要藉由 USB 無線網路卡建立一個 AP(access point),還需要安裝 hostapd
這個 daemon。
安裝 hostapd
:
sudo apt-get install hostapd
建立 /etc/hostapd/hostapd.conf
設定檔,我們可以從 /usr/share/doc/hostapd/examples/hostapd.conf.gz
這個範例檔開始修改。
interface
設定為 wlan0
:
# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for # management frames); ath0 for madwifi interface=wlan0
設定 driver
:
# Driver interface type (hostap/wired/madwifi/test/none/nl80211/bsd); # default: hostap). nl80211 is used with all Linux mac80211 drivers. # Use driver=none if building hostapd as a standalone RADIUS server that does # not control any wireless/wired driver. driver=nl80211
設定無線網路的 SSID:
# SSID to be used in IEEE 802.11 management frames
ssid=RPi-AP
無線網路連線模式:
# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g, # ad = IEEE 802.11ad (60 GHz); a/g options are used with IEEE 802.11n, too, to # specify band) # Default: IEEE 802.11b hw_mode=g
無線網路頻道:
# Channel number (IEEE 802.11) # (default: 0, i.e., not set) # Please note that some drivers do not use this value from hostapd and the # channel will need to be configured separately with iwconfig. # # If CONFIG_ACS build option is enabled, the channel can be selected # automatically at run time by setting channel=acs_survey or channel=0, both of # which will enable the ACS survey based algorithm. channel=1
MAC 卡號認證機制設定:
# Station MAC address -based authentication # Please note that this kind of access control requires a driver that uses # hostapd to take care of management frame processing and as such, this can be # used with driver=hostap or driver=nl80211, but not with driver=madwifi. # 0 = accept unless in deny list # 1 = deny unless in accept list # 2 = use external RADIUS server (accept/deny lists are searched first) macaddr_acl=0
無線網路認證演算法設定:
# IEEE 802.11 specifies two authentication algorithms. hostapd can be # configured to allow both of these or only one. Open system authentication # should be used with IEEE 802.1X. # Bit fields of allowed authentication algorithms: # bit 0 = Open System Authentication # bit 1 = Shared Key Authentication (requires WEP) auth_algs=3
# Send empty SSID in beacons and ignore probe request frames that do not # specify full SSID, i.e., require stations to know SSID. # default: disabled (0) # 1 = send empty (length=0) SSID in beacon and ignore probe request for # broadcast SSID # 2 = clear SSID (ASCII 0), but keep the original length (this may be required # with some clients that do not support empty SSID) and ignore probe # requests for broadcast SSID ignore_broadcast_ssid=0
WPA 設定:
# Enable WPA. Setting this variable configures the AP to require WPA (either # WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either # wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK. # Instead of wpa_psk / wpa_passphrase, wpa_psk_radius might suffice. # For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys), # RADIUS authentication server must be configured, and WPA-EAP must be included # in wpa_key_mgmt. # This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0) # and/or WPA2 (full IEEE 802.11i/RSN): # bit0 = WPA # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) wpa=2
設定無線網路的密碼:
# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit # secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase # (8..63 characters) that will be converted to PSK. This conversion uses SSID # so the PSK changes when ASCII passphrase is used and the SSID is changed. # wpa_psk (dot11RSNAConfigPSKValue) # wpa_passphrase (dot11RSNAConfigPSKPassPhrase) #wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef wpa_passphrase=Raspberry
接受的金鑰管理方式:
# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The # entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be # added to enable SHA256-based stronger algorithms. # (dot11RSNAConfigAuthenticationSuitesTable) #wpa_key_mgmt=WPA-PSK WPA-EAP wpa_key_mgmt=WPA-PSK
# Set of accepted cipher suites (encryption algorithms) for pairwise keys # (unicast packets). This is a space separated list of algorithms: # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] # Group cipher suite (encryption algorithm for broadcast and multicast frames) # is automatically selected based on this configuration. If only CCMP is # allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise, # TKIP will be used as the group cipher. # (dot11RSNAConfigPairwiseCiphersTable) # Pairwise cipher for WPA (v1) (default: TKIP) #wpa_pairwise=TKIP CCMP wpa_pairwise=TKIP # Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value) rsn_pairwise=CCMP
編輯 /etc/default/hostapd
設定檔,設定 DAEMON_CONF
指向 /etc/hostapd/hostapd.conf
:
# Uncomment and set DAEMON_CONF to the absolute path of a hostapd configuration # file and hostapd will be started during system boot. An example configuration # file can be found at /usr/share/doc/hostapd/examples/hostapd.conf.gz DAEMON_CONF="/etc/hostapd/hostapd.conf"
測試一下 hostapd
的設定是否正確,使用 root 管理者權限執行 hostapd
,並指定設定檔:
sudo hostapd /etc/hostapd/hostapd.conf
檢查輸出是否有問題,正常來說會類似這樣:
Configuration file: /etc/hostapd/hostapd.conf Using interface wlan0 with hwaddr f8:1a:67:18:3a:ab and ssid "RPi-AP" wlan0: interface state UNINITIALIZED->ENABLED wlan0: AP-ENABLED wlan0: STA 28:e3:1f:50:b9:94 IEEE 802.11: authenticated wlan0: STA 28:e3:1f:50:b9:94 IEEE 802.11: associated (aid 1) wlan0: AP-STA-CONNECTED 28:e3:1f:50:b9:94 wlan0: STA 28:e3:1f:50:b9:94 RADIUS: starting accounting session 56BD92F6-00000000 wlan0: STA 28:e3:1f:50:b9:94 WPA: pairwise key handshake completed (RSN)
無如果正常的話,這時候就可以使用新的無線網路 RPi-AP 了。
一般手機或平板也可以直接使用。
確定設定無誤之後,可以中斷自己執行的 hostapd
,將系統的 hostapd
服務:
sudo service hostapd restart
如果在設定上有問題,無法使用的話,可以用 iw
指令檢查一下自己的 USB 無線網路卡是否支援 AP 模式:
iw list
在輸出中找到 Supported interface modes 這一段:
Supported interface modes: * IBSS * managed * AP * AP/VLAN * monitor * mesh point * P2P-client * P2P-GO
確認網路卡有支援 AP
模式。
另外若是軟體設定有問題,除了在終端機上的錯誤訊息之外,在 /var/log/syslog
紀錄檔中也可以找到一些資訊。
參考資料:adafruit、adafruit、maketecheasier、superuser、superuser、Ubuntu Help
Page: 1 2