By Toradex秦海
1). 简介
本文介绍基于ARM嵌入式平台使用开源Hostapd软件配置测试WiFi Access Point模式,也就是AP模式。
本文所使用的ARM嵌入式平台来自于Toradex 基于NXP最新的iMX8 SoC(基于Cortex-A72+A53和Coretex-M4架构)的ARM计算机模块Apalis iMX8QM 4GB WB IT,模块上面集成了AzureWave AW-CM276NF WiFi/BT 模块,其具体WiFi参数如下:
2). 准备
a). Apalis iMX8QM 4GB WB IT ARM核心版配合Ioxra 载板,连接调试串口UART1(载板X22)到开发主机方便调试。
b). Apalis iMX8安装Toradex Ycoto Linux Reference Multimedia image V5.0.0 2020Q3季度版本,详细信息请参考这里。
c). WiFi模块安装标准WHF4接口天线,详情请参考这里。
3). WiFi AP模式配置
a). 查看WiFi模块AP模式端口uap0
-------------------------------
root@apalis-imx8:~# ifconfig -a |grep uap
uap0 Link encap:Ethernet HWaddr C0:E4:34:2F:C6:A1
-------------------------------
b). 配置Hostapd配置文件
./ file - /etc/hostapd.conf,Hostapd服务配置文件,里面预设了很多配置项目,这里只将必要的进行修改,其他可以自行根据实际需要来配置。
-------------------------------
--- a/etc/hostapd.conf
+++ b/etc/hostapd.conf
@@ -5,7 +5,7 @@
# management frames with the Host AP driver); wlan0 with many nl80211 drivers
# Note: This attribute can be overridden by the values supplied with the '-i'
# command line parameter.
-interface=wlan0
+interface=uap0
# In case of atheros and nl80211 driver interfaces, an additional
# configuration parameter, bridge, may be used to notify hostapd if the
@@ -85,7 +85,7 @@
##### IEEE 802.11 related configuration #######################################
# SSID to be used in IEEE 802.11 management frames
-ssid=test
+ssid=ap-apalis-imx8
# Alternative formats for configuring SSID
# (double quoted string, hexdump, printf-escaped string)
#ssid2="test"
@@ -1234,7 +1234,7 @@
# authentication with external ACL for MAC addresses, and accounting
# The own IP address of the access point (used as NAS-IP-Address)
-own_ip_addr=127.0.0.1
+own_ip_addr=192.168.8.1
# NAS-Identifier string for RADIUS messages. When used, this should be unique
# to the NAS within the scope of the RADIUS server. Please note that hostapd
@@ -1464,7 +1464,7 @@
# Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2.
# In other words, for WPA3, wpa=2 is used the configuration (and
# wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).
-#wpa=2
+wpa=2
# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit
# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase
@@ -1473,7 +1473,7 @@
# wpa_psk (dot11RSNAConfigPSKValue)
# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-#wpa_passphrase=secret passphrase
+wpa_passphrase=MyPassword1234
# Optionally, WPA PSKs can be read from a separate text file (containing list
# of (PSK,MAC address) pairs. This allows more than one PSK to be configured.
-------------------------------
上面是配置2.4GHz频段的AP,如果需要配置5GHz频段,则需要修改下面内容:
-------------------------------
hw_mode=a
channel=40
ieee80211n=1
-------------------------------
./ 文件 - /etc/systemd/network/hostapd.network,用于配置AP 固定IP以及DHCP服务
-------------------------------
[Match]
Name=
[Network]
Address=192.168.8.1/24
DHCPServer=yes
-------------------------------
c). 配置相关systemd启动服务
./ 开机自动启动WiFi服务,当然Linux BSP已经包含了 /lib/systemd/system/enable-wifi.service 服务文件,只需要后面通过systemctl命令使能即可。
-------------------------------
[Unit]
Description=Enable Wifi
BindsTo=sys-subsystem-net-devices-uap0.device
After=sys-subsystem-net-devices-uap0.device
[Service]
Type=oneshot
ExecStart=/usr/bin/connmanctl enable wifi
ExecStop=
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
-------------------------------
./ 修改默认的 Hostapd 服务文件,使其确定在Wifi服务以及uap0端口起来后再启动,避免出现启动失败。
-------------------------------
--- a/lib/systemd/system/hostapd.service
+++ b/lib/systemd/system/hostapd.service
@@ -1,6 +1,7 @@
[Unit]
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
-After=network.target
+BindsTo=sys-subsystem-net-devices-uap0.device
+After=sys-subsystem-net-devices-uap0.device
[Service]
Type=forking
-------------------------------
./ 重载并使能上述修改的服务然后重新启动
-------------------------------
$ systemctl --system daemon-reload
$ systemctl enable hostapd
$ systemctl enable enable-wifi.service
$ reboot
-------------------------------
c). 测试AP配置
./ 重启后,通过PC WiFi网卡扫描可以找到 ap-apalis-imx8 AP设备,使用上面配置文件设定的密码连接后,ping通讯正常
-------------------------------
// on apalis imx8 linux
root@apalis-imx8:~# ifconfig uap0
uap0 Link encap:Ethernet HWaddr C0:E4:34:2F:C6:A1
inet addr:192.168.8.1 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::c2e4:34ff:fe2f:c6a1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:78 errors:0 dropped:0 overruns:0 frame:0
TX packets:100 errors:39 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11466 (11.1 KiB) TX bytes:5792 (5.6 KiB)
// on Ubuntu desktop
$ ifconfig wlo1
wlo1: flags=4163
inet 192.168.8.72 netmask 255.255.255.0 broadcast 192.168.8.255
inet6 fe80::8f97:db63:7329:9efb prefixlen 64 scopeid 0x20
ether 3c:f0:11:6f:d0:47 txqueuelen 1000 (以太网)
RX packets 951788 bytes 722874574 (722.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 99168 bytes 16375180 (16.3 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ ping 192.168.8.1
PING 192.168.8.1 (192.168.8.1) 56(84) bytes of data.
64 bytes from 192.168.8.1: icmp_seq=1 ttl=64 time=5.82 ms
64 bytes from 192.168.8.1: icmp_seq=2 ttl=64 time=4.13 ms
64 bytes from 192.168.8.1: icmp_seq=3 ttl=64 time=4.15 ms
^C
--- 192.168.8.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 4.138/4.705/5.824/0.793 ms
-------------------------------
4). 网络共享功能配置
a). 将WiFi模块Client模式端口连接到可连接互联网的WiFi网络,用于作为下面AP端口网络共享的端口
./ 查看WiFi模块client模式端口
-------------------------------
root@apalis-imx8:~# ifconfig |grep mlan
mlan0 Link encap:Ethernet HWaddr C0:E4:34:2F:C4:A1
-------------------------------
./ 参考这里的说明,连接WiFi网络,连接后状态如下:
-------------------------------
root@apalis-imx8:~# ifconfig mlan0
mlan0 Link encap:Ethernet HWaddr C0:E4:34:2F:C4:A1
inet addr:10.20.1.123 Bcast:10.20.1.255 Mask:255.255.255.0
inet6 addr: fe80::c2e4:34ff:fe2f:c4a1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18613 errors:0 dropped:39 overruns:0 frame:0
TX packets:12421 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:20897583 (19.9 MiB) TX bytes:1621867 (1.5 MiB)
-------------------------------
b). 使能Packet Forwarding
文件 - /etc/sysctl.d/30-ipforward.conf
-------------------------------
net.ipv4.ip_forward=1
net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1
-------------------------------
c). 使能NAT
./ 首先需要kernel包含下面驱动,直接编译到kernel或者编译成kernel modules都可以,当前测试BSP是已经编译为kernel modules,如果没有包含则需要重新编译kernel添加进入
-------------------------------
root@apalis-imx8:~# zcat /proc/config.gz |grep CONFIG_IP_NF_IPTABLES
CONFIG_IP_NF_IPTABLES=m
root@apalis-imx8:~# zcat /proc/config.gz |grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
-------------------------------
./ 使用iptables使能NAT,首先创建下面iptables 规则
-------------------------------
iptables -t nat -A POSTROUTING -o mlan0 -j MASQUERADE
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i uap0 -o mlan0 -j ACCEPT
-------------------------------
./ 将上面设置的规则保存到配置文件
-------------------------------
$ iptables-save > /etc/iptables/iptables.rules
-------------------------------
./ 使能iptable服务,当前BSP已经包含服务文件 /lib/systemd/system/iptables.service
-------------------------------
$ systemctl enable iptables
-------------------------------
d). 重启后上述配置生效,然后启动后可以通过systemctl查看相关服务是否都启动正常
-------------------------------
$ systemctl status hostapd
$ systemctl status enable-wifi
$ systemctl status iptables
-------------------------------
e). 同样使用Ubuntu desktop连接ap-apalis-imx8 AP后,如下测试可以正常连接互联网了,证明网络共享配置成功
-------------------------------
$ ifconfig wlo1
wlo1: flags=4163
inet 192.168.8.72 netmask 255.255.255.0 broadcast 192.168.8.255
inet6 fe80::8f97:db63:7329:9efb prefixlen 64 scopeid 0x20
ether 3c:f0:11:6f:d0:47 txqueuelen 1000 (以太网)
RX packets 967881 bytes 745946717 (745.9 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 103940 bytes 17087302 (17.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ping 百度网址,因为AP默认没有设定DNS配置,因此连接后需要手动指定一个有效的DNS地址才能进行DNS解析
$ ping www.baidu.com
PING www.a.shifen.com (180.101.49.11) 56(84) bytes of data.
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=1 ttl=51 time=8.97 ms
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=2 ttl=51 time=11.2 ms
64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=3 ttl=51 time=10.8 ms
^C
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 8.972/10.369/11.276/1.005 ms
-------------------------------
5). 总结
本文在iMX8嵌入式平台下使用Linux开源工具测试了WiFi 模块AP模式以及网络共享功能。
参考文档
https://developer.toradex.cn/knowledge-base/wi-fi-access-point-mode
https://wiki.archlinux.org/index.php/Internet_sharing