Linux experts Seravo background Linux Debian SUSE
Seravo blog: Linux and open source – technology and strategy

Turn any computer into a wireless access point with Hostapd

Linux hotspotDo you want to make a computer function as a WLAN base station, so that other computers can use as it as their wifi access point? This can easily be done using the open source software Hostapd and compatible wifi hardware.

This is a useful thing to do if computer acting as a firewall or as a server in the local network, and you want to avoid adding new appliances that all require their own space and cables in you already crowded server closet. Hostapd enables you to have full control of your WLAN access point and also enhances security. By using Hostapd the system will be completely in your control, every line of code can be audited and the source of all software can be verified and all software can be updated easily. It is quite common that active network devices like wifi access points are initially fairly secure small appliances with Linux inside, but over time their vendors don’t provide timely security updates and local administrators don’t care to install them via some clumsy firmware upgrade mechanism. With a proper Linux server admins can easily SSH into it and run upgrades using the familiar and trusted upgrade channels that Linux server distributions provide.

The first step in creating wireless base station with Hostapd is to make sure the WLAN hardware supports running in access point mode. Examples are listed in the hostapd documentation. A good place to shop for WLAN cards with excellent Linux drivers is and in their product descriptions the WLAN card supported operation modes are nicely listed.

The next step is to install the software called Hostapd by Jouni Malinen and others. This is a very widely used software and it most likely is available in your Linux distribution by default. Many of the WLAN router appliances available actually are small Linux computers running hostapd inside, so by running hostapd on a proper Linux computer will give you at least all the features available in the WIFI routers, including advanced authentication and logging.

Our example commands are for Ubuntu 14.04. You need to have access to install hostapd and dnsmasq Dnsmasq is a small DNS/DHCP server which we’ll use in this setup. To start simply run:

sudo apt-get install hostapd dnsmasq

After that you need to create and edit the configuration file:

zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz | sudo tee -a /etc/hostapd/hostapd.conf

The configuration file /etc/hostapd/hostapd.conf is filled with configuration examples and documentation in comments. The relevant parts for a simple WPA2 protected 802.11g  network with the SSID ‘Example-WLAN‘ and password ‘PASS‘ are:


Next you need to edit the network interfaces configuration to force the WLAN card to only run in the access point mode. Assuming that the access point network will use the address space 192.168.8.* the file /etc/network/interfaces should look something like this:

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf

Then we need to have a DNS relay and DHCP server on our wlan0 interface so the clients actually get a working Internet connection, and this can be accomplished by configuring dnsmasq. Like hostapd it also has a very verbose configuration file /etc/dnsmasq.conf, but the relevant parts look like this:


Next we need to make sure that the Linux kernel forwards traffic from our wireless network onto other destination networks. For that you need to edit the file /etc/sysctl.conf and make sure it has lines like this:


We need to activate NAT in the built-in firewall of Linux to make sure the traffic going out uses the external address as its source address and thus can be routed back. It can be done for example by appending the following line to the file /etc/rc.local:

iptables -t nat -A POSTROUTING -s ! -d  -j MASQUERADE

Some WLAN card hardware might have a virtual on/off switch. If you have such hardware you might need to also run rfkill to enable the hardware using a command like rfkill unblock 0.

The same computer also runs Network Manager (as for example Ubuntu does by default) you need to edit it’s settings so that if won’t interfere with the new wifi access point. Make sure file /etc/NetworkManager/NetworkManager.conf looks like this:


Now all configuration should be done. To be sure all changes take effect, finish by rebooting the computer.

If everything is working, a new WLAN network should be detected by other devices.
On the WLAN-server you’ll see similar output from these commands:

$ iw wlan0 info
Interface wlan0
        ifindex 3
        type AP
        wiphy 0

$ iwconfig 
wlan0     IEEE 802.11bgn  Mode:Master  Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

$ ifconfig
wlan0     Link encap:Ethernet  HWaddr f4:ec:38:de:c8:d2  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::f6ec:38ff:fede:c8d2/64 Scope:Link
          RX packets:5463040 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8166528 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:861148382 (861.1 MB)  TX bytes:9489973056 (9.4 GB)

49 thoughts on “Turn any computer into a wireless access point with Hostapd

  1. Azriel says:

    Help me. My computer refuses to work properly after this

  2. Otto Kekäläinen says:

    @Azriel: We are sorry to hear your computer does not work properly. The instructions above are very technical and meant for experts as advice on how they can achieve a cool ability with a computer. Before trying out such instructions please back up at least the configuration files so you can revert back to the old settings if something does not work.

    At the moment the best advice is to find an affordable local Linux expert, explain to him in detail what you did and he can then hopefully fix your computer.

  3. julien says:


    I don’t understand the meaning of this command:
    iptables -t nat -A POSTROUTING -s ! -d -j MASQUERADE

    Because the destination is the same as the source?

    I need to create an acces point on the wlan0 and redirect the traffic on eth0. If I modify just the iptables instruction normally it should works?

    Tks for helping,


    1. Otto Kekäläinen says:

      @julien: The destination is not the same as the source. It is everything but the source. Not the exclamation mark (!).

  4. E.L. says:

    thank you for this very useful guide. My desktop is connected to the internet by an ethernet connection with a static ip. I like to share this connection by the wlan1 (usb wifi dongle).
    I followed all the istrutions and now I’m able to see the new wireless network from my phone but it ask to me a user name and password to connect to wireless. What about this “user name”? I never set up a user name in any configuration file.

    Thank you for the answers

    1. Otto Kekäläinen says:

      @EL: Check your /etc/hostapd/hostapd.conf that the authentication method is WPA-PSK and not RADIUS or something else that requires a username/password pair.

      1. E.L. says:

        Thank you for the quick reply. I forgot to remove the EAP parameters in the string:
        wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256
        now it is:
        wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
        and it asks only the password but when I connect to wifi network I get the message that the password is wrong (by the phone). I tried with a very trivial pw (only letters and numbers) to avoid errors but I’m not able to connect.
        The configuration file reads like:

        wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256

        Is it correct?

  5. Néstor says:

    following those steps didn’t worked for me but else made undiscoverable many wlan networks.

    I was checking after and I think by driver my wireless card doesn’t support AP because in Windows I can share it from my wireless card (with mHostpot)

  6. Mark says:

    I tried these instructions with Ubuntu 14.04, but i simply want the system to work as an Access Point and not as router, so no dhcp server/dns server, etc. I tried simply leaving out those two options, but as soon as i bring the interface up, i lose access to the system through ssh. I do obviously already have a wired connection to the system, but that goes down as well. I am assuming its because it would be two interfaces then on the same subnet and that causes confusion? Any suggestions on accomplishing my needs?

    1. Eric says:

      Try this guide. You can leave off the dhcp3-server package

      And in the script, skip the line
      /etc/init.d/dhcp3-server restart

      Then you’ll need to manually set the IP on the device that is connecting to your hostapd computer and bridge the connection with the firestarter application.

  7. Jesse says:


    everything works, but when i put the ethernet cable in i cant get on the web.

    my setup:
    World Wide Web –> Modem —> Cisco e2000 router —-> Asus eee pc AP (with Debian wheezy)
    i think it has something to do with the rc.local configuration, but i dont know what.

  8. Peadar Doyle says:

    Turns out my wireless card doesn’t support AP mode as discovered using the following documentation:

    Other than that it was a nice little tutorial.

  9. Ogiwara says:

    Nice tutorial,

    For unknown reasons it messed up my routing table and added a entry without a gateway configured, I deleted it and everything works flawlessly.
    thanks !

  10. ChrisO says:

    Nice tutorial. I set it up on a OLinuXino box running Debian 8 (jessie). It works fine with two of my Android phones. However, when I try to use it from my laptop (Mint 17) it doesn’t work. Looks like authenticatin is OK
    but it fails to “associate”:

    wpa_supplicant[1652]: wlan0: Trying to associate with 80:1f:02:9b:a7:c1 (SSID=’olimex’ freq=2437 MHz)
    kernel: [ 265.171752] wlan0: authenticated
    kernel: [ 265.171937] iwlwifi 0000:03:00.0 wlan0: disabling HT as WMM/QoS is not supported by the AP
    kernel: [ 265.171941] iwlwifi 0000:03:00.0 wlan0: disabling VHT as WMM/QoS is not supported by the AP
    kernel: [ 265.171945] wlan0: waiting for beacon from 80:1f:02:9b:a7:c1
    NetworkManager[1053]: (wlan0): supplicant interface state: authenticating -> associating
    wpa_supplicant[1652]: wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid=”olimex” auth_failures=1 duration=10
    NetworkManager[1053]: (wlan0): supplicant interface state: associating -> disconnected

    Any idea what could be the cause?

    Thanks and regards,

  11. ChrisO says:

    Addendum. Problem solved. It looks like the Realtek RTL8188CUS based WiFI adapter was the culprit.
    Replaced it by a Ralink RT5370 one and everything works OK.


  12. dekhi says:

    I followed your guide and everything seemed to be perfect. But after rebooting, my Ubuntu couldn’t connect to my home wifi network. In addition, my new AP created by hostapd didn’t show up on, not any devices could find it. I used my built-in wifi card in my laptop. How can I create it?

    1. Florin says:

      After using this tutorial, your wifi will not be able to connect to other network, it will be running only as AP. You cannot both use it to connect laptop to router and also use laptop as router, you need 2 wifi cards to be able to do that. But you can share the Ethernet or USB 3G/etc. connections via Wifi to other devices (smarphones, etc.).

      It worked fine on my laptop (Toshiba, AR9285 – ath9k driver (default driver)), tried it in the last few days on Ubuntu 15.04. The network applet crashed, but it is quite simple to configure the internet network event without it, in System Settings.

  13. Florin says:

    Your tutorial is really great, it works! I have tested it on Ubuntu 15.04 and it works almost like charm. There is only one probably bug that will occur: the network applet will crash, so one will have to know how to connect to the network that will be shared without having the Network icon on the top right corner (it might be selected to autoconnect, but as I shared the USB 3G connection, I created the connection in System Settings – Network and activated autoconnect).

  14. oded eidelman says:

    Hi Guys,

    I have a little question,

    I wanna build a powerful WiFi access point machine, using the tutorial above, but one thing is missing!

    I didn’t find any Wifi dongle or desktop pci WiFi card with a powerful external-antenna that can compete with Cisco devices such as Cisco Aironet 3700, which their WiFi is antenna 48 volts (!)

    Most of WiFi dongles or external antennas are just 5 volts.

    Can someone please suggest something?

    Thanks in advance :)

    Oded E

  15. Otto Kekäläinen says:

    @Oded E: I recommend selecting something from here:

  16. nice article but the iptables part does not work.

    root@router:/etc# iptables -t nat -A POSTROUTING -s ! -d -j MASQUERADE -v -v -v -v -v
    MASQUERADE all opt — in * out * !->
    libiptc 952 bytes.
    Table `nat’
    Hooks: pre/in/fwd/out/post = 0/98/ffffffff/130/1c8
    Underflows: pre/in/fwd/out/post = 0/98/ffffffff/130/270
    Entry 0 (0):
    SRC IP:
    DST IP:
    Interface: `’/…………….to `’/…………….
    Protocol: 0
    Flags: 00
    Invflags: 00
    Counters: 0 packets, 0 bytes
    Cache: 00000000
    Target name: `’ [40]

    Entry 1 (152):
    SRC IP:
    DST IP:
    Interface: `’/…………….to `’/…………….
    Protocol: 0
    Flags: 00
    Invflags: 00
    Counters: 0 packets, 0 bytes
    Cache: 00000000
    Target name: `’ [40]

    Entry 2 (304):
    SRC IP:
    DST IP:
    Interface: `’/…………….to `’/…………….
    Protocol: 0
    Flags: 00
    Invflags: 00
    Counters: 178 packets, 11018 bytes
    Cache: 00000000
    Target name: `’ [40]

    Entry 3 (456):
    SRC IP:
    DST IP:
    Interface: `’/…………….to `’/…………….
    Protocol: 0
    Flags: 00
    Invflags: 10
    Counters: 1 packets, 166 bytes
    Cache: 00000000
    Target name: `MASQUERADE’ [56]

    Entry 4 (624):
    SRC IP:
    DST IP:
    Interface: `’/…………….to `’/…………….
    Protocol: 0
    Flags: 00
    Invflags: 00
    Counters: 177 packets, 10852 bytes
    Cache: 00000000
    Target name: `’ [40]

    Entry 5 (776):
    SRC IP:
    DST IP:
    Interface: `’/…………….to `’/…………….
    Protocol: 0
    Flags: 00
    Invflags: 00
    Counters: 0 packets, 0 bytes
    Cache: 00000000
    Target name: `ERROR’ [64]

    my network

    root@router:/etc# ifconfig
    eth0 Link encap:Ethernet HWaddr 08:00:27:5a:7d:da
    inet addr: Bcast: Mask:
    inet6 addr: fe80::a00:27ff:fe5a:7dda/64 Scope:Link
    RX packets:738 errors:0 dropped:0 overruns:0 frame:0
    TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:653192 (653.1 KB) TX bytes:92394 (92.3 KB)

    lo Link encap:Local Loopback
    inet addr: Mask:
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:65536 Metric:1
    RX packets:1882 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1882 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:117793 (117.7 KB) TX bytes:117793 (117.7 KB)

    wlan0 Link encap:Ethernet HWaddr 00:c0:ca:59:30:3e
    inet addr: Bcast: Mask:
    inet6 addr: fe80::2c0:caff:fe59:303e/64 Scope:Link
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 B) TX bytes:7387 (7.3 KB)

  17. José Ángel Figueroa Mendoza says:

    If I have an USB adapter wifi like the source of internet(wlan1) tplink and I want to reply this signal with the atheros(wlan0) how may look my configuration ?

  18. wzhd says:

    This is nice! I didn’t know /etc/network/interfaces supports hostapd and ended up writing custom systemd services to set up address on the interface and then start hostapd.

  19. Luc Deschenaux says:

    Just working fine with Debian 8.1 with an additional

    iptables -P FORWARD ACCEPT (or more specific)

    Thanks for the time saved :-)

    1. Luc Deschenaux says:

      forgot to mention I used bind and dhcpd instead of dnsmaq …

  20. Aman Sinha says:

    Can anyone please tell me, how many clients can i connect with it to my access point?? I am actually designing a linux based wifi access point to connect minimum 1000 people. Please help me out with this.

  21. Alain says:

    Hi Otto,
    Few questions: it seems that kde network manager on Ubuntu 15.04 is able to set almost everything, including setting AP mode, you don’t tell about, and necessary to allow Android devices to connect to the created Wifi HotSpot.
    So, does hostapd sill necessary?
    Other question, how to do if I want to created a standalone webserver accessible via wifi? I don’t talk about the webserver part of course but just the way to configure the Access Point.

  22. Kristjan Adojaan says:

    Thank you for the tutorial. It worked fine for some clients – Android was able to access network at once, but Ubuntu asked for username, etc instead of only password. I had to change
    in /etc/hostapd/hostapd.conf as suggested at
    It might help also for iPhones to connect to hostapd AP.
    PS. I also installed DHCP server (isc-dhcp-server) following the instructions at because of (probably configuration) problems with dnsmasq.

  23. Mike M says:

    Just wanted to say thanks. I have tried no less than 6 different “how to’s” with 6 different OS variants and 6 different setting-variants. . . . . and I finally found one that works. . . . out of the box.

    Just so everyone else knows what I did.
    1) Purchased a Raspberry Pi 2 B+ with the adafruit wireless dongle (RT5370 WiFi Dongle). I plugged a netowrk cable into the network adapter on the Pi and put the usb dongle in there.

    2) I went to Ubuntu’s site and downloaded the appropriate file for Ubuntu 15.x (to a windows 7 machine)

    3) I already downloaded 7z and unzipped it. This put a file named
    in the same folder

    4) I plugged in the SD card into my computer and used downloaded and used SDFormatter to format the usb card. Note: I had to go into options and choose the option to “Format Size Adjustement” This make it possible to make use of the full space on the card.

    5) I downloaded and installed a Win32DiskImager from SourceForge.
    SPECIAL NOTE: I had to run this as an Administrator for it to work. This merely extract the .img into a bunch of files that are placed on the micro usp card. This took a while.

    6) I then took the card, plugged it into the Raspberry pi, made sure my monitor, keyboard, mouse were attached and turned it on. It took a while to boot up and it tool a long long time for the configuration to complete (20 minutes, easy).

    7) Once that was done .. . . . I did the following
    sudo apt-get update
    sudo apt-get upgrade (this took 40 minutes . . .but I have a hunch that this was the reason it worked)

    8) I followed every instruction in this guide . .. .and. . . . well. . . .it worked and it’s awesome.

  24. Benjamin says:

    So, I’m pretty positive I’ve done everything correctly. However, my result from the command “$ iw wlan0 info” returns that the type is still “managed”, not “AP”. How do I fix this? My WLAN card does support the AP software interface mode, so that’s not the problem.

    1. Chris says:

      try running hosted /etc/hostapd/hostapd.conf &

      I have found that the network interface does not launch this by default, so running it again, enables AP mode.

  25. sidhu1f says:

    Found this article quite useful in setting up hostapd on my own router. Thanks!

  26. martin says:

    Hi All,
    I’ve tried to follow this tutorial on a debian 7 system (Linux mayda 3.2.0-4-amd64 #1 SMP Debian 3.2.73-2+deb7u2 x86_64 GNU/Linux), however, the interface configuration fails with this error:

    ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Operation not supported
    Could not enable hostapd mode for interface wlan1

    It seems like the hostap mode is not supported by the card, except that I’ve managed to use this same card as an access point in NetBSD (basically out of the box) long ago. Any hints, or ideas what I’m doing wrong?



  27. Pietro Bergamo says:

    Hi! Just wanted to thank you for the excellent tutorial. Worked perfectly for me. I just had to adapt some things to my system (like IP number, iptables, etc.).
    This was the first tutorial about hostapd I found that included configurations of dnsmasq, sysctl, Network Manager and rc.local, without which things never worked.
    Great job!

  28. mark says:

    Worked first time for me.

    Many thanks for taking the time to document this and explain the options you used.

    There are so many options in the hostapd including the WPS stuff which has caught my eye and I might look in to.

  29. John says:

    Hi! This tutorial has the best howto with explanation I’ve found on the net. I was wondering if it’s possible to bridge the wlan0 to a bridged network. I have openwrt on a kvm and would like to use hostapd as the wlan for my openwrt. Is that possible? Thanks!

  30. Ian says:

    Excellent how-to. I literally copy pasted and only ran into one hurdle. The example passprase length not being long enough. after making hostapd.conf edits i found a check if it’s working was useful by running
    sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf

  31. Shahid says:

    I have a dlink adsl router which is installed in living room. I connect my laptop to it and get a good signal. However, when I go to my other room which is two rooms after, the connection is very weak. I have an ubuntu file server setup in my 3rd room. This ubuntu is connected to dlink wifi through usb wifi. I want to install one more usb wifi in this ubuntu and use it as access point for the people who are near to ubuntu server. I want to avoid wired connection. Please suggest what to do. What would be the config like. I am downloading 64bit v15 ubuntu desktop.

  32. Vikas Vijayan says:

    Sir ,
    I configured my Wi-Fi interface card as an AP but I can’t connect to that AP. The message showing is only “authenticated” and “associated”. Then they are again asking for the key. Why this is happening??..Can you please help me.

  33. Vikas Vijayan says:

    Sir ,

    In open profiles it is working but if we configure any other it is not working.

  34. Randy says:

    These instructions didn’t work for me on an NVidia TX1 running Ubuntu 14.04. After completion “iw wlan0 info” still said the “type” was “managed” instead of “AP”. I’m sure the TX1’s wifi card is capable of acting as a wifi access point so I don’t think it’s a hardware issue.

    I had various questions while following the instructions:
    i) aren’t there additional steps to start hostapd daemon on every reboot? i.e. the equivalent of “sudo service hostapd start”
    ii) don’t we need to edit /etc/default/hostapd to set DAEMON_CONF=”/etc/hostapd/hostapd.conf”?

    Anyway, I thank you for helping out so many people, for me it didn’t work sadly.

    1. Adrian says:

      Same issue here, my interface shows “type managed”.

  35. Seamus Coffey says:

    Thank you very much. The instructions were easy to follow and I had no issue setting up the wireless access point.

Leave a Reply

Your email address will not be published.