hostapd doesn't accept WPA key and doesn't forward wlan0 to eth0 (LAN)
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hostapd doesn't accept WPA key and doesn't forward wlan0 to eth0 (LAN)
I have a CompuLab Fit-PC4-CG420-WACB-FM4U (www.fit-pc.com/web/products/fit-pc4/) + 16GB RAM + SSD fanless small PC as a router & load balancer, the OS is Debian 8 Jessie (minimal network install without desktop). It is balancing all internet traffic between 4 ISP's, one of them being an ADSL connection (eth1) and others LTE with 3 x D-Link DWM-221 USB modems (ppp0, ppp1 and ppp2). I am using the Net-ISP-Balance (http://lstein.github.io/Net-ISP-Balance/) package for this, because it makes it very simple and load balancing works, in fact, perfectly. With dnsmasq as a caching DNS server, the internet is very, very fast (as long as the download/upload operation is not one big chunk, but several connections, eg. web pages).
With DHCP, DNS, routing and internet working like a charm, only two problems remain, both related to WiFi. I've searched for solutions on Google and other search engines for weeks and weeks, but I finally have to give up and consult to wiser people than myself. I am not going to figure this out by reading more HOWTO's and forums.
This mini PC has the Intel 7260 (rev 73) wireless card (iwlwifi driver), so I'd like to utilize it as a wireless access point, too. This wireless card supports running it as an access point (see "iw list" below), so hardware support should not cause a problem. The problems are as follows:
hostapd (or something else) won't accept the (correct) WPA key when I try to connect. *SOLVED*
I cannot ping any address or use the internet. wlan0 does not forward to eth0 (the local network) for some reason. Either br0 does not work or I need some additional iptables rule.
/etc/hostapd/hostapd.conf
Code:
interface=wlan0
#driver=nl80211 can also be commented out, seems to have no effect whatsoever
driver=nl80211
bridge=br0
country_code=FI
ssid=TESTWIFI
hw_mode=g
ieee80211n=1
ieee80211d=1
ieee80211h=1
channel=11
wmm_enabled=1
wpa=2
wpa_passphrase=testpassphrase
wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256
wpa_pairwise=TKIP
rsn_pairwise=CCMP
macaddr_acl=0
ignore_broadcast_ssid=0
eap_reauth_period=360000000
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
/etc/network/interfaces
Code:
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.100
allow-hotplug eth1
iface eth1 inet dhcp
auto wlan0
iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf
address 192.168.1.101
netmask 255.255.255.0
gateway 192.168.1.100
auto br0
iface br0 inet static
bridge_ports wlan0 eth0
address 192.168.1.102
netmask 255.255.255.0
gateway 192.168.1.100
up /sbin/ifconfig br0 up
post-up /bin/sleep 10; /usr/sbin/hostapd -B /etc/hostapd/hostapd.conf
pre-down /usr/bin/killall hostapd
down /sbin/ifconfig br0 down
tail /etc/sysctl.conf (IPv6 is disabled and IPv4 forwarding enabled)
Wiphy phy0
max # scan SSIDs: 20
max scan IEs length: 393 bytes
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Device supports RSN-IBSS.
Device supports AP-side u-APSD.
Supported Ciphers:
* CCMP (00-0f-ac:4)
* TKIP (00-0f-ac:2)
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* CMAC (00-0f-ac:6)
* WPI-SMS4 (00-14-72:1)
Available Antennas: TX 0 RX 0
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* P2P-client
* P2P-GO
* P2P-device
Band 1:
Capabilities: 0x11e2
HT20/HT40
Static SM Power Save
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 4 usec (0x05)
HT TX/RX MCS rate indexes supported: 0-15, 32
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (20.0 dBm) (no IR)
* 2472 MHz [13] (20.0 dBm) (no IR)
Band 2:
Capabilities: 0x11e2
HT20/HT40
Static SM Power Save
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 4 usec (0x05)
HT TX/RX MCS rate indexes supported: 0-15, 32
VHT Capabilities (0x038071a0):
Max MPDU length: 3895
Supported Channel Width: neither 160 nor 80+80
short GI (80 MHz)
TX STBC
SU Beamformee
VHT RX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT RX highest supported: 0 Mbps
VHT TX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT TX highest supported: 0 Mbps
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 5180 MHz [36] (20.0 dBm) (no IR)
* 5200 MHz [40] (20.0 dBm) (no IR)
* 5220 MHz [44] (20.0 dBm) (no IR)
* 5240 MHz [48] (20.0 dBm) (no IR)
* 5260 MHz [52] (20.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5280 MHz [56] (20.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5300 MHz [60] (20.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5320 MHz [64] (20.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5500 MHz [100] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5520 MHz [104] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5540 MHz [108] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5560 MHz [112] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5580 MHz [116] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5600 MHz [120] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5620 MHz [124] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5640 MHz [128] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5660 MHz [132] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5680 MHz [136] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5700 MHz [140] (22.0 dBm) (no IR, radar detection)
DFS state: usable (for 213914 sec)
DFS CAC time: 60000 ms
* 5720 MHz [144] (disabled)
* 5745 MHz [149] (disabled)
* 5765 MHz [153] (disabled)
* 5785 MHz [157] (disabled)
* 5805 MHz [161] (disabled)
* 5825 MHz [165] (disabled)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* new_mpath
* set_mesh_config
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* remain_on_channel
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* start_sched_scan
* probe_client
* set_noack_map
* register_beacons
* start_p2p_device
* set_mcast_rate
* Unknown command (104)
* connect
* disconnect
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
WoWLAN support:
* wake up on disconnect
* wake up on magic packet
* wake up on pattern match, up to 20 patterns of 16-128 bytes,
maximum packet offset 0 bytes
* can do GTK rekeying
* wake up on GTK rekey failure
* wake up on EAP identity request
* wake up on 4-way handshake
* wake up on rfkill release
* wake up on TCP connection
software interface modes (can always be added):
* AP/VLAN
* monitor
valid interface combinations:
* #{ managed } <= 1, #{ AP, P2P-client, P2P-GO } <= 1, #{ P2P-device } <= 1,
total <= 3, #channels <= 1
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
Device supports SAE with AUTHENTICATE command
Device supports scan flush.
Device supports per-vif TX power setting
P2P GO supports CT window setting
P2P GO supports opportunistic powersave setting
Driver supports a userspace MPM
Something interesting from /var/log/syslog (PC trying to connect to wireless)
Code:
Dec 13 00:27:56 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Dec 13 00:27:56 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Dec 13 00:28:03 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Dec 13 00:28:03 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Dec 13 00:28:12 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request
Dec 13 00:28:15 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Dec 13 00:28:15 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Dec 13 00:28:24 lb hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request
The iptables ruleset is very, VERY long, so I don't think I can include it here. Here are the commands to get the D-Link DWM-221 LTE USB modem working under Linux, by the way (in case anyone needs them):
Do you try following configuration in interfaces file?
Thanks for the settings example, I realised my bridge_ports setting needed to be changed to "bridge_ports wlan0 eth0", instead of "bridge_ports eth0 wlan0". Now I can connect to the wireless with the WPA key (and get the IP information from DHCP) but traffic still doesn't flow between the two interfaces. I can't even ping the local network computers.
So one problem down, one to go. Is this perhaps an iptables issue?
iptables v1.4.21: unknown option "--to-src"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: unknown option "--ip-dst"
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.21: unknown protocol "arp" specified
Try `iptables -h' or 'iptables --help' for more information.
The reason I ask is that from what knowledge I do have a gateway is where you send traffic which doesn't match anything else on a given subnet - if I read this correctly this machine will overload itself with traffic in the event that an IP Address is not recognized, I would have thought that the IP address would be one digit different or that the gateway simply would not be present.
Thanks for the tip! I removed this gateway line and the router seems to run fine without it. So if you're correct, it's better to not have it there.
About ebtables and the WiFi access point... hostapd has again stopped accepting the (correct) password, so I can't connect the network or test if the tip from nini09 helped. Hostapd seems like a weird piece of software. Even if I don't change its settings, one day it accepts the password, the next day it won't. I guess I have to give up on setting the PC as a WiFi access point.
Gateway's IP address should be IP address of peer device. For example, if there are two side on your machine, one side connect to internal and another side connect to internet. Gateway IP address should be ISP IP address.
Gateway's IP address should be IP address of peer device. For example, if there are two side on your machine, one side connect to internal and another side connect to internet. Gateway IP address should be ISP IP address.
That's true. However, the PC would seem to get it automatically in any case, even though there are 4 internet connections and ISP's (and it still uses all of them like a load balancer should). So the gateway definition for eth0 in /etc/network/interfaces is not needed, not even with a fixed IP, it seems.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.