Wifi Access Point and Station on same chip – share internet too

Standard

Users of cable-net like 24online need authentication to activate internet connection. If the connection is attached with wifi router, user has to authenticate via wifi in station mode. If internet is required on mobile at the same time, an access point is also required.

Linux can configure both wifi station and access point on the same chip (if supported), so users can get internet on laptop and on mobile devices simultaneously.  This post is based on debain, though the same approach is valid for other distro. It is assumed the wifi station is already configured and internet is available through that station. 

Do we have a supported chip ?

First thing first. Check if the wireless card supports AP mode under ” Supported interface modes:”  and simaltenious Station+AP under “valid interface combination” with following command as root

#iw list

Here it is supported in Qualcomm Atheros chip

Selection_037

Selection_038

# lspci | grep Wireless
 04:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01)

Check kernel support

The wireless driver here is ath9k . Find out yours

# lspci -k | grep -A 3 Network
04:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01)
 Subsystem: Foxconn International, Inc. T77H047.31 802.11bgn Wireless Half-size Mini PCIe Card [AR9283]
 Kernel driver in use: ath9k
 Kernel modules: ath9k

Check if kernel supports mac80211 which is required to support AP

#modinfo ath9k | grep 80211
depends: mac80211,ath9k_hw,ath9k_common,cfg80211,ath

From above mac80211 is supported

If driver is not available, then the kernel must be compiled with IEEE 802.11 Wireless LAN (WLAN) & Mesh (Wi-Fi certification)

CONFIG_CFG80211=m
CONFIG_MAC80211=m 

Two virtual interfaces for AP and Station

Disable network manager, if already running

iw phy phy0 interface add sw_station type station
macchanger -r sw_station
iw phy phy0 interface add sw_ap type __ap
macchanger -r sw_ap

macchanger assigns random mac to interfaces. It can be installed by

apt-get install macchanger

Configuration of the wifi station is beyond the scope of this post. The configuration for the same must be at /etc/network/interfaces for successful automation,  script given at end.

hostapd

hostapd is a user space daemon for access point and authentication servers. Supports mac80211 based drivers

apt-get install hostapd

We can easily check the software AP with a basic minimal configuration at /etc/hostapd.conf

interface=sw_ap
driver=nl80211
ssid=LAPTOP_AP
channel=1

Start  hostapd and check the availability of LAPTOP_AP from mobile device

hostapd  /etc/hostapd.conf

If  goes well, then write down a proper configuration

interface=sw_ap
#driver to use, nl80211 works in most cases
driver=nl80211
#sets the ssid of the virtual wifi access point
ssid=LAPTOP_AP
#sets the mode of wifi, depends upon the devices you will be using.
#It can be a,b,g,n. Setting to g ensures backward compatiblity.
hw_mode=g
#sets the channel for your wifi
channel=1
#macaddr_acl sets options for mac address filtering.
# 0 means "accept unless in deny list"
macaddr_acl=0
#setting ignore_broadcast_ssid to 1 will disable the broadcasting of ssid
ignore_broadcast_ssid=0
#Sets authentication algorithm
#1 - only open system authentication
#2 - both open system authentication and shared key authentication
auth_algs=1
#####Sets WPA and WPA2 authentication#####
#wpa option sets which wpa implementation to use
#1 - wpa only
#2 - wpa2 only
#3 - both
wpa=3
#sets wpa passphrase required by the clients to authenticate themselves on the network
wpa_passphrase=changeme
#sets wpa key management
wpa_key_mgmt=WPA-PSK
#sets encryption used by WPA
wpa_pairwise=TKIP
#sets encryption used by WPA2
rsn_pairwise=CCMP

and put the service at background

hostapd -B /etc/hostapd.conf

In case hostapd fails, it can be debugged with

hostapd -d  /etc/hostapd.conf

Connection sharing

There are two options, NAT and Bridge.  In software bridge wireless clients will be added to same subnet that of the laptop, while NAT with IP masquerading and DHCP service will provide a dedicated subnet to the wireless clients. In this post I follow NAT.

iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface sw_station -j MASQUERADE
iptables --append FORWARD --in-interface sw_ap -j ACCEPT

Following is required to activate IP forwarding at kernel level

sysctl -w net.ipv4.ip_forward=1

DHCP for wireless clients

Software AP has to be activated first with self IP

ifconfig sw_ap up 192.168.2.1

Install DHCP server

apt-get install isc-dhcp-server

Edit /etc/default/isc-dhcp-server to add proper interface on which DHCP will be provided

INTERFACES="sw_ap"

Edit /etc/dhcp/dhcpd.conf with following

shared-network home {

# A slightly different configuration for an internal subnet.
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.10 192.168.2.20;
#google DNS
option domain-name-servers 8.8.8.8, 8.8.4.4;
# router is the IP of wifi station
option routers 10.11.176.32;
option broadcast-address 192.168.2.255;
default-lease-time 6000;
max-lease-time 7200;

}

Restart the dhcp.  The software Access Point can share the internet on wireless clients too .

/etc/init.d/isc-dhcp-server start

Shell script for automation

#!/bin/bash
#create virtual interfaces
iw phy phy0 interface add sw_station type station
macchanger -r sw_station
iw phy phy0 interface add sw_ap type __ap
macchanger -r sw_ap
#activate interfaces
ifup sw_station
ifconfig sw_ap up 192.168.2.1
#run hostapd at background
hostapd -B /etc/hostapd.conf
#Enable NAT
sysctl -w net.ipv4.ip_forward=1iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
iptables --table nat --append POSTROUTING --out-interface sw_station -j MASQUERADE
iptables --append FORWARD --in-interface sw_ap -j ACCEPT 
#DHCP 
/etc/init.d/isc-dhcp-server start 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s