How to Setup Wi-Fi Access Point Mode (Linux)
This article describes how to set up a Wi-Fi Access Point, sometimes mentioned as AP mode, using open-source software Hostapd in Embedded Linux.
Other Wi-Fi related articles
If this is not the information you are looking for, please, refer to the Wi-Fi Connectivity with Toradex’s Computer on Module (CoM) article for more Wi-Fi related information.
This article does not cover Access Point on Torizon. Please refer to Networking with TorizonCore, which explains how to setup Wi-Fi Access Point on Torizon.
- A Toradex SoM with on Board Wi-Fi or
- An external Wi-Fi adapter with support for Access Point Mode
How to find out if my external Wi-Fi adapter supports Access Point mode
You can check a list of tested modules in the
3rd Party Modules Tested with Toradex COMs section of Wi-Fi Connectivity on Toradex’s Computer on Module (CoM) article.
This setup was tested using the following hardware and software
- Embedded Linux BSP release 2.8
- Colibri iMX6ULL 512MB WB IT V1.1A
Instructions may vary when using other Wi-Fi adapters.
Configure AP Mode
Steps are provided for configuring AP mode.
Get the Correct Interface Name
Check current mode and available interfaces, you should see a single interface in AP mode, like this:
$ iw dev
txpower 0.00 dBm
Considering the test environment from Prerequisites section, the name of the AP-interface that is defined by the mwifiex kernel driver is uap0. This name can be different depending on userspace.
Set the Access Point interface IP and SSID in Hostapd configuration file. Change the following variables in
An alternate hostapd.conf file that creates a WLan in the 5GHz range, protected with WPA2:
The hostapd.conf is documented in the default hostapd.conf file that is deployed, as well as here: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
To provide the Access Point interface with a static IP address and DHCP, it is necessary to create the file
The Hostapd service starts by default after the network.target. This target is only loosely defined and means just "start after the network stack is up". This will fail by default because the network device (uap0 by default) is not up yet, or not every time.
To fix this we can tell systemd that the hostapd.service file is depending on a device. First step is to find out how the "*.device" file is named that is associated with the network device. This can be done with:
systemctl --all --full -t device
In our demo-image case this is named
Edit the properties BindsTo and After from file
Both BindsTo and After are necessary in order to tell systemd the strong dependence that hostapd.service has on our case uap0.
Reload the systemd configuration:
systemctl --system daemon-reload
At last, activate the following services:
$ connmanctl enable wifi
$ systemctl enable hostapd
$ systemctl start hostapd
Check the Access Point interface:
$ ip a s dev <IF_NAME>
Now you can connect to this Access Point from other Wi-Fi devices. Access Point will automatically start after reboot.
Automate Enabling Wifi
To make sure wifi is enabled at every boot you can also do a service for it. Create a service for example like this one:
ExecStart=/usr/bin/connmanctl enable wifi
hostapd.service can then be started After this, so change
Don't forget to also enable this new service:
systemctl enable enable-wifi.service
Toradex provides a package in the BSP demo images called
hostapd-example which provides basically what is written in this article.
To start the AP configured in that demo image on a Toradex demo image once, enter:
systemctl start hostapd-example
If the AP should be started upon boot, enter:
systemctl enable hostapd-example
You can find the related openembedded recipe for this package in:
Configure Internet Sharing
Once AP Mode is configured, it's a common scenario to share an internet connection from another interface. This section relies on the Internet Sharing article from the Arch Wiki.
Enable Packet Forwarding
Create a file to add the packet forwarding rules:
The changes will take effect after a reboot.
NAT relies on kernel configuration and userspace tools. This section is thus split into two.
For the example from this article, we have to make sure that the following kernel parameters are enabled. You have to evaluate if additional parameters are required for your use case:
You will find those configs in Networking support > Networking options > Network packet filtering framework (Netfilter). See an illustration (you may click it to see in higher resolution):
It may be possible to compile those configs as modules - check the kernel documentation. For instructions on how to build the kernel or modules, read the article Build U-Boot and Linux Kernel from Source Code.
After the new kernel is deployed, you can verify if it has the correct configs:
zcat /proc/config.gz | grep IP_NF_IPTABLES
zcat /proc/config.gz | grep NETFILTER_XT_MATCH_CONNTRACK
iptables Configuration and Setup
You might have to enable some kernel modules, depending on your configuration.
You can use
iptables to enable NAT and a systemd service to make it start on reboot. First, enable the rules for the current session:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i uap0 -o eth0 -j ACCEPT
Save the current config to
iptables-save > /etc/iptables/iptables.rules
Create a systemd service file
iptables.service. The example is modified from the iptables package from Arch Linux:
Description=IPv4 Packet Filtering Framework
Notice that in the example above we don't have the rule to stop the service. Carefully evaluate if you need it and the best method for stopping the service, where a good starting point is the iptables package aforementioned.
Reload the systemd services and enable:
systemctl --system daemon-reload
systemctl enable iptables
Enable DHCP and DNS
Some utils can enable both DHCP and DNS servers. You might want to use dhcpd or dnsmasq.