How to Build Your Own Linux-Based Access Point in 5 Minutes


The motivation to build your access point using Linux are many, and I have listed a few compelling reasons below:

1) You can use the Linux-rich set of firewall rules to customize access to any segment of your wireless network.
2) You can use SNMP utilities to report on traffic going through your AP.
3) You can configure your AP to send e-mail alerts if there are problems with your AP.
4) You can custom coordinate communications with other access points – for example, build your own Mesh network.
5) You can build specialized user authentication services and run them from the Linux server.

Note: We had experimented with building access points with a Linux-based server several years ago, but found that the Linux support for Wireless Radio cards was severely lacking. Most of the compatibility issues have been solved in the newer Linux kernels.

Building your own Linux access point in about 5 minutes:

Yes, 5 minutes or less is what it just took me to configure an access point by following this document to test that it was written correctly. This was after creating the CF from a ready-made image containing Voyage. Also, I did “edit the CF directly” method mentioned below so I could just cut and paste the lines that belong in the four necessary files.

Building your own Linux access point using the Alix 3D2 and the Atheros-based Wistron CM9 MiniPCI card may not be the cheapest way to do your own access point if you have to buy all the parts but here is how you can do it. These instructions may be used to setup any number of other combinations of hardware such as leftover computers from your Pacman gaming days that happen to have an Atheros chipset wireless radio attached as long as Voyage sees it as the same device name and so on.

This access point has a transparent bridge and uses your existing DHCP server to give out IPs to wireless devices that connect to it. This means just plug in the Ethernet cable to your existing network and connect wirelessly without the fuss or muss just like you plugged into your switch. This is the only way that will be described in this article, but you can of course setup your own DHCP server on the unit if you know how to do so.

Parts list:
ALIX3D2 (ALIX.3D2)with 1 LAN and 2 miniPCI, LX800, 256Mb
18w (15v/1.2A) AC-DC Power Adapter with Power Cord
Wistron CM9 MiniPCI Card
N-Type female Straight Pigtail
ANT-N-5 – Outdoor Omni Antenna, 5.5Dbi, N-Ttpe male, Straight type (rubber ducky type)
Kingston 4 GB CompactFlash Memory Card CF/4GB

Total for the above from one provider was under $200.

Optional parts:
Power Over Ethernet Injector – for about $4 and only necessary if you want to run the unit out to some area that does not have power right there such as an attic.
Case for Alix3D2 – price and link not available as this is a bench test model.

Assembly:
Plug CF card (once imaged with Voyage software and optionally already configured as mentioned below) into board. Only goes one way and only one place to put it.
Plug in the pigtail with antenna attached to the CM9 antenna connection that is closest to the center of the radio. Its easier to do this with the radio out.
Plug in the CM9 wireless radio in the card slot on the other side of the Alix board which has the LAN port on it.
Plug in a standard LAN cable into your switch connected to your network.
Plug in the power adapter to the Alix board and then plug into the wall (when you do this, it boots up, so ready the CF first).

Configuration tools needed:
Null modem serial cable
Windows or Linux or Mac with some terminal software installed so as to access the serial port of your new access point for setup. Windows XP with Hyperterm or Linux with Minicom or Mac with Zterm.
Optionally, instead of using a Null modem and terminal software you can setup the new access point by editing the CF card directly prior to installing it. Editing it directly can be a lot easier than figuring out how to use the serial port and terminal software.

Software used was Voyage Linux. Searching for Voyage Linux will lead you to their home page at http://linux.voyage.hk/
Version used was 0.7.5 (there are probably newer versions by now)
You can create your own CF by following the instructions on the Voyage Linux website or you can search for ready made CF images. If you search for “voyage075_2GB_ALIX” you currently can find an image ready to go and will fit on a 2gb or larger CF card. Since the suggested CF card in the parts list says 4gb we are good.

Now, assuming you have created a CF card with Voyage Linux 0.7.5 on it and can log into the console with your terminal software, or have access to the CF directly from a computer that can read the Linux disk, then do the following steps:

(If logged into a booted-up Alix board with the CF installed on it using the serial port, then run remountrw first so you can create and edit files.)

Set it up as an access point by first creating a file in/root called apup. In that file, you can put the following lines:
#!/bin/sh
/sbin/ifconfig eth0 0.0.0.0 up
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
/usr/sbin/hostapd -B /etc/hostapd/hostapd.wlan0.conf
/usr/sbin/brctl addif br0 wlan0
/sbin/ifconfig br0 192.168.0.100 netmask 255.255.255.0 up
/sbin/route add default gw 192.168.0.1
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

Change that 192.168.0.100 and netmask to whatever you want the IP for the access point to be so that you can get to it via SSH. Change the 192.168.0.1 to your default route or gateway.

Now use chmod to make /root/apup executable with something like chmod a+x /root/apup

Now edit /etc/hostapd/hostapd.wlan0.conf and edit (if there already) so that it has the following:
interface=wlan0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
debug=4
#dump_file=/tmp/hostapd.dump
#ctrl_interface=/var/run/hostapd
#ctrl_interface_group=0
channel=1
macaddr_acl=0
auth_algs=3
eapol_key_index_workaround=0
eap_server=0
wpa=3
ssid=alix
wpa_passphrase=voyage
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
eapol_version=1

Edit the file /etc/network/interfaces and change the area that brings up eth0 to:
auto eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
gateway 192.168.0.1

This is so that if for some reason the bridge br0 does not come up then possibly you can still access eth0 via the same IP you put in apup.

Now, edit /etc/rc.local and put one line towards the bottom to run /root/apup so it looks like this:
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will “exit 0” on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/root/apup
exit 0

That’s it for software setup. If you want to change the SSID and have it say something besides alix then edit the line in /etc/hostapd/hostapd.wlan0.conf and if you want a different wpa password then edit the line in there dealing with that as well. The channel the radio will use is also setup there.

If you logged into the unit using the serial port and if the CF is still in read/write mode then run remountro to put it back in readonly mode and reboot.

From a laptop you should see your new access point show up as alix and secured with WPA password of voyage.

5 Responses to “How to Build Your Own Linux-Based Access Point in 5 Minutes”

  1. NetEqualizer News: August 2012 « NetEqualizer News Blog Says:

    […] How to Build Your Own Linux-Based Access Point in 5 Minutes […]

  2. Marcin Says:

    hi, why are You using nat for connections from World to Wireless network?

  3. netequalizer Says:

    We have set them up that way yes

  4. Joel Carter Says:

    @Marcin Yeah, the ipforwarding and NAT threw me off too. Not needed if it’s actually functioning as a bridge?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: