Networking – How to make hostapd WPA2 work

hostapdnetworkingwireless-access-pointwireless-networkingwpa2-psk

I'm trying to create a simple WPA2 WiFi access point so that I can use WiFi more reliably when I'm far away from the router.

I'm following this guide except I'm using a custom version of hostapd that has the driver for my USB WiFi dongle.

I modify the hostapd.conf configuration slightly from the guide to create an open hotspot:

interface=wlan0
ssid=WiFi
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
driver=rtl871xdrv
ieee80211n=1
hw_mode=g
device_name=RTL8192CU
manufacturer=Realtek

When I do this, everything works like a charm and I can browse the Internet when connected to the AP from my phone.

But, of course, an open AP is not desirable and I wish to create a WPA2 AP so I modify the configuration file:

interface=wlan0
ssid=WiFi
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=Raspberry5
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
driver=rtl871xdrv
ieee80211n=1
hw_mode=g
device_name=RTL8192CU
manufacturer=Realtek

This does not work like a charm! Despite entering the correct password, "Raspberry5" when connecting to the AP, my phone (running Android Marshmallow) hangs on "Connecting…" for a while before returning to "Saved…" and then returning to "Connecting…" This occurs endlessly, with "Authentication problem" occasionally flashing up. Other devices also fail to connect.

How can I resolve this problem so that I am able to connect to the AP successfully?

Here's the output of hostapd -d /etc/hostapd/hostapd.conf:

random: Trying to read entropy from /dev/random
Configuration file: /etc/hostapd/hostapd.conf
drv->ifindex=3
l2_sock_recv==l2_sock_xmit=0x0xb69648
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
Completing interface initialization
Mode: IEEE 802.11g  Channel: 6  Frequency: 2437 MHz
RATE[0] rate=10 flags=0x1
RATE[1] rate=20 flags=0x1
RATE[2] rate=55 flags=0x1
RATE[3] rate=110 flags=0x1
RATE[4] rate=60 flags=0x0
RATE[5] rate=90 flags=0x0
RATE[6] rate=120 flags=0x0
RATE[7] rate=180 flags=0x0
RATE[8] rate=240 flags=0x0
RATE[9] rate=360 flags=0x0
RATE[10] rate=480 flags=0x0
RATE[11] rate=540 flags=0x0
Flushing old station entries
Deauthenticate all stations
+rtl871x_sta_deauth_ops, ff:ff:ff:ff:ff:ff is deauth, reason=2
rtl871x_set_key_ops
rtl871x_set_key_ops
rtl871x_set_key_ops
rtl871x_set_key_ops
Using interface wlan0 with hwaddr 80:1f:02:d0:f5:94 and ssid 'WiFi'
Deriving WPA PSK based on passphrase
SSID - hexdump_ascii(len=4):
     57 69 46 69                                       WiFi
PSK (ASCII passphrase) - hexdump_ascii(len=10): [REMOVED]
PSK (from passphrase) - hexdump(len=32): [REMOVED]
rtl871x_set_wps_assoc_resp_ie
rtl871x_set_wps_beacon_ie
rtl871x_set_wps_probe_resp_ie
urandom: Got 20/20 bytes from /dev/urandom
GMK - hexdump(len=32): [REMOVED]
Key Counter - hexdump(len=32): [REMOVED]
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
GTK - hexdump(len=16): [REMOVED]
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
rtl871x_set_key_ops
rtl871x_set_beacon_ops
rtl871x_set_hidden_ssid ignore_broadcast_ssid:0, WiFi,4
rtl871x_set_acl
wlan0: Setup of interface done.

Here's /etc/network/interfaces:

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet static
  address 10.0.1.1
  netmask 255.255.255.0

up iptables-restore < /etc/iptables.ipv4.nat

And here's /etc/dhcp/dhcpd.conf without comments:

ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 10.0.1.0 netmask 255.255.255.0 {
        range 10.0.1.2 10.0.1.254;
        option broadcast-address 10.0.1.255;
        option routers 10.0.1.1;
        default-lease-time 600;
        max-lease-time 7200;
        option domain-name "local";
        option domain-name-servers 10.0.0.1, 8.8.8.8;
}

I've modified both /etc/network/interfaces and /etc/dhcp/dhcp.conf from the guide to use the IP address range that I wish to use.

Thanks in advance for any help and of course, I'll be glad to provide any more logs/files that are useful.

Best Answer

OK, I've got it working.

I linked to this post on the Raspberry Pi Forums and a user, epoch1970, told me that the custom version of hostapd is no longer required for devices with the RTL8188CUS chipset, which mine is. In fact, you cannot use it - you encounter the issue I experienced!

He linked to this thread on the forum, which explains things.

I clean-installed Raspbian and installed hostapd from the repo, specified driver=nl80211 in my hostapd config and everything worked brilliantly.

Related Solutions

Linux – Hostapd requires manual restart for devices to connect

The fix below 'worked' for me, however devices would disconnect after a short period of time. Ultimately I clean installed Ubuntu 12.04 and all seems to work fine.

Remove the hostapd service from the rcX files to prevent the service from automatically starting;

sudo update-rc.d -f hostapd remove
Provide a Cron Job to start the service shortly after boot
Then provide a Cron job to restart the service shortly after starting

To modify Cron file;

sudo crontab -e

Here are the Cron Jobs I added;

@reboot sleep 10; /fixscripts/hostapdstart.sh
@reboot sleep 25; /fixscripts/hostapdrestart.sh

This starts the service 10 seconds after boot, and then restarts it 15(25-10) seconds later.

ArchLinux – Setup TL-WN725N Access Point with Hostapd

Not all wifi cards, whether USB or not, can act as AP. From the look of it, it seems yours can't.

The way to find out is to issue the command

  iw list

which will have a long and really comprehensive output, where you should search for the following section:

  Supported interface modes:
             * IBSS
             * managed
             * AP
             * AP/VLAN
             * monitor
    software interface modes (can always be added):
             * AP/VLAN
             * monitor
    valid interface combinations:
             * #{ managed } <= 1, #{ AP } <= 1,
               total <= 2, #channels <= 1, STA/AP BI must match
             * #{ managed } <= 2,
               total <= 2, #channels <= 1

This is for my card, which shows the critical line: Supported interface modes: AP. As you can see, there follow also restrictions, under the heading valid interface combinations. In this special case, it means that I can use this card simultaneously in managed and AP mode, provided the two use the same channel. Which means I can set up an AP through hostapd, while I use a wifi connection to forward hostapd traffic to the Internet.

You ought to make the same check for your card.

If furthermore you wish to find out which USB adaptor can be put into AP mode, I am afraid there is no really authoritative list, mostly because of the manufacturers: for instance this Ubuntu help page states:

Be careful when buying a card for this project: - WLAN cards documented as Linux-supported often become no longer available. As a common cost-cutting measure, wireless adapter manufacturers will revise an existing product's specifications, substituting a different chipset (or other components) without changing the (formerly Linux-compatible product's) model number. Naturally, this is a common source of confusion for individuals attempting to purchase a compatible adapter, even when they think they know which adapter to buy. Manufacturers don't help matters much, often using strange naming conventions that produce numerous confusingly similar model names and numbers. Consider: At one point D-Link offered 3 different revisions (with 3 different chipsets) of its DWL-520 adapter, as well as the (completely different) DWL-520+, which was not to be confused with the entirely unrelated DWL-G520, DWL-A520, not to mention the 8 varieties of product offered under the "DWL-620" moniker. Thus it is crucially important to pay close attention not just to manufacturer/model names, but also revision numbers (if provided), chipsets, included drivers, etc, as well. (If uncertain, consider purchasing from a retailer who offers a "consumer friendly" return policy, so the product can be returned/exchanged if it turns out to be incompatible.)

After this major disclaimer, I will just say that http://www.thinkpenguin.com/ and http://linuxwireless.org/ provide lists of AP-capable adapters, and that Atheros products are often AP-capable. I regret I cannot be any more precise.

EDIT:

I have done a bit of research, and I have found out that there actually are two versions of the TP-WN725N USB adapter. v1 has Vendor code 0bda and product code 8176 https://wikidevi.com/wiki/TP-LINK_TL-WN725N_v1, while v2 has 0bda:8179 https://wikidevi.com/wiki/TP-LINK_TL-WN725N_v2. These codes, though not accessible through lspci, can be seen from the output of lsusb. You can then distinguish between the two.

Now it is important to learn which driver you are using. Since you do not have lshw (I normally run Arch, but on my Raspberry I installed raspbian, that's why...), the only way to establish which driver you are running is to do:

  lsmod | grep rtl

It should be rtl8188cu for v1, but if you have v2 the above-referenced WikiDevi page says that there is a special, pre-compiled binary driver for the Raspberry which is located here. If you have v2, you should definitely use this.

For v1, I found this online guide, for v2 instead I found this.

One thing to check is whether you have the nl80211 driver available on your system; normally you should, but just to check, the file to be searched is mac80211.

I hope this will give you enough info to narrow down your problem.

Best Answer

Related Solutions

Linux – Hostapd requires manual restart for devices to connect

ArchLinux – Setup TL-WN725N Access Point with Hostapd

Related Question