Advertisement
Guest User

Untitled

a guest
Dec 9th, 2016
176
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. the SSID is changed.
  2. # wpa_psk (dot11RSNAConfigPSKValue)
  3. # wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
  4. #wpa_psk=0123456789abcdef0123456789abcdef0123456789abc
  5. def0123456789abcdef
  6. wpa_passphrase=18071952
  7.  
  8. # Optionally, WPA PSKs can be read from a separate tex
  9. t file (containing list
  10. # of (PSK,MAC address) pairs. This allows more than on
  11. e PSK to be configured.
  12. # Use absolute path name to make sure that the files c
  13. an be read on SIGHUP
  14. # configuration reloads.
  15. #wpa_psk_file=/etc/hostapd.wpa_psk
  16.  
  17. # Optionally, WPA passphrase can be received from RADI
  18. US authentication server
  19. # This requires macaddr_acl to be set to 2 (RADIUS)
  20. # 0 = disabled (default)
  21. # 1 = optional; use default passphrase/psk if RADIUS s
  22. erver does not include
  23. # Tunnel-Password
  24. # 2 = required; reject authentication if RADIUS server
  25. does not include
  26. # Tunnel-Password
  27. #wpa_psk_radius=0
  28.  
  29. # Set of accepted key management algorithms (WPA-PSK,
  30. WPA-EAP, or both). The
  31. # entries are separated with a space. WPA-PSK-SHA256 a
  32. nd WPA-EAP-SHA256 can be
  33. # added to enable SHA256-based stronger algorithms.
  34. # (dot11RSNAConfigAuthenticationSuitesTable)
  35. #wpa_key_mgmt=WPA-PSK WPA-EAP
  36.  
  37. # Set of accepted cipher suites (encryption algorithms
  38. ) for pairwise keys
  39. # (unicast packets). This is a space separated list of
  40. algorithms:
  41. # CCMP = AES in Counter mode with CBC-MAC [RFC 3610, I
  42. EEE 802.11i/D7.0]
  43. # TKIP = Temporal Key Integrity Protocol [IEEE 802.11i
  44. /D7.0]
  45. # Group cipher suite (encryption algorithm for broadca
  46. st and multicast frames)
  47. # is automatically selected based on this configuratio
  48. n. If only CCMP is
  49. # allowed as the pairwise cipher, group cipher will al
  50. so be CCMP. Otherwise,
  51. # TKIP will be used as the group cipher.
  52. # (dot11RSNAConfigPairwiseCiphersTable)
  53. # Pairwise cipher for WPA (v1) (default: TKIP)
  54. #wpa_pairwise=TKIP CCMP
  55. # Pairwise cipher for RSN/WPA2 (default: use wpa_pairw
  56. ise value)
  57. #rsn_pairwise=CCMP
  58.  
  59. # Time interval for rekeying GTK (broadcast/multicast
  60. encryption keys) in
  61. # seconds. (dot11RSNAConfigGroupRekeyTime)
  62. #wpa_group_rekey=600
  63.  
  64. # Rekey GTK when any STA that possesses the current GT
  65. K is leaving the BSS.
  66. # (dot11RSNAConfigGroupRekeyStrict)
  67. #wpa_strict_rekey=1
  68.  
  69. # Time interval for rekeying GMK (master key used inte
  70. rnally to generate GTKs
  71. # (in seconds).
  72. #wpa_gmk_rekey=86400
  73.  
  74. # Maximum lifetime for PTK in seconds. This can be use
  75. d to enforce rekeying of
  76. # PTK to mitigate some attacks against TKIP deficienci
  77. es.
  78. #wpa_ptk_rekey=600
  79.  
  80. # Enable IEEE 802.11i/RSN/WPA2 pre-authentication. Thi
  81. s is used to speed up
  82. # roaming be pre-authenticating IEEE 802.1X/EAP part o
  83. f the full RSN
  84. # authentication and key handshake before actually ass
  85. ociating with a new AP.
  86. # (dot11RSNAPreauthenticationEnabled)
  87. #rsn_preauth=1
  88. #
  89. # Space separated list of interfaces from which pre-au
  90. thentication frames are
  91. # accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This lis
  92. t should include all
  93. # interface that are used for connections to other APs
  94. . This could include
  95. # wired interfaces and WDS links. The normal wireless
  96. data interface towards
  97. # associated stations (e.g., wlan0) should not be adde
  98. d, since
  99. # pre-authentication is only used with APs other than
  100. the currently associated
  101. # one.
  102. #rsn_preauth_interfaces=eth0
  103.  
  104. # peerkey: Whether PeerKey negotiation for direct link
  105. s (IEEE 802.11e) is
  106. # allowed. This is only used with RSN/WPA2.
  107. # 0 = disabled (default)
  108. # 1 = enabled
  109. #peerkey=1
  110.  
  111. # ieee80211w: Whether management frame protection (MFP
  112. ) is enabled
  113. # 0 = disabled (default)
  114. # 1 = optional
  115. # 2 = required
  116. #ieee80211w=0
  117.  
  118. # Group management cipher suite
  119. # Default: AES-128-CMAC (BIP)
  120. # Other options (depending on driver support):
  121. # BIP-GMAC-128
  122. # BIP-GMAC-256
  123. # BIP-CMAC-256
  124. # Note: All the stations connecting to the BSS will al
  125. so need to support the
  126. # selected cipher. The default AES-128-CMAC is the onl
  127. y option that is commonly
  128. # available in deployed devices.
  129. #group_mgmt_cipher=AES-128-CMAC
  130.  
  131. # Association SA Query maximum timeout (in TU = 1.024
  132. ms; for MFP)
  133. # (maximum time to wait for a SA Query response)
  134. # dot11AssociationSAQueryMaximumTimeout, 1...429496729
  135. 5
  136. #assoc_sa_query_max_timeout=1000
  137.  
  138. # Association SA Query retry timeout (in TU = 1.024 ms
  139. ; for MFP)
  140. # (time between two subsequent SA Query requests)
  141. # dot11AssociationSAQueryRetryTimeout, 1...4294967295
  142. #assoc_sa_query_retry_timeout=201
  143.  
  144. # disable_pmksa_caching: Disable PMKSA caching
  145. # This parameter can be used to disable caching of PMK
  146. SA created through EAP
  147. # authentication. RSN preauthentication may still end
  148. up using PMKSA caching if
  149. # it is enabled (rsn_preauth=1).
  150. # 0 = PMKSA caching enabled (default)
  151. # 1 = PMKSA caching disabled
  152. #disable_pmksa_caching=0
  153.  
  154. # okc: Opportunistic Key Caching (aka Proactive Key Ca
  155. ching)
  156. # Allow PMK cache to be shared opportunistically among
  157. configured interfaces
  158. # and BSSes (i.e., all configurations within a single
  159. hostapd process).
  160. # 0 = disabled (default)
  161. # 1 = enabled
  162. #okc=1
  163.  
  164. # SAE threshold for anti-clogging mechanism (dot11RSNA
  165. SAEAntiCloggingThreshold)
  166. # This parameter defines how many open SAE instances c
  167. an be in progress at the
  168. # same time before the anti-clogging mechanism is take
  169. n into use.
  170. #sae_anti_clogging_threshold=5
  171.  
  172. # Enabled SAE finite cyclic groups
  173. # SAE implementation are required to support group 19
  174. (ECC group defined over a
  175. # 256-bit prime order field). All groups that are supp
  176. orted by the
  177. # implementation are enabled by default. This configur
  178. ation parameter can be
  179. # used to specify a limited set of allowed groups. The
  180. group values are listed
  181. # in the IANA registry:
  182. # http://www.iana.org/assignments/ipsec-registry/ipsec
  183. -registry.xml#ipsec-registry-9
  184. #sae_groups=19 20 21 25 26
  185.  
  186. ##### IEEE 802.11r configuration #####################
  187. #########################
  188.  
  189. # Mobility Domain identifier (dot11FTMobilityDomainID,
  190. MDID)
  191. # MDID is used to indicate a group of APs (within an E
  192. SS, i.e., sharing the
  193. # same SSID) between which a STA can use Fast BSS Tran
  194. sition.
  195. # 2-octet identifier as a hex string.
  196. #mobility_domain=a1b2
  197.  
  198. # PMK-R0 Key Holder identifier (dot11FTR0KeyHolderID)
  199. # 1 to 48 octet identifier.
  200. # This is configured with nas_identifier (see RADIUS c
  201. lient section above).
  202.  
  203. # Default lifetime of the PMK-RO in minutes; range 1..
  204. 65535
  205. # (dot11FTR0KeyLifetime)
  206. #r0_key_lifetime=10000
  207.  
  208. # PMK-R1 Key Holder identifier (dot11FTR1KeyHolderID)
  209. # 6-octet identifier as a hex string.
  210. #r1_key_holder=000102030405
  211.  
  212. # Reassociation deadline in time units (TUs / 1.024 ms
  213. ; range 1000..65535)
  214. # (dot11FTReassociationDeadline)
  215. #reassociation_deadline=1000
  216.  
  217. # List of R0KHs in the same Mobility Domain
  218. # format: <MAC address> <NAS Identifier> <128-bit key
  219. as hex string>
  220. # This list is used to map R0KH-ID (NAS Identifier) to
  221. a destination MAC
  222. # address when requesting PMK-R1 key from the R0KH tha
  223. t the STA used during the
  224. # Initial Mobility Domain Association.
  225. #r0kh=02:01:02:03:04:05 r0kh-1.example.com 00010203040
  226. 5060708090a0b0c0d0e0f
  227. #r0kh=02:01:02:03:04:06 r0kh-2.example.com 00112233445
  228. 566778899aabbccddeeff
  229. # And so on.. One line per R0KH.
  230.  
  231. # List of R1KHs in the same Mobility Domain
  232. # format: <MAC address> <R1KH-ID> <128-bit key as hex
  233. string>
  234. # This list is used to map R1KH-ID to a destination MA
  235. C address when sending
  236. # PMK-R1 key from the R0KH. This is also the list of a
  237. uthorized R1KHs in the MD
  238. # that can request PMK-R1 keys.
  239. #r1kh=02:01:02:03:04:05 02:11:22:33:44:55 000102030405
  240. 060708090a0b0c0d0e0f
  241. #r1kh=02:01:02:03:04:06 02:11:22:33:44:66 001122334455
  242. 66778899aabbccddeeff
  243. # And so on.. One line per R1KH.
  244.  
  245. # Whether PMK-R1 push is enabled at R0KH
  246. # 0 = do not push PMK-R1 to all configured R1KHs (defa
  247. ult)
  248. # 1 = push PMK-R1 to all configured R1KHs whenever a n
  249. ew PMK-R0 is derived
  250. #pmk_r1_push=1
  251.  
  252. ##### Neighbor table #################################
  253. #########################
  254. # Maximum number of entries kept in AP table (either f
  255. or neigbor table or for
  256. # detecting Overlapping Legacy BSS Condition). The old
  257. est entry will be
  258. # removed when adding a new entry that would make the
  259. list grow over this
  260. # limit. Note! WFA certification for IEEE 802.11g requ
  261. ires that OLBC is
  262. # enabled, so this field should not be set to 0 when u
  263. sing IEEE 802.11g.
  264. # default: 255
  265. #ap_table_max_size=255
  266.  
  267. # Number of seconds of no frames received after which
  268. entries may be deleted
  269. # from the AP table. Since passive scanning is not usu
  270. ally performed frequently
  271. # this should not be set to very small value. In addit
  272. ion, there is no
  273. # guarantee that every scan cycle will receive beacon
  274. frames from the
  275. # neighboring APs.
  276. # default: 60
  277. #ap_table_expiration_time=3600
  278.  
  279.  
  280. ##### Wi-Fi Protected Setup (WPS) ####################
  281. #########################
  282.  
  283. # WPS state
  284. # 0 = WPS disabled (default)
  285. # 1 = WPS enabled, not configured
  286. # 2 = WPS enabled, configured
  287. #wps_state=2
  288.  
  289. # Whether to manage this interface independently from
  290. other WPS interfaces
  291. # By default, a single hostapd process applies WPS ope
  292. rations to all configured
  293. # interfaces. This parameter can be used to disable th
  294. at behavior for a subset
  295. # of interfaces. If this is set to non-zero for an int
  296. erface, WPS commands
  297. # issued on that interface do not apply to other inter
  298. faces and WPS operations
  299. # performed on other interfaces do not affect this int
  300. erface.
  301. #wps_independent=0
  302.  
  303. # AP can be configured into a locked state where new W
  304. PS Registrar are not
  305. # accepted, but previously authorized Registrars (incl
  306. uding the internal one)
  307. # can continue to add new Enrollees.
  308. #ap_setup_locked=1
  309.  
  310. # Universally Unique IDentifier (UUID; see RFC 4122) o
  311. f the device
  312. # This value is used as the UUID for the internal WPS
  313. Registrar. If the AP
  314. # is also using UPnP, this value should be set to the
  315. device's UPnP UUID.
  316. # If not configured, UUID will be generated based on t
  317. he local MAC address.
  318. #uuid=12345678-9abc-def0-1234-56789abcdef0
  319.  
  320. # Note: If wpa_psk_file is set, WPS is used to generat
  321. e random, per-device PSKs
  322. # that will be appended to the wpa_psk_file. If wpa_ps
  323. k_file is not set, the
  324. # default PSK (wpa_psk/wpa_passphrase) will be deliver
  325. ed to Enrollees. Use of
  326. # per-device PSKs is recommended as the more secure op
  327. tion (i.e., make sure to
  328. # set wpa_psk_file when using WPS with WPA-PSK).
  329.  
  330. # When an Enrollee requests access to the network with
  331. PIN method, the Enrollee
  332. # PIN will need to be entered for the Registrar. PIN r
  333. equest notifications are
  334. # sent to hostapd ctrl_iface monitor. In addition, the
  335. y can be written to a
  336. # text file that could be used, e.g., to populate the
  337. AP administration UI with
  338. # pending PIN requests. If the following variable is s
  339. et, the PIN requests will
  340. # be written to the configured file.
  341. #wps_pin_requests=/var/run/hostapd_wps_pin_requests
  342.  
  343. # Device Name
  344. # User-friendly description of device; up to 32 octets
  345. encoded in UTF-8
  346. #device_name=Wireless AP
  347.  
  348. # Manufacturer
  349. # The manufacturer of the device (up to 64 ASCII chara
  350. cters)
  351. #manufacturer=Company
  352.  
  353. # Model Name
  354. # Model of the device (up to 32 ASCII characters)
  355. #model_name=WAP
  356.  
  357. # Model Number
  358. # Additional device description (up to 32 ASCII charac
  359. ters)
  360. #model_number=123
  361.  
  362. # Serial Number
  363. # Serial number of the device (up to 32 characters)
  364. #serial_number=12345
  365.  
  366. # Primary Device Type
  367. # Used format: <categ>-<OUI>-<subcateg>
  368. # categ = Category as an integer value
  369. # OUI = OUI and type octet as a 4-octet hex-encoded va
  370. lue; 0050F204 for
  371. # default WPS OUI
  372. # subcateg = OUI-specific Sub Category as an integer v
  373. alue
  374. # Examples:
  375. # 1-0050F204-1 (Computer / PC)
  376. # 1-0050F204-2 (Computer / Server)
  377. # 5-0050F204-1 (Storage / NAS)
  378. # 6-0050F204-1 (Network Infrastructure / AP)
  379. #device_type=6-0050F204-1
  380.  
  381. # OS Version
  382. # 4-octet operating system version number (hex string)
  383. #os_version=01020300
  384.  
  385. # Config Methods
  386. # List of the supported configuration methods
  387. # Available methods: usba ethernet label display ext_n
  388. fc_token int_nfc_token
  389. # nfc_interface push_button keypad virtual_displ
  390. ay physical_display
  391. # virtual_push_button physical_push_button
  392. #config_methods=label virtual_display virtual_push_but
  393. ton keypad
  394.  
  395. # WPS capability discovery workaround for PBC with Win
  396. dows 7
  397. # Windows 7 uses incorrect way of figuring out AP's WP
  398. S capabilities by acting
  399. # as a Registrar and using M1 from the AP. The config
  400. methods attribute in that
  401. # message is supposed to indicate only the configurati
  402. on method supported by
  403. # the AP in Enrollee role, i.e., to add an external Re
  404. gistrar. For that case,
  405. # PBC shall not be used and as such, the PushButton co
  406. nfig method is removed
  407. # from M1 by default. If pbc_in_m1=1 is included in th
  408. e configuration file,
  409. # the PushButton config method is left in M1 (if inclu
  410. ded in config_methods
  411. # parameter) to allow Windows 7 to use PBC instead of
  412. PIN (e.g., from a label
  413. # in the AP).
  414. #pbc_in_m1=1
  415.  
  416. # Static access point PIN for initial configuration an
  417. d adding Registrars
  418. # If not set, hostapd will not allow external WPS Regi
  419. strars to control the
  420. # access point. The AP PIN can also be set at runtime
  421. with hostapd_cli
  422. # wps_ap_pin command. Use of temporary (enabled by use
  423. r action) and random
  424. # AP PIN is much more secure than configuring a static
  425. AP PIN here. As such,
  426. # use of the ap_pin parameter is not recommended if th
  427. e AP device has means for
  428. # displaying a random PIN.
  429. #ap_pin=12345670
  430.  
  431. # Skip building of automatic WPS credential
  432. # This can be used to allow the automatically generate
  433. d Credential attribute to
  434. # be replaced with pre-configured Credential(s).
  435. #skip_cred_build=1
  436.  
  437. # Additional Credential attribute(s)
  438. # This option can be used to add pre-configured Creden
  439. tial attributes into M8
  440. # message when acting as a Registrar. If skip_cred_bui
  441. ld=1, this data will also
  442. # be able to override the Credential attribute that wo
  443. uld have otherwise been
  444. # automatically generated based on network configurati
  445. on. This configuration
  446. # option points to an external file that much contain
  447. the WPS Credential
  448. # attribute(s) as binary data.
  449. #extra_cred=hostapd.cred
  450.  
  451. # Credential processing
  452. # 0 = process received credentials internally (defau
  453. lt)
  454. # 1 = do not process received credentials; just pass
  455. them over ctrl_iface to
  456. # external program(s)
  457. # 2 = process received credentials internally and pa
  458. ss them over ctrl_iface
  459. # to external program(s)
  460. # Note: With wps_cred_processing=1, skip_cred_build sh
  461. ould be set to 1 and
  462. # extra_cred be used to provide the Credential data fo
  463. r Enrollees.
  464. #
  465. # wps_cred_processing=1 will disabled automatic update
  466. s of hostapd.conf file
  467. # both for Credential processing and for marking AP Se
  468. tup Locked based on
  469. # validation failures of AP PIN. An external program i
  470. s responsible on updating
  471. # the configuration appropriately in this case.
  472. #wps_cred_processing=0
  473.  
  474. # AP Settings Attributes for M7
  475. # By default, hostapd generates the AP Settings Attrib
  476. utes for M7 based on the
  477. # current configuration. It is possible to override th
  478. is by providing a file
  479. # with pre-configured attributes. This is similar to e
  480. xtra_cred file format,
  481. # but the AP Settings attributes are not encapsulated
  482. in a Credential
  483. # attribute.
  484. #ap_settings=hostapd.ap_settings
  485.  
  486. # WPS UPnP interface
  487. # If set, support for external Registrars is enabled.
  488. #upnp_iface=br0
  489.  
  490. # Friendly Name (required for UPnP)
  491. # Short description for end use. Should be less than 6
  492. 4 characters.
  493. #friendly_name=WPS Access Point
  494.  
  495. # Manufacturer URL (optional for UPnP)
  496. #manufacturer_url=http://www.example.com/
  497.  
  498. # Model Description (recommended for UPnP)
  499. # Long description for end user. Should be less than 1
  500. 28 characters.
  501. #model_description=Wireless Access Point
  502.  
  503. # Model URL (optional for UPnP)
  504. #model_url=http://www.example.com/model/
  505.  
  506. # Universal Product Code (optional for UPnP)
  507. # 12-digit, all-numeric code that identifies the consu
  508. mer package.
  509. #upc=123456789012
  510.  
  511. # WPS RF Bands (a = 5G, b = 2.4G, g = 2.4G, ag = dual
  512. band)
  513. # This value should be set according to RF band(s) sup
  514. ported by the AP if
  515. # hw_mode is not set. For dual band dual concurrent de
  516. vices, this needs to be
  517. # set to ag to allow both RF bands to be advertized.
  518. #wps_rf_bands=ag
  519.  
  520. # NFC password token for WPS
  521. # These parameters can be used to configure a fixed NF
  522. C password token for the
  523. # AP. This can be generated, e.g., with nfc_pw_token f
  524. rom wpa_supplicant. When
  525. # these parameters are used, the AP is assumed to be d
  526. eployed with a NFC tag
  527. # that includes the matching NFC password token (e.g.,
  528. written based on the
  529. # NDEF record from nfc_pw_token).
  530. #
  531. #wps_nfc_dev_pw_id: Device Password ID (16..65535)
  532. #wps_nfc_dh_pubkey: Hexdump of DH Public Key
  533. #wps_nfc_dh_privkey: Hexdump of DH Private Key
  534. #wps_nfc_dev_pw: Hexdump of Device Password
  535.  
  536. ##### Wi-Fi Direct (P2P) #############################
  537. #########################
  538.  
  539. # Enable P2P Device management
  540. #manage_p2p=1
  541.  
  542. # Allow cross connection
  543. #allow_cross_connection=1
  544.  
  545. #### TDLS (IEEE 802.11z-2010) ########################
  546. #########################
  547.  
  548. # Prohibit use of TDLS in this BSS
  549. #tdls_prohibit=1
  550.  
  551. # Prohibit use of TDLS Channel Switching in this BSS
  552. #tdls_prohibit_chan_switch=1
  553.  
  554. ##### IEEE 802.11v-2011 ##############################
  555. #########################
  556.  
  557. # Time advertisement
  558. # 0 = disabled (default)
  559. # 2 = UTC time at which the TSF timer is 0
  560. #time_advertisement=2
  561.  
  562. # Local time zone as specified in 8.3 of IEEE Std 1003
  563. .1-2004:
  564. # stdoffset[dst[offset][,start[/time],end[/time]]]
  565. #time_zone=EST5
  566.  
  567. # WNM-Sleep Mode (extended sleep mode for stations)
  568. # 0 = disabled (default)
  569. # 1 = enabled (allow stations to use WNM-Sleep Mode)
  570. #wnm_sleep_mode=1
  571.  
  572. # BSS Transition Management
  573. # 0 = disabled (default)
  574. # 1 = enabled
  575. #bss_transition=1
  576.  
  577. ##### IEEE 802.11u-2011 ##############################
  578. #########################
  579.  
  580. # Enable Interworking service
  581. #interworking=1
  582.  
  583. # Access Network Type
  584. # 0 = Private network
  585. # 1 = Private network with guest access
  586. # 2 = Chargeable public network
  587. # 3 = Free public network
  588. # 4 = Personal device network
  589. # 5 = Emergency services only network
  590. # 14 = Test or experimental
  591. # 15 = Wildcard
  592. #access_network_type=0
  593.  
  594. # Whether the network provides connectivity to the Int
  595. ernet
  596. # 0 = Unspecified
  597. # 1 = Network provides connectivity to the Internet
  598. #internet=1
  599.  
  600. # Additional Step Required for Access
  601. # Note: This is only used with open network, i.e., ASR
  602. A shall ne set to 0 if
  603. # RSN is used.
  604. #asra=0
  605.  
  606. # Emergency services reachable
  607. #esr=0
  608.  
  609. # Unauthenticated emergency service accessible
  610. #uesa=0
  611.  
  612. # Venue Info (optional)
  613. # The available values are defined in IEEE Std 802.11u
  614. -2011, 7.3.1.34.
  615. # Example values (group,type):
  616. # 0,0 = Unspecified
  617. # 1,7 = Convention Center
  618. # 1,13 = Coffee Shop
  619. # 2,0 = Unspecified Business
  620. # 7,1 Private Residence
  621. #venue_group=7
  622. #venue_type=1
  623.  
  624. # Homogeneous ESS identifier (optional; dot11HESSID)
  625. # If set, this shall be identifical to one of the BSSI
  626. Ds in the homogeneous
  627. # ESS and this shall be set to the same value across a
  628. ll BSSs in homogeneous
  629. # ESS.
  630. #hessid=02:03:04:05:06:07
  631.  
  632. # Roaming Consortium List
  633. # Arbitrary number of Roaming Consortium OIs can be co
  634. nfigured with each line
  635. # adding a new OI to the list. The first three entries
  636. are available through
  637. # Beacon and Probe Response frames. Any additional ent
  638. ry will be available only
  639. # through ANQP queries. Each OI is between 3 and 15 oc
  640. tets and is configured as
  641. # a hexstring.
  642. #roaming_consortium=021122
  643. #roaming_consortium=2233445566
  644.  
  645. # Venue Name information
  646. # This parameter can be used to configure one or more
  647. Venue Name Duples for
  648. # Venue Name ANQP information. Each entry has a two or
  649. three character language
  650. # code (ISO-639) separated by colon from the venue nam
  651. e string.
  652. # Note that venue_group and venue_type have to be set
  653. for Venue Name
  654. # information to be complete.
  655. #venue_name=eng:Example venue
  656. #venue_name=fin:Esimerkkipaikka
  657. # Alternative format for language:value strings:
  658. # (double quoted string, printf-escaped string)
  659. #venue_name=P"eng:Example\nvenue"
  660.  
  661. # Network Authentication Type
  662. # This parameter indicates what type of network authen
  663. tication is used in the
  664. # network.
  665. # format: <network auth type indicator (1-octet hex st
  666. r)> [redirect URL]
  667. # Network Authentication Type Indicator values:
  668. # 00 = Acceptance of terms and conditions
  669. # 01 = On-line enrollment supported
  670. # 02 = http/https redirection
  671. # 03 = DNS redirection
  672. #network_auth_type=00
  673. #network_auth_type=02http://www.example.com/redirect/m
  674. e/here/
  675.  
  676. # IP Address Type Availability
  677. # format: <1-octet encoded value as hex str>
  678. # (ipv4_type & 0x3f) << 2 | (ipv6_type & 0x3)
  679. # ipv4_type:
  680. # 0 = Address type not available
  681. # 1 = Public IPv4 address available
  682. # 2 = Port-restricted IPv4 address available
  683. # 3 = Single NATed private IPv4 address available
  684. # 4 = Double NATed private IPv4 address available
  685. # 5 = Port-restricted IPv4 address and single NATed IP
  686. v4 address available
  687. # 6 = Port-restricted IPv4 address and double NATed IP
  688. v4 address available
  689. # 7 = Availability of the address type is not known
  690. # ipv6_type:
  691. # 0 = Address type not available
  692. # 1 = Address type available
  693. # 2 = Availability of the address type not known
  694. #ipaddr_type_availability=14
  695.  
  696. # Domain Name
  697. # format: <variable-octet str>[,<variable-octet str>]
  698. #domain_name=example.com,another.example.com,yet-anoth
  699. er.example.com
  700.  
  701. # 3GPP Cellular Network information
  702. # format: <MCC1,MNC1>[;<MCC2,MNC2>][;...]
  703. #anqp_3gpp_cell_net=244,91;310,026;234,56
  704.  
  705. # NAI Realm information
  706. # One or more realm can be advertised. Each nai_realm
  707. line adds a new realm to
  708. # the set. These parameters provide information for st
  709. ations using Interworking
  710. # network selection to allow automatic connection to a
  711. network based on
  712. # credentials.
  713. # format: <encoding>,<NAI Realm(s)>[,<EAP Method 1>][,
  714. <EAP Method 2>][,...]
  715. # encoding:
  716. # 0 = Realm formatted in accordance with IETF RF
  717. C 4282
  718. # 1 = UTF-8 formatted character string that is n
  719. ot formatted in
  720. # accordance with IETF RFC 4282
  721. # NAI Realm(s): Semi-colon delimited NAI Realm(s)
  722. # EAP Method: <EAP Method>[:<[AuthParam1:Val1]>][<[Aut
  723. hParam2:Val2]>][...]
  724. # EAP Method types, see:
  725. # http://www.iana.org/assignments/eap-numbers/eap-numb
  726. ers.xhtml#eap-numbers-4
  727. # AuthParam (Table 8-188 in IEEE Std 802.11-2012):
  728. # ID 2 = Non-EAP Inner Authentication Type
  729. # 1 = PAP, 2 = CHAP, 3 = MSCHAP, 4 = MSCHAPV2
  730. # ID 3 = Inner authentication EAP Method Type
  731. # ID 5 = Credential Type
  732. # 1 = SIM, 2 = USIM, 3 = NFC Secure Element, 4 =
  733. Hardware Token,
  734. # 5 = Softoken, 6 = Certificate, 7 = username/pa
  735. ssword, 9 = Anonymous,
  736. # 10 = Vendor Specific
  737. #nai_realm=0,example.com;example.net
  738. # EAP methods EAP-TLS with certificate and EAP-TTLS/MS
  739. CHAPv2 with
  740. # username/password
  741. #nai_realm=0,example.org,13[5:6],21[2:4][5:7]
  742.  
  743. # QoS Map Set configuration
  744. #
  745. # Comma delimited QoS Map Set in decimal values
  746. # (see IEEE Std 802.11-2012, 8.4.2.97)
  747. #
  748. # format:
  749. # [<DSCP Exceptions[DSCP,UP]>,]<UP 0 range[low,high]>,
  750. ...<UP 7 range[low,high]>
  751. #
  752. # There can be up to 21 optional DSCP Exceptions which
  753. are pairs of DSCP Value
  754. # (0..63 or 255) and User Priority (0..7). This is fol
  755. lowed by eight DSCP Range
  756. # descriptions with DSCP Low Value and DSCP High Value
  757. pairs (0..63 or 255) for
  758. # each UP starting from 0. If both low and high value
  759. are set to 255, the
  760. # corresponding UP is not used.
  761. #
  762. # default: not set
  763. #qos_map_set=53,2,22,6,8,15,0,7,255,255,16,31,32,39,25
  764. 5,255,40,47,255,255
  765.  
  766. ##### Hotspot 2.0 ####################################
  767. #########################
  768.  
  769. # Enable Hotspot 2.0 support
  770. #hs20=1
  771.  
  772. # Disable Downstream Group-Addressed Forwarding (DGAF)
  773. # This can be used to configure a network where no gro
  774. up-addressed frames are
  775. # allowed. The AP will not forward any group-address f
  776. rames to the stations and
  777. # random GTKs are issued for each station to prevent a
  778. ssociated stations from
  779. # forging such frames to other stations in the BSS.
  780. #disable_dgaf=1
  781.  
  782. # OSU Server-Only Authenticated L2 Encryption Network
  783. #osen=1
  784.  
  785. # ANQP Domain ID (0..65535)
  786. # An identifier for a set of APs in an ESS that share
  787. the same common ANQP
  788. # information. 0 = Some of the ANQP information is uni
  789. que to this AP (default).
  790. #anqp_domain_id=1234
  791.  
  792. # Deauthentication request timeout
  793. # If the RADIUS server indicates that the station is n
  794. ot allowed to connect to
  795. # the BSS/ESS, the AP can allow the station some time
  796. to download a
  797. # notification page (URL included in the message). Thi
  798. s parameter sets that
  799. # timeout in seconds.
  800. #hs20_deauth_req_timeout=60
  801.  
  802. # Operator Friendly Name
  803. # This parameter can be used to configure one or more
  804. Operator Friendly Name
  805. # Duples. Each entry has a two or three character lang
  806. uage code (ISO-639)
  807. # separated by colon from the operator friendly name s
  808. tring.
  809. #hs20_oper_friendly_name=eng:Example operator
  810. #hs20_oper_friendly_name=fin:Esimerkkioperaattori
  811.  
  812. # Connection Capability
  813. # This can be used to advertise what type of IP traffi
  814. c can be sent through the
  815. # hotspot (e.g., due to firewall allowing/blocking pro
  816. tocols/ports).
  817. # format: <IP Protocol>:<Port Number>:<Status>
  818. # IP Protocol: 1 = ICMP, 6 = TCP, 17 = UDP
  819. # Port Number: 0..65535
  820. # Status: 0 = Closed, 1 = Open, 2 = Unknown
  821. # Each hs20_conn_capab line is added to the list of ad
  822. vertised tuples.
  823. #hs20_conn_capab=1:0:2
  824. #hs20_conn_capab=6:22:1
  825. #hs20_conn_capab=17:5060:0
  826.  
  827. # WAN Metrics
  828. # format: <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<
  829. UL Load>:<LMD>
  830. # WAN Info: B0-B1: Link Status, B2: Symmetric Link, B3
  831. : At Capabity
  832. # (encoded as two hex digits)
  833. # Link Status: 1 = Link up, 2 = Link down, 3 = Link
  834. in test state
  835. # Downlink Speed: Estimate of WAN backhaul link curren
  836. t downlink speed in kbps;
  837. # 1..4294967295; 0 = unknown
  838. # Uplink Speed: Estimate of WAN backhaul link current
  839. uplink speed in kbps
  840. # 1..4294967295; 0 = unknown
  841. # Downlink Load: Current load of downlink WAN connecti
  842. on (scaled to 255 = 100%)
  843. # Uplink Load: Current load of uplink WAN connection (
  844. scaled to 255 = 100%)
  845. # Load Measurement Duration: Duration for measuring do
  846. wnlink/uplink load in
  847. # tenths of a second (1..65535); 0 if load cannot be d
  848. etermined
  849. #hs20_wan_metrics=01:8000:1000:80:240:3000
  850.  
  851. # Operating Class Indication
  852. # List of operating classes the BSSes in this ESS use.
  853. The Global operating
  854. # classes in Table E-4 of IEEE Std 802.11-2012 Annex E
  855. define the values that
  856. # can be used in this.
  857. # format: hexdump of operating class octets
  858. # for example, operating classes 81 (2.4 GHz channels
  859. 1-13) and 115 (5 GHz
  860. # channels 36-48):
  861. #hs20_operating_class=5173
  862.  
  863. # OSU icons
  864. # <Icon Width>:<Icon Height>:<Language code>:<Icon Typ
  865. e>:<Name>:<file path>
  866. #hs20_icon=32:32:eng:image/png:icon32:/tmp/icon32.png
  867. #hs20_icon=64:64:eng:image/png:icon64:/tmp/icon64.png
  868.  
  869. # OSU SSID (see ssid2 for format description)
  870. # This is the SSID used for all OSU connections to all
  871. the listed OSU Providers.
  872. #osu_ssid="example"
  873.  
  874. # OSU Providers
  875. # One or more sets of following parameter. Each OSU pr
  876. ovider is started by the
  877. # mandatory osu_server_uri item. The other parameters
  878. add information for the
  879. # last added OSU provider.
  880. #
  881. #osu_server_uri=https://example.com/osu/
  882. #osu_friendly_name=eng:Example operator
  883. #osu_friendly_name=fin:Esimerkkipalveluntarjoaja
  884. #osu_nai=anonymous@example.com
  885. #osu_method_list=1 0
  886. #osu_icon=icon32
  887. #osu_icon=icon64
  888. #osu_service_desc=eng:Example services
  889. #osu_service_desc=fin:Esimerkkipalveluja
  890. #
  891. #osu_server_uri=...
  892.  
  893. ##### TESTING OPTIONS ################################
  894. #########################
  895. #
  896. # The options in this section are only available when
  897. the build configuration
  898. # option CONFIG_TESTING_OPTIONS is set while compiling
  899. hostapd. They allow
  900. # testing some scenarios that are otherwise difficult
  901. to reproduce.
  902. #
  903. # Ignore probe requests sent to hostapd with the given
  904. probability, must be a
  905. # floating point number in the range [0, 1).
  906. #ignore_probe_probability=0.0
  907. #
  908. # Ignore authentication frames with the given probabil
  909. ity
  910. #ignore_auth_probability=0.0
  911. #
  912. # Ignore association requests with the given probabili
  913. ty
  914. #ignore_assoc_probability=0.0
  915. #
  916. # Ignore reassociation requests with the given probabi
  917. lity
  918. #ignore_reassoc_probability=0.0
  919. #
  920. # Corrupt Key MIC in GTK rekey EAPOL-Key frames with t
  921. he given probability
  922. #corrupt_gtk_rekey_mic_probability=0.0
  923.  
  924. ##### Multiple BSSID support #########################
  925. #########################
  926. #
  927. # Above configuration is using the default interface (
  928. wlan#, or multi-SSID VLAN
  929. # interfaces). Other BSSIDs can be added by using sepa
  930. rator 'bss' with
  931. # default interface name to be allocated for the data
  932. packets of the new BSS.
  933. #
  934. # hostapd will generate BSSID mask based on the BSSIDs
  935. that are
  936. # configured. hostapd will verify that dev_addr & MASK
  937. == dev_addr. If this is
  938. # not the case, the MAC address of the radio must be c
  939. hanged before starting
  940. # hostapd (ifconfig wlan0 hw ether <MAC addr>). If a B
  941. SSID is configured for
  942. # every secondary BSS, this limitation is not applied
  943. at hostapd and other
  944. # masks may be used if the driver supports them (e.g.,
  945. swap the locally
  946. # administered bit)
  947. #
  948. # BSSIDs are assigned in order to each BSS, unless an
  949. explicit BSSID is
  950. # specified using the 'bssid' parameter.
  951. # If an explicit BSSID is specified, it must be chosen
  952. such that it:
  953. # - results in a valid MASK that covers it and the dev
  954. _addr
  955. # - is not the same as the MAC address of the radio
  956. # - is not the same as any other explicitly specified
  957. BSSID
  958. #
  959. # Not all drivers support multiple BSSes. The exact me
  960. chanism for determining
  961. # the driver capabilities is driver specific. With the
  962. current (i.e., a recent
  963. # kernel) drivers using nl80211, this information can
  964. be checked with "iw list"
  965. # (search for "valid interface combinations").
  966. #
  967. # Please note that hostapd uses some of the values con
  968. figured for the first BSS
  969. # as the defaults for the following BSSes. However, it
  970. is recommended that all
  971. # BSSes include explicit configuration of all relevant
  972. configuration items.
  973. #
  974. #bss=wlan0_0
  975. #ssid=test2
  976. # most of the above items can be used here (apart from
  977. radio interface specific
  978. # items, like channel)
  979.  
  980. #bss=wlan0_1
  981. #bssid=00:13:10:95:fe:0b
  982. # ...
  983. root@raspberrypi:/home/pi# cat /etc/dhcp/dhcpd.conf
  984. # If this DHCP server is the official DHCP server for
  985. the local
  986. # network, the authoritative directive should be uncom
  987. mented.
  988. authoritative;
  989.  
  990. # No service will be given on this subnet, but declari
  991. ng it helps the
  992. # DHCP server to understand the network topology.
  993.  
  994. subnet 192.168.3.0 netmask 255.255.255.0 {
  995. range 192.168.3.2 192.168.3.30;
  996. option broadcast-address 192.168.255.255;
  997. option routers 192.168.3.1;
  998. option domain-name-servers 10.8.0.1;
  999. }
  1000. root@raspberrypi:/home/pi#
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement