Updated on 2/3/2025

Host Access Point Daemon (hostapd)

hostapd is a daemon for access point and authentication of wireless servers. It implements IEEE 802.11 access point management.

It was written by Jouni Malinen and contributors [1]. It dates back to 2002. There is a man page for it in Debian. There is no man page for hostapd in the Raspberry Pi OS. I currently do not know if it runs other distributions other than Debian.

hostapd.conf

hostapd.conf is the configuration file for hostapd. In it, you specify the authentication and wireless parameters. The documentation for hostapd.conf is in a sample hostpad.conf file by the author [2].

Below is the sample hostapd.conf file that is in the Raspberry Pi Configuration Documentation [3]:

country_code=GB
interface=wlan0
ssid=NameOfNetwork
hw_mode=g
channel=7
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=AardvarkBadgerHedgehog
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

It is believed that this hostapd.conf file is for a Raspberry Pi Zero W or for early model RPi. At this point in time, no one should be using TKIP, which is part of WEP (Wired Equivalent Privacy). WEP (Wired Equivalent Privacy) can easily be cracked. Just delete or comment out (#) the wpa_pairwise=TKIP.

The Offical Documentation for the Raspbery Pi has significantly changed. The sample hostapd.conf file is no longer in the documenation. The Raspberry Pi OS currently used the NetworkManger. The NetworkManager includes both an Access Point Server (authenicates wireless uses) and DHCP Server (asigns ip addresses).

Below is a sample hostap.conf file for a Raspberry Pi 4 with an 802.11ac radio:

# the country code
country_code=US

# limit radio frequencies to those allowed in country
ieee80211d=1

interface=wlan0

# network name
ssid=hacker2

# a is the 5 GHz radio
hw_mode=a

# 801.11ac support
ieee80211ac=1

# 802.11n support
ieee80211n=1

# raido channel
channel=149

# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1

# disable this to insure the AP is visible
ignore_broadcast_ssid=0

# ------ authentication and Encryption-------

# wep has been cracked - do not use 2 or 3
# 1=wpa, 2=wep, 3=both
auth_algs=1

# wpa=2 or wpa=3
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP

# network password
wpa_passphrase=misscoco

# mac address authentication list (macaddr_acl)
# macaddr_acl=0, accepts all mac address unless in hostapd.deny
# The location of hostapd.deny is specified via the line below, which is commented out.
#deny_mac_file=/etc/hostapd.deny
macaddr_acl=0
        

hostapd.conf is very sensitive to syntax.  

• First line of the file cannot be blank.
• Comments lines must have a # sign in column 1; column 2 will not work.
• No comments at the end of an instruction.
• Some instructions do like a space after the instruction: hw_mode=a, ssid=My_Network_Name, wpa_passphase=My_Pass_Word.
  

The official Raspberry Pi documentation says NOT to put quotes around the ssid or passphase. I too had problems with quotes here. However, hostapd author's sample hostapd.conf uses quotes.

Rather than specifying a particular radio channel, there is an auto scan channel (ACS) mode, but the best I can determine, it does not currently work with the Raspberry Pi. I tried this with the onboard radio and with an external Wi-Fi Radio, Netgear AC1200 WiFi USB Adapter. [Add Reference]

Run at startup

To get hostapd to run on startup find: DAEMON_CONF="" in /etc/default/hostapd uncomment it, and change it to:

DAEMON_CONF="/etc/hostapd/hostapd.conf

In addition to the above, in 2025 to get hostapd to run at start up, I had the fun the following two commands:

sudo systemctl unmask hostapd

sudo systemctl enable hostapd

Testing hostapd.conf

If hostapd runs at start up, you need to stop it, and manually restart it to receive diagnostics.

To stop hostapd:

sudo killall hostapd

To start hostapd:

sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf

References:

1. hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
2. Documentation of hostapd.conf by the author of hostapd
3. Raspberry Pi Official Documentation - Setting up a Routed Wireless Access Point
4. https://www.raspberrypi.com/documentation/computers/configuration.html
5. Raspberry Pi Official Documentation -Setting up a Bridged Wireless Access Point
6. https://hawksites.newpaltz.edu/myerse/2018/06/08/hostapd-on-raspberry-pi
7. https://wiki.gentoo.org/wiki/Hostapd
8. https://projects-raspberry.com/configuring-hostapd-on-raspberry-pi/
9. https://hawksites.newpaltz.edu/myerse/2018/07/11/raspberry-pi-relay/
10. https://thepi.io/how-to-use-your-raspberry-pi-as-a-wireless-access-point/
11. https://pimylifeup.com/raspberry-pi-wireless-access-point/
12. https://readwrite.com/tutorial-setup-raspberry-pi-wifi-hotspot-access-point/
13. https://www.instructables.com/Raspberry-Pi-Wifi-Hotspot/
14. https://hawksites.newpaltz.edu/myerse/2018/07/11/raspberry-pi-relay/
15. https://hawksites.newpaltz.edu/myerse/2018/06/20/raspberry-pi-routing-tables/
16. https://hawksites.newpaltz.edu/myerse/2018/06/19/dhcp-daemon-on-raspberry-pi/
17. https://superuser.com/questions/1503862/raspberry-pi-4-hostapd-hotspot-not-visible
18. https://www.ionos.com/digitalguide/server/configuration/provide-raspberry-pi-with-a-static-ip-address/
19. hostapd is only working in hw_mode=a - Raspberry Pi Forums - Added New Driver
20.  
21. How to Use the ip Command on Linux
22. YouTube - Raspberry Pi Access Point, VPN, SNMP, Router, Mobile Internet - Tall Paul Tech
23. Raspberry Pi Zero W Simultaneous AP and Managed Mode Wifi
24. YouTube - Getting Started with nftables Firewall in Debian
25. YouTube - Raspberry Pi Router and Firewall Using nftables - Tall Paul Tech
26. Understanding and Configuring Linux Network Interfaces
27. hostapd Linux documentation page