ソフトウェアアクセスポイント
ローカルネットワークを構築するために、コンピュータを Wi-Fi アクセスポイントとしたい場合、ソフトウェアアクセスポイントを使用します。無線ルーターを別に用意するという面倒を減らすことができます。
目次
要件
Wi-Fi デバイスが AP モードをサポートしていること
AP モード をサポートしている、nl80211 対応の無線デバイスが必要です。対応しているかどうかは iw list コマンドを実行することで確認できます。Supported interface modes ブロックに AP が含まれているか見て下さい:
$ iw list
Wiphy phy1 ... Supported interface modes: * IBSS * managed * AP * AP/VLAN * WDS * monitor * mesh point ...
無線クライアントとソフトウェア AP が単一の Wi-Fi デバイスを使っていること
Creating a software AP is independent from your own network connection (Ethernet, wireless, ...). Many wireless devices even support simultaneous operation both as AP and as wireless "client" at the same time. Using that capability you can create a software AP acting as a "wireless repeater" for an existing network, using a single wireless device. The capability is listed in the following section in the output of iw list:
$ iw list
Wiphy phy1
...
valid interface combinations:
* #{ managed } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1,
total <= 2048, #channels <= 1, STA/AP BI must match
...
The constraint #channels <= 1 means that your software AP must operate on the same channel as your Wi-Fi client connection; see the channel setting in hostapd.conf below.
If you want to use the capability/feature, perhaps because an Ethernet connection is not available, you need to create two separate virtual interfaces for using it.
Virtual interfaces for a physical device wlan0 can be created as follows:
First, the virtual interfaces are created for the network connection (wlan0_sta) itself and for the software AP/hostapd "wireless repeater":
# iw dev wlan0 interface add wlan0_sta type station # iw dev wlan0 interface add wlan0_ap type __ap
Second, the interfaces are assigned separate MAC addresses (use custom unique addresses):
# ip link set dev wlan0_sta address 12:34:56:78:ab:cd # ip link set dev wlan0_ap address 12:34:56:78:ab:ce
概要
アクセスポイントの設定は2段階に分けて行います:
- Setting up the Wi-Fi link layer, so that wireless clients can associate to your computer's "software access point" and send/receive IP packets from/to your computer; this is what the hostapd package will do for you.
- Setting up the network configuration on you computer, so that your computer will properly relay IP packets from/to its own Internet connection from/to wireless clients.
Wi-Fi リンク層
The actual Wi-Fi link is established via the hostapd package (available in the official repositories). The package has WPA2 support.
Adjust the options in hostapd configuration file if necessary. Especially, change the ssid and the wpa_passphrase. See hostapd Linux documentation page for more information.
/etc/hostapd/hostapd.conf
ssid=YourWiFiName wpa_passphrase=Somepassphrase interface=wlan0_ap bridge=br0 auth_algs=3 channel=7 driver=nl80211 hw_mode=g logger_stdout=-1 logger_stdout_level=2 max_num_sta=5 rsn_pairwise=CCMP wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP
hostapd を自動的に起動するようにするには、hostapd.service を有効化してください。
ネットワークの設定
There are two basic ways for implementing this:
- bridge: create a network bridge on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)
- NAT: with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal Wi-Fi router that's connected to your DSL or cable modem)
The bridge approach is simpler, but it requires that any service that's needed by your wireless clients (like, DHCP) is available on your computers external interface. That means it will not work if you have a dial-up connection (e.g., via PPPoE or a 3G modem) or if you're using a cable modem that will supply exactly one IP address to you via DHCP.
The NAT approach is more versatile, as it clearly separates Wi-Fi clients from your computer and it's completely transparent to the outside world. It will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.
Of course, it is possible to combine both things. For that, studying both articles would be necessary. Example: Like having a bridge that contains both an ethernet device and the wireless device with an static ip, offering DHCP and setting NAT configured to relay the traffic to an additional network device - that can be ppp or eth.
ブリッジの設定
You need to create a network bridge and add your network interface (e.g. eth0) to it. You should not add the wireless device (e.g. wlan0) to the bridge; hostapd will add it on its own.
ネットワークブリッジを見て下さい。
NAT の設定
インターネット共有を見て下さい。
On that article, the device connected to the LAN is net0. That device would be in this case your wireless device (e.g. wlan0).
ツール
create_ap
The create_ap script combines hostapd, dnsmasq and iptables to create a Bridged/NATed Access Point (available in the AUR create_apAUR).
RADIUS
See [1] for instructions to run a FreeRADIUS server for WPA2 Enterprise.
トラブルシューティング
無線 LAN が極端に遅い
おそらくエントロピーが不足しています。haveged をインストールしてみてください。
NetworkManager が干渉する
hostapd may not work, if the device is managed by NetworkManager. You can mask the device:
/etc/NetworkManager/NetworkManager.conf
[keyfile] unmanaged-devices=mac:<hwaddr>