Guest User

Untitled

a guest
Dec 9th, 2016
116
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. the SSID is changed.
  2. # wpa_psk (dot11RSNAConfigPSKValue)
  3. # wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
  4. #wpa_psk=0123456789abcdef0123456789abcdef0123456789abc
  5. def0123456789abcdef
  6. wpa_passphrase=18071952
  7.  
  8. # Optionally, WPA PSKs can be read from a separate tex
  9. t file (containing list
  10. # of (PSK,MAC address) pairs. This allows more than on
  11. e PSK to be configured.
  12. # Use absolute path name to make sure that the files c
  13. an be read on SIGHUP
  14. # configuration reloads.
  15. #wpa_psk_file=/etc/hostapd.wpa_psk
  16.  
  17. # Optionally, WPA passphrase can be received from RADI
  18. US authentication server
  19. # This requires macaddr_acl to be set to 2 (RADIUS)
  20. # 0 = disabled (default)
  21. # 1 = optional; use default passphrase/psk if RADIUS s
  22. erver does not include
  23. # Tunnel-Password
  24. # 2 = required; reject authentication if RADIUS server
  25. does not include
  26. # Tunnel-Password
  27. #wpa_psk_radius=0
  28.  
  29. # Set of accepted key management algorithms (WPA-PSK,
  30. WPA-EAP, or both). The
  31. # entries are separated with a space. WPA-PSK-SHA256 a
  32. nd WPA-EAP-SHA256 can be
  33. # added to enable SHA256-based stronger algorithms.
  34. # (dot11RSNAConfigAuthenticationSuitesTable)
  35. #wpa_key_mgmt=WPA-PSK WPA-EAP
  36.  
  37. # Set of accepted cipher suites (encryption algorithms
  38. ) for pairwise keys
  39. # (unicast packets). This is a space separated list of
  40. algorithms:
  41. # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, I
  42. EEE 802.11i/D7.0]
  43. # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i
  44. /D7.0]
  45. # Group cipher suite (encryption algorithm for broadca
  46. st and multicast frames)
  47. # is automatically selected based on this configuratio
  48. n. If only CCMP is
  49. # allowed as the pairwise cipher, group cipher will al
  50. so be CCMP. Otherwise,
  51. # TKIP will be used as the group cipher.
  52. # (dot11RSNAConfigPairwiseCiphersTable)
  53. # Pairwise cipher for WPA (v1) (default: TKIP)
  54. #wpa_pairwise=TKIP CCMP
  55. # Pairwise cipher for RSN/WPA2 (default: use wpa_pairw
  56. ise value)
  57. #rsn_pairwise=CCMP
  58.  
  59. # Time interval for rekeying GTK (broadcast/multicast
  60. encryption keys) in
  61. # seconds. (dot11RSNAConfigGroupRekeyTime)
  62. #wpa_group_rekey=600
  63.  
  64. # Rekey GTK when any STA that possesses the current GT
  65. K is leaving the BSS.
  66. # (dot11RSNAConfigGroupRekeyStrict)
  67. #wpa_strict_rekey=1
  68.  
  69. # Time interval for rekeying GMK (master key used inte
  70. rnally to generate GTKs
  71. # (in seconds).
  72. #wpa_gmk_rekey=86400
  73.  
  74. # Maximum lifetime for PTK in seconds. This can be use
  75. d to enforce rekeying of
  76. # PTK to mitigate some attacks against TKIP deficienci
  77. es.
  78. #wpa_ptk_rekey=600
  79.  
  80. # Enable IEEE 802.11i/RSN/WPA2 pre-authentication. Thi
  81. s is used to speed up
  82. # roaming be pre-authenticating IEEE 802.1X/EAP part o
  83. f the full RSN
  84. # authentication and key handshake before actually ass
  85. ociating with a new AP.
  86. # (dot11RSNAPreauthenticationEnabled)
  87. #rsn_preauth=1
  88. #
  89. # Space separated list of interfaces from which pre-au
  90. thentication frames are
  91. # accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This lis
  92. t should include all
  93. # interface that are used for connections to other APs
  94. . This could include
  95. # wired interfaces and WDS links. The normal wireless
  96. data interface towards
  97. # associated stations (e.g., wlan0) should not be adde
  98. d, since
  99. # pre-authentication is only used with APs other than
  100. the currently associated
  101. # one.
  102. #rsn_preauth_interfaces=eth0
  103.  
  104. # peerkey: Whether PeerKey negotiation for direct link
  105. s (IEEE 802.11e) is
  106. # allowed. This is only used with RSN/WPA2.
  107. # 0 = disabled (default)
  108. # 1 = enabled
  109. #peerkey=1
  110.  
  111. # ieee80211w: Whether management frame protection (MFP
  112. ) is enabled
  113. # 0 = disabled (default)
  114. # 1 = optional
  115. # 2 = required
  116. #ieee80211w=0
  117.  
  118. # Group management cipher suite
  119. # Default: AES-128-CMAC (BIP)
  120. # Other options (depending on driver support):
  121. # BIP-GMAC-128
  122. # BIP-GMAC-256
  123. # BIP-CMAC-256
  124. # Note: All the stations connecting to the BSS will al
  125. so need to support the
  126. # selected cipher. The default AES-128-CMAC is the onl
  127. y option that is commonly
  128. # available in deployed devices.
  129. #group_mgmt_cipher=AES-128-CMAC
  130.  
  131. # Association SA Query maximum timeout (in TU = 1.024
  132. ms; for MFP)
  133. # (maximum time to wait for a SA Query response)
  134. # dot11AssociationSAQueryMaximumTimeout, 1...429496729
  135. 5
  136. #assoc_sa_query_max_timeout=1000
  137.  
  138. # Association SA Query retry timeout (in TU = 1.024 ms
  139. ; for MFP)
  140. # (time between two subsequent SA Query requests)
  141. # dot11AssociationSAQueryRetryTimeout, 1...4294967295
  142. #assoc_sa_query_retry_timeout=201
  143.  
  144. # disable_pmksa_caching: Disable PMKSA caching
  145. # This parameter can be used to disable caching of PMK
  146. SA created through EAP
  147. # authentication. RSN preauthentication may still end
  148. up using PMKSA caching if
  149. # it is enabled (rsn_preauth=1).
  150. # 0 = PMKSA caching enabled (default)
  151. # 1 = PMKSA caching disabled
  152. #disable_pmksa_caching=0
  153.  
  154. # okc: Opportunistic Key Caching (aka Proactive Key Ca
  155. ching)
  156. # Allow PMK cache to be shared opportunistically among
  157. configured interfaces
  158. # and BSSes (i.e., all configurations within a single
  159. hostapd process).
  160. # 0 = disabled (default)
  161. # 1 = enabled
  162. #okc=1
  163.  
  164. # SAE threshold for anti-clogging mechanism (dot11RSNA
  165. SAEAntiCloggingThreshold)
  166. # This parameter defines how many open SAE instances c
  167. an be in progress at the
  168. # same time before the anti-clogging mechanism is take
  169. n into use.
  170. #sae_anti_clogging_threshold=5
  171.  
  172. # Enabled SAE finite cyclic groups
  173. # SAE implementation are required to support group 19
  174. (ECC group defined over a
  175. # 256-bit prime order field). All groups that are supp
  176. orted by the
  177. # implementation are enabled by default. This configur
  178. ation parameter can be
  179. # used to specify a limited set of allowed groups. The
  180. group values are listed
  181. # in the IANA registry:
  182. # http://www.iana.org/assignments/ipsec-registry/ipsec
  183. -registry.xml#ipsec-registry-9
  184. #sae_groups=19 20 21 25 26
  185.  
  186. ##### IEEE 802.11r configuration #####################
  187. #########################
  188.  
  189. # Mobility Domain identifier (dot11FTMobilityDomainID,
  190. MDID)
  191. # MDID is used to indicate a group of APs (within an E
  192. SS, i.e., sharing the
  193. # same SSID) between which a STA can use Fast BSS Tran
  194. sition.
  195. # 2-octet identifier as a hex string.
  196. #mobility_domain=a1b2
  197.  
  198. # PMK-R0 Key Holder identifier (dot11FTR0KeyHolderID)
  199. # 1 to 48 octet identifier.
  200. # This is configured with nas_identifier (see RADIUS c
  201. lient section above).
  202.  
  203. # Default lifetime of the PMK-RO in minutes; range 1..
  204. 65535
  205. # (dot11FTR0KeyLifetime)
  206. #r0_key_lifetime=10000
  207.  
  208. # PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID)
  209. # 6-octet identifier as a hex string.
  210. #r1_key_holder=000102030405
  211.  
  212. # Reassociation deadline in time units (TUs / 1.024 ms
  213. ; range 1000..65535)
  214. # (dot11FTReassociationDeadline)
  215. #reassociation_deadline=1000
  216.  
  217. # List of R0KHs in the same Mobility Domain
  218. # format: <MAC address> <NAS Identifier> <128-bit key
  219. as hex string>
  220. # This list is used to map R0KH-ID (NAS Identifier) to
  221. a destination MAC
  222. # address when requesting PMK-R1 key from the R0KH tha
  223. t the STA used during the
  224. # Initial Mobility Domain Association.
  225. #r0kh=02:01:02:03:04:05 r0kh-1.example.com 00010203040
  226. 5060708090a0b0c0d0e0f
  227. #r0kh=02:01:02:03:04:06 r0kh-2.example.com 00112233445
  228. 566778899aabbccddeeff
  229. # And so on.. One line per R0KH.
  230.  
  231. # List of R1KHs in the same Mobility Domain
  232. # format: <MAC address> <R1KH-ID> <128-bit key as hex
  233. string>
  234. # This list is used to map R1KH-ID to a destination MA
  235. C address when sending
  236. # PMK-R1 key from the R0KH. This is also the list of a
  237. uthorized R1KHs in the MD
  238. # that can request PMK-R1 keys.
  239. #r1kh=02:01:02:03:04:05 02:11:22:33:44:55 000102030405
  240. 060708090a0b0c0d0e0f
  241. #r1kh=02:01:02:03:04:06 02:11:22:33:44:66 001122334455
  242. 66778899aabbccddeeff
  243. # And so on.. One line per R1KH.
  244.  
  245. # Whether PMK-R1 push is enabled at R0KH
  246. # 0 = do not push PMK-R1 to all configured R1KHs (defa
  247. ult)
  248. # 1 = push PMK-R1 to all configured R1KHs whenever a n
  249. ew PMK-R0 is derived
  250. #pmk_r1_push=1
  251.  
  252. ##### Neighbor table #################################
  253. #########################
  254. # Maximum number of entries kept in AP table (either f
  255. or neigbor table or for
  256. # detecting Overlapping Legacy BSS Condition). The old
  257. est entry will be
  258. # removed when adding a new entry that would make the
  259. list grow over this
  260. # limit. Note! WFA certification for IEEE 802.11g requ
  261. ires that OLBC is
  262. # enabled, so this field should not be set to 0 when u
  263. sing IEEE 802.11g.
  264. # default: 255
  265. #ap_table_max_size=255
  266.  
  267. # Number of seconds of no frames received after which
  268. entries may be deleted
  269. # from the AP table. Since passive scanning is not usu
  270. ally performed frequently
  271. # this should not be set to very small value. In addit
  272. ion, there is no
  273. # guarantee that every scan cycle will receive beacon
  274. frames from the
  275. # neighboring APs.
  276. # default: 60
  277. #ap_table_expiration_time=3600
  278.  
  279.  
  280. ##### Wi-Fi Protected Setup (WPS) ####################
  281. #########################
  282.  
  283. # WPS state
  284. # 0 = WPS disabled (default)
  285. # 1 = WPS enabled, not configured
  286. # 2 = WPS enabled, configured
  287. #wps_state=2
  288.  
  289. # Whether to manage this interface independently from
  290. other WPS interfaces
  291. # By default, a single hostapd process applies WPS ope
  292. rations to all configured
  293. # interfaces. This parameter can be used to disable th
  294. at behavior for a subset
  295. # of interfaces. If this is set to non-zero for an int
  296. erface, WPS commands
  297. # issued on that interface do not apply to other inter
  298. faces and WPS operations
  299. # performed on other interfaces do not affect this int
  300. erface.
  301. #wps_independent=0
  302.  
  303. # AP can be configured into a locked state where new W
  304. PS Registrar are not
  305. # accepted, but previously authorized Registrars (incl
  306. uding the internal one)
  307. # can continue to add new Enrollees.
  308. #ap_setup_locked=1
  309.  
  310. # Universally Unique IDentifier (UUID; see RFC 4122) o
  311. f the device
  312. # This value is used as the UUID for the internal WPS
  313. Registrar. If the AP
  314. # is also using UPnP, this value should be set to the
  315. device's UPnP UUID.
  316. # If not configured, UUID will be generated based on t
  317. he local MAC address.
  318. #uuid=12345678-9abc-def0-1234-56789abcdef0
  319.  
  320. # Note: If wpa_psk_file is set, WPS is used to generat
  321. e random, per-device PSKs
  322. # that will be appended to the wpa_psk_file. If wpa_ps
  323. k_file is not set, the
  324. # default PSK (wpa_psk/wpa_passphrase) will be deliver
  325. ed to Enrollees. Use of
  326. # per-device PSKs is recommended as the more secure op
  327. tion (i.e., make sure to
  328. # set wpa_psk_file when using WPS with WPA-PSK).
  329.  
  330. # When an Enrollee requests access to the network with
  331. PIN method, the Enrollee
  332. # PIN will need to be entered for the Registrar. PIN r
  333. equest notifications are
  334. # sent to hostapd ctrl_iface monitor. In addition, the
  335. y can be written to a
  336. # text file that could be used, e.g., to populate the
  337. AP administration UI with
  338. # pending PIN requests. If the following variable is s
  339. et, the PIN requests will
  340. # be written to the configured file.
  341. #wps_pin_requests=/var/run/hostapd_wps_pin_requests
  342.  
  343. # Device Name
  344. # User-friendly description of device; up to 32 octets
  345. encoded in UTF-8
  346. #device_name=Wireless AP
  347.  
  348. # Manufacturer
  349. # The manufacturer of the device (up to 64 ASCII chara
  350. cters)
  351. #manufacturer=Company
  352.  
  353. # Model Name
  354. # Model of the device (up to 32 ASCII characters)
  355. #model_name=WAP
  356.  
  357. # Model Number
  358. # Additional device description (up to 32 ASCII charac
  359. ters)
  360. #model_number=123
  361.  
  362. # Serial Number
  363. # Serial number of the device (up to 32 characters)
  364. #serial_number=12345
  365.  
  366. # Primary Device Type
  367. # Used format: <categ>-<OUI>-<subcateg>
  368. # categ = Category as an integer value
  369. # OUI = OUI and type octet as a 4-octet hex-encoded va
  370. lue; 0050F204 for
  371. # default WPS OUI
  372. # subcateg = OUI-specific Sub Category as an integer v
  373. alue
  374. # Examples:
  375. # 1-0050F204-1 (Computer / PC)
  376. # 1-0050F204-2 (Computer / Server)
  377. # 5-0050F204-1 (Storage / NAS)
  378. # 6-0050F204-1 (Network Infrastructure / AP)
  379. #device_type=6-0050F204-1
  380.  
  381. # OS Version
  382. # 4-octet operating system version number (hex string)
  383. #os_version=01020300
  384.  
  385. # Config Methods
  386. # List of the supported configuration methods
  387. # Available methods: usba ethernet label display ext_n
  388. fc_token int_nfc_token
  389. # nfc_interface push_button keypad virtual_displ
  390. ay physical_display
  391. # virtual_push_button physical_push_button
  392. #config_methods=label virtual_display virtual_push_but
  393. ton keypad
  394.  
  395. # WPS capability discovery workaround for PBC with Win
  396. dows 7
  397. # Windows 7 uses incorrect way of figuring out AP's WP
  398. S capabilities by acting
  399. # as a Registrar and using M1 from the AP. The config
  400. methods attribute in that
  401. # message is supposed to indicate only the configurati
  402. on method supported by
  403. # the AP in Enrollee role, i.e., to add an external Re
  404. gistrar. For that case,
  405. # PBC shall not be used and as such, the PushButton co
  406. nfig method is removed
  407. # from M1 by default. If pbc_in_m1=1 is included in th
  408. e configuration file,
  409. # the PushButton config method is left in M1 (if inclu
  410. ded in config_methods
  411. # parameter) to allow Windows 7 to use PBC instead of
  412. PIN (e.g., from a label
  413. # in the AP).
  414. #pbc_in_m1=1
  415.  
  416. # Static access point PIN for initial configuration an
  417. d adding Registrars
  418. # If not set, hostapd will not allow external WPS Regi
  419. strars to control the
  420. # access point. The AP PIN can also be set at runtime
  421. with hostapd_cli
  422. # wps_ap_pin command. Use of temporary (enabled by use
  423. r action) and random
  424. # AP PIN is much more secure than configuring a static
  425. AP PIN here. As such,
  426. # use of the ap_pin parameter is not recommended if th
  427. e AP device has means for
  428. # displaying a random PIN.
  429. #ap_pin=12345670
  430.  
  431. # Skip building of automatic WPS credential
  432. # This can be used to allow the automatically generate
  433. d Credential attribute to
  434. # be replaced with pre-configured Credential(s).
  435. #skip_cred_build=1
  436.  
  437. # Additional Credential attribute(s)
  438. # This option can be used to add pre-configured Creden
  439. tial attributes into M8
  440. # message when acting as a Registrar. If skip_cred_bui
  441. ld=1, this data will also
  442. # be able to override the Credential attribute that wo
  443. uld have otherwise been
  444. # automatically generated based on network configurati
  445. on. This configuration
  446. # option points to an external file that much contain
  447. the WPS Credential
  448. # attribute(s) as binary data.
  449. #extra_cred=hostapd.cred
  450.  
  451. # Credential processing
  452. # 0 = process received credentials internally (defau
  453. lt)
  454. # 1 = do not process received credentials; just pass
  455. them over ctrl_iface to
  456. # external program(s)
  457. # 2 = process received credentials internally and pa
  458. ss them over ctrl_iface
  459. # to external program(s)
  460. # Note: With wps_cred_processing=1, skip_cred_build sh
  461. ould be set to 1 and
  462. # extra_cred be used to provide the Credential data fo
  463. r Enrollees.
  464. #
  465. # wps_cred_processing=1 will disabled automatic update
  466. s of hostapd.conf file
  467. # both for Credential processing and for marking AP Se
  468. tup Locked based on
  469. # validation failures of AP PIN. An external program i
  470. s responsible on updating
  471. # the configuration appropriately in this case.
  472. #wps_cred_processing=0
  473.  
  474. # AP Settings Attributes for M7
  475. # By default, hostapd generates the AP Settings Attrib
  476. utes for M7 based on the
  477. # current configuration. It is possible to override th
  478. is by providing a file
  479. # with pre-configured attributes. This is similar to e
  480. xtra_cred file format,
  481. # but the AP Settings attributes are not encapsulated
  482. in a Credential
  483. # attribute.
  484. #ap_settings=hostapd.ap_settings
  485.  
  486. # WPS UPnP interface
  487. # If set, support for external Registrars is enabled.
  488. #upnp_iface=br0
  489.  
  490. # Friendly Name (required for UPnP)
  491. # Short description for end use. Should be less than 6
  492. 4 characters.
  493. #friendly_name=WPS Access Point
  494.  
  495. # Manufacturer URL (optional for UPnP)
  496. #manufacturer_url=http://www.example.com/
  497.  
  498. # Model Description (recommended for UPnP)
  499. # Long description for end user. Should be less than 1
  500. 28 characters.
  501. #model_description=Wireless Access Point
  502.  
  503. # Model URL (optional for UPnP)
  504. #model_url=http://www.example.com/model/
  505.  
  506. # Universal Product Code (optional for UPnP)
  507. # 12-digit, all-numeric code that identifies the consu
  508. mer package.
  509. #upc=123456789012
  510.  
  511. # WPS RF Bands (a = 5G, b = 2.4G, g = 2.4G, ag = dual
  512. band)
  513. # This value should be set according to RF band(s) sup
  514. ported by the AP if
  515. # hw_mode is not set. For dual band dual concurrent de
  516. vices, this needs to be
  517. # set to ag to allow both RF bands to be advertized.
  518. #wps_rf_bands=ag
  519.  
  520. # NFC password token for WPS
  521. # These parameters can be used to configure a fixed NF
  522. C password token for the
  523. # AP. This can be generated, e.g., with nfc_pw_token f
  524. rom wpa_supplicant. When
  525. # these parameters are used, the AP is assumed to be d
  526. eployed with a NFC tag
  527. # that includes the matching NFC password token (e.g.,
  528. written based on the
  529. # NDEF record from nfc_pw_token).
  530. #
  531. #wps_nfc_dev_pw_id: Device Password ID (16..65535)
  532. #wps_nfc_dh_pubkey: Hexdump of DH Public Key
  533. #wps_nfc_dh_privkey: Hexdump of DH Private Key
  534. #wps_nfc_dev_pw: Hexdump of Device Password
  535.  
  536. ##### Wi-Fi Direct (P2P) #############################
  537. #########################
  538.  
  539. # Enable P2P Device management
  540. #manage_p2p=1
  541.  
  542. # Allow cross connection
  543. #allow_cross_connection=1
  544.  
  545. #### TDLS (IEEE 802.11z-2010) ########################
  546. #########################
  547.  
  548. # Prohibit use of TDLS in this BSS
  549. #tdls_prohibit=1
  550.  
  551. # Prohibit use of TDLS Channel Switching in this BSS
  552. #tdls_prohibit_chan_switch=1
  553.  
  554. ##### IEEE 802.11v-2011 ##############################
  555. #########################
  556.  
  557. # Time advertisement
  558. # 0 = disabled (default)
  559. # 2 = UTC time at which the TSF timer is 0
  560. #time_advertisement=2
  561.  
  562. # Local time zone as specified in 8.3 of IEEE Std 1003
  563. .1-2004:
  564. # stdoffset[dst[offset][,start[/time],end[/time]]]
  565. #time_zone=EST5
  566.  
  567. # WNM-Sleep Mode (extended sleep mode for stations)
  568. # 0 = disabled (default)
  569. # 1 = enabled (allow stations to use WNM-Sleep Mode)
  570. #wnm_sleep_mode=1
  571.  
  572. # BSS Transition Management
  573. # 0 = disabled (default)
  574. # 1 = enabled
  575. #bss_transition=1
  576.  
  577. ##### IEEE 802.11u-2011 ##############################
  578. #########################
  579.  
  580. # Enable Interworking service
  581. #interworking=1
  582.  
  583. # Access Network Type
  584. # 0 = Private network
  585. # 1 = Private network with guest access
  586. # 2 = Chargeable public network
  587. # 3 = Free public network
  588. # 4 = Personal device network
  589. # 5 = Emergency services only network
  590. # 14 = Test or experimental
  591. # 15 = Wildcard
  592. #access_network_type=0
  593.  
  594. # Whether the network provides connectivity to the Int
  595. ernet
  596. # 0 = Unspecified
  597. # 1 = Network provides connectivity to the Internet
  598. #internet=1
  599.  
  600. # Additional Step Required for Access
  601. # Note: This is only used with open network, i.e., ASR
  602. A shall ne set to 0 if
  603. # RSN is used.
  604. #asra=0
  605.  
  606. # Emergency services reachable
  607. #esr=0
  608.  
  609. # Unauthenticated emergency service accessible
  610. #uesa=0
  611.  
  612. # Venue Info (optional)
  613. # The available values are defined in IEEE Std 802.11u
  614. -2011, 7.3.1.34.
  615. # Example values (group,type):
  616. # 0,0 = Unspecified
  617. # 1,7 = Convention Center
  618. # 1,13 = Coffee Shop
  619. # 2,0 = Unspecified Business
  620. # 7,1 Private Residence
  621. #venue_group=7
  622. #venue_type=1
  623.  
  624. # Homogeneous ESS identifier (optional; dot11HESSID)
  625. # If set, this shall be identifical to one of the BSSI
  626. Ds in the homogeneous
  627. # ESS and this shall be set to the same value across a
  628. ll BSSs in homogeneous
  629. # ESS.
  630. #hessid=02:03:04:05:06:07
  631.  
  632. # Roaming Consortium List
  633. # Arbitrary number of Roaming Consortium OIs can be co
  634. nfigured with each line
  635. # adding a new OI to the list. The first three entries
  636. are available through
  637. # Beacon and Probe Response frames. Any additional ent
  638. ry will be available only
  639. # through ANQP queries. Each OI is between 3 and 15 oc
  640. tets and is configured as
  641. # a hexstring.
  642. #roaming_consortium=021122
  643. #roaming_consortium=2233445566
  644.  
  645. # Venue Name information
  646. # This parameter can be used to configure one or more
  647. Venue Name Duples for
  648. # Venue Name ANQP information. Each entry has a two or
  649. three character language
  650. # code (ISO-639) separated by colon from the venue nam
  651. e string.
  652. # Note that venue_group and venue_type have to be set
  653. for Venue Name
  654. # information to be complete.
  655. #venue_name=eng:Example venue
  656. #venue_name=fin:Esimerkkipaikka
  657. # Alternative format for language:value strings:
  658. # (double quoted string, printf-escaped string)
  659. #venue_name=P"eng:Example\nvenue"
  660.  
  661. # Network Authentication Type
  662. # This parameter indicates what type of network authen
  663. tication is used in the
  664. # network.
  665. # format: <network auth type indicator (1-octet hex st
  666. r)> [redirect URL]
  667. # Network Authentication Type Indicator values:
  668. # 00 = Acceptance of terms and conditions
  669. # 01 = On-line enrollment supported
  670. # 02 = http/https redirection
  671. # 03 = DNS redirection
  672. #network_auth_type=00
  673. #network_auth_type=02http://www.example.com/redirect/m
  674. e/here/
  675.  
  676. # IP Address Type Availability
  677. # format: <1-octet encoded value as hex str>
  678. # (ipv4_type & 0x3f) << 2 | (ipv6_type & 0x3)
  679. # ipv4_type:
  680. # 0 = Address type not available
  681. # 1 = Public IPv4 address available
  682. # 2 = Port-restricted IPv4 address available
  683. # 3 = Single NATed private IPv4 address available
  684. # 4 = Double NATed private IPv4 address available
  685. # 5 = Port-restricted IPv4 address and single NATed IP
  686. v4 address available
  687. # 6 = Port-restricted IPv4 address and double NATed IP
  688. v4 address available
  689. # 7 = Availability of the address type is not known
  690. # ipv6_type:
  691. # 0 = Address type not available
  692. # 1 = Address type available
  693. # 2 = Availability of the address type not known
  694. #ipaddr_type_availability=14
  695.  
  696. # Domain Name
  697. # format: <variable-octet str>[,<variable-octet str>]
  698. #domain_name=example.com,another.example.com,yet-anoth
  699. er.example.com
  700.  
  701. # 3GPP Cellular Network information
  702. # format: <MCC1,MNC1>[;<MCC2,MNC2>][;...]
  703. #anqp_3gpp_cell_net=244,91;310,026;234,56
  704.  
  705. # NAI Realm information
  706. # One or more realm can be advertised. Each nai_realm
  707. line adds a new realm to
  708. # the set. These parameters provide information for st
  709. ations using Interworking
  710. # network selection to allow automatic connection to a
  711. network based on
  712. # credentials.
  713. # format: <encoding>,<NAI Realm(s)>[,<EAP Method 1>][,
  714. <EAP Method 2>][,...]
  715. # encoding:
  716. # 0 = Realm formatted in accordance with IETF RF
  717. C 4282
  718. # 1 = UTF-8 formatted character string that is n
  719. ot formatted in
  720. # accordance with IETF RFC 4282
  721. # NAI Realm(s): Semi-colon delimited NAI Realm(s)
  722. # EAP Method: <EAP Method>[:<[AuthParam1:Val1]>][<[Aut
  723. hParam2:Val2]>][...]
  724. # EAP Method types, see:
  725. # http://www.iana.org/assignments/eap-numbers/eap-numb
  726. ers.xhtml#eap-numbers-4
  727. # AuthParam (Table 8-188 in IEEE Std 802.11-2012):
  728. # ID 2 = Non-EAP Inner Authentication Type
  729. # 1 = PAP, 2 = CHAP, 3 = MSCHAP, 4 = MSCHAPV2
  730. # ID 3 = Inner authentication EAP Method Type
  731. # ID 5 = Credential Type
  732. # 1 = SIM, 2 = USIM, 3 = NFC Secure Element, 4 =
  733. Hardware Token,
  734. # 5 = Softoken, 6 = Certificate, 7 = username/pa
  735. ssword, 9 = Anonymous,
  736. # 10 = Vendor Specific
  737. #nai_realm=0,example.com;example.net
  738. # EAP methods EAP-TLS with certificate and EAP-TTLS/MS
  739. CHAPv2 with
  740. # username/password
  741. #nai_realm=0,example.org,13[5:6],21[2:4][5:7]
  742.  
  743. # QoS Map Set configuration
  744. #
  745. # Comma delimited QoS Map Set in decimal values
  746. # (see IEEE Std 802.11-2012, 8.4.2.97)
  747. #
  748. # format:
  749. # [<DSCP Exceptions[DSCP,UP]>,]<UP 0 range[low,high]>,
  750. ...<UP 7 range[low,high]>
  751. #
  752. # There can be up to 21 optional DSCP Exceptions which
  753. are pairs of DSCP Value
  754. # (0..63 or 255) and User Priority (0..7). This is fol
  755. lowed by eight DSCP Range
  756. # descriptions with DSCP Low Value and DSCP High Value
  757. pairs (0..63 or 255) for
  758. # each UP starting from 0. If both low and high value
  759. are set to 255, the
  760. # corresponding UP is not used.
  761. #
  762. # default: not set
  763. #qos_map_set=53,2,22,6,8,15,0,7,255,255,16,31,32,39,25
  764. 5,255,40,47,255,255
  765.  
  766. ##### Hotspot 2.0 ####################################
  767. #########################
  768.  
  769. # Enable Hotspot 2.0 support
  770. #hs20=1
  771.  
  772. # Disable Downstream Group-Addressed Forwarding (DGAF)
  773. # This can be used to configure a network where no gro
  774. up-addressed frames are
  775. # allowed. The AP will not forward any group-address f
  776. rames to the stations and
  777. # random GTKs are issued for each station to prevent a
  778. ssociated stations from
  779. # forging such frames to other stations in the BSS.
  780. #disable_dgaf=1
  781.  
  782. # OSU Server-Only Authenticated L2 Encryption Network
  783. #osen=1
  784.  
  785. # ANQP Domain ID (0..65535)
  786. # An identifier for a set of APs in an ESS that share
  787. the same common ANQP
  788. # information. 0 = Some of the ANQP information is uni
  789. que to this AP (default).
  790. #anqp_domain_id=1234
  791.  
  792. # Deauthentication request timeout
  793. # If the RADIUS server indicates that the station is n
  794. ot allowed to connect to
  795. # the BSS/ESS, the AP can allow the station some time
  796. to download a
  797. # notification page (URL included in the message). Thi
  798. s parameter sets that
  799. # timeout in seconds.
  800. #hs20_deauth_req_timeout=60
  801.  
  802. # Operator Friendly Name
  803. # This parameter can be used to configure one or more
  804. Operator Friendly Name
  805. # Duples. Each entry has a two or three character lang
  806. uage code (ISO-639)
  807. # separated by colon from the operator friendly name s
  808. tring.
  809. #hs20_oper_friendly_name=eng:Example operator
  810. #hs20_oper_friendly_name=fin:Esimerkkioperaattori
  811.  
  812. # Connection Capability
  813. # This can be used to advertise what type of IP traffi
  814. c can be sent through the
  815. # hotspot (e.g., due to firewall allowing/blocking pro
  816. tocols/ports).
  817. # format: <IP Protocol>:<Port Number>:<Status>
  818. # IP Protocol: 1 = ICMP, 6 = TCP, 17 = UDP
  819. # Port Number: 0..65535
  820. # Status: 0 = Closed, 1 = Open, 2 = Unknown
  821. # Each hs20_conn_capab line is added to the list of ad
  822. vertised tuples.
  823. #hs20_conn_capab=1:0:2
  824. #hs20_conn_capab=6:22:1
  825. #hs20_conn_capab=17:5060:0
  826.  
  827. # WAN Metrics
  828. # format: <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<
  829. UL Load>:<LMD>
  830. # WAN Info: B0-B1: Link Status, B2: Symmetric Link, B3
  831. : At Capabity
  832. # (encoded as two hex digits)
  833. # Link Status: 1 = Link up, 2 = Link down, 3 = Link
  834. in test state
  835. # Downlink Speed: Estimate of WAN backhaul link curren
  836. t downlink speed in kbps;
  837. # 1..4294967295; 0 = unknown
  838. # Uplink Speed: Estimate of WAN backhaul link current
  839. uplink speed in kbps
  840. # 1..4294967295; 0 = unknown
  841. # Downlink Load: Current load of downlink WAN connecti
  842. on (scaled to 255 = 100%)
  843. # Uplink Load: Current load of uplink WAN connection (
  844. scaled to 255 = 100%)
  845. # Load Measurement Duration: Duration for measuring do
  846. wnlink/uplink load in
  847. # tenths of a second (1..65535); 0 if load cannot be d
  848. etermined
  849. #hs20_wan_metrics=01:8000:1000:80:240:3000
  850.  
  851. # Operating Class Indication
  852. # List of operating classes the BSSes in this ESS use.
  853. The Global operating
  854. # classes in Table E-4 of IEEE Std 802.11-2012 Annex E
  855. define the values that
  856. # can be used in this.
  857. # format: hexdump of operating class octets
  858. # for example, operating classes 81 (2.4 GHz channels
  859. 1-13) and 115 (5 GHz
  860. # channels 36-48):
  861. #hs20_operating_class=5173
  862.  
  863. # OSU icons
  864. # <Icon Width>:<Icon Height>:<Language code>:<Icon Typ
  865. e>:<Name>:<file path>
  866. #hs20_icon=32:32:eng:image/png:icon32:/tmp/icon32.png
  867. #hs20_icon=64:64:eng:image/png:icon64:/tmp/icon64.png
  868.  
  869. # OSU SSID (see ssid2 for format description)
  870. # This is the SSID used for all OSU connections to all
  871. the listed OSU Providers.
  872. #osu_ssid="example"
  873.  
  874. # OSU Providers
  875. # One or more sets of following parameter. Each OSU pr
  876. ovider is started by the
  877. # mandatory osu_server_uri item. The other parameters
  878. add information for the
  879. # last added OSU provider.
  880. #
  881. #osu_server_uri=https://example.com/osu/
  882. #osu_friendly_name=eng:Example operator
  883. #osu_friendly_name=fin:Esimerkkipalveluntarjoaja
  884. #osu_nai=anonymous@example.com
  885. #osu_method_list=1 0
  886. #osu_icon=icon32
  887. #osu_icon=icon64
  888. #osu_service_desc=eng:Example services
  889. #osu_service_desc=fin:Esimerkkipalveluja
  890. #
  891. #osu_server_uri=...
  892.  
  893. ##### TESTING OPTIONS ################################
  894. #########################
  895. #
  896. # The options in this section are only available when
  897. the build configuration
  898. # option CONFIG_TESTING_OPTIONS is set while compiling
  899. hostapd. They allow
  900. # testing some scenarios that are otherwise difficult
  901. to reproduce.
  902. #
  903. # Ignore probe requests sent to hostapd with the given
  904. probability, must be a
  905. # floating point number in the range [0, 1).
  906. #ignore_probe_probability=0.0
  907. #
  908. # Ignore authentication frames with the given probabil
  909. ity
  910. #ignore_auth_probability=0.0
  911. #
  912. # Ignore association requests with the given probabili
  913. ty
  914. #ignore_assoc_probability=0.0
  915. #
  916. # Ignore reassociation requests with the given probabi
  917. lity
  918. #ignore_reassoc_probability=0.0
  919. #
  920. # Corrupt Key MIC in GTK rekey EAPOL-Key frames with t
  921. he given probability
  922. #corrupt_gtk_rekey_mic_probability=0.0
  923.  
  924. ##### Multiple BSSID support #########################
  925. #########################
  926. #
  927. # Above configuration is using the default interface (
  928. wlan#, or multi-SSID VLAN
  929. # interfaces). Other BSSIDs can be added by using sepa
  930. rator 'bss' with
  931. # default interface name to be allocated for the data
  932. packets of the new BSS.
  933. #
  934. # hostapd will generate BSSID mask based on the BSSIDs
  935. that are
  936. # configured. hostapd will verify that dev_addr & MASK
  937. == dev_addr. If this is
  938. # not the case, the MAC address of the radio must be c
  939. hanged before starting
  940. # hostapd (ifconfig wlan0 hw ether <MAC addr>). If a B
  941. SSID is configured for
  942. # every secondary BSS, this limitation is not applied
  943. at hostapd and other
  944. # masks may be used if the driver supports them (e.g.,
  945. swap the locally
  946. # administered bit)
  947. #
  948. # BSSIDs are assigned in order to each BSS, unless an
  949. explicit BSSID is
  950. # specified using the 'bssid' parameter.
  951. # If an explicit BSSID is specified, it must be chosen
  952. such that it:
  953. # - results in a valid MASK that covers it and the dev
  954. _addr
  955. # - is not the same as the MAC address of the radio
  956. # - is not the same as any other explicitly specified
  957. BSSID
  958. #
  959. # Not all drivers support multiple BSSes. The exact me
  960. chanism for determining
  961. # the driver capabilities is driver specific. With the
  962. current (i.e., a recent
  963. # kernel) drivers using nl80211, this information can
  964. be checked with "iw list"
  965. # (search for "valid interface combinations").
  966. #
  967. # Please note that hostapd uses some of the values con
  968. figured for the first BSS
  969. # as the defaults for the following BSSes. However, it
  970. is recommended that all
  971. # BSSes include explicit configuration of all relevant
  972. configuration items.
  973. #
  974. #bss=wlan0_0
  975. #ssid=test2
  976. # most of the above items can be used here (apart from
  977. radio interface specific
  978. # items, like channel)
  979.  
  980. #bss=wlan0_1
  981. #bssid=00:13:10:95:fe:0b
  982. # ...
  983. root@raspberrypi:/home/pi# cat /etc/dhcp/dhcpd.conf
  984. # If this DHCP server is the official DHCP server for
  985. the local
  986. # network, the authoritative directive should be uncom
  987. mented.
  988. authoritative;
  989.  
  990. # No service will be given on this subnet, but declari
  991. ng it helps the
  992. # DHCP server to understand the network topology.
  993.  
  994. subnet 192.168.3.0 netmask 255.255.255.0 {
  995. range 192.168.3.2 192.168.3.30;
  996. option broadcast-address 192.168.255.255;
  997. option routers 192.168.3.1;
  998. option domain-name-servers 10.8.0.1;
  999. }
  1000. root@raspberrypi:/home/pi#
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×