Some time ago there were some troubles with my wifi connection, since the workplace is located in the most remote part of my home. I managed to get a powerline adapter, after which my main workstation became exposed to the full ISP provided bandwidth. Then an idea came up to also connect the Xbox (in the same room), but it appeared inconvenient to do it with cables. So I decided to make a wireless access point on my Fedora 25, which would be bridged to the wired interface and share it’s traffic with the Xbox.

Little did I know, but here is where the problems popped out. When trying to do it through the NetworkManager GUI (NetworkManager -V shows 1.4.4-3.fc25) by clicking the “Use a hotspot”, a strange error pops up in the system log (journalctl -xe):

Jan 22 15:32:23 cactus.local gnome-control-c[3936]: Failed to add new connection: (2) A 'wireless' setting with a valid SSID is required if no AP path was given.
Jan 22 15:32:23 cactus.local NetworkManager[3401]: <info>  [1485088343.4560] audit: op="connection-add-activate" pid=3936 uid=1000 result="fail" reason="A 'wireless' setting with a valid SSID is required if no AP path was given
Jan 22 15:32:23 cactus.local gnome-control-c[3936]: Failed to add new connection: (2) A 'wireless' setting with a valid SSID is required if no AP path was given.

And nothing really happens after that. I’ve searched the internet and there were a couple of ways to proceed, including the use of “hotspotd”. I didn’t like to approach of using 3-d party software, knowing that it has a history of failures when used with a running NetworkManager. So I found a semi-automatic setup, using nmcli that worked for me. But before I go forward, the curious reader would have to know that:

  • I didn’t have to mess with dnsmasq manually on Fedora 25 to get it working, a plugin for NetworkManager does it for you.
  • I didn’t have to do manual firewall setup, to SRCNAT the connections, it’s also managed by NetworkManager.

To the point now. The high level plan is:

  1. Find the device, create the connection using nmcli;
  2. Configure the created connection manually;
  3. Fire up the connection, in case of issues, troubleshoot.

First, check for wireless devices: nmcli d

…and check for AP mode compatibility - look for “AP” among supported interface modes:

 iw list | less

Set up the connection using nmcli. Substitute your own values for net name/password, etc:

 nmcli c add type wifi ifname wlp3s0 con-name XBOX autoconnect no ssid XBOX_WIRELESS
 nmcli connection modify XBOX 802-11-wireless.mode ap 802-11-wireless.band bg ipv4.method shared
 nmcli connection modify XBOX wifi-sec.key-mgmt wpa-psk
 nmcli connection modify XBOX wifi-sec.psk "thegreatpassword"
 nmcli connection up XBOX

Then edit the file manually and add the IPADDR and PREFIX:

 sudo vi /etc/sysconfig/network-scripts/ifcfg-XBOX

ESSID="XBOX_WIRELESS"
MODE=Ap
TYPE=Wireless
BOOTPROTO=shared
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=XBOX
UUID=4171ba1f-ae4c-46b5-9062-0ea02fe386b3
DEVICE=wlp3s0
IPADDR=10.5.2.1
PREFIX=24
ONBOOT=no
KEY_MGMT=WPA-PSK
BAND=bg
MAC_ADDRESS_RANDOMIZATION=default
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes

Last step can also be done using the NetworkManager applet. Check the NetworkManager applet after that. It should become orange near the “Wifi Hotspot”. Check your journalctl output, it should not contain errors.

Troubleshooting. In case of issues, look into:

  1. NAT rules in the firewall;
  2. DNSMasq configuration

NAT Rule

Check that your MASQUERADE rule is in place:

 sudo iptables -t nat -L

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  10.5.2.0/24         !10.5.2.0/24

DNSMasq

When starting the connection, you journal log can print something similar to:

Jan 22 18:10:35 cactus.local NetworkManager[18039]: <info>  [1485097835.2370] dnsmasq-manager: starting dnsmasq...
Jan 22 18:10:35 cactus.local NetworkManager[18039]: <debug> [1485097835.2371] dnsmasq-manager: command line: /usr/sbin/dnsmasq --conf-file --no-hosts --keep-in-foreground --bind-interfaces --except-interface=lo --clear-on-reload --strict-order --listen-address=10.5.2.1 --dhcp-range=10.5.2.10,10.5.2.254,60m --dhcp-option=option:router,10.5.2.1 --dhcp-lease-max=50 --pid-file=/var/run/nm-dnsmasq-wlp3s0.pid --conf-dir=/etc/NetworkManager/dnsmasq-shared.d
Jan 22 18:10:35 cactus.local NetworkManager[18039]: <debug> [1485097835.2385] dnsmasq-manager: dnsmasq started with pid 18872
Jan 22 18:10:35 cactus.local NetworkManager[18039]: <debug> [1485097835.2388] arping[0x55d8b346b660,3]: run /usr/sbin/arping -A -q -I wlp3s0 -c 1 10.5.2.1
Jan 22 18:10:35 cactus.local NetworkManager[18039]: dnsmasq: failed to bind DHCP server socket: Address already in use
Jan 22 18:10:35 cactus.local NetworkManager[18039]: <debug> [1485097835.2419] device[0x55d8b324bc00] (wlp3s0): remove_pending_action (1): 'dhcp4' not pending (expected)

This means, that your dnsmasq listener is already bound to the interface (most probably all interfaces if never tampered with). The output should look like:

[tim@cactus ~]$ sudo netstat -anlp | grep -w LISTEN | grep dnsmasq
tcp        0      0 10.5.2.1:53             0.0.0.0:*               LISTEN      20390/dnsmasq

If you have 0.0.0.0 in the third column, kill the process with “kill -9” or restart the machine.

Other issues with NetworkManager

Enable verbose logging for the NetworkManager, make sure this section is there in /etc/NetworkManager/NetworkManager.conf:

[logging]
# When debugging NetworkManager, enabling debug logging is of great help.
level=TRACE
domains=ALL

Do a systemctl restart NetworkManager after that to see changes in journalctl output.

Here are some references to hotspotd articles that helped me troubleshoot the problem.

  1. Failed to add new connection: (2) A ‘wireless’ setting with a valid SSID is required if no AP path was given
  2. Turn any computer into a wireless access point with Hostapd
  3. Hostapd Configuration file for Access Point