Replacing hostapd with wpa_supplicant

Question

I want to get rid of hostapd, because it is very unstable, and use wpa_supplicant instead.

What I did

So I followed these instructions. I have a RasPi 1 with two external wifi dongles. I used a fresh image of raspian stretch lite (2018-11-13).

Before I did, I enabled predictable network names (I will call my interfaces wlxINET and wlxAP here to make it more readable and because of privacy concerns).

I ran following commands:

sudo -Es
apt update
apt full-upgrade
apt install rng-tools

systemctl mask networking.service
systemctl mask dhcpcd.service
mv /etc/network/interfaces /etc/network/interfaces~
sed -i '1i resolvconf=NO' /etc/resolvconf.conf

systemctl enable systemd-networkd.service
systemctl enable systemd-resolved.service
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

cat > /etc/systemd/network/08-wlxINET.network <<EOF 
[Match]
Name=wlxINET
[Network]
DHCP=yes
EOF

cat > /etc/systemd/network/12-wlxAP.network <<EOF 
[Match]
Name=wlxAP
[Network]
Address=192.168.4.1/24
IPForward=yes
DHCPServer=yes
[DHCPServer]
DNS=84.200.69.80 84.200.70.40
EOF

cat > /etc/wpa_supplicant/wpa_supplicant-wlxAP.conf <<EOF 
country=DE
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

ap_scan=2
network={
    ssid="my_accespoint"
    mode=2
    key_mgmt=WPA-PSK
    psk="my_passphrase"
    frequency=2412
}
EOF

cat > /etc/wpa_supplicant/wpa_supplicant-wlxINET.conf <<EOF
country=DE
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
    ssid="accespoint"
    psk="passphrase"
}
EOF

chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlxAP.conf
chmod 600 /etc/wpa_supplicant/wpa_supplicant-wlxINET.conf

mkdir /etc/systemd/system/wpa_supplicant@wlxINET.service.d/    
cat > /etc/systemd/system/wpa_supplicant@wlxINET.service.d/override.conf <<EOF
[Service]
ExecStartPre=/sbin/iptables -t nat -A POSTROUTING -o wlxINET -j MASQUERADE
ExecStopPost=-/sbin/iptables -t nat -D POSTROUTING -o wlxINET -j MASQUERADE
EOF

systemctl enable wpa_supplicant@wlxINET.service
systemctl enable wpa_supplicant@wlxAP.service

What happened

After rebooting I can see a new access point, but if I connect, it keeps reconnecting all the time (with different interfaces in different intervals: using the internal chip of my laptop, it dis-/reconnects every second, with an external dongle only every 10 seconds.)

When I run systemctl status wpa_supplicant@wlxAP.service it shows me the dis- and re-connections, but no error messages.

Using hostapd with the following configuration, I don't have this reconncetion issues. So I think that there has to be something wrong with wpa_supplicant.

interface=wlxAP
driver=nl80211

ssid=my_accespoint
channel=11
hw_mode=g

ignore_broadcast_ssid=0

wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=my_passphrase
auth_algs=1

wpa_group_rekey=600
wpa_ptk_rekey=600
wpa_gmk_rekey=86400

country_code=DE
ieee80211d=1

macaddr_acl=0

ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
wmm_enabled=0

Am I missing something, did I do something obviously wrong?

It's not that I really need to change to wpa_supplicant, but really would like to know, what is going wrong there.

EDIT:

I bought a RasPi 3 and got the same problem (using the internal wifi chip). Now I get following error message when running systemctl status wpa_supplicant@wlan0.service

Mär 06 13:02:55 raspberrypi wpa_supplicant[529]: Failed to create interface mon.wlan0: -95 (Operation n
Mär 06 13:02:55 raspberrypi wpa_supplicant[529]: wlan0: Could not connect to kernel driver

Answer 1

I have exactly used the same instructions also with predictable network names to configure my test setup. I use a Raspberry Pi 3B+. To ensure that we have the same environment as most as possible I use the on-bord WiFi chip to make the access point and my USB/WiFi dongle to establish the uplink client connection to my internet router.

Everything works as expected. I have connected my test laptop Thinkpad T23 with Debian 10 (buster) to the access point and my android smartphone. Both connected stable for hours.

I also always get the error messages you reported:

wpa_supplicant[408]: Failed to create interface mon.wlxb827eb06: -95 (Operation not supported)
wpa_supplicant[408]: wlxb827eb06e88b: Could not connect to kernel driver

This is normal because the on-board wifi chip does not support the monitor mode to spy your neighbours WiFi. The driver just tells us this. It doesn't matter for the access point.

But the latest upgrade from Raspbian has also updated wpa_supplicant. Now I find a message I have not seen before:

wpa_supplicant[408]: Successfully initialized wpa_supplicant
wpa_supplicant[408]: Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures

As already said, for me it is working with the option but you should first try without it. Just delete the line ap_scan=2 in /etc/wpa_supplicant/wpa_supplicant-wlxAP.conf. I will also omit it from now on.

If you have still problems connecting to your access point setup on the on-board wifi chip, you have to look what's different to my setup. The only thing I see so far is your laptop.