The officially official Devuan Forum!

You are not logged in.

#1 2017-10-19 20:44:57

GNUser
Member
Registered: 2017-03-16
Posts: 570  

[SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

I found create_ap and it's so cool that I thought I'd tell all my Devuan friends about it smile It works similarly to the "Hotspot" function on Android phones and is free software (FreeBSD license).

0. Before proceeding, make sure your wireless card supports AP (access point) mode. You want to see "AP" listed when you run "iw list" in a terminal:

bruno@thinkpad:~$ iw list
Wiphy phy0
---snip---
	Supported interface modes:
		 * IBSS
		 * managed
		 * AP

1. To get all create_ap's dependencies:

sudo apt-get util-linux procps hostapd iproute2 iw iwconfig haveged

2. Last step is to get create_ap itself from their github page. To "install" it, just download the zip from github, extract it, then run sudo make install from the root of the extracted folder. Nothing is actually compiled--the make command simply copies some things over to /usr/bin. To uninstall, running sudo make uninstall from the root of the extracted folder removes everything.

---

Now enjoy all the options this opens up:

If you have a laptop connected to wifi and want to use the laptop as a wifi repeater (yes, this actually works with a single wireless adapter):

create_ap wlan0 wlan0 MyAccessPoint MyPassPhrase

If you have a laptop connected to ethernet that you want to use as a router:

create_ap wlan0 eth0 MyAccessPoint MyPassPhrase

If you have a laptop connected to ethernet and running openvpn that you want to use as a vpn router:

create_ap wlan0 tun0 MyAccessPoint MyPassPhrase

Amazing, right?

Last edited by GNUser (2017-10-20 12:50:30)

Offline

#2 2017-10-19 20:51:13

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Over the past few days I've been dissecting create_ap (over 1800 lines) to see how it works. So far, I've managed to cut it down to about 150 lines by hard-wiring some sensible defaults and eliminating myriad sanity checks. Here is my skinny version:

#!/bin/bash

# Dependencies: iw iproute2 iptables dnsmasq hostapd haveged
# Usage: Set the ssid and password below, then run this script as root/sudo on host machine
# Result: A virtual wireless interface is created on host to share its internet access

hotspot_ssid=GNULinuxAP
hotspot_password=gnuforever

main()
{
    shoo_network_manager
    find_internet_if
    find_wireless_if
    create_hotspot_if
    setup_nat
    setup_dnsmasq
    setup_hostapd
}

shoo_network_manager() # if network manager is running, make sure it doesn't meddle with our hostpot (we don't need its "help")
{
    if pgrep NetworkManager &>/dev/null; then # network manager is running
        nm_config_file=/etc/NetworkManager/NetworkManager.conf
        if grep -q 'interface-name:ap0' $nm_config_file; then # ap0 already mentioned in config file, so we're done
            return
        else # network manager is running and ap0 not mentioned in config file
            if grep -q 'unmanaged-devices' $nm_config_file; then # there's an unmanaged interface list already, add ap0 to it
                sed -i -r 's/(unmanaged-devices.*$)/\1;interface-name:ap0/' $nm_config_file
            else # there's no unmanaged interface list yet, so let's start one
                printf '\n[keyfile]\nunmanaged-devices=interface-name:ap0' >>$nm_config_file
            fi
        fi
    fi
}

find_internet_if() # find host's internet-facing interface
{
    n_candidates=$(route | grep default | awk '{print $8}' | wc -l)
    if [ "$n_candidates" = "1" ]; then
        internet_if=$(route | grep default | awk '{print $8}')
    else
        echo "More than one internet-facing interface found: $(route | grep default | awk '{print $8}')"
        echo -n "Which one should will feed the hotspot? "
        read internet_if
    fi
}

find_wireless_if() # find host's wireless interface
{
    wireless_if=$(cat /proc/net/wireless | perl -ne '/(\w+):/ && print $1') # e.g., wlan0 or wlp2s0
}

create_hotspot_if() # create a virtual wireless interface to use as hotspot, with arbitrary name of ap0
{
    iw dev $wireless_if interface add ap0 type __ap

    # wait up to 5 seconds for ap0 to exist
    c=0
    while true; do 
        iw dev ap0 info &>/dev/null && break
        sleep 0.5
        ((c++))
        ((c==10)) && { echo "ap0 could not be created within the time limit."; exit 1; }
    done
    sleep 1

    ip link set dev ap0 address c4:04:15:9c:07:9d # a made-up mac address with real vendor bits (c4:04:15 = Netgear) 
    ip link set down dev ap0
    ip addr flush ap0
    ip link set up dev ap0
    ip addr add 192.168.20.1/24 broadcast 192.168.20.255 dev ap0
}

setup_nat() # nat is more robust than bridge
{
    # first save current routing settings
    cat /proc/sys/net/ipv4/conf/$internet_if/forwarding >/tmp/forwarding.saved
    cat /proc/sys/net/ipv4/ip_forward >/tmp/ip_forward.saved
    
    # now go ahead and change routing/firewall settings for NAT sharing
    echo 1 >/proc/sys/net/ipv4/conf/$internet_if/forwarding
    echo 1 >/proc/sys/net/ipv4/ip_forward
    modprobe nf_nat_pptp &>/dev/null # to enable clients to establish PPTP connections
    iptables -w -t nat -I POSTROUTING -s 192.168.20.0/24 ! -o ap0 -j MASQUERADE
    iptables -w -I FORWARD -i ap0 -s 192.168.20.0/24 -j ACCEPT
    iptables -w -I FORWARD -i $internet_if -d 192.168.20.0/24 -j ACCEPT
    iptables -w -I INPUT -p tcp -m tcp --dport 5353 -j ACCEPT # for dns, can be any non-privileged port
    iptables -w -I INPUT -p udp -m udp --dport 5353 -j ACCEPT
    iptables -w -t nat -I PREROUTING -s 192.168.20.0/24 -d 192.168.20.1 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 5353
    iptables -w -t nat -I PREROUTING -s 192.168.20.0/24 -d 192.168.20.1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
    iptables -w -I INPUT -p udp -m udp --dport 67 -j ACCEPT
}

setup_dnsmasq() # DHCP server
{
    echo "listen-address=192.168.20.1
bind-dynamic
dhcp-range=192.168.20.100,192.168.20.200,255.255.255.0,24h
dhcp-option-force=option:router,192.168.20.1
dhcp-option-force=option:dns-server,192.168.20.1
dhcp-option-force=option:mtu,1500
no-hosts" >/tmp/dnsmasq.conf
    dnsmasq -C /tmp/dnsmasq.conf -p 5353
}

ieee80211_frequency_to_channel()
{
    local FREQ=$1
    if [[ $FREQ -eq 2484 ]]; then
        echo 14
    elif [[ $FREQ -lt 2484 ]]; then
        echo $(( ($FREQ - 2407) / 5 ))
    elif [[ $FREQ -ge 4910 && $FREQ -le 4980 ]]; then
        echo $(( ($FREQ - 4000) / 5 ))
    elif [[ $FREQ -le 45000 ]]; then
        echo $(( ($FREQ - 5000) / 5 ))
    elif [[ $FREQ -ge 58320 && $FREQ -le 64800 ]]; then
        echo $(( ($FREQ - 56160) / 2160 ))
    else
        echo 0
    fi
}

setup_hostapd()
{
    # first figure out radio frequency/channel for hotspot
    frequency=$(iw dev $wireless_if link | grep -i freq | awk '{print $2}')
    if [ -z "$frequency" ]; then # if wifi is off, use an arbitary channel (can be 1 or any other)
        channel=1
    else # if wifi is active on host, put ap0 on same channel for maximum hardware compatibility
        channel=$(ieee80211_frequency_to_channel $frequency)
    fi

    # now we have everything we need for hostapd
    echo "beacon_int=100
ssid=$hotspot_ssid
interface=ap0
driver=nl80211
channel=$channel
ignore_broadcast_ssid=0
ap_isolate=0
hw_mode=g
wpa=3
wpa_passphrase=$hotspot_password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP" >/tmp/hostapd.conf 
    hostapd /tmp/hostapd.conf
}

cleanup()
{
    echo "Cleaning up..."
    cat /tmp/forwarding.saved >/proc/sys/net/ipv4/conf/$internet_if/forwarding
    cat /tmp/ip_forward.saved >/proc/sys/net/ipv4/ip_forward    
    pkill -f /tmp/dnsmasq.conf # kill only the dnsmasq instance we started
    pkill hostapd
    iptables -w -t nat -D POSTROUTING -s 192.168.20.0/24 ! -o ap0 -j MASQUERADE
    iptables -w -D FORWARD -i ap0 -s 192.168.20.0/24 -j ACCEPT
    iptables -w -D FORWARD -i $internet_if -d 192.168.20.0/24 -j ACCEPT
    iptables -w -D INPUT -p tcp -m tcp --dport 5353 -j ACCEPT
    iptables -w -D INPUT -p udp -m udp --dport 5353 -j ACCEPT
    iptables -w -t nat -D PREROUTING -s 192.168.20.0/24 -d 192.168.20.1 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 5353
    iptables -w -t nat -D PREROUTING -s 192.168.20.0/24 -d 192.168.20.1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
    iptables -w -D INPUT -p udp -m udp --dport 67 -j ACCEPT
    ip link set down dev ap0 
    ip addr flush ap0
    iw dev ap0 del
}
trap cleanup EXIT HUP TERM

main

P.S. Both create_ap and my script have a pretty thorough cleanup function. But if you're paranoid, just reboot after using the hotspot and you'll be guaranteed to be 100% back to your pre-hotspot network settings.

Last edited by GNUser (2017-10-21 01:36:02)

Offline

#3 2017-10-20 02:56:31

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

The only quirk with my skinny version is that sometimes (apparently randomly) at this point in the script:

ip link set up dev ap0

I get this error:

RTNETLINK answers: Name not unique on network

This happens randomly and I really can't account for it. Sometimes it happens even after a reboot, so I'm 100% sure that the name ap0 is unique on the network. I'd hate to put 1700 lines of code back in just for this. Any idea how to troubleshoot this?

Last edited by GNUser (2017-10-20 03:03:45)

Offline

#4 2017-10-20 03:03:42

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,251  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

sometime a sleep 1 beforehand makes wonders

Offline

#5 2017-10-20 03:05:45

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Good thought. Alas, I tried it and it still happens randomly. Here's an example:

bruno@thinkpad:~$ sudo bash -x hotspot
+ hotspot_ssid=FreeInternet
+ hotspot_password=DevuanRules
++ route
++ wc -l
++ grep default
++ awk '{print $8}'
+ n_candidates=1
+ '[' 1 = 1 ']'
++ route
++ awk '{print $8}'
++ grep default
+ internet_if=wlan0
+ iw dev wlan0 interface add ap0 type __ap
+ ip link set dev ap0 address 5c:ac:4c:2f:93:60
+ ip link set down dev ap0
+ ip addr flush ap0
+ sleep 1
+ ip link set up dev ap0
RTNETLINK answers: Name not unique on network
+ ip addr add 192.168.20.1/24 broadcast 192.168.20.255 dev ap0
+ cat /proc/sys/net/ipv4/conf/wlan0/forwarding
+ cat /proc/sys/net/ipv4/ip_forward
+ echo 1
+ echo 1
+ modprobe nf_nat_pptp
+ iptables -w -t nat -I POSTROUTING -s 192.168.20.0/24 '!' -o ap0 -j MASQUERADE
+ iptables -w -I FORWARD -i ap0 -s 192.168.20.0/24 -j ACCEPT
+ iptables -w -I FORWARD -i wlan0 -d 192.168.20.0/24 -j ACCEPT
+ iptables -w -I INPUT -p tcp -m tcp --dport 5353 -j ACCEPT
+ iptables -w -I INPUT -p udp -m udp --dport 5353 -j ACCEPT
+ iptables -w -t nat -I PREROUTING -s 192.168.20.0/24 -d 192.168.20.1 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 5353
+ iptables -w -t nat -I PREROUTING -s 192.168.20.0/24 -d 192.168.20.1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
+ iptables -w -I INPUT -p udp -m udp --dport 67 -j ACCEPT
+ echo 'listen-address=192.168.20.1
bind-dynamic
dhcp-range=192.168.20.100,192.168.20.200,255.255.255.0,24h
dhcp-option-force=option:router,192.168.20.1
dhcp-option-force=option:dns-server,192.168.20.1
# If you’d like to have dnsmasq assign static IPs, bind the LAN computer'\''s
# NIC MAC address:
#dhcp-host=98:f1:70:4f:4b:67,192.168.20.60 # roku stick
dhcp-option-force=option:mtu,1500
no-hosts'
+ dnsmasq -C /tmp/dnsmasq.conf -p 5353
++ iw dev wlan0 link
++ awk '{print $2}'
++ grep -i freq
+ frequency=2462
+ '[' -z 2462 ']'
++ ieee80211_frequency_to_channel 2462
++ local FREQ=2462
++ [[ 2462 -eq 2484 ]]
++ [[ 2462 -lt 2484 ]]
++ echo 11
+ channel=11
+ echo 'beacon_int=100
ssid=FreeInternet
interface=ap0
driver=nl80211
channel=11
ignore_broadcast_ssid=0
ap_isolate=0
hw_mode=g
wpa=3
wpa_passphrase=DevuanRules
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP'
+ hostapd /tmp/hostapd.conf
Configuration file: /tmp/hostapd.conf
Could not set interface ap0 flags (UP): Name not unique on network
nl80211: Could not set interface 'ap0' UP
nl80211 driver initialization failed.
hostapd_free_hapd_data: Interface ap0 wasn't started
+ trap cleanup EXIT HUP TERM
+ cleanup
+ echo 'Cleaning up...'
Cleaning up...
+ cat /tmp/forwarding.saved
+ cat /tmp/ip_forward.saved
+ pkill hostapd
+ iptables -w -t nat -D POSTROUTING -s 192.168.20.0/24 '!' -o ap0 -j MASQUERADE
+ iptables -w -D FORWARD -i ap0 -s 192.168.20.0/24 -j ACCEPT
+ iptables -w -D FORWARD -i wlan0 -d 192.168.20.0/24 -j ACCEPT
+ iptables -w -D INPUT -p tcp -m tcp --dport 5353 -j ACCEPT
+ iptables -w -D INPUT -p udp -m udp --dport 5353 -j ACCEPT
+ iptables -w -t nat -D PREROUTING -s 192.168.20.0/24 -d 192.168.20.1 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 5353
+ iptables -w -t nat -D PREROUTING -s 192.168.20.0/24 -d 192.168.20.1 -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
+ iptables -w -D INPUT -p udp -m udp --dport 67 -j ACCEPT
+ ip link set down dev ap0
+ ip addr flush ap0
+ iw dev ap0 del

Any other ideas? It would be nice to get the skinny version working reliably.

Last edited by GNUser (2017-10-20 03:10:04)

Offline

#6 2017-10-20 03:14:09

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,251  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

btw if you care about  IEEE Registration Authority, a "locally administered mac address" needs bit 2 of first byte set and bit 1 cleared. Thus "5e" would be better than "5c".
see eg http://www.noah.org/wiki/MAC_address

Offline

#7 2017-10-20 03:14:55

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

@ralph.ronnquist - Good instinct. Yes, that's all that was needed. This seems to be the slow step:

iw dev wlan0 interface add ap0 type __ap

So putting the sleep 1 immediately after it cured all ills. I've updated my skinny version accordingly.

Thanks a bundle!

Last edited by GNUser (2017-10-20 03:15:15)

Offline

#8 2017-10-20 03:21:19

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

That's weird, because the vendor bits of that made-up mac address are the same as that in my atheros wifi card. I adjusted the made-up address as you recommended, but I'm going to check that the vendor bits 5e:ac:4c match some vendor. I want the mac to be plausible.

Last edited by GNUser (2017-10-20 03:22:55)

Offline

#9 2017-10-20 03:27:50

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

See this tool: https://macvendors.com/
5c:ac:4c are vendor bits of a real vendor (Hon Hai)
5e:ac:4c do not match any existing vendor bits.

I guess Hon Hai didn't follow the rules. I'll stick with the naughty but plausible/existing vendor bits.

Offline

#10 2017-10-20 13:08:38

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

I discovered that NetworkManager can be dealt with without requiring reboot or a service restart. I updated my script and the create_ap instructions accordingly (i.e., removed the step where user needs to bother with this).

Also, I cooked up a different "fake" mac address for the virtual hotspot interface, this one using same vendor bits as my Netgear router. Hopefully Netgear read the rules when they chose their vendor bits.

Finally, I made miscellaneous improvements to my script. It is tested and working reliably in Devuan Jessie, Debian Jessie, and Trisquel7-mini. (As a side note, each of these three is running its default init: SysVinit, systemd, and Upstart, respectively. In fact, I found that even though Trisquel7-mini officially runs Upstart, it has bits and pieces of SysVinit and systemd thrown in. What a mess! I'm so happy with Devuan!).

So to summarize (and assuming you want to use my version of the script big_smile):
0. Check that your wireless network card offers AP mode (see post #1)
1. Install the dependencies
2. Copy the script in post #2 into a file (hotspot might be a good name for the file!)
3. Make the file executable
4. sudo hotspot

Stopping the script (e.g., with Control + c) turns off the hotspot and cleans everything up.

When my Netgear WNDR3800 router running LibreCMC dies, I think I'll just use this script on my old EeePC to repurpose it as a vpn router.

I hope someone out there finds this script as tremendously useful as I do smile

Last edited by GNUser (2017-10-20 18:08:09)

Offline

#11 2017-10-20 23:02:38

greenjeans
Member
Registered: 2017-04-07
Posts: 542  
Website

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

GNUser wrote:

When my Netgear WNDR3800 router running LibreCMC dies, I think I'll just use this script on my old EeePC to repurpose it as a vpn router.

I hope someone out there finds this script as tremendously useful as I do smile

Yet another awesome use for older hardware, thanks GNUser! I'm snagging your script wink


https://sourceforge.net/projects/vuu-do/
Vuu-do GNU/Linux, minimal Devuan-based openbox systems to build on, maximal versions if you prefer your linux fully-loaded.

Please donate to support Devuan and init freedom! https://devuan.org/os/donate

Offline

#12 2017-10-21 01:33:50

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

You're welcome, greenjeans. Enjoy! One of my favorite things about GNU/Linux is definitely the fact that it can make older hardware useful again.

Offline

#13 2017-10-30 16:42:53

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Just for the fun of it, I went ahead and converted my spare laptop into a router. For the sake of completion and posterity, I want to document here the simplified approach that I took. It really is as easy as 1-2-3:

1. Uninstall or disable network-manager if your soon-to-be router has it (it gets in the way and is not necessary for a machine that gets internet via ethernet)

2. Make sure your /etc/network/interfaces has nothing but this:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto wlan0
iface wlan0 inet static
address 192.168.10.1
netmask 255.255.255.0
dns-nameservers 198.153.192.50

3. Run this script at startup:

#!/bin/bash

# Dependencies: iproute2 iptables dnsmasq hostapd haveged
# Usage: Set the variables below, then run this script as root/sudo

ssid=GNULinuxAP
password=DevuanRocks
ip_stem=192.168.10
dns_server=8.8.8.8
channel=11

main()
{
setup_nat
setup_dnsmasq
setup_hostapd
}

setup_nat()
{
echo 1 >/proc/sys/net/ipv4/conf/eth0/forwarding
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
}

setup_dnsmasq()
{
ifconfig wlan0 $ip_stem.1
echo "listen-address=$ip_stem.1
bind-dynamic
dhcp-range=$ip_stem.100,$ip_stem.200,255.255.255.0,24h
dhcp-option-force=option:router,$ip_stem.1
dhcp-option-force=option:dns-server,$dns_server
dhcp-option-force=option:mtu,1500
no-hosts" >/tmp/dnsmasq.conf
dnsmasq -C /tmp/dnsmasq.conf
}

setup_hostapd()
{
echo "beacon_int=100
ssid=$ssid
interface=wlan0
driver=nl80211
channel=$channel
ignore_broadcast_ssid=0
ap_isolate=0
hw_mode=g
wpa=3
wpa_passphrase=$password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
rsn_pairwise=CCMP" >/tmp/hostapd.conf 
hostapd /tmp/hostapd.conf
}

main

That's it!

As you can see, without network-manager and without the need to create a virtual hotspot interface (since eth0 is being used to get internet, wlan0 itself can be used as the hotspot interface), the whole thing becomes rather simple.

(BTW, I dug around my Netgear router running LibreCMC and found that both dnsmasq and hostapd were running--my guess is that a lot of linux-based routers follow exactly the above approach.)

Last edited by GNUser (2017-10-30 16:58:53)

Offline

#14 2024-01-09 12:00:20

mtbvfr
Member
Registered: 2017-07-29
Posts: 67  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Will this work for Devuan daedalus also?

Offline

#15 2024-01-12 12:52:18

al1r4d
Member
Registered: 2024-01-07
Posts: 1  
Website

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Try it for science B-)

Offline

#16 2024-02-14 05:05:08

mtbvfr
Member
Registered: 2017-07-29
Posts: 67  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

@GNUser

Hi Folks,

Well, I finally got around to giving it a go but no luck. What do you suggest that I try?

The following is the output in Terminal.

command failed: No such device (-19)
ap0 could not be created within the time limit.
Cleaning up...
cat: /tmp/forwarding.saved: No such file or directory
cat: /tmp/ip_forward.saved: No such file or directory
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
iptables: Bad rule (does a matching rule exist in that chain?).
Cannot find device "ap0"
Device "ap0" does not exist.
command failed: No such device (-19)

The following is some of my System Information.

System:
  Host: devuanL540 Kernel: 6.1.0-10-amd64 arch: x86_64 bits: 64 Desktop: Xfce
    v: 4.18.1 Distro: Devuan GNU/Linux 5 (daedalus)
Machine:
  Type: Laptop System: LENOVO product: 20AUS0P500 v: ThinkPad L540
    serial: <superuser required>
  Mobo: LENOVO model: 20AUS0P500 v: 0B98405 Std serial: <superuser required>
    UEFI: LENOVO v: J4ET64WW(1.64) date: 05/29/2014
Network:
  Device-1: Intel Ethernet I217-V driver: e1000e
  IF: eth0 state: up speed: 1000 Mbps duplex: full mac: xx:xx:xx:xx:xx:xx
  Device-2: Intel Centrino Advanced-N 6235 driver: iwlwifi
  IF: wlan0 state: down mac: xx:xx:xx:xx:xx:xx

The following is from the iwconfig command.

lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=15 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

The following is from the "iw list" command.

Wiphy phy0
	wiphy index: 0
	max # scan SSIDs: 20
	max scan IEs length: 195 bytes
	max # sched scan SSIDs: 0
	max # match sets: 0
	Retry short limit: 7
	Retry long limit: 4
	Coverage class: 0 (up to 0m)
	Device supports RSN-IBSS.
	Supported Ciphers:
		* WEP40 (00-0f-ac:1)
		* WEP104 (00-0f-ac:5)
		* TKIP (00-0f-ac:2)
		* CCMP-128 (00-0f-ac:4)
		* CCMP-256 (00-0f-ac:10)
		* GCMP-128 (00-0f-ac:8)
		* GCMP-256 (00-0f-ac:9)
	Available Antennas: TX 0 RX 0
	Supported interface modes:
		 * IBSS
		 * managed
		 * AP
		 * AP/VLAN
		 * monitor
	Band 1:
		Capabilities: 0x107e
			HT20/HT40
			SM Power Save disabled
			RX Greenfield
			RX HT20 SGI
			RX HT40 SGI
			No RX STBC
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 4 usec (0x05)
		HT Max RX data rate: 300 Mbps
		HT TX/RX MCS rate indexes supported: 0-15
		Bitrates (non-HT):
			* 1.0 Mbps
			* 2.0 Mbps (short preamble supported)
			* 5.5 Mbps (short preamble supported)
			* 11.0 Mbps (short preamble supported)
			* 6.0 Mbps
			* 9.0 Mbps
			* 12.0 Mbps
			* 18.0 Mbps
			* 24.0 Mbps
			* 36.0 Mbps
			* 48.0 Mbps
			* 54.0 Mbps
		Frequencies:
			* 2412 MHz [1] (15.0 dBm)
			* 2417 MHz [2] (15.0 dBm)
			* 2422 MHz [3] (15.0 dBm)
			* 2427 MHz [4] (15.0 dBm)
			* 2432 MHz [5] (15.0 dBm)
			* 2437 MHz [6] (15.0 dBm)
			* 2442 MHz [7] (15.0 dBm)
			* 2447 MHz [8] (15.0 dBm)
			* 2452 MHz [9] (15.0 dBm)
			* 2457 MHz [10] (15.0 dBm)
			* 2462 MHz [11] (15.0 dBm)
			* 2467 MHz [12] (15.0 dBm) (no IR)
			* 2472 MHz [13] (15.0 dBm) (no IR)
	Band 2:
		Capabilities: 0x107e
			HT20/HT40
			SM Power Save disabled
			RX Greenfield
			RX HT20 SGI
			RX HT40 SGI
			No RX STBC
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 4 usec (0x05)
		HT Max RX data rate: 300 Mbps
		HT TX/RX MCS rate indexes supported: 0-15
		Bitrates (non-HT):
			* 6.0 Mbps
			* 9.0 Mbps
			* 12.0 Mbps
			* 18.0 Mbps
			* 24.0 Mbps
			* 36.0 Mbps
			* 48.0 Mbps
			* 54.0 Mbps
		Frequencies:
			* 5180 MHz [36] (15.0 dBm) (no IR)
			* 5200 MHz [40] (15.0 dBm) (no IR)
			* 5220 MHz [44] (15.0 dBm) (no IR)
			* 5240 MHz [48] (15.0 dBm) (no IR)
			* 5260 MHz [52] (15.0 dBm) (no IR, radar detection)
			* 5280 MHz [56] (15.0 dBm) (no IR, radar detection)
			* 5300 MHz [60] (15.0 dBm) (no IR, radar detection)
			* 5320 MHz [64] (15.0 dBm) (no IR, radar detection)
			* 5500 MHz [100] (15.0 dBm) (no IR, radar detection)
			* 5520 MHz [104] (15.0 dBm) (no IR, radar detection)
			* 5540 MHz [108] (15.0 dBm) (no IR, radar detection)
			* 5560 MHz [112] (15.0 dBm) (no IR, radar detection)
			* 5580 MHz [116] (15.0 dBm) (no IR, radar detection)
			* 5600 MHz [120] (15.0 dBm) (no IR, radar detection)
			* 5620 MHz [124] (15.0 dBm) (no IR, radar detection)
			* 5640 MHz [128] (15.0 dBm) (no IR, radar detection)
			* 5660 MHz [132] (15.0 dBm) (no IR, radar detection)
			* 5680 MHz [136] (15.0 dBm) (no IR, radar detection)
			* 5700 MHz [140] (15.0 dBm) (no IR, radar detection)
			* 5745 MHz [149] (15.0 dBm) (no IR)
			* 5765 MHz [153] (15.0 dBm) (no IR)
			* 5785 MHz [157] (15.0 dBm) (no IR)
			* 5805 MHz [161] (15.0 dBm) (no IR)
			* 5825 MHz [165] (15.0 dBm) (no IR)
	Supported commands:
		 * new_interface
		 * set_interface
		 * new_key
		 * start_ap
		 * new_station
		 * new_mpath
		 * set_mesh_config
		 * set_bss
		 * authenticate
		 * associate
		 * deauthenticate
		 * disassociate
		 * join_ibss
		 * join_mesh
		 * remain_on_channel
		 * set_tx_bitrate_mask
		 * frame
		 * frame_wait_cancel
		 * set_wiphy_netns
		 * set_channel
		 * probe_client
		 * set_noack_map
		 * register_beacons
		 * start_p2p_device
		 * set_mcast_rate
		 * connect
		 * disconnect
		 * set_qos_map
		 * set_multicast_to_unicast
	WoWLAN support:
		 * wake up on disconnect
		 * wake up on magic packet
		 * wake up on pattern match, up to 20 patterns of 16-128 bytes,
		   maximum packet offset 0 bytes
		 * can do GTK rekeying
		 * wake up on GTK rekey failure
		 * wake up on EAP identity request
		 * wake up on rfkill release
	software interface modes (can always be added):
		 * AP/VLAN
		 * monitor
	valid interface combinations:
		 * #{ managed } <= 1, #{ AP } <= 1,
		   total <= 2, #channels <= 1, STA/AP BI must match
		 * #{ managed } <= 2,
		   total <= 2, #channels <= 1
	HT Capability overrides:
		 * MCS: ff ff ff ff ff ff ff ff ff ff
		 * maximum A-MSDU length
		 * supported channel width
		 * short GI for 40 MHz
		 * max A-MPDU length exponent
		 * min MPDU start spacing
	Device supports TX status socket option.
	Device supports HT-IBSS.
	Device supports SAE with AUTHENTICATE command
	Device supports scan flush.
	Device supports per-vif TX power setting
	Driver supports full state transitions for AP/GO clients
	Driver supports a userspace MPM
	Device supports static SMPS
	Device supports dynamic SMPS
	Device supports configuring vdev MAC-addr on create.
	max # scan plans: 1
	max scan plan interval: -1
	max scan plan iterations: 0
	Supported TX frame types:
		 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
	Supported RX frame types:
		 * IBSS: 0x40 0xb0 0xc0 0xd0
		 * managed: 0x40 0xb0 0xd0
		 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * mesh point: 0xb0 0xc0 0xd0
		 * P2P-client: 0x40 0xd0
		 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * P2P-device: 0x40 0xd0
	Supported extended features:
		* [ RRM ]: RRM
		* [ FILS_STA ]: STA FILS (Fast Initial Link Setup)
		* [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
		* [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
		* [ EXT_KEY_ID ]: Extended Key ID support
		* [ CONTROL_PORT_NO_PREAUTH ]: disable pre-auth over nl80211 control port support
		* [ DEL_IBSS_STA ]: deletion of IBSS station support
		* [ SCAN_FREQ_KHZ ]: scan on kHz frequency support
		* [ CONTROL_PORT_OVER_NL80211_TX_STATUS ]: tx status for nl80211 control port support

Thanks!

Offline

#17 2024-02-14 19:27:23

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Hi, mtbvfr. I'll be happy to try to help you. First, two quick questions, please:

1. Does your laptop have a working internet connection?

2. Does the wireless interface that you want to use to create the access point show up when you run ifconfig -a?

Last edited by GNUser (2024-02-16 15:58:04)

Offline

#18 2024-02-15 04:55:30

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Hi mtbvfr. Thanks for the private message with the requested info.

I understand your laptop has a successful internet connection using ethernet cable on the eth0 nic, and you want to share that internet connection wirelessly by creating an access point on wlan0.

Based on the information you provided, it seems wlan0 is ready to be used for this purpose--its driver/firmware is loaded and it supports AP mode.

It seems create_ap is no longer maintained, so let's not bother with it.

I managed to get this working on Devuan Daedalus as follows:

0. No need to uninstall or disable NetworkManager if you have it

1. Install some packages:

sudo apt install iproute2 iptables dnsmasq hostapd haveged 

2. Create a script named skinny-create-ap somewhere in your PATH and make it executable. Script should look like this:

#!/bin/sh

# skinny-create-ap v2.3 (February 19, 2024)
# Bruno "GNUser" Dantas (GPLv3)

# Purpose: Turn a GNU/Linux system into a wireless router
# Dependencies: iproute2 iptables dnsmasq hostapd
# Not a dependency but highly recommended: haveged
# Syntax: $ sudo skinny-create-ap <lan_if> <wan_if> <ssid> <passphrase>
# Example usage: $ sudo skinny-create-ap wlan0 eth0 DevuanHotspot TopSecret123
# To turn off the hotspot: $ sudo pkill hostapd; sudo pkill -f 'dnsmasq.*/tmp/dnsmasq.conf'

# user variables:
lan_if="$1"
wan_if="$2"
ssid="$3"
password="$4"
ip_stem=192.168.50
channel=6
#dns_server=1.1.1.1

main()
{
	prevent_nm_interference
	setup_kernel
	setup_nat
	setup_dhcp
	setup_ap
}

prevent_nm_interference()
{
	nmcli dev set "$lan_if" managed no >/dev/null 2>&1
}

setup_kernel()
{
	echo 1 >/proc/sys/net/ipv4/conf/"$wan_if"/forwarding
	echo 1 >/proc/sys/net/ipv4/ip_forward
}

setup_nat()
{
	iptables -t nat -A POSTROUTING -o "$wan_if" -j MASQUERADE
	iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	iptables -A FORWARD -i "$lan_if" -o "$wan_if" -j ACCEPT
}

setup_dhcp()
{
	# first, bring up $lan_if and give it a suitable ip address:
	if ip link set "$lan_if" up; then
		ip addr add $ip_stem.1/24 dev "$lan_if"
	else
		echo "$lan_if does not exist or cannot be brought up. Make sure necessary driver +/- firmware is installed." >&2
		exit 1
	fi

	# create dnsmasq config file:
	echo "
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-range=$ip_stem.100,$ip_stem.200,255.255.255.0,24h
#dhcp-option-force=option:dns-server,$dns_server
" >/tmp/dnsmasq.conf

	# start dnsmasq (with care not to clash with any dnsmasq instances that might already be running):
	dnsmasq --interface="$lan_if" --bind-interfaces --except-interface=lo -C /tmp/dnsmasq.conf 
}

setup_ap()
{
	# create hostapd config file:
	echo "
ssid=$ssid
interface=$lan_if
driver=nl80211
channel=$channel
ignore_broadcast_ssid=0
hw_mode=g
auth_algs=1
wpa=2 
wpa_passphrase=$password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP

# N
ieee80211n=1
wmm_enabled=1
" >/tmp/hostapd.conf

	# start hostapd:
	hostapd /tmp/hostapd.conf &
}

main

3. Run the script like this, for example:

sudo skinny-create-ap wlan0 eth0 DevuanHotspot TopSecret123

Now your wireless devices (e.g., Android phone) should be able to connect to DevuanHotspot using the password TopSecret123.

Let me know how you fare.

----------

PS1: Regarding radio frequency--the shell script above creates a 2.4 GHz 802.11n ("Wi-Fi 4") access point. 2.4 GHz is a good default because it has better range, simpler configuration, no regulatory issues, and broader hardware support in AP mode. If your wireless nic supports creation of 5 GHz AP and you would prefer 5 GHz, just tweak the "setup_ap" function as appropriate (let me know if you need help).

PS2: Regarding DNS lookups--if you want dnsmasq to tell wireless clients which dns sever to use, just uncomment the two lines where you see dns_server. If you leave those two lines commented, wireless clients will rely on the router (i.e., your laptop) to resolve domain names, which is a perfectly sane default.

PS3: To turn the hotspot off, run this command: sudo pkill hostapd; sudo pkill -f 'dnsmasq.*/tmp/dnsmasq.conf'

Last edited by GNUser (2024-02-26 18:57:44)

Offline

#19 2024-02-15 13:15:49

dzz
Member
From: Exmouth, South West England
Registered: 2016-12-01
Posts: 48  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Thanks GNUser for this thread. Useful for me as I have only wireless here (in some areas only) from a neighbour's router.

It seems create_ap is no longer maintained, so let's not bother with it.

True but its been forked, and maintained (in the last 2 months) elsewhere:

https://github.com/lakinduakash/linux-wifi-hotspot

There is a deb package with python-based GUI (but usable from cli only). Or build your own from the source, as did I. Working here, tested only on ceres so far, at least as wireless repeater. I'm using network-manager, that seems to be detected and not permanantly interfered with. I now have optional connection in a previously dead zone via another Devuan box.

Using 2x cheap usb wireless adapters, couldnt get either to work alone.

You might want to disable automatic start of dnsmasq (sysv-rc-conf) unless you got reason not to.

I will try your more minimal script at some point.

Last edited by dzz (2024-02-15 13:21:07)

Offline

#20 2024-02-15 14:42:48

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

You might want to disable automatic start of dnsmasq

Hi dzz. My skinny-create-ap script (in reply #18) starts dnsmasq in such a way that there is no clash if another instance of dnsmasq is already running. In general, multiple instances of dnsmasq can happily be running on the same machine as long as no two instances try to bind to the same interface.

Last edited by GNUser (2024-02-16 14:59:05)

Offline

#21 2024-02-16 15:24:00

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

For sake of completeness, here are two variations on the skinny-create-ap script in reply #18. Both are tested and working for me.

Variation 1: nftables instead of iptables
If you would rather use the more modern nftables packet filtering interface for linux, only two tweaks need to be made to the instructions in reply #18.

1. Packages to install:

sudo apt install iproute2 nftables dnsmasq hostapd haveged 

2. Replace the script's setup_nat() function with this version:

setup_nat()
{
	nft add table ip nat
	nft add chain ip nat postrouting { type nat hook postrouting priority 0\; policy accept\; }
	nft add rule ip nat postrouting masquerade
}

Variation 2: 5 GHz hotspot instead of 2.4 GHz
This assumes your hardware supports it.

For me, creating a 5 GHz hotspot is simply a matter of replacing the script's setup_ap() function with this version:

setup_ap()
{
	# create hostapd config file:
	echo "
ssid=$ssid
interface=$lan_if
driver=nl80211
country_code=US
channel=44
ignore_broadcast_ssid=0
hw_mode=a
auth_algs=1
wpa=2 
wpa_passphrase=$password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP

# N
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40+][HT40-][SHORT-GI-20][SHORT-GI-40]
" >/tmp/hostapd.conf

	# start hostapd:
	hostapd /tmp/hostapd.conf
}

You may need to tweak the country_code, channel, and ht_capab variables, but the above settings are pretty vanilla.

I hope that reply #18 and this reply #21 provide all you need to setup your own GNU/Linux-powered router smile

Happy hacking!

----------

PS1: Regarding range--If you're going to have a GNU/Linux laptop working full-time as a wireless router, you should consider using a USB wifi adapter rather than laptop's built-in wireless card because it will give you much better signal strength/range. I've been using an ALFA AWUS036ACHM for this purpose for years and it has served me well. You can find information about USB wifi adapters on linux here.

PS2: On "router" vs. "wifi repeater"--This seems like a silly distinction. In both cases, the laptop is creating a wireless access point and forwarding packets between two networks. Conceptually, it makes no difference whether your device is sharing a wired or wireless internet connection. Put another way, a "wifi repeater" is just a special kind of router where the networks on both sides of the router have a wireless physical layer.

Last edited by GNUser (2024-02-17 17:53:01)

Offline

#22 2024-02-19 10:19:45

mtbvfr
Member
Registered: 2017-07-29
Posts: 67  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Hi Bruno et al,

Firstly, there is no mention of wlan0 in /etc/network/interfaces in any of the Operating Systems mentioned below.

My first test was on the Lenovo L540 (Intel Centrino Advanced-N 6235 WLAN card which has a 2x2 antenna) and using MX Linux 19.4 which can't detect the external Wi-Fi Hotspots (signals from Neighbours routers) around me. In other words, when I click on the Network Manager icon in the Notification Area of the Taskbar, no external Wi-Fi Hotpots are shown as being available.

The following output was produced even though I have the same packages installed as detailed in the BASH script but maybe they aren't the correct versions:

MX-19:~
$ sudo skinny-create-ap wlan0 eth0 DevuanHotspot TopSecret123
[sudo] password for mtbvfr:
Configuration file: /tmp/hostapd.conf
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
nl80211 driver initialization failed.
wlan0: interface state UNINITIALIZED->DISABLED
wlan0: AP-DISABLED
wlan0: CTRL-EVENT-TERMINATING
hostapd_free_hapd_data: Interface wlan0 wasn't started

MX 19.4 has firmware-iwlwifi (Version: 20210818-1~mx19+1) installed.

The second test on the Lenovo L540, using Devuan daedalus, produced the following result:

devuanL540:~$ sudo skinny-create-ap wlan0 eth0 DevuanHotspot TopSecret123
[sudo] password for mtbvfr:
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED

I was then able to connect the phones to this hotspot and access the Internet.

When I clicked on the NetworkManager icon in the Notification Bar the following was output:

wlan0: INTERFACE-DISABLED
wlan0: INTERFACE-ENABLED

Sometimes, after a while, "handle_probe_req: send failed" is output multiple times.

One cause is when I turn on WiFi on the phone.

So, I have to use the sudo pkill hostapd; sudo pkill -f 'dnsmasq.*/tmp/dnsmasq.conf' command and then run skinny-create-ap again after which the following output is produced.

RTNETLINK answers: File exists
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED

When the phone is reconnected, the following output is produced.

wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
wlan0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx
wlan0: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 70EB940985C9755A
wlan0: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
wlan0: EAPOL-4WAY-HS-COMPLETED xx:xx:xx:xx:xx:xx

When I turn off the WiFi on the phone the following is output.

wlan0: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

In the same OS environment, when I click on the Network Manager icon in the Notification Area of the Taskbar, no external Wi-Fi Hotspots are shown as being available.

skinny-create-ap works on the Lenovo L540 under MX Linux 23.2 but, still, no external Wi-Fi Hotspots are shown as being available when I click on the Network Manager icon in the Notification Area of the Taskbar.

MX 23.2 has firmware-iwlwifi (Version: 20230210-5) installed.

On the Dell Latitude E6530, using Devuan daedalus, the following output was received when I tried using skinny-create-ap:

mtbvfr@devuan5Host:~$ sudo skinny-create-ap wlan0 eth0 DevuanHotspot TopSecret123
[sudo] password for mtbvfr:
nl80211: Could not configure driver mode
nl80211: deinit ifname=wlan0 disabled_11b_rates=0
nl80211 driver initialization failed.
wlan0: interface state UNINITIALIZED->DISABLED
wlan0: AP-DISABLED
wlan0: CTRL-EVENT-TERMINATING
hostapd_free_hapd_data: Interface wlan0 wasn't started

When I click on the Network Manager icon, in the Notification Area of the Taskbar, external Wi-Fi Hotspots are shown as being available.

Devuan daedalus has firmware-iwlwifi (Version: 20230210-5) installed.

I get the same results for MX23.2 on the Dell Latitude E6530.

The command "iw list" produces the following output for the Dell Latitude E6530:

sudo iw list
Wiphy phy0
	wiphy index: 0
	max # scan SSIDs: 20
	max scan IEs length: 95 bytes
	max # sched scan SSIDs: 0
	max # match sets: 0
	Retry short limit: 7
	Retry long limit: 4
	Coverage class: 0 (up to 0m)
	Device supports RSN-IBSS.
	Supported Ciphers:
		* WEP40 (00-0f-ac:1)
		* WEP104 (00-0f-ac:5)
		* TKIP (00-0f-ac:2)
		* CCMP-128 (00-0f-ac:4)
		* CCMP-256 (00-0f-ac:10)
		* GCMP-128 (00-0f-ac:8)
		* GCMP-256 (00-0f-ac:9)
	Available Antennas: TX 0 RX 0
	Supported interface modes:
		 * IBSS
		 * managed
		 * monitor
	Band 1:
		Capabilities: 0x107e
			HT20/HT40
			SM Power Save disabled
			RX Greenfield
			RX HT20 SGI
			RX HT40 SGI
			No RX STBC
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 4 usec (0x05)
		HT Max RX data rate: 450 Mbps
		HT TX/RX MCS rate indexes supported: 0-23
		Bitrates (non-HT):
			* 1.0 Mbps
			* 2.0 Mbps (short preamble supported)
			* 5.5 Mbps (short preamble supported)
			* 11.0 Mbps (short preamble supported)
			* 6.0 Mbps
			* 9.0 Mbps
			* 12.0 Mbps
			* 18.0 Mbps
			* 24.0 Mbps
			* 36.0 Mbps
			* 48.0 Mbps
			* 54.0 Mbps
		Frequencies:
			* 2412 MHz [1] (15.0 dBm)
			* 2417 MHz [2] (15.0 dBm)
			* 2422 MHz [3] (15.0 dBm)
			* 2427 MHz [4] (15.0 dBm)
			* 2432 MHz [5] (15.0 dBm)
			* 2437 MHz [6] (15.0 dBm)
			* 2442 MHz [7] (15.0 dBm)
			* 2447 MHz [8] (15.0 dBm)
			* 2452 MHz [9] (15.0 dBm)
			* 2457 MHz [10] (15.0 dBm)
			* 2462 MHz [11] (15.0 dBm)
			* 2467 MHz [12] (15.0 dBm) (no IR)
			* 2472 MHz [13] (15.0 dBm) (no IR)
	Band 2:
		Capabilities: 0x107e
			HT20/HT40
			SM Power Save disabled
			RX Greenfield
			RX HT20 SGI
			RX HT40 SGI
			No RX STBC
			Max AMSDU length: 3839 bytes
			DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 4 usec (0x05)
		HT Max RX data rate: 450 Mbps
		HT TX/RX MCS rate indexes supported: 0-23
		Bitrates (non-HT):
			* 6.0 Mbps
			* 9.0 Mbps
			* 12.0 Mbps
			* 18.0 Mbps
			* 24.0 Mbps
			* 36.0 Mbps
			* 48.0 Mbps
			* 54.0 Mbps
		Frequencies:
			* 5180 MHz [36] (15.0 dBm) (no IR)
			* 5200 MHz [40] (15.0 dBm) (no IR)
			* 5220 MHz [44] (15.0 dBm) (no IR)
			* 5240 MHz [48] (15.0 dBm) (no IR)
			* 5260 MHz [52] (15.0 dBm) (no IR, radar detection)
			* 5280 MHz [56] (15.0 dBm) (no IR, radar detection)
			* 5300 MHz [60] (15.0 dBm) (no IR, radar detection)
			* 5320 MHz [64] (15.0 dBm) (no IR, radar detection)
			* 5500 MHz [100] (15.0 dBm) (no IR, radar detection)
			* 5520 MHz [104] (15.0 dBm) (no IR, radar detection)
			* 5540 MHz [108] (15.0 dBm) (no IR, radar detection)
			* 5560 MHz [112] (15.0 dBm) (no IR, radar detection)
			* 5580 MHz [116] (15.0 dBm) (no IR, radar detection)
			* 5600 MHz [120] (15.0 dBm) (no IR, radar detection)
			* 5620 MHz [124] (15.0 dBm) (no IR, radar detection)
			* 5640 MHz [128] (15.0 dBm) (no IR, radar detection)
			* 5660 MHz [132] (15.0 dBm) (no IR, radar detection)
			* 5680 MHz [136] (15.0 dBm) (no IR, radar detection)
			* 5700 MHz [140] (15.0 dBm) (no IR, radar detection)
			* 5745 MHz [149] (15.0 dBm) (no IR)
			* 5765 MHz [153] (15.0 dBm) (no IR)
			* 5785 MHz [157] (15.0 dBm) (no IR)
			* 5805 MHz [161] (15.0 dBm) (no IR)
			* 5825 MHz [165] (15.0 dBm) (no IR)
	Supported commands:
		 * new_interface
		 * set_interface
		 * new_key
		 * start_ap
		 * new_station
		 * new_mpath
		 * set_mesh_config
		 * set_bss
		 * authenticate
		 * associate
		 * deauthenticate
		 * disassociate
		 * join_ibss
		 * join_mesh
		 * remain_on_channel
		 * set_tx_bitrate_mask
		 * frame
		 * frame_wait_cancel
		 * set_wiphy_netns
		 * set_channel
		 * probe_client
		 * set_noack_map
		 * register_beacons
		 * start_p2p_device
		 * set_mcast_rate
		 * connect
		 * disconnect
		 * set_qos_map
		 * set_multicast_to_unicast
	software interface modes (can always be added):
		 * monitor
	interface combinations are not supported
	HT Capability overrides:
		 * MCS: ff ff ff ff ff ff ff ff ff ff
		 * maximum A-MSDU length
		 * supported channel width
		 * short GI for 40 MHz
		 * max A-MPDU length exponent
		 * min MPDU start spacing
	Device supports TX status socket option.
	Device supports HT-IBSS.
	Device supports SAE with AUTHENTICATE command
	Device supports scan flush.
	Device supports per-vif TX power setting
	Driver supports full state transitions for AP/GO clients
	Driver supports a userspace MPM
	Device supports static SMPS
	Device supports dynamic SMPS
	Device supports configuring vdev MAC-addr on create.
	max # scan plans: 1
	max scan plan interval: -1
	max scan plan iterations: 0
	Supported TX frame types:
		 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
	Supported RX frame types:
		 * IBSS: 0x40 0xb0 0xc0 0xd0
		 * managed: 0x40 0xb0 0xd0
		 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * mesh point: 0xb0 0xc0 0xd0
		 * P2P-client: 0x40 0xd0
		 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * P2P-device: 0x40 0xd0
	Supported extended features:
		* [ RRM ]: RRM
		* [ FILS_STA ]: STA FILS (Fast Initial Link Setup)
		* [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
		* [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
		* [ EXT_KEY_ID ]: Extended Key ID support
		* [ CONTROL_PORT_NO_PREAUTH ]: disable pre-auth over nl80211 control port support
		* [ DEL_IBSS_STA ]: deletion of IBSS station support
		* [ SCAN_FREQ_KHZ ]: scan on kHz frequency support
		* [ CONTROL_PORT_OVER_NL80211_TX_STATUS ]: tx status for nl80211 control port support

How is it that the Intel Centrino 6300 has AP and AP/VLAN as Supported TX and RX Frame Types and "start_ap" as a Supported Command but does not have AP and AP/VLAN as "Supported interface modes"?

Can anyone explain why not all WLAN cards have AP and AP/VLAN as "Supported interface modes"?

Regarding the Dell Latitude E6530, can anyone recommend a 3x3 Antenna PCIe Half Mini Card that can be used as an Access Point?

Can anyone explain why the L540 isn't detecting the external Wi-Fi Hotpots? Is it because it only has 2 antennas?

The Android phones can see these external Hotspots as can the Dell Latitude E6530.

The Centrino Ultimate-N 6300 supports 802.11a/g/n.

https://www.intel.com/content/www/us/en … tions.html

The Centrino Advanced-N 6235 supports 802.11a/b/g/n.

https://www.intel.com/content/www/us/en … tions.html

Thanks!!, MTB.

Offline

#23 2024-02-19 15:04:40

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Hi mtbvfr. There are a lot of moving parts here. I will look at this on the weekend when I have more time.

But I do have two cents of advice that I can give right away:

Over the years, I've had many headaches of the type you're having now. I am not exaggerating when I say that all of my wifi-related headaches went away when I started using hand-picked hardware (ALFA AWUS036ACHM) and hand-picked minimalist OS (Tiny Core Linux) on my GNU/Linux box being used as a wireless router.

In other words, every problem I've ever encountered related to creating wifi hotspots were either due to poor hardware support or an OS that was getting in the way by doing things that I did not expect or desire.

Offline

#24 2024-02-19 17:37:32

aluma
Member
Registered: 2022-10-26
Posts: 646  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

The idea is interesting, but one thing is not entirely good.
I don’t know how it is in other countries, but our cost  ALFA AWUS036ACHM   is approximately the same as TP-LINK Archer AX1500 Wi-Fi 6.
https://www.tp-link.com/us/home-network … er-ax1500/

But repeaters are simply much cheaper.

Last edited by aluma (2024-02-19 17:38:36)

Offline

#25 2024-02-19 17:53:27

GNUser
Member
Registered: 2017-03-16
Posts: 570  

Re: [SOLVED] GNU/Linux laptop as router, vpn router, or wifi repeater

Sometimes, after a while, "handle_probe_req: send failed" is output multiple times.

Hi mtbvfr. I cannot reproduce the problem on my ThinkPad X200 with ALFA USB wifi adapter and Tiny Core Linux.

I don't normally run the skinny-create-ap script on my ThinkPad X230 with Devuan Daedalus but I gave it a try and I am able to reproduce your problem:

$ sudo skinny-create-ap wlx00127b20535e wlan0 DevuanHotspot TopSecret123
...
[I can connect to the hotspot using my phone, and phone can access the internet without any problems for several minutes]
wlx00127b20535e: INTERFACE-DISABLED 
wlx00127b20535e: INTERFACE-ENABLED 
[here the phone loses connection to the hotspot]
handle_probe_req: send failed
handle_probe_req: send failed
handle_probe_req: send failed
handle_probe_req: send failed
handle_probe_req: send failed
handle_probe_req: send failed

Since the hotspot works perfectly for several minutes before failing, I suspect the sudden failure is related to either power management or a networking daemon (e.g., NetworkManager) interfering.

One big difference between my X200 with TCL and X230 with Daedalus is that the latter uses NetworkManager.

Two questions for you, mtbvfr:

1. On your Lenovo L540 using Devuan Daedalus, is NetworkManager installed and running when you experience the "handle_probe_req: send failed" issue?

2. If you run nmcli dev set wlan0 managed no and then start the hotspot with sudo skinny-create-ap wlan0 eth0 DevuanHotspot TopSecret123 does the "handle_probe_req: send failed" problem go away?

I'm testing #2 right now.

Last edited by GNUser (2024-02-19 17:55:02)

Offline

Board footer