| # Wireless access point |
| ## hostapd Addon to add a WiFi hotspot to IPFire |
| This addon gives IPfire the ability to manage wireless 802.11 connections and is required if the **<color blue>Blue</color>** network is assigned to a wireless card. |
| Make sure you have installed a compatible wireless card before attempting to use this addon. See the [network HCL](/en/hardware/networking) page in the wiki and/or ask for help in the forum. |
| When the country code is set to "00", the 5GHz band is disabled. Set your country code to enable more channels. |
| ---- |
| ## Setting up the Blue Network |
| ---- |
| ### Initial Setup |
| If the blue network has not been created and linked to an actual wireless card you will have to do that first. This can be done during [installation](en/installation/start#network) but can also be done in the console later on. |
| To setup the **<color blue>blue</color>** network from the console, login as "root" using your [password](en/installation/start#passwords). Then type |
| `setup` |
| and navigate to "**Network configuration**". |
| Here you will need to modify "**Network configuration type**", "**Drivers and card assignments**" and "**Address settings**". \\ |
| - The **Network configuration type** must be one of the two types with a **<color blue>blue</color>** network. \\ |
| It is important to give the blue network a different subnet than the other zones. |
| - Having defined a new **<color blue>blue</color>** network a [compatible wireless card](en/hardware/networking) must be assigned to it in "**Drivers and card assignments**". \\ |
| - "**Address settings**" will be covered in the next section. |
| ---- |
| ### Addressing and DHCP |
| ---- |
| #### Addressing |
| IPfire treats the **<color blue>Blue</color>** network as a completely separate network. By default clients cannot connect with the **<color green>Green</color>** network from it. If a client on the **<color blue>Blue</color>** network needs to communicate with a device on the **<color green>Green</color>** network you must add a rule to the firewall allowing access. Alternatively you can [bridge the two networks](en/configuration/network/bridge-green-blue) but this adds some security risk. |
| The **<color blue>blue</color>** interface needs a static IP address out of the **<color blue>blue</color>** network assigned to it. Make sure the **<color green>green</color>** and **<color blue>blue</color>**[](wp>Subnetwork)s are distinct. |
| For example if you have the **<color green>green</color>** network setup using the 192.168.0.0/24 subnet, use the 192.168.1.0/24 subnet for the **<color blue>blue</color>** network. |
| Once a suitable IP address has been determined it should be assigned in the console under "**Address settings**". |
| It is common use, to choose the first or last client address in the subnet ( i.e. .1 or .254 in a /24 net ). |
| ---- |
| #### DHCP |
| [](wp>Dynamic Host Configuration Protocol) is needed to pass out IP address to connecting clients. Chose a range of IP addresses that is from the same subnet as the **<color blue>blue</color>** network's default gateway address. The range cannot include the default gateways address. This range can then be set in the console or in the WUI under "network>DHCP server". |
|  |
|  |
| ---- |
| ## Pakfire |
| ---- |
| ### Installing the Add-on |
| At this stage a **<color blue>blue</color>** network should have been created and configured. All that is left to do is to install the add-on using IPfire's package manager. |
| The package manager is called "[pakfire](en/configuration/ipfire/pakfire)" and can be invoked from the console as well as from the WUI. |
| To use the WUI navigate to "**>> IPFire >> Pakfire**". There is a section labeled "**Available Addons:**" where you can find "**hostapd**" amongst the various add-ons. Select "**hostapd**" and then click on the "**+**" sign below the add-on box. Confirm the installation. |
| ---- |
| ### Wireless Settings |
| When pakfire installs hostapd, it adds a new page to the WUI. Navigate to this page via "**>> IPFire >> WLanAP**". On this page the wireless network can be turned on and off and you can find all the settings for the initial configuration. |
| - **SSID:** Enter a name for your wireless network. This should be different to any nearby networks. |
| - **SSID Broadcast:** This turns off broadcasting of the WLAN name (on is recommended) |
| - **HW Mode:** Select a hardware mode supported by your wireless card. |
| - **Encryption:** WPA2 is the most secure. |
| - **Channel:** Choose the channel with the least amount of other WiFi networks. Channels 1, 6 or 11 are [recommended](wp>List_of_WLAN_channels#2.4.C2.A0GHz_.28802.11b.2Fg.2Fn.29) for common 2.4 GHz Wi-Fi as they do not overlap each other. |
| - **Country Code:** Selecting your country can enable more channels in the selection box of channels (like 'de' adds channel 12 and 13, which is allowed for europe). The additional channels are availiable after save the parameter setting once and edit the parameter again. |
| - **Tx Power:** This controls the transmit power of the wireless radio. (more is not always better) |
| - **Passphrase:** If encryption is set, enter a passphrase. It is recommended to chose a secure passphrase with more than 8 digits, special characters and avoiding words from a dictionary. |
| - **HT Caps:** If your card supports [](wp>802.11n) or newer, enter the "High Throughput capabilities", or [MCS (Modulation and Coding Schemes)](wp>Modulation_and_coding_scheme) supported by it. Each value must be enclosed in square brackets "**[**" "**]**" with no spaces between them. |
| * <WRAP center round info 90%>If your WiFi adapter was manufactured in the last few years it is likely to support the 802.11n and will have some "High Throughput Capabilities". For these features to be enabled you must configure this field.</WRAP> |
| * You can find the capabilities of your wireless card by checking the detailed specifications on its product data sheet. Note any "High Throughput Capabilities", "MCS" values or "Modulation Techniques" which are supported. The HT Capabilities for some WiFi adapters tested with IPFire are noted in the [](en/hardware/networking). |
| * Depending on your country the capabilities available for your card may differ. This is due to Government regulation of radio signals. |
| * Some examples: [HT20][HT40+][HT40-][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC123][DSSS_CCK-40][LDPC] or [HT40-][TX-STBC][RX-STBC1][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40][HT-20][OFDM][BPSK][QPSK][16-QAM][64-QAM][DSSS][DBPSK][DQPSK][CCK][LDPC]. |
| - **Loglevel (hostapd):** Choose how much detail to capture in the logs. |
| Remember to save the settings by clicking the save icon below them. |
| Once the settings are configured and saved turn on the network by clicking on the <color green>green</color> up arrow. If all went well it should look like this: |
|  |
| ---- |
| ## Connecting Clients |
| ---- |
| When clients first connect to IPFire they will be assigned an IP address from the blue interface's DHCP server. However they cannot access the internet until their MAC address is specifically allowed in the MAC address filter. |
| The MAC address filter is located under the firewall tab and is called "**Blue Access**". There is also a link at the bottom of the "**WLanAP**" page. |
| To activate a client, first have that client attempt to connect to the Access Point. This should fail but it will add that client's MAC address to the blue access page. To the right of the client's MAC address there is an icon for adding the device. Once added, IPFire should allow access to the Access Point. |
| *See also the [Access to Blue](configuration/firewall/accesstoblue) page, which also includes instructions for disabling MAC Address filtering, if desired.* |
| ---- |
| Do **NOT** use the special character '**§**' in the encryption key as it will not work.</WRAP> |
| ### Additional Links |
| * http://wireless.kernel.org/en/users/Documentation/hostapd |
| * http://hostap.epitest.fi/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=hostapd/hostapd.conf for info on mapping HT Caps |