Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- the SSID is changed.
- # wpa_psk (dot11RSNAConfigPSKValue)
- # wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
- #wpa_psk=0123456789abcdef0123456789abcdef0123456789abc
- def0123456789abcdef
- wpa_passphrase=18071952
- # Optionally, WPA PSKs can be read from a separate tex
- t file (containing list
- # of (PSK,MAC address) pairs. This allows more than on
- e PSK to be configured.
- # Use absolute path name to make sure that the files c
- an be read on SIGHUP
- # configuration reloads.
- #wpa_psk_file=/etc/hostapd.wpa_psk
- # Optionally, WPA passphrase can be received from RADI
- US authentication server
- # This requires macaddr_acl to be set to 2 (RADIUS)
- # 0 = disabled (default)
- # 1 = optional; use default passphrase/psk if RADIUS s
- erver does not include
- # Tunnel-Password
- # 2 = required; reject authentication if RADIUS server
- does not include
- # Tunnel-Password
- #wpa_psk_radius=0
- # Set of accepted key management algorithms (WPA-PSK,
- WPA-EAP, or both). The
- # entries are separated with a space. WPA-PSK-SHA256 a
- nd WPA-EAP-SHA256 can be
- # added to enable SHA256-based stronger algorithms.
- # (dot11RSNAConfigAuthenticationSuitesTable)
- #wpa_key_mgmt=WPA-PSK WPA-EAP
- # Set of accepted cipher suites (encryption algorithms
- ) for pairwise keys
- # (unicast packets). This is a space separated list of
- algorithms:
- # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, I
- EEE 802.11i/D7.0]
- # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i
- /D7.0]
- # Group cipher suite (encryption algorithm for broadca
- st and multicast frames)
- # is automatically selected based on this configuratio
- n. If only CCMP is
- # allowed as the pairwise cipher, group cipher will al
- so be CCMP. Otherwise,
- # TKIP will be used as the group cipher.
- # (dot11RSNAConfigPairwiseCiphersTable)
- # Pairwise cipher for WPA (v1) (default: TKIP)
- #wpa_pairwise=TKIP CCMP
- # Pairwise cipher for RSN/WPA2 (default: use wpa_pairw
- ise value)
- #rsn_pairwise=CCMP
- # Time interval for rekeying GTK (broadcast/multicast
- encryption keys) in
- # seconds. (dot11RSNAConfigGroupRekeyTime)
- #wpa_group_rekey=600
- # Rekey GTK when any STA that possesses the current GT
- K is leaving the BSS.
- # (dot11RSNAConfigGroupRekeyStrict)
- #wpa_strict_rekey=1
- # Time interval for rekeying GMK (master key used inte
- rnally to generate GTKs
- # (in seconds).
- #wpa_gmk_rekey=86400
- # Maximum lifetime for PTK in seconds. This can be use
- d to enforce rekeying of
- # PTK to mitigate some attacks against TKIP deficienci
- es.
- #wpa_ptk_rekey=600
- # Enable IEEE 802.11i/RSN/WPA2 pre-authentication. Thi
- s is used to speed up
- # roaming be pre-authenticating IEEE 802.1X/EAP part o
- f the full RSN
- # authentication and key handshake before actually ass
- ociating with a new AP.
- # (dot11RSNAPreauthenticationEnabled)
- #rsn_preauth=1
- #
- # Space separated list of interfaces from which pre-au
- thentication frames are
- # accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This lis
- t should include all
- # interface that are used for connections to other APs
- . This could include
- # wired interfaces and WDS links. The normal wireless
- data interface towards
- # associated stations (e.g., wlan0) should not be adde
- d, since
- # pre-authentication is only used with APs other than
- the currently associated
- # one.
- #rsn_preauth_interfaces=eth0
- # peerkey: Whether PeerKey negotiation for direct link
- s (IEEE 802.11e) is
- # allowed. This is only used with RSN/WPA2.
- # 0 = disabled (default)
- # 1 = enabled
- #peerkey=1
- # ieee80211w: Whether management frame protection (MFP
- ) is enabled
- # 0 = disabled (default)
- # 1 = optional
- # 2 = required
- #ieee80211w=0
- # Group management cipher suite
- # Default: AES-128-CMAC (BIP)
- # Other options (depending on driver support):
- # BIP-GMAC-128
- # BIP-GMAC-256
- # BIP-CMAC-256
- # Note: All the stations connecting to the BSS will al
- so need to support the
- # selected cipher. The default AES-128-CMAC is the onl
- y option that is commonly
- # available in deployed devices.
- #group_mgmt_cipher=AES-128-CMAC
- # Association SA Query maximum timeout (in TU = 1.024
- ms; for MFP)
- # (maximum time to wait for a SA Query response)
- # dot11AssociationSAQueryMaximumTimeout, 1...429496729
- 5
- #assoc_sa_query_max_timeout=1000
- # Association SA Query retry timeout (in TU = 1.024 ms
- ; for MFP)
- # (time between two subsequent SA Query requests)
- # dot11AssociationSAQueryRetryTimeout, 1...4294967295
- #assoc_sa_query_retry_timeout=201
- # disable_pmksa_caching: Disable PMKSA caching
- # This parameter can be used to disable caching of PMK
- SA created through EAP
- # authentication. RSN preauthentication may still end
- up using PMKSA caching if
- # it is enabled (rsn_preauth=1).
- # 0 = PMKSA caching enabled (default)
- # 1 = PMKSA caching disabled
- #disable_pmksa_caching=0
- # okc: Opportunistic Key Caching (aka Proactive Key Ca
- ching)
- # Allow PMK cache to be shared opportunistically among
- configured interfaces
- # and BSSes (i.e., all configurations within a single
- hostapd process).
- # 0 = disabled (default)
- # 1 = enabled
- #okc=1
- # SAE threshold for anti-clogging mechanism (dot11RSNA
- SAEAntiCloggingThreshold)
- # This parameter defines how many open SAE instances c
- an be in progress at the
- # same time before the anti-clogging mechanism is take
- n into use.
- #sae_anti_clogging_threshold=5
- # Enabled SAE finite cyclic groups
- # SAE implementation are required to support group 19
- (ECC group defined over a
- # 256-bit prime order field). All groups that are supp
- orted by the
- # implementation are enabled by default. This configur
- ation parameter can be
- # used to specify a limited set of allowed groups. The
- group values are listed
- # in the IANA registry:
- # http://www.iana.org/assignments/ipsec-registry/ipsec
- -registry.xml#ipsec-registry-9
- #sae_groups=19 20 21 25 26
- ##### IEEE 802.11r configuration #####################
- #########################
- # Mobility Domain identifier (dot11FTMobilityDomainID,
- MDID)
- # MDID is used to indicate a group of APs (within an E
- SS, i.e., sharing the
- # same SSID) between which a STA can use Fast BSS Tran
- sition.
- # 2-octet identifier as a hex string.
- #mobility_domain=a1b2
- # PMK-R0 Key Holder identifier (dot11FTR0KeyHolderID)
- # 1 to 48 octet identifier.
- # This is configured with nas_identifier (see RADIUS c
- lient section above).
- # Default lifetime of the PMK-RO in minutes; range 1..
- 65535
- # (dot11FTR0KeyLifetime)
- #r0_key_lifetime=10000
- # PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID)
- # 6-octet identifier as a hex string.
- #r1_key_holder=000102030405
- # Reassociation deadline in time units (TUs / 1.024 ms
- ; range 1000..65535)
- # (dot11FTReassociationDeadline)
- #reassociation_deadline=1000
- # List of R0KHs in the same Mobility Domain
- # format: <MAC address> <NAS Identifier> <128-bit key
- as hex string>
- # This list is used to map R0KH-ID (NAS Identifier) to
- a destination MAC
- # address when requesting PMK-R1 key from the R0KH tha
- t the STA used during the
- # Initial Mobility Domain Association.
- #r0kh=02:01:02:03:04:05 r0kh-1.example.com 00010203040
- 5060708090a0b0c0d0e0f
- #r0kh=02:01:02:03:04:06 r0kh-2.example.com 00112233445
- 566778899aabbccddeeff
- # And so on.. One line per R0KH.
- # List of R1KHs in the same Mobility Domain
- # format: <MAC address> <R1KH-ID> <128-bit key as hex
- string>
- # This list is used to map R1KH-ID to a destination MA
- C address when sending
- # PMK-R1 key from the R0KH. This is also the list of a
- uthorized R1KHs in the MD
- # that can request PMK-R1 keys.
- #r1kh=02:01:02:03:04:05 02:11:22:33:44:55 000102030405
- 060708090a0b0c0d0e0f
- #r1kh=02:01:02:03:04:06 02:11:22:33:44:66 001122334455
- 66778899aabbccddeeff
- # And so on.. One line per R1KH.
- # Whether PMK-R1 push is enabled at R0KH
- # 0 = do not push PMK-R1 to all configured R1KHs (defa
- ult)
- # 1 = push PMK-R1 to all configured R1KHs whenever a n
- ew PMK-R0 is derived
- #pmk_r1_push=1
- ##### Neighbor table #################################
- #########################
- # Maximum number of entries kept in AP table (either f
- or neigbor table or for
- # detecting Overlapping Legacy BSS Condition). The old
- est entry will be
- # removed when adding a new entry that would make the
- list grow over this
- # limit. Note! WFA certification for IEEE 802.11g requ
- ires that OLBC is
- # enabled, so this field should not be set to 0 when u
- sing IEEE 802.11g.
- # default: 255
- #ap_table_max_size=255
- # Number of seconds of no frames received after which
- entries may be deleted
- # from the AP table. Since passive scanning is not usu
- ally performed frequently
- # this should not be set to very small value. In addit
- ion, there is no
- # guarantee that every scan cycle will receive beacon
- frames from the
- # neighboring APs.
- # default: 60
- #ap_table_expiration_time=3600
- ##### Wi-Fi Protected Setup (WPS) ####################
- #########################
- # WPS state
- # 0 = WPS disabled (default)
- # 1 = WPS enabled, not configured
- # 2 = WPS enabled, configured
- #wps_state=2
- # Whether to manage this interface independently from
- other WPS interfaces
- # By default, a single hostapd process applies WPS ope
- rations to all configured
- # interfaces. This parameter can be used to disable th
- at behavior for a subset
- # of interfaces. If this is set to non-zero for an int
- erface, WPS commands
- # issued on that interface do not apply to other inter
- faces and WPS operations
- # performed on other interfaces do not affect this int
- erface.
- #wps_independent=0
- # AP can be configured into a locked state where new W
- PS Registrar are not
- # accepted, but previously authorized Registrars (incl
- uding the internal one)
- # can continue to add new Enrollees.
- #ap_setup_locked=1
- # Universally Unique IDentifier (UUID; see RFC 4122) o
- f the device
- # This value is used as the UUID for the internal WPS
- Registrar. If the AP
- # is also using UPnP, this value should be set to the
- device's UPnP UUID.
- # If not configured, UUID will be generated based on t
- he local MAC address.
- #uuid=12345678-9abc-def0-1234-56789abcdef0
- # Note: If wpa_psk_file is set, WPS is used to generat
- e random, per-device PSKs
- # that will be appended to the wpa_psk_file. If wpa_ps
- k_file is not set, the
- # default PSK (wpa_psk/wpa_passphrase) will be deliver
- ed to Enrollees. Use of
- # per-device PSKs is recommended as the more secure op
- tion (i.e., make sure to
- # set wpa_psk_file when using WPS with WPA-PSK).
- # When an Enrollee requests access to the network with
- PIN method, the Enrollee
- # PIN will need to be entered for the Registrar. PIN r
- equest notifications are
- # sent to hostapd ctrl_iface monitor. In addition, the
- y can be written to a
- # text file that could be used, e.g., to populate the
- AP administration UI with
- # pending PIN requests. If the following variable is s
- et, the PIN requests will
- # be written to the configured file.
- #wps_pin_requests=/var/run/hostapd_wps_pin_requests
- # Device Name
- # User-friendly description of device; up to 32 octets
- encoded in UTF-8
- #device_name=Wireless AP
- # Manufacturer
- # The manufacturer of the device (up to 64 ASCII chara
- cters)
- #manufacturer=Company
- # Model Name
- # Model of the device (up to 32 ASCII characters)
- #model_name=WAP
- # Model Number
- # Additional device description (up to 32 ASCII charac
- ters)
- #model_number=123
- # Serial Number
- # Serial number of the device (up to 32 characters)
- #serial_number=12345
- # Primary Device Type
- # Used format: <categ>-<OUI>-<subcateg>
- # categ = Category as an integer value
- # OUI = OUI and type octet as a 4-octet hex-encoded va
- lue; 0050F204 for
- # default WPS OUI
- # subcateg = OUI-specific Sub Category as an integer v
- alue
- # Examples:
- # 1-0050F204-1 (Computer / PC)
- # 1-0050F204-2 (Computer / Server)
- # 5-0050F204-1 (Storage / NAS)
- # 6-0050F204-1 (Network Infrastructure / AP)
- #device_type=6-0050F204-1
- # OS Version
- # 4-octet operating system version number (hex string)
- #os_version=01020300
- # Config Methods
- # List of the supported configuration methods
- # Available methods: usba ethernet label display ext_n
- fc_token int_nfc_token
- # nfc_interface push_button keypad virtual_displ
- ay physical_display
- # virtual_push_button physical_push_button
- #config_methods=label virtual_display virtual_push_but
- ton keypad
- # WPS capability discovery workaround for PBC with Win
- dows 7
- # Windows 7 uses incorrect way of figuring out AP's WP
- S capabilities by acting
- # as a Registrar and using M1 from the AP. The config
- methods attribute in that
- # message is supposed to indicate only the configurati
- on method supported by
- # the AP in Enrollee role, i.e., to add an external Re
- gistrar. For that case,
- # PBC shall not be used and as such, the PushButton co
- nfig method is removed
- # from M1 by default. If pbc_in_m1=1 is included in th
- e configuration file,
- # the PushButton config method is left in M1 (if inclu
- ded in config_methods
- # parameter) to allow Windows 7 to use PBC instead of
- PIN (e.g., from a label
- # in the AP).
- #pbc_in_m1=1
- # Static access point PIN for initial configuration an
- d adding Registrars
- # If not set, hostapd will not allow external WPS Regi
- strars to control the
- # access point. The AP PIN can also be set at runtime
- with hostapd_cli
- # wps_ap_pin command. Use of temporary (enabled by use
- r action) and random
- # AP PIN is much more secure than configuring a static
- AP PIN here. As such,
- # use of the ap_pin parameter is not recommended if th
- e AP device has means for
- # displaying a random PIN.
- #ap_pin=12345670
- # Skip building of automatic WPS credential
- # This can be used to allow the automatically generate
- d Credential attribute to
- # be replaced with pre-configured Credential(s).
- #skip_cred_build=1
- # Additional Credential attribute(s)
- # This option can be used to add pre-configured Creden
- tial attributes into M8
- # message when acting as a Registrar. If skip_cred_bui
- ld=1, this data will also
- # be able to override the Credential attribute that wo
- uld have otherwise been
- # automatically generated based on network configurati
- on. This configuration
- # option points to an external file that much contain
- the WPS Credential
- # attribute(s) as binary data.
- #extra_cred=hostapd.cred
- # Credential processing
- # 0 = process received credentials internally (defau
- lt)
- # 1 = do not process received credentials; just pass
- them over ctrl_iface to
- # external program(s)
- # 2 = process received credentials internally and pa
- ss them over ctrl_iface
- # to external program(s)
- # Note: With wps_cred_processing=1, skip_cred_build sh
- ould be set to 1 and
- # extra_cred be used to provide the Credential data fo
- r Enrollees.
- #
- # wps_cred_processing=1 will disabled automatic update
- s of hostapd.conf file
- # both for Credential processing and for marking AP Se
- tup Locked based on
- # validation failures of AP PIN. An external program i
- s responsible on updating
- # the configuration appropriately in this case.
- #wps_cred_processing=0
- # AP Settings Attributes for M7
- # By default, hostapd generates the AP Settings Attrib
- utes for M7 based on the
- # current configuration. It is possible to override th
- is by providing a file
- # with pre-configured attributes. This is similar to e
- xtra_cred file format,
- # but the AP Settings attributes are not encapsulated
- in a Credential
- # attribute.
- #ap_settings=hostapd.ap_settings
- # WPS UPnP interface
- # If set, support for external Registrars is enabled.
- #upnp_iface=br0
- # Friendly Name (required for UPnP)
- # Short description for end use. Should be less than 6
- 4 characters.
- #friendly_name=WPS Access Point
- # Manufacturer URL (optional for UPnP)
- #manufacturer_url=http://www.example.com/
- # Model Description (recommended for UPnP)
- # Long description for end user. Should be less than 1
- 28 characters.
- #model_description=Wireless Access Point
- # Model URL (optional for UPnP)
- #model_url=http://www.example.com/model/
- # Universal Product Code (optional for UPnP)
- # 12-digit, all-numeric code that identifies the consu
- mer package.
- #upc=123456789012
- # WPS RF Bands (a = 5G, b = 2.4G, g = 2.4G, ag = dual
- band)
- # This value should be set according to RF band(s) sup
- ported by the AP if
- # hw_mode is not set. For dual band dual concurrent de
- vices, this needs to be
- # set to ag to allow both RF bands to be advertized.
- #wps_rf_bands=ag
- # NFC password token for WPS
- # These parameters can be used to configure a fixed NF
- C password token for the
- # AP. This can be generated, e.g., with nfc_pw_token f
- rom wpa_supplicant. When
- # these parameters are used, the AP is assumed to be d
- eployed with a NFC tag
- # that includes the matching NFC password token (e.g.,
- written based on the
- # NDEF record from nfc_pw_token).
- #
- #wps_nfc_dev_pw_id: Device Password ID (16..65535)
- #wps_nfc_dh_pubkey: Hexdump of DH Public Key
- #wps_nfc_dh_privkey: Hexdump of DH Private Key
- #wps_nfc_dev_pw: Hexdump of Device Password
- ##### Wi-Fi Direct (P2P) #############################
- #########################
- # Enable P2P Device management
- #manage_p2p=1
- # Allow cross connection
- #allow_cross_connection=1
- #### TDLS (IEEE 802.11z-2010) ########################
- #########################
- # Prohibit use of TDLS in this BSS
- #tdls_prohibit=1
- # Prohibit use of TDLS Channel Switching in this BSS
- #tdls_prohibit_chan_switch=1
- ##### IEEE 802.11v-2011 ##############################
- #########################
- # Time advertisement
- # 0 = disabled (default)
- # 2 = UTC time at which the TSF timer is 0
- #time_advertisement=2
- # Local time zone as specified in 8.3 of IEEE Std 1003
- .1-2004:
- # stdoffset[dst[offset][,start[/time],end[/time]]]
- #time_zone=EST5
- # WNM-Sleep Mode (extended sleep mode for stations)
- # 0 = disabled (default)
- # 1 = enabled (allow stations to use WNM-Sleep Mode)
- #wnm_sleep_mode=1
- # BSS Transition Management
- # 0 = disabled (default)
- # 1 = enabled
- #bss_transition=1
- ##### IEEE 802.11u-2011 ##############################
- #########################
- # Enable Interworking service
- #interworking=1
- # Access Network Type
- # 0 = Private network
- # 1 = Private network with guest access
- # 2 = Chargeable public network
- # 3 = Free public network
- # 4 = Personal device network
- # 5 = Emergency services only network
- # 14 = Test or experimental
- # 15 = Wildcard
- #access_network_type=0
- # Whether the network provides connectivity to the Int
- ernet
- # 0 = Unspecified
- # 1 = Network provides connectivity to the Internet
- #internet=1
- # Additional Step Required for Access
- # Note: This is only used with open network, i.e., ASR
- A shall ne set to 0 if
- # RSN is used.
- #asra=0
- # Emergency services reachable
- #esr=0
- # Unauthenticated emergency service accessible
- #uesa=0
- # Venue Info (optional)
- # The available values are defined in IEEE Std 802.11u
- -2011, 7.3.1.34.
- # Example values (group,type):
- # 0,0 = Unspecified
- # 1,7 = Convention Center
- # 1,13 = Coffee Shop
- # 2,0 = Unspecified Business
- # 7,1 Private Residence
- #venue_group=7
- #venue_type=1
- # Homogeneous ESS identifier (optional; dot11HESSID)
- # If set, this shall be identifical to one of the BSSI
- Ds in the homogeneous
- # ESS and this shall be set to the same value across a
- ll BSSs in homogeneous
- # ESS.
- #hessid=02:03:04:05:06:07
- # Roaming Consortium List
- # Arbitrary number of Roaming Consortium OIs can be co
- nfigured with each line
- # adding a new OI to the list. The first three entries
- are available through
- # Beacon and Probe Response frames. Any additional ent
- ry will be available only
- # through ANQP queries. Each OI is between 3 and 15 oc
- tets and is configured as
- # a hexstring.
- #roaming_consortium=021122
- #roaming_consortium=2233445566
- # Venue Name information
- # This parameter can be used to configure one or more
- Venue Name Duples for
- # Venue Name ANQP information. Each entry has a two or
- three character language
- # code (ISO-639) separated by colon from the venue nam
- e string.
- # Note that venue_group and venue_type have to be set
- for Venue Name
- # information to be complete.
- #venue_name=eng:Example venue
- #venue_name=fin:Esimerkkipaikka
- # Alternative format for language:value strings:
- # (double quoted string, printf-escaped string)
- #venue_name=P"eng:Example\nvenue"
- # Network Authentication Type
- # This parameter indicates what type of network authen
- tication is used in the
- # network.
- # format: <network auth type indicator (1-octet hex st
- r)> [redirect URL]
- # Network Authentication Type Indicator values:
- # 00 = Acceptance of terms and conditions
- # 01 = On-line enrollment supported
- # 02 = http/https redirection
- # 03 = DNS redirection
- #network_auth_type=00
- #network_auth_type=02http://www.example.com/redirect/m
- e/here/
- # IP Address Type Availability
- # format: <1-octet encoded value as hex str>
- # (ipv4_type & 0x3f) << 2 | (ipv6_type & 0x3)
- # ipv4_type:
- # 0 = Address type not available
- # 1 = Public IPv4 address available
- # 2 = Port-restricted IPv4 address available
- # 3 = Single NATed private IPv4 address available
- # 4 = Double NATed private IPv4 address available
- # 5 = Port-restricted IPv4 address and single NATed IP
- v4 address available
- # 6 = Port-restricted IPv4 address and double NATed IP
- v4 address available
- # 7 = Availability of the address type is not known
- # ipv6_type:
- # 0 = Address type not available
- # 1 = Address type available
- # 2 = Availability of the address type not known
- #ipaddr_type_availability=14
- # Domain Name
- # format: <variable-octet str>[,<variable-octet str>]
- #domain_name=example.com,another.example.com,yet-anoth
- er.example.com
- # 3GPP Cellular Network information
- # format: <MCC1,MNC1>[;<MCC2,MNC2>][;...]
- #anqp_3gpp_cell_net=244,91;310,026;234,56
- # NAI Realm information
- # One or more realm can be advertised. Each nai_realm
- line adds a new realm to
- # the set. These parameters provide information for st
- ations using Interworking
- # network selection to allow automatic connection to a
- network based on
- # credentials.
- # format: <encoding>,<NAI Realm(s)>[,<EAP Method 1>][,
- <EAP Method 2>][,...]
- # encoding:
- # 0 = Realm formatted in accordance with IETF RF
- C 4282
- # 1 = UTF-8 formatted character string that is n
- ot formatted in
- # accordance with IETF RFC 4282
- # NAI Realm(s): Semi-colon delimited NAI Realm(s)
- # EAP Method: <EAP Method>[:<[AuthParam1:Val1]>][<[Aut
- hParam2:Val2]>][...]
- # EAP Method types, see:
- # http://www.iana.org/assignments/eap-numbers/eap-numb
- ers.xhtml#eap-numbers-4
- # AuthParam (Table 8-188 in IEEE Std 802.11-2012):
- # ID 2 = Non-EAP Inner Authentication Type
- # 1 = PAP, 2 = CHAP, 3 = MSCHAP, 4 = MSCHAPV2
- # ID 3 = Inner authentication EAP Method Type
- # ID 5 = Credential Type
- # 1 = SIM, 2 = USIM, 3 = NFC Secure Element, 4 =
- Hardware Token,
- # 5 = Softoken, 6 = Certificate, 7 = username/pa
- ssword, 9 = Anonymous,
- # 10 = Vendor Specific
- #nai_realm=0,example.com;example.net
- # EAP methods EAP-TLS with certificate and EAP-TTLS/MS
- CHAPv2 with
- # username/password
- #nai_realm=0,example.org,13[5:6],21[2:4][5:7]
- # QoS Map Set configuration
- #
- # Comma delimited QoS Map Set in decimal values
- # (see IEEE Std 802.11-2012, 8.4.2.97)
- #
- # format:
- # [<DSCP Exceptions[DSCP,UP]>,]<UP 0 range[low,high]>,
- ...<UP 7 range[low,high]>
- #
- # There can be up to 21 optional DSCP Exceptions which
- are pairs of DSCP Value
- # (0..63 or 255) and User Priority (0..7). This is fol
- lowed by eight DSCP Range
- # descriptions with DSCP Low Value and DSCP High Value
- pairs (0..63 or 255) for
- # each UP starting from 0. If both low and high value
- are set to 255, the
- # corresponding UP is not used.
- #
- # default: not set
- #qos_map_set=53,2,22,6,8,15,0,7,255,255,16,31,32,39,25
- 5,255,40,47,255,255
- ##### Hotspot 2.0 ####################################
- #########################
- # Enable Hotspot 2.0 support
- #hs20=1
- # Disable Downstream Group-Addressed Forwarding (DGAF)
- # This can be used to configure a network where no gro
- up-addressed frames are
- # allowed. The AP will not forward any group-address f
- rames to the stations and
- # random GTKs are issued for each station to prevent a
- ssociated stations from
- # forging such frames to other stations in the BSS.
- #disable_dgaf=1
- # OSU Server-Only Authenticated L2 Encryption Network
- #osen=1
- # ANQP Domain ID (0..65535)
- # An identifier for a set of APs in an ESS that share
- the same common ANQP
- # information. 0 = Some of the ANQP information is uni
- que to this AP (default).
- #anqp_domain_id=1234
- # Deauthentication request timeout
- # If the RADIUS server indicates that the station is n
- ot allowed to connect to
- # the BSS/ESS, the AP can allow the station some time
- to download a
- # notification page (URL included in the message). Thi
- s parameter sets that
- # timeout in seconds.
- #hs20_deauth_req_timeout=60
- # Operator Friendly Name
- # This parameter can be used to configure one or more
- Operator Friendly Name
- # Duples. Each entry has a two or three character lang
- uage code (ISO-639)
- # separated by colon from the operator friendly name s
- tring.
- #hs20_oper_friendly_name=eng:Example operator
- #hs20_oper_friendly_name=fin:Esimerkkioperaattori
- # Connection Capability
- # This can be used to advertise what type of IP traffi
- c can be sent through the
- # hotspot (e.g., due to firewall allowing/blocking pro
- tocols/ports).
- # format: <IP Protocol>:<Port Number>:<Status>
- # IP Protocol: 1 = ICMP, 6 = TCP, 17 = UDP
- # Port Number: 0..65535
- # Status: 0 = Closed, 1 = Open, 2 = Unknown
- # Each hs20_conn_capab line is added to the list of ad
- vertised tuples.
- #hs20_conn_capab=1:0:2
- #hs20_conn_capab=6:22:1
- #hs20_conn_capab=17:5060:0
- # WAN Metrics
- # format: <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<
- UL Load>:<LMD>
- # WAN Info: B0-B1: Link Status, B2: Symmetric Link, B3
- : At Capabity
- # (encoded as two hex digits)
- # Link Status: 1 = Link up, 2 = Link down, 3 = Link
- in test state
- # Downlink Speed: Estimate of WAN backhaul link curren
- t downlink speed in kbps;
- # 1..4294967295; 0 = unknown
- # Uplink Speed: Estimate of WAN backhaul link current
- uplink speed in kbps
- # 1..4294967295; 0 = unknown
- # Downlink Load: Current load of downlink WAN connecti
- on (scaled to 255 = 100%)
- # Uplink Load: Current load of uplink WAN connection (
- scaled to 255 = 100%)
- # Load Measurement Duration: Duration for measuring do
- wnlink/uplink load in
- # tenths of a second (1..65535); 0 if load cannot be d
- etermined
- #hs20_wan_metrics=01:8000:1000:80:240:3000
- # Operating Class Indication
- # List of operating classes the BSSes in this ESS use.
- The Global operating
- # classes in Table E-4 of IEEE Std 802.11-2012 Annex E
- define the values that
- # can be used in this.
- # format: hexdump of operating class octets
- # for example, operating classes 81 (2.4 GHz channels
- 1-13) and 115 (5 GHz
- # channels 36-48):
- #hs20_operating_class=5173
- # OSU icons
- # <Icon Width>:<Icon Height>:<Language code>:<Icon Typ
- e>:<Name>:<file path>
- #hs20_icon=32:32:eng:image/png:icon32:/tmp/icon32.png
- #hs20_icon=64:64:eng:image/png:icon64:/tmp/icon64.png
- # OSU SSID (see ssid2 for format description)
- # This is the SSID used for all OSU connections to all
- the listed OSU Providers.
- #osu_ssid="example"
- # OSU Providers
- # One or more sets of following parameter. Each OSU pr
- ovider is started by the
- # mandatory osu_server_uri item. The other parameters
- add information for the
- # last added OSU provider.
- #
- #osu_server_uri=https://example.com/osu/
- #osu_friendly_name=eng:Example operator
- #osu_friendly_name=fin:Esimerkkipalveluntarjoaja
- #osu_nai=anonymous@example.com
- #osu_method_list=1 0
- #osu_icon=icon32
- #osu_icon=icon64
- #osu_service_desc=eng:Example services
- #osu_service_desc=fin:Esimerkkipalveluja
- #
- #osu_server_uri=...
- ##### TESTING OPTIONS ################################
- #########################
- #
- # The options in this section are only available when
- the build configuration
- # option CONFIG_TESTING_OPTIONS is set while compiling
- hostapd. They allow
- # testing some scenarios that are otherwise difficult
- to reproduce.
- #
- # Ignore probe requests sent to hostapd with the given
- probability, must be a
- # floating point number in the range [0, 1).
- #ignore_probe_probability=0.0
- #
- # Ignore authentication frames with the given probabil
- ity
- #ignore_auth_probability=0.0
- #
- # Ignore association requests with the given probabili
- ty
- #ignore_assoc_probability=0.0
- #
- # Ignore reassociation requests with the given probabi
- lity
- #ignore_reassoc_probability=0.0
- #
- # Corrupt Key MIC in GTK rekey EAPOL-Key frames with t
- he given probability
- #corrupt_gtk_rekey_mic_probability=0.0
- ##### Multiple BSSID support #########################
- #########################
- #
- # Above configuration is using the default interface (
- wlan#, or multi-SSID VLAN
- # interfaces). Other BSSIDs can be added by using sepa
- rator 'bss' with
- # default interface name to be allocated for the data
- packets of the new BSS.
- #
- # hostapd will generate BSSID mask based on the BSSIDs
- that are
- # configured. hostapd will verify that dev_addr & MASK
- == dev_addr. If this is
- # not the case, the MAC address of the radio must be c
- hanged before starting
- # hostapd (ifconfig wlan0 hw ether <MAC addr>). If a B
- SSID is configured for
- # every secondary BSS, this limitation is not applied
- at hostapd and other
- # masks may be used if the driver supports them (e.g.,
- swap the locally
- # administered bit)
- #
- # BSSIDs are assigned in order to each BSS, unless an
- explicit BSSID is
- # specified using the 'bssid' parameter.
- # If an explicit BSSID is specified, it must be chosen
- such that it:
- # - results in a valid MASK that covers it and the dev
- _addr
- # - is not the same as the MAC address of the radio
- # - is not the same as any other explicitly specified
- BSSID
- #
- # Not all drivers support multiple BSSes. The exact me
- chanism for determining
- # the driver capabilities is driver specific. With the
- current (i.e., a recent
- # kernel) drivers using nl80211, this information can
- be checked with "iw list"
- # (search for "valid interface combinations").
- #
- # Please note that hostapd uses some of the values con
- figured for the first BSS
- # as the defaults for the following BSSes. However, it
- is recommended that all
- # BSSes include explicit configuration of all relevant
- configuration items.
- #
- #bss=wlan0_0
- #ssid=test2
- # most of the above items can be used here (apart from
- radio interface specific
- # items, like channel)
- #bss=wlan0_1
- #bssid=00:13:10:95:fe:0b
- # ...
- root@raspberrypi:/home/pi# cat /etc/dhcp/dhcpd.conf
- # If this DHCP server is the official DHCP server for
- the local
- # network, the authoritative directive should be uncom
- mented.
- authoritative;
- # No service will be given on this subnet, but declari
- ng it helps the
- # DHCP server to understand the network topology.
- subnet 192.168.3.0 netmask 255.255.255.0 {
- range 192.168.3.2 192.168.3.30;
- option broadcast-address 192.168.255.255;
- option routers 192.168.3.1;
- option domain-name-servers 10.8.0.1;
- }
- root@raspberrypi:/home/pi#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement