Hostapd + DHCPV6 + IPV6 + Ubuntu 13.04

Hello again.

In a previous post I did show how to use an Ad-Hoc network using IPTables masquerading to allow Wi-Fi clients to connect.

The main reason was that I already have a dual stack with FC running that connects me to my cable provider.

On the other hand I use a cheap wireless router when I need Wi-Fi connectivity to my smart-phone or my laptop but my Wi-Fi router does not support IPV6 so the setup worked as a charm.

The setup has a drawback. On my wireless router I used MAC filtering, while a determine hacker could in principle get in anyway, in most cases MAC filtering provides sufficient security, only those clients with MAC addresses you allow can get an address and connect.

In addition the Ad-Hoc network was unreliable so I decided to make the FC server a hotspot and use DNSMASQ for DHCPV6. It works great.

So here we go.

Prep Work

  • See my previous post for the requirements of the Linux machine.
  • I am using here Ubuntu 13.04 so some of the networking commands will be for Debian style configuration.
  • Install hostapd and dnsmasq.

Test Hostapd

Test that hostapd can be used with your wireless router.

From the wireless kernel web page, create the following file and named hostapd-minimal.conf:

#change wlan0 to your wireless device
interface=wlan0
driver=nl80211
ssid=test
channel=1

Now run it:

hostapd $ sudo hostapd ./hostapd-minimal.conf
Configuration file: ./hostapd-minimal.conf
Line 2: invalid/unknown driver 'nl80211'
1 errors found in configuration file './hostapd-minimal.conf'

If you see errors as above then your wireless card does not support hostapd,  if not continue.

Setup Hostapd

Create a file call hostapd.conf and put it in /etc. Now edit the file with the following:

interface=[your-wireless-interface] 
driver=nl80211
ssid=[your-ssid]
hw_mode=g
channel=11
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=[your-secret]
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

Remember to change the wireless interface to the correct one, in my case is wlan0. Also your SSID and secret. I am using channel 11 because normally people do not set this and they will use either 6 or 1 which are the defaults the majority of wireless routers use.

Next edit /etc/default/hostapd/ and set the location of the configuration above so hostapd will start.

To Bridge or not to Bridge

I have seen in many articles and blogs that you need to set a bridge in order to have hostapd to work. That is not correct.

Certainly a bridge will work but there is no need if you set forwarding on your box, this makes it a router and it will route packets.

In addition this makes it easier in terms of setup no need to get the bridge utilities and all that non-sense.

Setup DNSmasq

Now time to set dnsmasq. It will provide DHCP services both ipv4 and ipv6 for your clients. No separate DHCP process for each stack which makes it easier to configure.

Edit /etc/dnsmasq.conf and set the following:

bind-interfaces
interface=wlan0
dhcp-range=10.42.x.x,10.42.x.x,255.255.255.0,12h
dhcp-range=fd00:x:x:x::2,fd00:x:x:x::10,12h
no-hosts
enable-ra
addn-hosts=/etc/hosts.dnsmasq
dhcp-host=XX:XX:XX:XX:XX:XX,net:allow
dhcp-host=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx,net:allow
dhcp-ignore=tag:!known

A couple of things to notice:

  • I have to use 10.42.x.x for the range, if I use something else dnsmasq would not handle addresses. 10.42.x.x is the default it uses when you create an Ad-Hoc network so there is a correlation here.
  • There are two ranges, one for IPV4 and one for IPV6.
  • There is also two entries for MAC filtering using the “dhcp-host” value.
    • One for the MAC address of the device you want to allow.
    • One for the DUID that IPV6 addresses use as unique identifier. If you forget this you do not get an IPV6 address.
  • Finally use the “enable-a” otherwise you do not get a default route for your IPV6 clients.

Setup Forwarding

Finally setup forwarding for both IPV4 and IPV6:

/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.conf.all.forwarding=1

Also do not forget to masquerade the IPV6 prefix as stated in my previous blog otherwise you will no be able to connect to the Internet using IPV6.

Putting It All Together

Now start everything:

sudo /etc/init.d/hostapd restart
sudo /etc/init.d/dnsmasq restart

If everything is ok your laptop should be bale to associate with your new hotspot and use both IPV4 and IPV6.

Automate Everything

Edit /etc/networking/interfaces and add:

# wlan0 configuration
iface wlan0 inet static
address 10.40.0.1
netmask 255.255.255.0

#IPV6 configuration
iface wlan0 inet6 static
address fd00:x:x:x::1
netmask 64

Of course use your own prefix as indicated on my previous post.

Now edit /etc/rc.local and add:

/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.conf.all.forwarding=1
#
/sbin/route -A inet6 add default gw fe80::x:x:x:x dev eth0
#
/etc/init.d/hostapd restart
/etc/init.d/dnsmasq restart
#
ip6tables < ip6tables-masq.save
iptables < iptables-masq.save

The above sets:

  • Forwarding on both stacks.
  • Add a default route for the box. You may not need to do this if your setup already correctly routes IPV6. The address is the local-link address of the device that acts as your router to the Internet. Replace as needed.
  • Restarts both hostapd and dnsmasq just to make sure.
  • Finally do not forget to add masquerading for both stacks.

Conclusions

You should have now Linux box (Ubuntu in this case) that acts as a hotspot and allows your wireless devices to connect via IPV4 and IPV6. It works grate in my case although my S3 Galaxy still does not support IPV6 (at least with AT&T), I have read that it does so with Verizon but for that it needs and update and there is no such update yet for my phone via AT&T. Oh well.

In any case until the next blog, Ciao.

Leave a Reply

Your email address will not be published. Required fields are marked *