Versions Compared

Old Version 1

changes.mady.by.user Fréderic LOUI

Saved on

compared with

New Version Current

changes.mady.by.user Fréderic LOUI

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • reach the Internet thanks to NAT translation described in SOHO #004 
  • reach now their favorite Internet service by name thanks for SOHO #005
  • and get IPv4 (or IPv6) address from DHCP server (we took as a switch connected to sdn6)

Requirement

  • Basic Linux/Unix knowledge
  • Service provider networking knowledge

Image Modified

Overview

In the previous articles we describe the hardware in SOHO #001 and initial staging steps in SOHO #002.

...

In this article we will pursue the SOHO network appliance installation and enable the integrated module so that all mobile host @ home can benefit from connectivity offered by SOHO router. In this basic example I'll show you basic WIFI implementation

  • WIFI is b/g/n module (so therefore no 5Ghz wifi)
  • WIFI won't be directly under RARE/freeRouter control

...

Expand
titlehostapd configuration

hostapd configuration is Debian is in /etc/hostapd/hostapd.conf. But remember this is no more under systemd startup control as we disabled entirely systemd networking.

Code Block
languagebash
themeMidnight
titlehostapd.conf
cat /etc/hostapd/hostapd.conf
#change wlan0 to your wireless device
interface=wlan0
# "g" simply means 2.4GHz band
hw_mode=g
# the channel to use
channel=acs_survey
# limit the frequencies used to those allowed in the country
ieee80211d=1
# the country code
country_code=FR
# 802.11n support
ieee80211n=1
# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1
driver=nl80211
ssid=YOUR_HOME_WIFI_SSID
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=y0urverys1cr1tpassw0rd
wpa_key_mgmt=WPA-PSK FT-PSK WPA-PSK-SHA256 SAE FT-SAE
wpa_pairwise=TKIPCCMP
rsn_pairwise=CCMP

You can check that hostapd is correctly configured by launching it manually

Code Block
languagebash
themeMidnight
titlehostapd manual launch
hostapd /etc/hostapd/hostapd.conf 
...

From that point from your mobile phone or laptop:

  • you should be able to see YOUR_HOME_WIFI_SSID appearing in the list of available wireless network
  • you should be able to connect to YOUR_HOME_WIFI_SSID
  • But your mobile device might say: "Internet might not be available or Cannot retrieve IP from YOUR_HOME_WIFI_SSID" 

...

Expand
titlebridge wireless traffic from wlan0 --> vetha veth2a --> vethb veth2b (into freeRouter sdn998 )

Now we need to make wireless traffic visible through VRF inet as we need to enable IPv4 (or IPv6) connectivity for mobile device.

So this is done in 2 steps.

Step - 1 - Create a bridge for wireless

Code Block
languagebash
themeMidnight
titleWireless bridge
bridge 1
 mac-learn
 mac-move
 exit


Tip
titleNote

Creating a bridge will also create interface bvi.

Step - 2 - Add veth2b to the wireless bridge

Code Block
languagebash
themeMidnight
titlesdn998 addition into bridge 1
interface sdn998
 description SOHO@WLAN[veth2b-veth2a]
 mtu 1500
 bridge-group 1
 no shutdown
 no log-link-change
 exit


Note
titleWarning

Make sure that bridge 1, sdn998, hairpin11 and hairpin12 are in declared into p4lang server

Code Block
languagebash
themeMidnight
titleLinux Access point software installation
conf t
server p4lang p4 
 export-bridge 1
 export-port sdn998 7 1 0 0 0
 export-port hairpin11 11 0 0 0 0
 export-port hairpin12 12 0 0 0 0



...

Expand
titleDHCP verification

Connect to WIFI via laptop wifi

Code Block
languagebash
themeMidnight
titleDHCP debug command
debug server dhcp?                                                     
  dhcp4      - ipv4 dynamic host config protocol
  dhcp6      - ipv6 dynamic host config protocol

mjolnir#debug server dhcp4 ?                                                   
  <cr>
mjolnir#debug server dhcp4                                                     
mjolnir#terminal monitor


Code Block
languagebash
themeMidnight
titleDHCP debug ouput when connecting laptop @ sdn6
mjolnir#debug server dhcp4                                                     
mjolnir#term mon                                                               
mjolnir#info ip.ipCor6.parseIPheader:ipCor6.java:95 got bad version from ::    
debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=1 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=discover dhcpsrv=null hstnm=MBP-de-Frederic dom=null lease=7776000 renew=0 mask=null gw=null dns1=null dns2=null req=null
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.129.83 op=rep sec=1 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=offer dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=1 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=offer dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=2 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=request dhcpsrv=192.168.129.1 hstnm=MBP-de-Frederic dom=null lease=0 renew=0 mask=null gw=null dns1=null dns2=null req=192.168.129.83
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.129.83 op=rep sec=2 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=ack dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=2 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=ack dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
...
mjolnir#

So based on the debug output:

  • DHCP allocated 192.168.129.83
  • Primary DNS (dns1) is 192.168.254.1
  • Network has /24 CIDR


Code Block
languagebash
themeMidnight
titleARP entries @ hairpin12
mjolnir#sh ipv4 arp hairpin12                                                  
mac             address          time      static
...
88e9.fe76.7f9b  192.168.129.83   00:00:13  false
...
mjolnir#



Expand
titleDHCP check @ mobilewifi client laptop


Code Block
languagebash
themeMidnight
titleDHCP debug command
╭─[11/3/20|3:17:21]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ifconfig en0    
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether 88:e9:fe:76:7f:9b 
        inet6 fe80::1cf1:eacf:9ba9:43c3%en0 prefixlen 64 secured scopeid 0x5 
        inet 192.168.129.83 netmask 0xffffff00 broadcast 192.168.129.255
        inet6 2a01:e0a:159:2857:86:8cf9:a786:8f18 prefixlen 64 autoconf secured 
        inet6 2a01:e0a:159:2857:904b:4faa:5684:b7a0 prefixlen 64 autoconf temporary 
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: active
╭─[11/3/20|3:24:08]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  nslookup 212.27.48.10
Server:         fd00:2200::1
Address:        fd00:2200::1#53

Non-authoritative answer:
10.48.27.212.in-addr.arpa       name = www.free.fr.

Authoritative answers can be found from:

Pay attention to the server that answered ! At the present moment it should not be fd00:2200::1. It is simply because I had a setup with IPv6 fully enabled.

...

Tip
titleRARE validated design: [ SOHO #006 ] - key take-away

In this example the key take-away are:

  • The above action lead to bridge wireless traffic and pour it into VRF inet
  • From that point all defined previsously previously will apply (NAT, DHCP) but now with wireless subnetwork

...

Note

This example cover the case of a basic bridge in which we included a basic interface sdn998 and a hairpin interfaces pouring traffic from/to VRF inet. freeRouter is acting as a wireless controller local to the integrated WIFI. We will see in further article another typical WIFI implementation more flexible. Pleas note that we could have directly applied routing at sdn998 (so without the use of the bridge and hairpin). The usage of bridge and hairpin setup will be described in a next article describing alternate wifi implementation. In short we will add an OpenWRT Access point behind sdn6 and SOHO router will act as WIFI controller for both the integrated WIFI hotspot and the newly added OpenWRT.