So everyone inside home network can:
- reach the Internet thanks to NAT translation described in SOHO #004
- reach now their favorite Internet service by name thanks for SOHO #005
- and get IPv4 (or IPv6) address from DHCP server (we took as a switch connected to sdn6)
Requirement- Basic Linux/Unix knowledge
- Service provider networking knowledge
| |
Overview
In the previous articles we describe the hardware in SOHO #001 and initial staging steps in SOHO #002.
You technically juts have to cut'n paste the config if you get the same hardware and operating system. |
But if you pay attention, we did not cover one particular aspect of the hardware: integrated WIFI
Article objective
In this article we will pursue the SOHO network appliance installation and enable the integrated module so that all mobile host @ home can benefit from connectivity offered by SOHO router. In this basic example I'll show you basic WIFI implementation
- WIFI is b/g/n module (therefore no 5Ghz wifi)
- WIFI won't be directly under RARE/freeRouter control
Diagrams
[ SOHO #007 ] - "I'm not wired ... I need connectivity too !"
Log into linux appliance via management interface using previously configured veth1a IPv4 address: 192.168.128.1 lspci | grep -i wire
09:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01) |
|
My google-fu indicated me that the lunux driver should be ath9k lsmod | grep ath
ath9k 139264 0
ath9k_common 20480 1 ath9k
ath9k_hw 487424 2 ath9k_common,ath9k
ath 36864 3 ath9k_common,ath9k,ath9k_hw
mac80211 917504 1 ath9k
cfg80211 897024 4 ath9k_common,ath9k,ath,mac80211 |
So it seems that Debian kernel has detected and loaded the proper module |
ifconfig | grep w
wlan0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500 |
wlan0 interface appeared ! - When freshly configured, wlan0 is disabled. You can enable it:
- However, note that in SOHO #002, all is set during startup script (/rtr/hwdet-all.sh) via systemd
- Last observation is that in SOHO #002 we also disabled Linux systemd networking
- systemd use to name linux interface based on their pcie id: wlp9s0
- after disabling it, WIFI interface name appears to become: wlan0
|
|
Now that the hardware and corresponding linux driver is loaded we can proceed to Linux access point software installation apt-get update
apt-get install hostapd |
|
hostapd configuration is Debian is in /etc/hostapd/hostapd.conf. But remember this is no more under systemd startup control as we disabled entirely systemd networking. cat /etc/hostapd/hostapd.conf
#change wlan0 to your wireless device
interface=wlan0
# "g" simply means 2.4GHz band
hw_mode=g
# the channel to use
channel=acs_survey
# limit the frequencies used to those allowed in the country
ieee80211d=1
# the country code
country_code=FR
# 802.11n support
ieee80211n=1
# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1
driver=nl80211
ssid=YOUR_HOME_WIFI_SSID
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=y0urverys1cr1tpassw0rd
wpa_key_mgmt=WPA-PSK FT-PSK WPA-PSK-SHA256 SAE FT-SAE
wpa_pairwise=CCMP
rsn_pairwise=CCMP |
You can check that hostapd is correctly configured by launching it manually hostapd /etc/hostapd/hostapd.conf
... |
From that point from your mobile phone or laptop: - you should be able to see YOUR_HOME_WIFI_SSID appearing in the list of available wireless network
- you should be able to connect to YOUR_HOME_WIFI_SSID
- But your mobile device might say: "Internet might not be available or Cannot retrieve IP from YOUR_HOME_WIFI_SSID"
|
- hostapd id triggered when SOHO router is booting up (described in rtr-hw.txt)
- Remember wlan0 is visible from the Linux kernel and managed by hostapd
- we created a veth pair (veth2a@linux side and veth2b@sdn998 SOHO router side)
- we bind wlan0 to veth2a (Cf. rtr-hw.txt →
proc wlan /rtr/pcap2pcap.bin wlan0 veth2a) - and then veth2a is bound to sdn998 which is interface veth2b controlled by DPDK (Cf. SOHO #002 and SOHO #003)
So at that point all traffic coming from wlan0 will also make its way to sdn998 |
Now we need to make wireless traffic visible through VRF inet as we need to enable IPv4 (or IPv6) connectivity for mobile device. So this is done in 2 steps. Step - 1 - Create a bridge for wireless bridge 1
mac-learn
mac-move
exit |
Creating a bridge will also create interface bvi. |
Step - 2 - Add veth2b to the wireless bridge interface sdn998
description SOHO@WLAN[veth2b-veth2a]
mtu 1500
bridge-group 1
no shutdown
no log-link-change
exit |
Make sure that bridge 1, sdn998, hairpin11 and hairpin12 are in declared into p4lang server conf t
server p4lang p4
export-bridge 1
export-port sdn998 7 1 0 0 0
export-port hairpin11 11 0 0 0 0
export-port hairpin12 12 0 0 0 0 |
|
|
The trick is to use hairpin interfaces. For experienced Junos user, this corresponds to Junos logical tunnel lt interface Step - 1 - Create a hairpin pair in order to redirect wireless traffic into VRF inet
Creating a hairpin 1 will also create interface hairpin11 and hairpin12. |
Step - 2 - Add hairpin11 to the wireless bridge interface hairpin11
no description
bridge-group 1
no shutdown
no log-link-change
exit |
Step - 3 - Add hairpin12 into VRF inet interface hairpin12
description SOHO@hairpin11
mtu 1500
vrf forwarding inet
ipv4 address 192.168.129.1 255.255.255.0
no shutdown
no log-link-change
exit |
At that point all traffic from/to wireless will transit via hairpin12 and reach VRF inet |
|
Now, DHCP request coming from mobile client can reach SOHO router VRF inet via hairpin12. Step - 1 - Create DHCP server for Wireless client in VRF inet server dhcp4 dh4-wlan
pool 192.168.129.2 192.168.129.254
gateway 192.168.129.1
netmask 255.255.255.0
dns-server 192.168.254.1
domain-name local
interface hairpin12
vrf inet
exit |
Creating hairpin 1 will also create interface hairpin11 and hairpin12. |
|
Verification
Connect to WIFI via laptop wifi debug server dhcp?
dhcp4 - ipv4 dynamic host config protocol
dhcp6 - ipv6 dynamic host config protocol
mjolnir#debug server dhcp4 ?
<cr>
mjolnir#debug server dhcp4
mjolnir#terminal monitor |
mjolnir#debug server dhcp4
mjolnir#term mon
mjolnir#info ip.ipCor6.parseIPheader:ipCor6.java:95 got bad version from ::
debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=1 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=discover dhcpsrv=null hstnm=MBP-de-Frederic dom=null lease=7776000 renew=0 mask=null gw=null dns1=null dns2=null req=null
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.129.83 op=rep sec=1 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=offer dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=1 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=offer dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=2 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=request dhcpsrv=192.168.129.1 hstnm=MBP-de-Frederic dom=null lease=0 renew=0 mask=null gw=null dns1=null dns2=null req=192.168.129.83
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.129.83 op=rep sec=2 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=ack dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=2 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=ack dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
...
mjolnir# |
So based on the debug output: - DHCP allocated 192.168.129.83
- Primary DNS (dns1) is 192.168.254.1
- Network has /24 CIDR
mjolnir#sh ipv4 arp hairpin12
mac address time static
...
88e9.fe76.7f9b 192.168.129.83 00:00:13 false
...
mjolnir# |
|
╭─[11/3/20|3:17:21]loui@MacBook-Pro-de-Frederic.local ~
╰─➤ ifconfig en0
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=400<CHANNEL_IO>
ether 88:e9:fe:76:7f:9b
inet6 fe80::1cf1:eacf:9ba9:43c3%en0 prefixlen 64 secured scopeid 0x5
inet 192.168.129.83 netmask 0xffffff00 broadcast 192.168.129.255
inet6 2a01:e0a:159:2857:86:8cf9:a786:8f18 prefixlen 64 autoconf secured
inet6 2a01:e0a:159:2857:904b:4faa:5684:b7a0 prefixlen 64 autoconf temporary
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
╭─[11/3/20|3:24:08]loui@MacBook-Pro-de-Frederic.local ~
╰─➤ nslookup 212.27.48.10
Server: fd00:2200::1
Address: fd00:2200::1#53
Non-authoritative answer:
10.48.27.212.in-addr.arpa name = www.free.fr.
Authoritative answers can be found from: |
Pay attention to the server that answered ! At the present moment it should not be fd00:2200::1. It is simply because I had a setup with IPv6 fully enabled. |
╭─[11/3/20|3:14:17]loui@MacBook-Pro-de-Frederic.local ~
╰─➤ ping 212.27.48.10
PING www.free.fr (212.27.48.10): 56 data bytes
64 bytes from 212.27.48.10: icmp_seq=0 ttl=57 time=6.528 ms
64 bytes from 212.27.48.10: icmp_seq=1 ttl=57 time=4.666 ms
64 bytes from 212.27.48.10: icmp_seq=2 ttl=57 time=4.330 ms
64 bytes from 212.27.48.10: icmp_seq=3 ttl=57 time=4.446 ms |
show ipv4 nat inet translations | i 192.168.129.83
1 192.168.129.83 -211222528 212.27.48.10 -211222528 192.168.0.90 -211222528 212.27.48.10 -211222528 00:00:17 00:00:17 00:05:00 1 84
1 212.27.48.10 -211222528 192.168.0.90 -211222528 212.27.48.10 -211222528 192.168.129.83 -211222528 00:00:17 00:00:17 00:05:00 1 84
1 192.168.129.83 -211222527 212.27.48.10 -211222527 192.168.0.90 -211222527 212.27.48.10 -211222527 00:00:16 00:00:16 00:05:00 1 84
1 212.27.48.10 -211222527 192.168.0.90 -211222527 212.27.48.10 -211222527 192.168.129.83 -211222527 00:00:16 00:00:16 00:05:00 1 84
1 192.168.129.83 -211222526 212.27.48.10 -211222526 192.168.0.90 -211222526 212.27.48.10 -211222526 00:00:15 00:00:15 00:05:00 1 84
1 212.27.48.10 -211222526 192.168.0.90 -211222526 212.27.48.10 -211222526 192.168.129.83 -211222526 00:00:15 00:00:15 00:05:00 1 84 |
|
╭─[11/2/20|4:36:18]loui@MacBook-Pro-de-Frederic.local ~
╰─➤ ping www.free.fr -c 5
PING www.free.fr (212.27.48.10): 56 data bytes
64 bytes from 212.27.48.10: icmp_seq=0 ttl=57 time=3.903 ms
64 bytes from 212.27.48.10: icmp_seq=1 ttl=57 time=5.883 ms
64 bytes from 212.27.48.10: icmp_seq=2 ttl=57 time=3.658 ms
64 bytes from 212.27.48.10: icmp_seq=3 ttl=57 time=4.872 ms
64 bytes from 212.27.48.10: icmp_seq=4 ttl=57 time=4.488 ms
--- www.free.fr ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.658/4.561/5.883/0.787 ms |
show ipv4 nat inet translations | i 192.168.129.83
1 192.168.129.83 -211222528 212.27.48.10 -211222528 192.168.0.90 -211222528 212.27.48.10 -211222528 00:00:17 00:00:17 00:05:00 1 84
1 212.27.48.10 -211222528 192.168.0.90 -211222528 212.27.48.10 -211222528 192.168.129.83 -211222528 00:00:17 00:00:17 00:05:00 1 84
1 192.168.129.83 -211222527 212.27.48.10 -211222527 192.168.0.90 -211222527 212.27.48.10 -211222527 00:00:16 00:00:16 00:05:00 1 84
1 212.27.48.10 -211222527 192.168.0.90 -211222527 212.27.48.10 -211222527 192.168.129.83 -211222527 00:00:16 00:00:16 00:05:00 1 84
1 192.168.129.83 -211222526 212.27.48.10 -211222526 192.168.0.90 -211222526 212.27.48.10 -211222526 00:00:15 00:00:15 00:05:00 1 84
1 212.27.48.10 -211222526 192.168.0.90 -211222526 212.27.48.10 -211222526 192.168.129.83 -211222526 00:00:15 00:00:15 00:05:00 1 84 |
|
Conclusion
In this article we enabled the appliance WIFI integrated hardware:
- We ensured that wifi hardware was detected by Linux kernel
- We also ensured that Linux loaded the right wifi driver kernel module
- hostapd would control wireless interface
- we create a veth pair (veth2a Linux side - veth2b / DPDK side)
- wlan0 traffic is bound to veth2a using pcap2pcap utility (in freeRouter binaries bundle)
- veth2b is bound to sdn998 (and declalred in p4lang server)
- we create a hairpin 1 (hairpin11 , hairpin12) interface
- bridge 1 has also been created
- sdn998 and hairpin11 have been added to the bridge
- hairpin12 is a routed interface declared in VRF inet and has an IP 192.168.129.1 inside wireless subnet 192.168.129.0/24
In this example the key take-away are: - The above action lead to bridge wireless traffic and pour it into VRF inet
- From that point all defined previously will apply (NAT, DHCP) but now with wireless subnetwork
|
This example cover the case of a basic bridge in which we included a basic interface sdn998 and a hairpin interfaces pouring traffic from/to VRF inet. freeRouter is acting as a wireless controller local to the integrated WIFI. We will see in further article another typical WIFI implementation more flexible. Pleas note that we could have directly applied routing at sdn998 (so without the use of the bridge and hairpin). The usage of bridge and hairpin setup will be described in a next article describing alternate wifi implementation. In short we will add an OpenWRT Access point behind sdn6 and SOHO router will act as WIFI controller for both the integrated WIFI hotspot and the newly added OpenWRT. |
