)
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP (00-0f-ac:4)
* CMAC (00-0f-ac:6)
Available Antennas: TX 0x7 RX 0x7
Configured Antennas: TX 0x7 RX 0x7
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* WDS
* monitor
* mesh point
* P2P-client
* P2P-GO
software interface modes (can always be added):
* AP/VLAN
* monitor
interface combinations are not supported
Supported commands:
* new_interface
* set_interface
* new_key
* new_beacon
* new_station
* new_mpath
* set_mesh_params
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* remain_on_channel
* set_tx_bitrate_mask
* action
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* connect
* disconnect
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0xd0
* managed: 0x40 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
Device supports RSN-IBSS.
Troubleshooting
I did run into a problem trying to use the 5GHz channels. iw list showed me
that the card did support 5GHz, as did the box the card came in, but every
time I tried to configure hostapd to use one of the 5GHz channels I got the
error:
hostapd: wlan0: IEEE 802.11 Configured channel (36) not found from the channel list of current mode (2) IEEE 802.11a
rmdir[ctrl_interface]: No such file or directory
hostapdrmdir[ctrl_interface]: No such file or directory
The solution to this problem turned out to be to install the Central Regulatory Domain Agent and restart. I have added the crda package to the install line above.
The other problem I ran into was:
HT (IEEE 802.11n) with WPA/WPA2 requires CCMP to be enabled, disabling HT capabilities
In order to resolve this, I uncommented the line
wpa_pairwise=TKIP CCMP
Surprise
One thing I didn't realize, but which makes perfect sense in retrospect, is that I can't provide both 2.4GHz and 5GHz service with the single card. While the card can operate on either band, it has only a single radio, and so can only operate on one at a time. If you want to provide both using hostapd, you will need a second wireless card to provide the other band.
Conclusion
I'm very happy with my setup. I have one fewer thing to plug in, one fewer opaque piece of hardware to maintain, and one more service on my home server.