Electrical-Forenics Home ray@RayFranco.com                       601.529.7473
   © Dr. Ray Franco, PhD, PE  -  208 Fairways Dr., Vicksburg, MS 39183

Updated on February 3, 2023

Host Access Point Daemon (hostapd)

hostapd is a daemon for access point and authentication of wireless servers. It implements IEEE 802.11 access point management.

It was written by Jouni Malinen and contributors [1]. It dates back to 2002. There is a man page for it in Debian. I currently do not if it runs other distributions other than Debian.

hostapd.conf

hostapd.conf is the configuration file for hostapd. In it, you specify the authentication and wireless parameters. The documentation for hostapd.conf is in a sample hostpad.conf file by the author [2].

Below is the sample hostapd.conf file that is in the Raspberry Pi Configuration Documentation [3]:

country_code=GB
interface=wlan0
ssid=NameOfNetwork
hw_mode=g
channel=7
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=AardvarkBadgerHedgehog
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

It is believed that this hostapd.conf file is for a Raspberry Pi Zero W or for early model RPi. At this point in time, no one should be using TKIP, which is part of WEP (Wired Equivalent Privacy). WEP (Wired Equivalent Privacy) can easily be cracked. Just delete or comment out (#) the wpa_pairwise=TKIP.

Below is a sample hostap.conf file for a Raspberry Pi 4 with an 802.11ac radio:

# the country code
country_code=US
 
# limit radio frequencies to those allowed in country
ieee80211d=1
 
interface=wlan1
 
# network name
ssid=hacker1
 
# a is the 5 GHz radio
hw_mode=a
 
# 801.11ac support
ieee80211ac=1
 
# 802.11n support
ieee80211n=1
 
# raido channel
channel=149
 
# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1
 
# disable this to insure the AP is visible
ignore_broadcast_ssid=0
 
# ------ authentication and Encryption-------
 
# wep has been cracked - do not use 2 or 3
# 1=wpa, 2=wep, 3=both
auth_algs=1
 
# wpa=2 or wpa=3
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
 
# network password
wpa_passphrase=misscoco
 
# mac address authentication list (macaddr_acl)
# macaddr_acl=0, accepts all mac address unless in hostapd.deny
# The location of hostapd.deny is specified via the line below, which is commented out.
#deny_mac_file=/etc/hostapd.deny
macaddr_acl=0

Rather than specifying a particular radio channel, there is an auto scan channel (ACS) mode, but the best I can determine, it does not currently work with the Raspberry Pi. I tried this with the onboard radio and with an external Wi-Fi Radio, Netgear AC1200 WiFi USB Adapter. [Add Reference]

To get hostapd to run on startup find: DAEMON_CONF="" in /etc/default/hostapd uncomment it, and change it to:

DAEMON_CONF="/etc/hostapd/hostapd.conf

hostapd.conf is very sensitive to syntax.  

The official Raspberry Pi documentation says NOT to put quotes around the ssid or passphase. I too had problems with quotes here. However, hostapd author's sample hostapd.conf uses quotes.

Testing hostapd.conf

If hostapd runs at start up, you need to stop it, and manually restart it to receive diagnostics.

To stop hostapd:

sudo killall hostapd

To start hostapd:

sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf

References:

  1. hostapd: IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
  2. Documentation of hostapd.conf by the author of hostapd
  3. Raspberry Pi Official Documentation - Setting up a Routed Wireless Access Point
  4. https://www.raspberrypi.com/documentation/computers/configuration.html
  5. Raspberry Pi Official Documentation -Setting up a Bridged Wireless Access Point
  6. https://hawksites.newpaltz.edu/myerse/2018/06/08/hostapd-on-raspberry-pi
  7. https://wiki.gentoo.org/wiki/Hostapd
  8. https://projects-raspberry.com/configuring-hostapd-on-raspberry-pi/
  9. https://hawksites.newpaltz.edu/myerse/2018/07/11/raspberry-pi-relay/
  10. https://thepi.io/how-to-use-your-raspberry-pi-as-a-wireless-access-point/
  11. https://pimylifeup.com/raspberry-pi-wireless-access-point/
  12. https://readwrite.com/tutorial-setup-raspberry-pi-wifi-hotspot-access-point/
  13. https://www.instructables.com/Raspberry-Pi-Wifi-Hotspot/
  14. https://hawksites.newpaltz.edu/myerse/2018/07/11/raspberry-pi-relay/
  15. https://hawksites.newpaltz.edu/myerse/2018/06/20/raspberry-pi-routing-tables/
  16. https://hawksites.newpaltz.edu/myerse/2018/06/19/dhcp-daemon-on-raspberry-pi/
  17. https://superuser.com/questions/1503862/raspberry-pi-4-hostapd-hotspot-not-visible
  18. https://www.ionos.com/digitalguide/server/configuration/provide-raspberry-pi-with-a-static-ip-address/
  19. hostapd is only working in hw_mode=a - Raspberry Pi Forums - Added New Driver
  20.  
  21. How to Use the ip Command on Linux
  22. YouTube - Raspberry Pi Access Point, VPN, SNMP, Router, Mobile Internet - Tall Paul Tech
  23. Raspberry Pi Zero W Simultaneous AP and Managed Mode Wifi
  24. YouTube - Getting Started with nftables Firewall in Debian
  25. YouTube - Raspberry Pi Router and Firewall Using nftables - Tall Paul Tech
  26. Understanding and Configuring Linux Network Interfaces
  27. hostapd Linux documentation page

Dynamic Host Configuration Protocol (DHCP)

There are several packages that can be used to run a DHCP server: