1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
diff --git i/hostapd/hostapd.conf w/hostapd/hostapd.conf
index d875d5fc6..6873898f8 100644
--- i/hostapd/hostapd.conf
+++ w/hostapd/hostapd.conf
@@ -61,9 +61,9 @@ logger_stdout_level=2
# configuration. The socket file will be named based on the interface name, so
# multiple hostapd processes/interfaces can be run at the same time if more
# than one interface is used.
-# /var/run/hostapd is the recommended directory for sockets and by default,
+# /run/hostapd is the recommended directory for sockets and by default,
# hostapd_cli will use it when trying to connect with hostapd.
-ctrl_interface=/var/run/hostapd
+ctrl_interface=/run/hostapd
# Access control for the control interface can be configured by setting the
# directory to allow only members of a group to use sockets. This way, it is
@@ -322,8 +322,8 @@ macaddr_acl=0
# Accept/deny lists are read from separate files (containing list of
# MAC addresses, one per line). Use absolute path name to make sure that the
# files can be read on SIGHUP configuration reloads.
-#accept_mac_file=/etc/hostapd.accept
-#deny_mac_file=/etc/hostapd.deny
+#accept_mac_file=/etc/hostapd/hostapd.accept
+#deny_mac_file=/etc/hostapd/hostapd.deny
# IEEE 802.11 specifies two authentication algorithms. hostapd can be
# configured to allow both of these or only one. Open system authentication
@@ -1235,20 +1235,20 @@ eap_server=0
# Path for EAP server user database
# If SQLite support is included, this can be set to "sqlite:/path/to/sqlite.db"
# to use SQLite database instead of a text file.
-#eap_user_file=/etc/hostapd.eap_user
+#eap_user_file=/etc/hostapd/hostapd.eap_user
# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
-#ca_cert=/etc/hostapd.ca.pem
+#ca_cert=/etc/hostapd/hostapd.ca.pem
# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
-#server_cert=/etc/hostapd.server.pem
+#server_cert=/etc/hostapd/hostapd.server.pem
# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS
# This may point to the same file as server_cert if both certificate and key
# are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be
# used by commenting out server_cert and specifying the PFX file as the
# private_key.
-#private_key=/etc/hostapd.server.prv
+#private_key=/etc/hostapd/hostapd.server.prv
# Passphrase for private key
#private_key_passwd=secret passphrase
@@ -1265,8 +1265,8 @@ eap_server=0
# do not filter out the cipher suite list based on their local configuration and
# as such, configuration of alternative types of certificates on the server may
# result in interoperability issues.
-#server_cert2=/etc/hostapd.server-ecc.pem
-#private_key2=/etc/hostapd.server-ecc.prv
+#server_cert2=/etc/hostapd/hostapd.server-ecc.pem
+#private_key2=/etc/hostapd/hostapd.server-ecc.prv
#private_key_passwd2=secret passphrase
@@ -1370,9 +1370,9 @@ eap_server=0
# periodically to get an update from the OCSP responder:
# openssl ocsp \
# -no_nonce \
-# -CAfile /etc/hostapd.ca.pem \
-# -issuer /etc/hostapd.ca.pem \
-# -cert /etc/hostapd.server.pem \
+# -CAfile /etc/hostapd/hostapd.ca.pem \
+# -issuer /etc/hostapd/hostapd.ca.pem \
+# -cert /etc/hostapd/hostapd.server.pem \
# -url http://ocsp.example.com:8888/ \
# -respout /tmp/ocsp-cache.der
#ocsp_stapling_response=/tmp/ocsp-cache.der
@@ -1390,8 +1390,8 @@ eap_server=0
# parameter is not set. DH parameters are required if anonymous EAP-FAST is
# used.
# You can generate DH parameters file with OpenSSL, e.g.,
-# "openssl dhparam -out /etc/hostapd.dh.pem 2048"
-#dh_file=/etc/hostapd.dh.pem
+# "openssl dhparam -out /etc/hostapd/hostapd.dh.pem 2048"
+#dh_file=/etc/hostapd/hostapd.dh.pem
# OpenSSL cipher string
#
@@ -1681,7 +1681,7 @@ own_ip_addr=127.0.0.1
# If no entries are provided by this file, the station is statically mapped
# to <bss-iface>.<vlan-id> interfaces.
# Each line can optionally also contain the name of a bridge to add the VLAN to
-#vlan_file=/etc/hostapd.vlan
+#vlan_file=/etc/hostapd/hostapd.vlan
# Interface where 802.1q tagged packets should appear when a RADIUS server is
# used to determine which VLAN a station is on. hostapd creates a bridge for
@@ -1742,7 +1742,7 @@ own_ip_addr=127.0.0.1
# sta = station MAC address in `11:22:33:44:55:66` format.
# type = `auth` | `acct` | NULL (match any)
# attr = existing config file format, e.g. `126:s:Test Operator`
-#radius_req_attr_sqlite=radius_attr.sqlite
+#radius_req_attr_sqlite=/var/lib/hostapd/radius_attr.sqlite
# Dynamic Authorization Extensions (RFC 5176)
# This mechanism can be used to allow dynamic changes to user session based on
@@ -1776,7 +1776,7 @@ own_ip_addr=127.0.0.1
# File name of the RADIUS clients configuration for the RADIUS server. If this
# commented out, RADIUS server is disabled.
-#radius_server_clients=/etc/hostapd.radius_clients
+#radius_server_clients=/etc/hostapd/hostapd.radius_clients
# The UDP port number for the RADIUS authentication server
#radius_server_auth_port=1812
@@ -1832,7 +1832,7 @@ own_ip_addr=127.0.0.1
# of (PSK,MAC address) pairs. This allows more than one PSK to be configured.
# Use absolute path name to make sure that the files can be read on SIGHUP
# configuration reloads.
-#wpa_psk_file=/etc/hostapd.wpa_psk
+#wpa_psk_file=/etc/hostapd/hostapd.wpa_psk
# Optionally, WPA passphrase can be received from RADIUS authentication server
# This requires macaddr_acl to be set to 2 (RADIUS) for wpa_psk_radius values
@@ -2496,7 +2496,7 @@ own_ip_addr=127.0.0.1
# text file that could be used, e.g., to populate the AP administration UI with
# pending PIN requests. If the following variable is set, the PIN requests will
# be written to the configured file.
-#wps_pin_requests=/var/run/hostapd_wps_pin_requests
+#wps_pin_requests=/run/hostapd/hostapd_wps_pin_requests
# Device Name
# User-friendly description of device; up to 32 octets encoded in UTF-8
@@ -2575,7 +2575,7 @@ own_ip_addr=127.0.0.1
# automatically generated based on network configuration. This configuration
# option points to an external file that much contain the WPS Credential
# attribute(s) as binary data.
-#extra_cred=hostapd.cred
+#extra_cred=/var/lib/hostapd/hostapd.cred
# Credential processing
# 0 = process received credentials internally (default)
@@ -2606,7 +2606,7 @@ own_ip_addr=127.0.0.1
# with pre-configured attributes. This is similar to extra_cred file format,
# but the AP Settings attributes are not encapsulated in a Credential
# attribute.
-#ap_settings=hostapd.ap_settings
+#ap_settings=/var/lib/hostapd/hostapd.ap_settings
# Multi-AP backhaul BSS config
# Used in WPS when multi_ap=2 or 3. Defines "backhaul BSS" credentials.
@@ -3357,7 +3357,7 @@ own_ip_addr=127.0.0.1
# Example:
#mbssid=2
#interface=wlan2
-#ctrl_interface=/var/run/hostapd
+#ctrl_interface=/run/hostapd
#wpa_passphrase=0123456789
#ieee80211w=2
#sae_pwe=1
@@ -3370,7 +3370,7 @@ own_ip_addr=127.0.0.1
#bssid=00:03:7f:12:84:84
#
#bss=wlan2-1
-#ctrl_interface=/var/run/hostapd
+#ctrl_interface=/run/hostapd
#wpa_passphrase=0123456789
#ieee80211w=2
#sae_pwe=1
|