Linux Networking Mastery Series Part 9: Wireless Networking on Linux

Welcome back to Linux Networking Mastery!
We’ve now built a solid progression from basics through services, monitoring, and advanced wired features:

Part 1 – network stack basics and inspection tools
Part 2 – interface and IP configuration (temporary + persistent via Netplan, nmcli, systemd-networkd)
Part 3 – routing tables, static/policy routing, namespaces, simple router setup
Part 4 – name resolution, systemd-resolved, per-link/global DNS, troubleshooting
Part 5 – firewalls with nftables, firewalld, ufw, stateful rules
Part 6 – services (hardened SSH, Nginx basics, NFS/Samba shares, DHCP with dnsmasq)
Part 7 – monitoring (ss, tcpdump, iperf3, iftop), troubleshooting workflows
Part 8 – bonding, VLANs, bridges, WireGuard

In this part we cover wireless networking — one of the most visible (and sometimes frustrating) aspects of modern Linux usage, especially on laptops, embedded devices, and home servers acting as access points.

We’ll look at:

Connecting as a client using modern tools (nmcli, wpa_supplicant, iw)
Troubleshooting common wireless issues
Turning a Linux machine into a Wi-Fi access point (hotspot) with hostapd

1. Client Wireless Configuration

Modern Linux desktops and laptops almost always use NetworkManager for Wi-Fi. Servers or minimal installs may use wpa_supplicant directly or iwd (Intel’s lightweight alternative, increasingly popular in 2026).

Using NetworkManager (`nmcli`)

List available networks:

nmcli device wifi list

Connect to an open network:

nmcli device wifi connect "MyGuestWiFi"

Connect to WPA2/WPA3 network (most common):

nmcli device wifi connect "MyHomeWiFi" password "supersecret123"

Connect with specific options (e.g., hidden SSID, 5 GHz band preference):

nmcli device wifi connect "HiddenNet" password "passw0rd" hidden yes band 5g

See saved connections:

nmcli connection show

Modify or delete:

nmcli connection up "MyHomeWiFi"
nmcli connection delete "OldNetwork"

Lower-Level: `iw` + `wpa_supplicant` (servers, embedded, manual control)

Scan for networks:

sudo iw dev wlp2s0 scan | grep -E "SSID|freq|signal"

Typical manual connection sequence:

Create /etc/wpa_supplicant.conf:

ctrl_interface=DIR=/var/run/ WPA_GROUP=wheel update_config=1

network={
    ssid="MyHomeWiFi"
    psk="supersecret123"
    key_mgmt=WPA-PSK
    priority=1
}

network={
    ssid="MyGuestWiFi"
    key_mgmt=NONE
    priority=0
}

Start wpa_supplicant:

sudo wpa_supplicant -B -i wlp2s0 -c /etc/wpa_supplicant.conf

Request IP (DHCP):
```
sudo dhclient wlp2s0
```

Modern minimal setups increasingly use iwd (iNet Wireless Daemon) — lighter and faster than wpa_supplicant:

sudo systemctl start iwd
iwctl
device list
station wlan0 scan
station wlan0 get-networks
station wlan0 connect "MyHomeWiFi"

2. Troubleshooting Wireless Issues

Common problems and fixes (2026 perspective):

No networks visible
→ rfkill list → rfkill unblock wifi
→ Check kernel module loaded: lsmod | grep -E "iwlwifi|ath9k|mt76|brcmfmac"
Connection fails / auth errors
→ Check logs: journalctl -u NetworkManager -f or journalctl -u wpa_supplicant
→ Wrong PSK → regenerate QR code or test with phone hotspot
→ WPA3 transition mode issues → force WPA2 in AP settings temporarily
Very slow / unstable
→ Check signal: iw dev wlp2s0 link (look at signal, tx bitrate)
→ Interference → change channel on AP or force 5 GHz
→ MTU mismatch (especially WireGuard over Wi-Fi) → lower to 1400
→ Power management: iwconfig wlp2s0 power off or
iw dev wlp2s0 set power_save off
Driver/firmware issues
Most modern chipsets (Intel AX/BE, MediaTek MT792x, Qualcomm ath11k) have excellent mainline support in kernel 6.1–6.12.
For bleeding-edge hardware → check linux-firmware.git or distro backports.

3. Creating a Wi-Fi Access Point (Hotspot)

Use hostapd + DHCP + NAT + forwarding.

Install:

sudo apt install hostapd dnsmasq iptables-persistent  # Debian/Ubuntu
sudo dnf install hostapd dnsmasq                     # Fedora/RHEL

Basic /etc/hostapd/hostapd.conf:

interface=wlp3s0
driver=nl80211
ssid=LinuxHotspot2026
hw_mode=g          # or a for 5 GHz if supported
channel=6
wpa=2
wpa_passphrase=hotspot1234
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP

Start manually to test:

sudo systemctl stop NetworkManager   # important!
sudo ip link set wlp3s0 up
sudo hostapd /etc/hostapd/hostapd.conf

Persistent setup (common pattern):

Disable NetworkManager management of the interface:

/etc/NetworkManager/conf.d/99-unmanaged.conf
```
[keyfile]
unmanaged-devices=interface-name:wlp3s0
```
Configure static IP on wlp3s0 (via Netplan/nmcli/systemd-networkd)
Enable IP forwarding (from Part 3):

sudo sysctl -w net.ipv4.ip_forward=1

NAT masquerade (nftables example):

sudo nft add table ip nat
sudo nft add chain nat postrouting { type nat hook postrouting priority 100 \; }
sudo nft add rule nat postrouting oifname "enp0s3" masquerade

Run dnsmasq for DHCP:

/etc/dnsmasq.conf snippet:

interface=wlp3s0
dhcp-range=192.168.88.50,192.168.88.150,255.255.255.0,12h
dhcp-option=3,192.168.88.1
dhcp-option=6,1.1.1.1

Start services:

sudo systemctl enable --now hostapd dnsmasq

Hands-On Exercises

Scan and connect to multiple Wi-Fi networks using nmcli and iwctl — compare logs.
Intentionally break a connection (wrong password, power management) and diagnose with journalctl, iw dev ... link, dmesg.
Set up a basic access point on a spare wireless card; connect phone/laptop and verify internet sharing (if upstream interface has connectivity).

Safety note: Disabling NetworkManager on the wireless interface can lock you out on laptops — use VMs or have wired/console fallback.

What's Next?

In Part 10 (final technical post) we bring everything together with container and virtualization networking: Docker & Podman network modes, bridge/macvlan/overlay, libvirt/QEMU bridges, Kubernetes networking concepts, and a capstone multi-container routed application lab.