hostapd

Start an access point

$ sudo hostapd [path/to/hostapd.conf]

$ sudo hostapd -B [path/to/hostapd.conf]

hostapd [options] configuration_file

-B
    Run hostapd in the background as a daemon.

-d
    Enable debugging messages. Use -dd for more verbose output.

-K
    Include key information in debug messages (use with caution in production).

-P pid_file
    Write the daemon's process ID (PID) to the specified file.

-e entropy_file
    Read and write entropy from/to the specified file, improving randomness.

-f debug_file
    Redirect all debugging output to the specified file instead of standard output.

-t
    Include timestamps in debug messages.

-v
    Show the version information and exit.

-u
    Disable the internal privilege separation mechanism.

-q
    Enable quiet mode, reducing output to essential messages only.

-g control_interface
    Specify a global control interface for external control programs.

configuration_file
    Path to the mandatory configuration file (e.g., /etc/hostapd/hostapd.conf) that defines the AP's settings.

hostapd is a userspace daemon that enables a wireless network interface card (WNIC) to act as an access point (AP) and authentication server.

It implements the IEEE 802.11 AP management, IEEE 802.1X/RADIUS authentication, and supports WPA, WPA2, and WPA3 security protocols. hostapd is crucial for setting up a functional Wi-Fi hotspot or access point on a Linux system, handling key exchange, authentication, and association for wireless clients.

It works with various wireless drivers, most commonly the nl80211 driver, which is part of the Linux kernel's mac80211 subsystem. While hostapd manages the wireless AP and authentication, it typically relies on other tools like dnsmasq or isc-dhcp-server for DHCP and DNS services, and iptables for network address translation (NAT) and routing.

Requires a wireless adapter that supports AP (Access Point) mode, which is not universal across all Wi-Fi cards.
hostapd solely manages the wireless interface and authentication; it does not handle IP addressing, DHCP, DNS, or network routing (NAT). These services must be configured separately using tools like dnsmasq, isc-dhcp-server, and iptables.
Complex configurations, especially involving advanced features like VLANs or external RADIUS servers, can be challenging and require a deep understanding of networking concepts.
Security is paramount. Improper configuration of WPA/WPA2/WPA3 can lead to vulnerable networks.

The primary way to configure hostapd is through a text-based configuration file, typically located at /etc/hostapd/hostapd.conf. This file defines crucial settings such as the network interface to use, SSID (network name), operating channel, Wi-Fi security (WPA/WPA2/WPA3 passphrase or RADIUS settings), and advanced options like VLANs or client isolation. A well-configured file is essential for a functional and secure access point.

While its primary role is as an Access Point (AP), hostapd can also function as a standalone authentication server for both wireless and wired networks, utilizing RADIUS. This allows it to centralize authentication for multiple network devices or services beyond just its own Wi-Fi AP functionality. The most common use case remains its AP mode, transforming a Linux machine into a Wi-Fi hotspot.

hostapd was primarily developed by Jouni Malinen as part of the broader wpa_supplicant project, which provides IEEE 802.1X/WPA/WPA2/WPA3 support for both client and access point roles. It quickly became the standard and most widely used solution for setting up Wi-Fi access points on Linux due to its comprehensive feature set, robustness, and active development.

Its development has continuously evolved to support new Wi-Fi standards (e.g., 802.11ac, 802.11ax/Wi-Fi 6, 802.11be/Wi-Fi 7) and security protocols (WPA3), making it a cornerstone for wireless networking in the Linux ecosystem.

iw(8), ip(8), dnsmasq(8), iptables(8), wpa_supplicant(8)