Building your own Wireless Access Point on top of CentOS7

0
351

Wireless is everywhere, though have you ever thought about building your own wireless access point.?Well, if you’ve got capable enough wireless NIC and of course bit of understanding in Linux, that’s what it takes to get the job done.!

 

On this article, I will stick to CentOS7 system and as well following applications to work on the goal;

  • hostapd => a daemon that will control how these wireless protocols should behave
  • dhcpd => a daemon that taking care of handing over IP address allocation for external clients
  • FirewallD => the native firewall daemon on Centos7 platforms that helps to perform NAT functionality while client internet requests traverse via wireless AP.
  • I also assume that the system that we are gonna build our Access Point has wireless NIC plus another medium of access to reach the internet, for example, having a wired NIC with ISP connectivity.

 

01. Finding out whether your wireless nic support access-point mode:

iw list

 

02. Second, let make sure no blocking behavior occured on our selected wireless NIC.

rfkill list

As in the figure, both Soft & Hard blocked should say “no”, otherwise, the system won’t allow Hostapd to setup wireless on top of the selected NIC. If unfortunately blocked are in “yes”, you can work on following command to mark them as “no”

rfkill unblock wlan

 

03. Let install “epel-release” package which will then setup a new repository that hosts this “hostapd” package.

yum -y install epel-release
yum install hostapd dhcp

 

04. Once the installation completes, let’s move to hostapd specific configuration => /etc/hostapd/hostapd.conf

ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
driver=nl80211

wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

wpa_passphrase=yourpassword
interface=wlp01
bridge=br-AP
hw_mode=g
channel=6
ssid=CentOSAir

interface => on which interface that setup this wireless access point
bridge => a virtual “type => bridge” interface that manage the IP address space for the hosting access point
ssid => the name that client see as your wireless AP

 

05. Next step should be implement a “br-AP” virtual bridge interface that we defined while configuring hostapd.

nmcli con add con-name br-AP type bridge ifname br-AP autoconnect yes stp no ip4 192.168.10.1/24

 

06. To let handing over IP address leases over to clients, DHCP is a must => /etc/dhcpd/dhcpd.conf

option domain-name-servers 192.168.5.49;
default-lease-time 600;
max-lease-time 7200;
#
# this DHCP server to be declared valid
authoritative;
#
# specify network address and subnet mask
subnet 192.168.10.0 netmask 255.255.255.0 {
       range dynamic-bootp 192.168.10.200 192.168.10.220;
       option broadcast-address 192.168.10.255;
       option domain-name-servers 192.168.10.1;
       option domain-name "example.org";
       option routers 192.168.10.1;
       }

Note that IP address range should be same on both Bridge interface as well as IP address pool managed by DHCP.

07. While Linux system boots up and yet wireless NIC might not initialized as required. In such cases you might experience a service failure on “hostapd.service”. Then the tick should ask the respective initialization unit file to restart the fail service, if found. To do this, you might need to reflect default hostapd.service file to the following context => vim /etc/systemd/system/hostapd.service

[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
After=network.target

[Service]
Type=forking
PIDFile=/run/hostapd.pid
ExecStart=/usr/sbin/hostapd /etc/hostapd/hostapd.conf -P /run/hostapd.pid -B
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

Note following key parameters:
Restart=on-failure
RestartSec=10

08. Further, I even personally experience a failure in DHCP initialization due to early forking while our Bridge interface hasn’t completed it’s own initialization. This is a must because DHCP strictly looking for a system IP address for which it’s pool of address defined in its configuration. So, lets implement another trick by creating a systemD timer and ask it to fork the dhcpd.service with a bit of delay => vim /etc/systemd/system/dhcpd.timer

[Unit]
Description=make dhcp starts after 60sec of boot

[Timer]
OnBootSec=1min
Unit=dhcpd.service

[Install]
WantedBy=multi-user.target

What this unit does is that, even the main service of “dhcpd.service” is in disable mode at startup, this force the initialization of the dhcpd process after 60 seconds of delay.

09. Finally, reload the systemD unit files, stop DHCP service at boot process and finally start DHCP timer as well as hostapd daemon.

systemctl daemon-reload
systemctl disable dhcpd.service
systemctl enable dhcpd.timer
systemctl enable hostapd.service

 

10. Reboot the system and after 1 minutes of delay, check the status of;

systemctl status hostapd.service
systemctl status dhcpd.service

If they are running, then well done, you done it. But, if unfortunately a failure in hostapd.service, try to restart it again by first, disabling WIFI from NetworkManager.

nmcli radio wifi off

 

11. When external client traffic moving out on via our system’s public interface(or the NIC which holding your ISP connection), they should subjected to a NAT functionality, otherwise these outgoing traffic  would simply never be route back to our system to complete its communication. To setup the NAT process, lets configure firewallD.

firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --add-masquerade
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --add-port=443/tcp
firewall-cmd --zone=public --add-service=dns

Be mindful to add more rules, if required, to allow certain outgoing tcp/udp protocols.

 

“I hope this has been informative for you”

LEAVE A REPLY

Please enter your comment!
Please enter your name here