# if you want to bridge the onboard eth0 and the # wireless (USB) adapter's wlan0, this should work interface=wlan0 bridge=br0 # this is the driver that must be used for ath9k # and other similar chipset devices driver=nl80211 # Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g, # Default: IEEE 802.11b # !! Note: # the n-speeds get layered on top of 802.11g, so # use hw_mode=g also for 802.11n hw_mode=g #hw_mode=a # ieee80211n: Whether IEEE 802.11n (HT) is enabled # 0 = disabled (default) # 1 = enabled # !! Note: # You will also need to enable WMM for full HT functionality. ieee80211n=1 wmm_enabled=1 # Channel number (IEEE 802.11) # (default: 0, i.e., not set) # Please note that some drivers do not use this value from hostapd and the # channel will need to be configured separately with iwconfig. ## - 2.4 Ghz : hw_mode=g (ht_capab=[HT40+].. channel 1-9) ## - (ht_capab=[HT40-].. channel 5-11(13) ) ## - 5 Ghz : hw_mode=a (ht_capab=[HT40+].. channel 36,44 ) ## - (ht_capab=[HT40-].. channel 40) channel=7 #channel=44 # these have to be set in agreement w/ channel and # some other values... read hostapd.conf docs # ## - D-LINK DWA-552 (2.4 Ghz) ## - MicroTIK RouterBOARD R52n-M (Dualband: 2.4 / 5 Ghz) ## - MicroTIK RouterBOARD R52Hn (Dualband: 2.4 / 5 Ghz) ## - ht_capab=[HT40-][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40] ## - ## - SR71-E Hi-Power (802.11a/b/g/n miniPCI-E Module) ## - ## - 5 Ghz -->channel 36 ## - #ht_capab=[HT40+][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40] #ht_capab=[SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40] ## - ## - D-LINK DWA-556 (PCIe) (2,4 / 5 Ghz) ## - #ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40] ## - ## - Linksys WMP600N (Dualband: 2.4 / 5 Ghz) ## - #ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC12] # adjust to fit your location country_code=DE # SSID to be used in IEEE 802.11 management frames ssid=WLAN-OOPEN # makes the SSID visible and broadcasted ignore_broadcast_ssid=0 # IEEE 802.11 specifies two authentication algorithms. hostapd can be # configured to allow both of these or only one. Open system authentication # should be used with IEEE 802.1X. # Bit fields of allowed authentication algorithms: # bit 0 = Open System Authentication # bit 1 = Shared Key Authentication (requires WEP) #auth_algs=3 auth_algs=1 # bit0 = WPA # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) wpa=3 # Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The # entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be # added to enable SHA256-based stronger algorithms. # (dot11RSNAConfigAuthenticationSuitesTable) wpa_key_mgmt=WPA-PSK # WPA pre-shared keys for WPA-PSK. wpa_passphrase=WoAuchImmer # Set of accepted cipher suites (encryption algorithms) for pairwise keys # (unicast packets). This is a space separated list of algorithms: # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] # Group cipher suite (encryption algorithm for broadcast and multicast frames) # is automatically selected based on this configuration. If only CCMP is # allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise, # TKIP will be used as the group cipher. # (dot11RSNAConfigPairwiseCiphersTable) # Pairwise cipher for WPA (v1) (default: TKIP) wpa_pairwise=TKIP CCMP # Pairwise cipher for RSN/WPA2 (default: use wpa_pairwise value) rsn_pairwise=CCMP # Time interval for rekeying GTK (broadcast/multicast encryption keys) in # seconds. (dot11RSNAConfigGroupRekeyTime) wpa_group_rekey=600 # Station MAC address -based authentication # Please note that this kind of access control requires a driver that uses # hostapd to take care of management frame processing and as such, this can be # used with driver=hostap or driver=nl80211, but not with driver=madwifi. # 0 = accept unless in deny list # 1 = deny unless in accept list # 2 = use external RADIUS server (accept/deny lists are searched first) macaddr_acl=0 # Interface for separate control program. If this is specified, hostapd # will create this directory and a UNIX domain socket for listening to requests # from external programs (CLI/GUI, etc.) for status information and # configuration. The socket file will be named based on the interface name, so # multiple hostapd processes/interfaces can be run at the same time if more # than one interface is used. # /var/run/hostapd is the recommended directory for sockets and by default, # hostapd_cli will use it when trying to connect with hostapd. ctrl_interface=/var/run/hostapd # debugging output - uncomment them to activate; issue hostapd -d /etc/hostapd/hostapd.conf # to get debugging info in visible/real-time form #logger_syslog=-1 #logger_syslog_level=2 #logger_stdout=-1 #logger_stdout_level=2