Do you want to make a computer function as a WLAN base station, so that other computers can use as it as their wifi access point? This can easily be done using the open source software Hostapd and compatible wifi hardware.
This is a useful thing to do if computer acting as a firewall or as a server in the local network, and you want to avoid adding new appliances that all require their own space and cables in you already crowded server closet. Hostapd enables you to have full control of your WLAN access point and also enhances security. By using Hostapd the system will be completely in your control, every line of code can be audited and the source of all software can be verified and all software can be updated easily. It is quite common that active network devices like wifi access points are initially fairly secure small appliances with Linux inside, but over time their vendors don’t provide timely security updates and local administrators don’t care to install them via some clumsy firmware upgrade mechanism. With a proper Linux server admins can easily SSH into it and run upgrades using the familiar and trusted upgrade channels that Linux server distributions provide.
The first step in creating wireless base station with Hostapd is to make sure the WLAN hardware supports running in access point mode. Examples are listed in the hostapd documentation. A good place to shop for WLAN cards with excellent Linux drivers is thinkpenguin.com and in their product descriptions the WLAN card supported operation modes are nicely listed.
The next step is to install the software called Hostapd by Jouni Malinen and others. This is a very widely used software and it most likely is available in your Linux distribution by default. Many of the WLAN router appliances available actually are small Linux computers running hostapd inside, so by running hostapd on a proper Linux computer will give you at least all the features available in the WIFI routers, including advanced authentication and logging.
Our example commands are for Ubuntu 14.04. You need to have access to install hostapd and dnsmasq Dnsmasq is a small DNS/DHCP server which we’ll use in this setup. To start simply run:
sudo apt-get install hostapd dnsmasqAfter that you need to create and edit the configuration file:
zcat /usr/share/doc/hostapd/examples/hostapd.conf.gz | sudo tee -a /etc/hostapd/hostapd.confThe configuration file /etc/hostapd/hostapd.conf is filled with configuration examples and documentation in comments. The relevant parts for a simple WPA2 protected 802.11g network with the SSID ‘Example-WLAN‘ and password ‘PASS‘ are:
interface=wlan0
ssid=Example-WLAN
hw_mode=g
wpa=2
wpa_passphrase=PASS
wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256
Next you need to edit the network interfaces configuration to force the WLAN card to only run in the access point mode. Assuming that the access point network will use the address space 192.168.8.* the file /etc/network/interfaces should look something like this:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
auto wlan0
iface wlan0 inet static
hostapd /etc/hostapd/hostapd.conf
address 192.168.8.1
netmask 255.255.255.0
Then we need to have a DNS relay and DHCP server on our wlan0 interface so the clients actually get a working Internet connection, and this can be accomplished by configuring dnsmasq. Like hostapd it also has a very verbose configuration file /etc/dnsmasq.conf, but the relevant parts look like this:
interface=lo,wlan0
no-dhcp-interface=lo
dhcp-range=192.168.8.20,192.168.8.254,255.255.255.0,12h
Next we need to make sure that the Linux kernel forwards traffic from our wireless network onto other destination networks. For that you need to edit the file /etc/sysctl.conf and make sure it has lines like this:
net.ipv4.ip_forward=1We need to activate NAT in the built-in firewall of Linux to make sure the traffic going out uses the external address as its source address and thus can be routed back. It can be done for example by appending the following line to the file /etc/rc.local:
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 ! -d 192.168.8.0/24 -j MASQUERADESome WLAN card hardware might have a virtual on/off switch. If you have such hardware you might need to also run rfkill to enable the hardware using a command like rfkill unblock 0.
The same computer also runs Network Manager (as for example Ubuntu does by default) you need to edit it’s settings so that if won’t interfere with the new wifi access point. Make sure file /etc/NetworkManager/NetworkManager.conf looks like this:
[main]
plugins=ifupdown,keyfile,ofono
dns=dnsmasq
[ifupdown]
managed=false
Now all configuration should be done. To be sure all changes take effect, finish by rebooting the computer.
If everything is working, a new WLAN network should be detected by other devices.
On the WLAN-server you’ll see similar output from these commands:
$ iw wlan0 info
Interface wlan0
ifindex 3
type AP
wiphy 0
$ iwconfig
wlan0 IEEE 802.11bgn Mode:Master Tx-Power=20 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Power Management:off
$ ifconfig
wlan0 Link encap:Ethernet HWaddr f4:ec:38:de:c8:d2
inet addr:192.168.8.1 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::f6ec:38ff:fede:c8d2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5463040 errors:0 dropped:0 overruns:0 frame:0
TX packets:8166528 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:861148382 (861.1 MB) TX bytes:9489973056 (9.4 GB)
Help me. My computer refuses to work properly after this
Can you be more precise?
@Azriel: We are sorry to hear your computer does not work properly. The instructions above are very technical and meant for experts as advice on how they can achieve a cool ability with a computer. Before trying out such instructions please back up at least the configuration files so you can revert back to the old settings if something does not work.
At the moment the best advice is to find an affordable local Linux expert, explain to him in detail what you did and he can then hopefully fix your computer.
Hi,
I don’t understand the meaning of this command:
iptables -t nat -A POSTROUTING -s 192.168.8.0/24 ! -d 192.168.8.0/24 -j MASQUERADE
Because the destination is the same as the source?
I need to create an acces point on the wlan0 and redirect the traffic on eth0. If I modify just the iptables instruction normally it should works?
Tks for helping,
Julien
@julien: The destination is not the same as the source. It is everything but the source. Not the exclamation mark (!).
Hi,
thank you for this very useful guide. My desktop is connected to the internet by an ethernet connection with a static ip. I like to share this connection by the wlan1 (usb wifi dongle).
I followed all the istrutions and now I’m able to see the new wireless network from my phone but it ask to me a user name and password to connect to wireless. What about this “user name”? I never set up a user name in any configuration file.
Thank you for the answers
e.l.
@EL: Check your /etc/hostapd/hostapd.conf that the authentication method is WPA-PSK and not RADIUS or something else that requires a username/password pair.
Thank you for the quick reply. I forgot to remove the EAP parameters in the string:
wpa_key_mgmt=WPA-PSK WPA-EAP WPA-PSK-SHA256 WPA-EAP-SHA256
now it is:
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
and it asks only the password but when I connect to wifi network I get the message that the password is wrong (by the phone). I tried with a very trivial pw (only letters and numbers) to avoid errors but I’m not able to connect.
The configuration file reads like:
interface=wlan1
ssid=networkname
hw_mode=g
channel=5
wpa=2
wpa_passphrase=password_1
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
Is it correct?
Yeah I have the same issue.
It asks for username password but i havent set username anywhere.
What is the solution for this ?
following those steps didn’t worked for me but else made undiscoverable many wlan networks.
I was checking after and I think by driver my wireless card doesn’t support AP because in Windows I can share it from my wireless card (with mHostpot)
I tried these instructions with Ubuntu 14.04, but i simply want the system to work as an Access Point and not as router, so no dhcp server/dns server, etc. I tried simply leaving out those two options, but as soon as i bring the interface up, i lose access to the system through ssh. I do obviously already have a wired connection to the system, but that goes down as well. I am assuming its because it would be two interfaces then on the same subnet and that causes confusion? Any suggestions on accomplishing my needs?
Try this guide. You can leave off the dhcp3-server package
http://www.svsarana.com/share_3G_data_internet_over_wifi.php
And in the script, skip the line
/etc/init.d/dhcp3-server restart
Then you’ll need to manually set the IP on the device that is connecting to your hostapd computer and bridge the connection with the firestarter application.
Hey,
everything works, but when i put the ethernet cable in i cant get on the web.
my setup:
World Wide Web –> Modem —> Cisco e2000 router —-> Asus eee pc AP (with Debian wheezy)
i think it has something to do with the rc.local configuration, but i dont know what.
Turns out my wireless card doesn’t support AP mode as discovered using the following documentation: https://help.ubuntu.com/community/WifiDocs/MasterMode.
Other than that it was a nice little tutorial.
Nice tutorial,
For unknown reasons it messed up my routing table and added a 192.168.0.0 entry without a gateway configured, I deleted it and everything works flawlessly.
thanks !
Hi
Nice tutorial. I set it up on a OLinuXino box running Debian 8 (jessie). It works fine with two of my Android phones. However, when I try to use it from my laptop (Mint 17) it doesn’t work. Looks like authenticatin is OK
but it fails to “associate”:
wpa_supplicant[1652]: wlan0: Trying to associate with 80:1f:02:9b:a7:c1 (SSID=’olimex’ freq=2437 MHz)
kernel: [ 265.171752] wlan0: authenticated
kernel: [ 265.171937] iwlwifi 0000:03:00.0 wlan0: disabling HT as WMM/QoS is not supported by the AP
kernel: [ 265.171941] iwlwifi 0000:03:00.0 wlan0: disabling VHT as WMM/QoS is not supported by the AP
kernel: [ 265.171945] wlan0: waiting for beacon from 80:1f:02:9b:a7:c1
NetworkManager[1053]: (wlan0): supplicant interface state: authenticating -> associating
wpa_supplicant[1652]: wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid=”olimex” auth_failures=1 duration=10
NetworkManager[1053]: (wlan0): supplicant interface state: associating -> disconnected
Any idea what could be the cause?
Thanks and regards,
ChrisO
Addendum. Problem solved. It looks like the Realtek RTL8188CUS based WiFI adapter was the culprit.
Replaced it by a Ralink RT5370 one and everything works OK.
Regards,
ChrisO
I followed your guide and everything seemed to be perfect. But after rebooting, my Ubuntu couldn’t connect to my home wifi network. In addition, my new AP created by hostapd didn’t show up on, not any devices could find it. I used my built-in wifi card in my laptop. How can I create it?
After using this tutorial, your wifi will not be able to connect to other network, it will be running only as AP. You cannot both use it to connect laptop to router and also use laptop as router, you need 2 wifi cards to be able to do that. But you can share the Ethernet or USB 3G/etc. connections via Wifi to other devices (smarphones, etc.).
It worked fine on my laptop (Toshiba, AR9285 – ath9k driver (default driver)), tried it in the last few days on Ubuntu 15.04. The network applet crashed, but it is quite simple to configure the internet network event without it, in System Settings.
Hey Florin,
I want to connect two desktop PC’s (Ubuntu based) wireless with each other.
As both have Intel 5300 in it.
By using that tutorial, will it be possible?
Your tutorial is really great, it works! I have tested it on Ubuntu 15.04 and it works almost like charm. There is only one probably bug that will occur: the network applet will crash, so one will have to know how to connect to the network that will be shared without having the Network icon on the top right corner (it might be selected to autoconnect, but as I shared the USB 3G connection, I created the connection in System Settings – Network and activated autoconnect).
Hi Guys,
I have a little question,
I wanna build a powerful WiFi access point machine, using the tutorial above, but one thing is missing!
I didn’t find any Wifi dongle or desktop pci WiFi card with a powerful external-antenna that can compete with Cisco devices such as Cisco Aironet 3700, which their WiFi is antenna 48 volts (!)
Most of WiFi dongles or external antennas are just 5 volts.
Can someone please suggest something?
Thanks in advance :)
Oded E
@Oded E: I recommend selecting something from here: https://www.thinkpenguin.com/catalog/wireless-networking-gnulinux
nice article but the iptables part does not work.
root@router:/etc# iptables -t nat -A POSTROUTING -s 192.168.8.0/24 ! -d 192.168.8.0/24 -j MASQUERADE -v -v -v -v -v
MASQUERADE all opt — in * out * 192.168.8.0/24 !-> 192.168.8.0/24
libiptc vlibxtables.so.10. 952 bytes.
Table `nat’
Hooks: pre/in/fwd/out/post = 0/98/ffffffff/130/1c8
Underflows: pre/in/fwd/out/post = 0/98/ffffffff/130/270
Entry 0 (0):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `’/…………….to `’/…………….
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `’ [40]
verdict=NF_ACCEPT
Entry 1 (152):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `’/…………….to `’/…………….
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `’ [40]
verdict=NF_ACCEPT
Entry 2 (304):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `’/…………….to `’/…………….
Protocol: 0
Flags: 00
Invflags: 00
Counters: 178 packets, 11018 bytes
Cache: 00000000
Target name: `’ [40]
verdict=NF_ACCEPT
Entry 3 (456):
SRC IP: 192.168.8.0/255.255.255.0
DST IP: 192.168.8.0/255.255.255.0
Interface: `’/…………….to `’/…………….
Protocol: 0
Flags: 00
Invflags: 10
Counters: 1 packets, 166 bytes
Cache: 00000000
Target name: `MASQUERADE’ [56]
Entry 4 (624):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `’/…………….to `’/…………….
Protocol: 0
Flags: 00
Invflags: 00
Counters: 177 packets, 10852 bytes
Cache: 00000000
Target name: `’ [40]
verdict=NF_ACCEPT
Entry 5 (776):
SRC IP: 0.0.0.0/0.0.0.0
DST IP: 0.0.0.0/0.0.0.0
Interface: `’/…………….to `’/…………….
Protocol: 0
Flags: 00
Invflags: 00
Counters: 0 packets, 0 bytes
Cache: 00000000
Target name: `ERROR’ [64]
error=`ERROR’
my network
root@router:/etc# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:5a:7d:da
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe5a:7dda/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:738 errors:0 dropped:0 overruns:0 frame:0
TX packets:491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:653192 (653.1 KB) TX bytes:92394 (92.3 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1882 errors:0 dropped:0 overruns:0 frame:0
TX packets:1882 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:117793 (117.7 KB) TX bytes:117793 (117.7 KB)
wlan0 Link encap:Ethernet HWaddr 00:c0:ca:59:30:3e
inet addr:192.168.8.1 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:caff:fe59:303e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:37 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:7387 (7.3 KB)
If I have an USB adapter wifi like the source of internet(wlan1) tplink and I want to reply this signal with the atheros(wlan0) how may look my configuration ?
This is nice! I didn’t know /etc/network/interfaces supports hostapd and ended up writing custom systemd services to set up address on the interface and then start hostapd.
Just working fine with Debian 8.1 with an additional
iptables -P FORWARD ACCEPT (or more specific)
Thanks for the time saved :-)
forgot to mention I used bind and dhcpd instead of dnsmaq …
Can anyone please tell me, how many clients can i connect with it to my access point?? I am actually designing a linux based wifi access point to connect minimum 1000 people. Please help me out with this.
Hi Otto,
Few questions: it seems that kde network manager on Ubuntu 15.04 is able to set almost everything, including setting AP mode, you don’t tell about, and necessary to allow Android devices to connect to the created Wifi HotSpot.
So, does hostapd sill necessary?
Other question, how to do if I want to created a standalone webserver accessible via wifi? I don’t talk about the webserver part of course but just the way to configure the Access Point.
Thank you for the tutorial. It worked fine for some clients – Android was able to access network at once, but Ubuntu asked for username, etc instead of only password. I had to change
ieee8021x=0
in /etc/hostapd/hostapd.conf as suggested at http://www.computing.net/answers/iphone/iphone-4-cannot-connect-to-hostapd-ap/1306.html
It might help also for iPhones to connect to hostapd AP.
PS. I also installed DHCP server (isc-dhcp-server) following the instructions at http://lintut.com/how-to-install-dhcp-server-on-ubuntuserver/ because of (probably configuration) problems with dnsmasq.
Just wanted to say thanks. I have tried no less than 6 different “how to’s” with 6 different OS variants and 6 different setting-variants. . . . . and I finally found one that works. . . . out of the box.
Just so everyone else knows what I did.
1) Purchased a Raspberry Pi 2 B+ with the adafruit wireless dongle (RT5370 WiFi Dongle). I plugged a netowrk cable into the network adapter on the Pi and put the usb dongle in there.
2) I went to Ubuntu’s site and downloaded the appropriate file for Ubuntu 15.x (to a windows 7 machine)
3) I already downloaded 7z and unzipped it. This put a file named
ubuntu-mate-15.04-desktop-armhf-raspberry-pi-2.img
in the same folder
4) I plugged in the SD card into my computer and used downloaded and used SDFormatter to format the usb card. Note: I had to go into options and choose the option to “Format Size Adjustement” This make it possible to make use of the full space on the card.
5) I downloaded and installed a Win32DiskImager from SourceForge.
SPECIAL NOTE: I had to run this as an Administrator for it to work. This merely extract the .img into a bunch of files that are placed on the micro usp card. This took a while.
6) I then took the card, plugged it into the Raspberry pi, made sure my monitor, keyboard, mouse were attached and turned it on. It took a while to boot up and it tool a long long time for the configuration to complete (20 minutes, easy).
7) Once that was done .. . . . I did the following
sudo apt-get update
sudo apt-get upgrade (this took 40 minutes . . .but I have a hunch that this was the reason it worked)
8) I followed every instruction in this guide . .. .and. . . . well. . . .it worked and it’s awesome.
So, I’m pretty positive I’ve done everything correctly. However, my result from the command “$ iw wlan0 info” returns that the type is still “managed”, not “AP”. How do I fix this? My WLAN card does support the AP software interface mode, so that’s not the problem.
try running hosted /etc/hostapd/hostapd.conf &
I have found that the network interface does not launch this by default, so running it again, enables AP mode.
Found this article quite useful in setting up hostapd on my own router. Thanks!
Hi All,
I’ve tried to follow this tutorial on a debian 7 system (Linux mayda 3.2.0-4-amd64 #1 SMP Debian 3.2.73-2+deb7u2 x86_64 GNU/Linux), however, the interface configuration fails with this error:
ioctl[PRISM2_IOCTL_PRISM2_PARAM]: Operation not supported
Could not enable hostapd mode for interface wlan1
It seems like the hostap mode is not supported by the card, except that I’ve managed to use this same card as an access point in NetBSD (basically out of the box) long ago. Any hints, or ideas what I’m doing wrong?
Thanks,
martin
Hi! Just wanted to thank you for the excellent tutorial. Worked perfectly for me. I just had to adapt some things to my system (like IP number, iptables, etc.).
This was the first tutorial about hostapd I found that included configurations of dnsmasq, sysctl, Network Manager and rc.local, without which things never worked.
Great job!
Worked first time for me.
Many thanks for taking the time to document this and explain the options you used.
There are so many options in the hostapd including the WPS stuff which has caught my eye and I might look in to.
Hi! This tutorial has the best howto with explanation I’ve found on the net. I was wondering if it’s possible to bridge the wlan0 to a bridged network. I have openwrt on a kvm and would like to use hostapd as the wlan for my openwrt. Is that possible? Thanks!
Excellent how-to. I literally copy pasted and only ran into one hurdle. The example passprase length not being long enough. after making hostapd.conf edits i found a check if it’s working was useful by running
sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf
I have a dlink adsl router which is installed in living room. I connect my laptop to it and get a good signal. However, when I go to my other room which is two rooms after, the connection is very weak. I have an ubuntu file server setup in my 3rd room. This ubuntu is connected to dlink wifi through usb wifi. I want to install one more usb wifi in this ubuntu and use it as access point for the people who are near to ubuntu server. I want to avoid wired connection. Please suggest what to do. What would be the config like. I am downloading 64bit v15 ubuntu desktop.
Thnx
Shahid
Sir ,
I configured my Wi-Fi interface card as an AP but I can’t connect to that AP. The message showing is only “authenticated” and “associated”. Then they are again asking for the key. Why this is happening??..Can you please help me.
Sir ,
In open profiles it is working but if we configure any other it is not working.
These instructions didn’t work for me on an NVidia TX1 running Ubuntu 14.04. After completion “iw wlan0 info” still said the “type” was “managed” instead of “AP”. I’m sure the TX1’s wifi card is capable of acting as a wifi access point so I don’t think it’s a hardware issue.
I had various questions while following the instructions:
i) aren’t there additional steps to start hostapd daemon on every reboot? i.e. the equivalent of “sudo service hostapd start”
ii) don’t we need to edit /etc/default/hostapd to set DAEMON_CONF=”/etc/hostapd/hostapd.conf”?
Anyway, I thank you for helping out so many people, for me it didn’t work sadly.
Same issue here, my interface shows “type managed”.
Thank you very much. The instructions were easy to follow and I had no issue setting up the wireless access point.
Hi,
Is it possible to generate libeap.so using hostapd with out a wireless interface ?
I basically want to use that lib for freeradius to use EAP-AKA or AKA’
Thanks,
Mags
Otto Kekäläinen.
Hi,
This tutorial seems really nice but I have one question.
I want to connect two Desktop PC’s with Ubuntu 14.04.
Both have Intel 5300 card in it.
I want them to connect with each other so that I can Ping them both at the same time.
Means 1 computer pings the 2 and vice versa.
If I follow this tutorial will it be possible .
Please I need suggestions.
Hi,
Thanks for this tutorial.
I have only one theoretical question. Is it possible to forward the dhcp request to external dhcp server?
Something like this:
Internet –> pfsense firewall (dhcp server) –> switch –> linuxbox with wireless card.
Thanks,
Janos
The only problem I am having is getting an ip from the ubuntu dhcp server.
From my windows 7 laptop I connect with proper password but dhcp server does not give me an ip number.
What I had to do to make it work was manually add an ip , mask, gateway (192.168.8.1) and my own dns gateway.
The files were checked and rechecked so I am not sure why the dhcp server is not working.
Is there antal way to turn off the hostapd service so it’s not an access point any longer and then turn it on when I want to share my traffic again?
Super helpful guide btw!
Will this work on the Raspiberry Pi Zero W?
Just works. Ubuntu 17.10. Intel AC-3160. Excellent, thank you.
Hi,
I followed the above steps to configure and run the hostapd. After rebooting my device ,I’m unable to find my device as WLAN network in other devices.
Thanks.
I couldn’t get this to work with Kali Linux Light version amd64 version, latest upgrade. Will this work for Kali? Thanks for any advice in advance.
I had no problem to setup wireless connection in hotspot because of instruction is given in this post. I wanna know will this work on the raspberry pi or not please give me the answer to this question.
This was a well excellent informative post you have shared on this page about the change of your wifi password but they have not done enough to make the process easy, nor have they done a great job of keeping OpenVPN itself up to date. After creating a custom config file for the hardware accelerated settings, you can see in the system logs that the router is using OpenVPN version 2.3.2 which is ancient as well as vulnerable to a mess of nasty bugs.
Thanks.