How to Share Wi-Fi with Termux: Create an Access Point

Turning an Android smartphone into a fully-fledged access point is a common task for users looking to expand their device's functionality. Standard operating system tools don't always allow for flexible network management, changing frequency bands, or implementing complex traffic filtering scripts. This is where a terminal emulator comes into play. Termux, which provides access to powerful Linux networking tools directly from Android.

Using the command line opens the door to the world of advanced software for the administrator. networking, allowing you to not only enable modem mode but also fully control the signal transmission process. You can configure unique DHCP servers, manage bandwidth, and even emulate corporate routers. However, it's important to understand that implementing these features requires not only basic Linux knowledge but also root access on the device.

In this guide, we will go through the technical aspects of creating a Wi-Fi network using the package hostapd and Android system calls. We won't rely on third-party apps from the Play Market, which are often overloaded with ads. Our approach is clean code, transparent configuration, and complete control over every bit of transmitted data. A willingness to experiment and attention to detail will be your greatest allies during the setup process.

Preparing the environment and obtaining access rights

The first and most critical step is to ensure the necessary access rights to the smartphone's hardware. The Android operating system by default blocks direct access to the Wi-Fi module in root mode. Master Mode (hotspot mode) for third-party apps. To bypass this limitation, your device must have an unlocked bootloader and SuperSU or Magisk. Without superuser rights (root) launch hostapd will be impossible.

⚠️ Warning: Rooting your device will void your warranty and may cause banking apps to malfunction. Before proceeding, ensure you understand the risks and have a current backup of your data.

Once root access is obtained, you'll need to install the terminal emulator itself. It's recommended to use the official version. Termux from the F-Droid repository, as the Google Play version may be outdated and not support necessary package updates. After installing the app, perform an initialization of the repository and update the package lists.

To work, we'll need a stable internet connection on your smartphone to download dependencies. Use Wi-Fi or mobile data to download the necessary components. The installation process may require file system permissions, which you'll need to confirm in an Android dialog box.

A key step is to check the compatibility of your Wi-Fi chip. Not all wireless modules installed in smartphones support software-based hotspot switching via user utilities, as Android often uses its own proprietary drivers. The success of this operation directly depends on the processor architecture and the wireless adapter model.

📊 What is your root status on Android?
There is full root (Magisk)
There is temporary root
I don't have rights, but I want to try
Tablet without SIM card

Installing required packages and dependencies

Standard repository Termux It contains most of the necessary tools, but to create a full-fledged access point, we'll need an extended set of utilities. First, we need to install a package manager. pkg up-to-date. This ensures that all libraries are compatible with each other and with your device's kernel version.

The main component of our build will be a daemon hostapd (Host Access Point Daemon). This software module is responsible for creating a wireless network, managing clients, and ensuring connection security. We'll also need dnsmasq to distribute IP addresses to connected devices and iw for manipulating wireless interfaces.

Install the packages sequentially, carefully monitoring the console messages. If any dependency errors occur, the system will automatically suggest commands to resolve them. Do not ignore warnings about version conflicts, as they may lead to network instability.

pkg update && pkg upgrade

pkg install root-repo

pkg install hostapd dnsmasq net-tools iproute2

After installation, it is recommended to verify the integrity of the binary files. Run the command hostapd Without arguments: If the response shows a list of supported drivers and the program version, the installation was successful. If the terminal returns a "permission denied" or "not found" error, check that you have root access and that the paths to the executable files are correct.

It's important to note that some Linux-on-Android distributions may require additional configuration of environment variables. Ensure that the paths to the configuration files are specified correctly and are readable by the current user. This will save you many problems when starting the service.

Hostapd configuration for network creation

Creating a configuration file is the heart of setting up your future network. This is where the network name (SSID), encryption type, password, and frequency range are determined. Syntax errors in this file will result in the access point not starting or operating reliably. Create the configuration file in the Termux home directory.

nano hostapd.conf

In the editor that opens, you need to enter the basic parameters. Pay attention to the field interface: it should match the name of your wireless interface (usually wlan0). It is also critically important to specify the driver correctly; for most modern Android devices, nl80211, however, older devices may require wext.

Parameter Meaning Description
interface wlan0 Network interface name
driver nl80211 Wi-Fi driver type
ssid MyTermuxNet Network name (SSID)
hw_mode g Operating mode (g - 2.4 GHz, a - 5 GHz)
wpa_passphrase ComplexPassword123 Password for connection

Pay special attention to security settings. Protocol usage WPA2 is the minimum required to secure traffic. Older protocols (WEP, WPA) are considered obsolete and are easily cracked. Make sure that the setting wpa set to 2, and the encryption algorithm wpa_key_mgmt corresponds WPA-PSK.

Advanced users can configure hidden networks and restrict access by MAC addresses. These settings can be added to the same configuration file using directives. ignore_broadcast_ssid And macaddr_aclHowever, keep in mind that hiding the SSID is not a reliable security method, and MAC address filtering is inconvenient to administer for large numbers of devices.

Setting up a DHCP server and routing

The access point itself, created through hostapd, only creates a radio channel. For connected devices (laptops, tablets) to obtain IP addresses and access the internet, a DHCP server is required. In our setup, this role is performed by the utility dnsmasqWithout it, clients will remain stuck in the "Obtaining IP address" status indefinitely.

Create a configuration file for DHCP, naming it something like dnsmasq.conf. You need to specify the range of addresses the server will distribute, the lease time, and the gateway address. Typically, the gateway is the IP address of the smartphone itself in the network being created; most often, this is 192.168.4.1.

interface=wlan0

dhcp-range=192.168.4.10,192.168.4.100,24h

dhcp-option=3,192.168.4.1

dhcp-option=6,8.8.8.8,8.8.4.4

In the configuration above we see the line dhcp-option=6, which specifies DNS servers. Specifying public DNS from Google (8.8.8.8) or Cloudflare (1.1.1.1) will ensure faster and more reliable access to domain names than the default ISP servers. This is especially important if your mobile operator uses slow or filtering DNS.

The next step is to configure routing (NAT). Android doesn't forward traffic between interfaces by default. You need to enable IP forwarding and configure the rules. iptablesThis will allow requests from connected clients to be redirected via the smartphone's mobile Internet (or primary Wi-Fi).

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o rmnet_data0 -j MASQUERADE

iptables -A FORWARD -i rmnet_data0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i wlan0 -o rmnet_data0 -j ACCEPT

Pay attention to the interface rmnet_data0 in the commands above. This mobile internet interface name may differ on different devices (for example, ccmni0, wwan0). Use the command ip addr or ifconfig to determine the correct name of the interface through which your phone accesses the global network.

What to do if ipt returns an error?

If iptables commands return a 'Permission denied' error even with root privileges, your device's kernel may be limited. Try using the 'iptables-legacy' utility or check for network filtering kernel modules.

Network startup and problem diagnosis

Once all the configuration files are ready, you can proceed with the launch. The launch process must be performed in a specific sequence: first, the interface is brought up, then the system is launched. hostapd, after which it starts dnsmasq. Violating the order may result in services not being able to access the required port or interface.

  • 🚀 Launch the access point with the command: hostapd hostapd.conf
  • 📡 Check the interface status via ifconfig wlan0
  • 🔌 Start the DHCP server: dnsmasq -C dnsmasq.conf
  • 🌐 Check the connection on the client device

Typical issues may arise during operation. If the network is visible but doesn't connect, check the log files. hostapd Check for authentication errors. Often, the problem lies in incompatible encryption standards between the phone and the client. If there's a connection but no internet, double-check your NAT rules and the external interface name.

To monitor connected clients, you can use the utility arp or built-in logs dnsmasqThis will help identify uninvited guests or devices consuming excessive bandwidth. Regular log monitoring is the best practice for maintaining network stability.

If you plan to use the network constantly, it makes sense to create a wrapper script that will automatically execute all commands in the correct sequence when Termux starts. This will save time and eliminate human error every time you reboot your phone.

⚠️ Please note: Operating the Wi-Fi module in access point mode significantly increases power consumption. The device may become very hot, leading to processor throttling and reduced data transfer speeds. Monitor the temperature.

Alternative methods and Android limitations

Despite Termux's power, it's important to acknowledge Android's system limitations. Starting with versions 7.0 and above, Google has implemented strict restrictions on the use of the Wi-Fi interface in simultaneous operation mode (Wi-Fi Direct + AP). Often, upon startup hostapd The system can forcibly disable the standard Wi-Fi module or block the creation of an interface.

There's an alternative method that doesn't require root access, but it has some limitations. This involves using the built-in tethering mode via ADB (Android Debug Bridge). You can activate the standard Android hotspot with a command, but you won't have the flexibility to configure it (change the channel, power level, or hidden settings).

adb shell svc wifi setwifiap enabled true"MySSID""WPA2_PSK""Password" null 2

This method is useful if you simply need to quickly distribute internet without extensive customization. However, it's not suitable for pentesting or creating specific network configurations. In such cases, the only option is a custom kernel with layout support (mac80211), which allows for complete control over the wireless chip.

Xiaomi, Samsung, and Huawei device users should be aware of additional skins (MIUI, OneUI, EMUI), which can aggressively kill Termux background processes. You should add the app to the battery exceptions and allow autostart, otherwise the network connection will be lost within a few minutes of turning off the screen.

☑️ Pre-launch checklist

Completed: 0 / 1
Is it possible to share Wi-Fi via Termux without root rights?

Technically, it's impossible to create a full-fledged access point (AP Mode) without root access using Termux, as it requires direct access to the hardware drivers. However, you can use built-in Android features enabled via ADB commands, but this will work through the standard system module, not hostapd.

Why does hostapd give the error "nl80211: Driver does not support authentication"?

This error means that your Wi-Fi adapter driver doesn't support the requested authentication method or operating mode. Try changing the driver setting in the configuration file to wext Or check if your chip supports Master Mode. On some smartphones, this is a hardware limitation.

How to increase the range of such an access point?

Using software methods in Termux, you can try to increase the signal strength with the parameter txpower (For example, iw dev wlan0 set txpower fixed 2000), but this depends on the antenna's capabilities and regional regulatory restrictions. Physically increasing the range is only possible with an external antenna, if the device supports it.

Is it safe to use public DNS in dnsmasq settings?

Using public DNS (Google, Cloudflare) is often safer and faster than your mobile operator's DNS, as they support modern security protocols and are less susceptible to censorship. However, keep in mind that your DNS provider can theoretically see the list of requested domains.