| View previous topic :: View next topic |
| Author |
Message |
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
 Posted: Fri Jan 26, 2018 6:04 pm Post subject: hostapd with bridge |
 |
|
Hello,
i'm just bought an "TP-Link TL-WN881ND WL300MBit PCIe" for creating an Access Point.
Now my question is, can this be done, without the netifrc as I'm just using dhcpcd for the connection.
Also i've just found tutorials/manuals with netifrc and used with a bridged interface.
Currently my server is behind a FritzBox which has DHCP enabled and the enp7s0 is set statically.
How would i now set this up?
Later on i like to let the server self run DHCP and DNS how would it be configured there?
Thanks,
Rocky007
Last edited by Rocky007 on Sun Feb 04, 2018 4:12 pm; edited 1 time in total |
|
| Back to top |
|
 |
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5934
|
| Posted: Fri Jan 26, 2018 10:07 pm Post subject: |
|
|
DNS would be configured via DHCP when the time comes.
edit: its preferable that you run dhcpd from the machine you're running hostapd on.
/etc/dhcp/dhcpd.conf
| Code: |
default-lease-time 3600; # one hour
max-lease-time 14400; # four hours
ddns-update-style none;
ignore client-updates;
authoritative;
option domain-name "mydomain.ca";
option domain-search "mydomain.ca";
option domain-name-servers 192.168.1.16;
option ntp-servers 192.168.1.16;
subnet 192.168.0.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option routers 192.168.0.1;
range dynamic-bootp 192.168.0.100 192.168.0.200;
host 1 {
hardware ethernet 74:D4:35:xx:xx:xx;
fixed-address 192.168.0.11;
option host-name "computer";
}
}
|
To answer your question about hostapd interface, you don't need to use a bridge interface, wlan0 or en-whatever should be good. |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Sat Jan 27, 2018 1:04 am Post subject: |
|
|
Do you have an example config for
- /etc/dhcpcd/dhcpcd.conf
- /etc/hostapd/hostapd.conf
- The interface to master (AP) mode
and what else is necessary |
|
| Back to top |
|
|
bunder
Bodhisattva
Joined: 10 Apr 2004
Posts: 5934
|
| Posted: Sat Jan 27, 2018 2:38 am Post subject: |
|
|
| Rocky007 wrote: | Do you have an example config for
- /etc/dhcpcd/dhcpcd.conf
- /etc/hostapd/hostapd.conf
- The interface to master (AP) mode
and what else is necessary |
dhcpcd is for clients, as in, your router grabbing an IP from your modem, or your computers asking for an IP from the router, a configuration typically isn't needed. As for hostapd, I recommend https://wiki.gentoo.org/wiki/Hostapd . |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Fri Feb 02, 2018 2:00 pm Post subject: |
|
|
Hi,
now i've configured an ip via dhcpcd for the network card.
also when starting with "hostapd -dd /etc/hostapd/hostapd.conf" the ip is assigned to it and the state goes to up.
But when trying to execute "/etc/init.d/hostapd start" it says "* ERROR: hostapd needs service(s) net.wlp10s0", which i think is related to the netifrc...
How can i use it without netifrc and just dhcpcd?
And do i need a bridge or is it just fine without...
Here are some logs:
| Code: |
allow-hotplug wlp10s0
interface wlp10s0
static ip_address=192.168.178.30/24
static routers=192.168.178.1
static domain_name_servers=192.168.178.1
|
| Code: |
4: wlp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 50:3e:aa:5f:30:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.178.30/24 brd 192.168.178.255 scope global wlp10s0
valid_lft forever preferred_lft forever
|
| Code: |
iptables -A FORWARD -i enp7s0 -o wlp10s0 -j ACCEPT
iptables -A FORWARD -i wlp10s0 -o enp7s0 -j ACCEPT
|
| Code: |
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.178.1 0.0.0.0 UG 202 0 0 enp7s0
0.0.0.0 192.168.178.1 0.0.0.0 UG 304 0 0 wlp10s0
10.100.0.0 10.100.0.2 255.255.255.0 UG 0 0 0 tun0
10.100.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
192.168.178.0 0.0.0.0 255.255.255.0 U 202 0 0 enp7s0
192.168.178.0 0.0.0.0 255.255.255.0 U 304 0 0 wlp10s0
|
| Code: |
Feb 2 19:35:38 sg1 dhcpcd[28271]: wlp10s0: carrier acquired
Feb 2 19:35:38 sg1 dhcpcd[28271]: wlp10s0: IAID aa:5f:30:56
Feb 2 19:35:38 sg1 dhcpcd[28271]: wlp10s0: probing address 192.168.178.30/24
Feb 2 19:35:43 sg1 dhcpcd[28271]: wlp10s0: using static address 192.168.178.30/24
Feb 2 19:35:43 sg1 dhcpcd[28271]: wlp10s0: adding route to 192.168.178.0/24
Feb 2 19:35:43 sg1 dhcpcd[28271]: wlp10s0: adding default route via 192.168.178.1
Feb 2 19:35:44 sg1 ntpd[5508]: Listen normally on 13 wlp10s0 192.168.178.30:123
Feb 2 19:38:15 sg1 dhcpcd[28271]: wlp10s0: carrier lost
Feb 2 19:38:15 sg1 dhcpcd[28271]: wlp10s0: deleting route to 192.168.178.0/24
Feb 2 19:38:15 sg1 dhcpcd[28271]: wlp10s0: deleting default route via 192.168.178.1
Feb 2 19:38:16 sg1 ntpd[5508]: Deleting interface #13 wlp10s0, 192.168.178.30#123, interface stats: received=0, sent=0, dropped=0, active_time=152 secs
|
| Code: |
random: Trying to read entropy from /dev/random
Configuration file: /etc/hostapd/hostapd.conf
nl80211: Supported cipher 00-0f-ac:1
nl80211: Supported cipher 00-0f-ac:5
nl80211: Supported cipher 00-0f-ac:2
nl80211: Supported cipher 00-0f-ac:4
nl80211: Supported cipher 00-0f-ac:10
nl80211: Supported cipher 00-0f-ac:8
nl80211: Supported cipher 00-0f-ac:9
nl80211: Supported cipher 00-0f-ac:6
nl80211: Supported cipher 00-0f-ac:13
nl80211: Supported cipher 00-0f-ac:11
nl80211: Supported cipher 00-0f-ac:12
nl80211: Using driver-based off-channel TX
nl80211: Driver-advertised extended capabilities (default) - hexdump(len=8): 00 00 00 00 00 00 00 40
nl80211: Driver-advertised extended capabilities mask (default) - hexdump(len=8): 00 00 00 00 00 00 00 40
nl80211: interface wlp10s0 in phy phy0
nl80211: Set mode ifindex 4 iftype 3 (AP)
nl80211: Setup AP(wlp10s0) - device_ap_sme=0 use_monitor=0
nl80211: Subscribe to mgmt frames with AP handle 0x559171567a70
nl80211: Register frame type=0xb0 (WLAN_FC_STYPE_AUTH) nl_handle=0x559171567a70 match=
nl80211: Register frame type=0x0 (WLAN_FC_STYPE_ASSOC_REQ) nl_handle=0x559171567a70 match=
nl80211: Register frame type=0x20 (WLAN_FC_STYPE_REASSOC_REQ) nl_handle=0x559171567a70 match=
nl80211: Register frame type=0xa0 (WLAN_FC_STYPE_DISASSOC) nl_handle=0x559171567a70 match=
nl80211: Register frame type=0xc0 (WLAN_FC_STYPE_DEAUTH) nl_handle=0x559171567a70 match=
nl80211: Register frame type=0x40 (WLAN_FC_STYPE_PROBE_REQ) nl_handle=0x559171567a70 match=
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=04
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=0501
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=0504
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=06
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=08
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=09
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=0a
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=11
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=12
nl80211: Register frame type=0xd0 (WLAN_FC_STYPE_ACTION) nl_handle=0x559171567a70 match=7f
rfkill: initial event: idx=0 type=1 op=0 soft=0 hard=0
nl80211: Add own interface ifindex 4 (ifidx_reason -1)
nl80211: if_indices[16]: 4(-1)
phy: phy0
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
wlp10s0: interface state UNINITIALIZED->COUNTRY_UPDATE
Previous country code DE, new country code DE
nl80211: Regulatory information - country=DE (DFS-ETSI)
nl80211: 2400-2483 @ 40 MHz 20 mBm
nl80211: 5150-5250 @ 80 MHz 20 mBm (no outdoor)
nl80211: 5250-5350 @ 80 MHz 20 mBm (no outdoor) (DFS)
nl80211: 5470-5725 @ 160 MHz 26 mBm (DFS)
nl80211: 5725-5875 @ 80 MHz 13 mBm
nl80211: 57000-66000 @ 2160 MHz 40 mBm
nl80211: Added 802.11b mode based on 802.11g information
Allowed channel: mode=1 chan=1 freq=2412 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=2 freq=2417 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=3 freq=2422 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=4 freq=2427 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=5 freq=2432 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=6 freq=2437 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=7 freq=2442 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=8 freq=2447 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=9 freq=2452 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=10 freq=2457 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=11 freq=2462 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=12 freq=2467 MHz max_tx_power=20 dBm
Allowed channel: mode=1 chan=13 freq=2472 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=1 freq=2412 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=2 freq=2417 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=3 freq=2422 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=4 freq=2427 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=5 freq=2432 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=6 freq=2437 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=7 freq=2442 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=8 freq=2447 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=9 freq=2452 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=10 freq=2457 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=11 freq=2462 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=12 freq=2467 MHz max_tx_power=20 dBm
Allowed channel: mode=0 chan=13 freq=2472 MHz max_tx_power=20 dBm
hw vht capab: 0x0, conf vht capab: 0x0
Completing interface initialization
Mode: IEEE 802.11g Channel: 1 Frequency: 2412 MHz
DFS 0 channels required radar detection
nl80211: Set freq 2412 (ht_enabled=1, vht_enabled=0, bandwidth=20 MHz, cf1=2412 MHz, cf2=0 MHz)
* freq=2412
* vht_enabled=0
* ht_enabled=1
* sec_channel_offset=0
* channel_type=1
RATE[0] rate=10 flags=0x1
RATE[1] rate=20 flags=0x1
RATE[2] rate=55 flags=0x1
RATE[3] rate=110 flags=0x1
RATE[4] rate=60 flags=0x0
RATE[5] rate=90 flags=0x0
RATE[6] rate=120 flags=0x0
RATE[7] rate=180 flags=0x0
RATE[8] rate=240 flags=0x0
RATE[9] rate=360 flags=0x0
RATE[10] rate=480 flags=0x0
RATE[11] rate=540 flags=0x0
hostapd_setup_bss(hapd=0x559171568520 (wlp10s0), first=1)
wlp10s0: Flushing old station entries
nl80211: flush -> DEL_STATION wlp10s0 (all)
wlp10s0: Deauthenticate all stations
nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=2412
nl80211: send_frame -> send_frame_cmd
nl80211: CMD_FRAME freq=2412 wait=0 no_cck=0 no_ack=0 offchanok=0
CMD_FRAME - hexdump(len=26): c0 00 00 00 ff ff ff ff ff ff 50 3e aa 5f 30 56 50 3e aa 5f 30 56 00 00 02 00
nl80211: Frame command failed: ret=-16 (Device or resource busy) (freq=2412 wait=0)
wpa_driver_nl80211_set_key: ifindex=4 (wlp10s0) alg=0 addr=(nil) key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=4 (wlp10s0) alg=0 addr=(nil) key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=4 (wlp10s0) alg=0 addr=(nil) key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_nl80211_set_key: ifindex=4 (wlp10s0) alg=0 addr=(nil) key_idx=3 set_tx=0 seq_len=0 key_len=0
Using interface wlp10s0 with hwaddr 50:3e:aa:5f:30:56 and ssid "SG1"
Deriving WPA PSK based on passphrase
SSID - hexdump_ascii(len=3):
53 47 31 SG1
PSK (ASCII passphrase) - hexdump_ascii(len=8): [REMOVED]
PSK (from passphrase) - hexdump(len=32): [REMOVED]
random: Got 20/20 bytes from /dev/random
Get randomness: len=32 entropy=0
GMK - hexdump(len=32): [REMOVED]
Get randomness: len=32 entropy=0
Key Counter - hexdump(len=32): [REMOVED]
WPA: Delay group state machine start until Beacon frames have been configured
VLAN: vlan_set_name_type(name_type=2)
nl80211: Set beacon (beacon_set=0)
nl80211: Beacon head - hexdump(len=54): 80 00 00 00 ff ff ff ff ff ff 50 3e aa 5f 30 56 50 3e aa 5f 30 56 00 00 00 00 00 00 00 00 00 00 64 00 11 04 00 03 53 47 31 01 08 82 84 8b 96 0c 12 18 24 03 01 01
nl80211: Beacon tail - hexdump(len=127): 07 06 44 45 20 01 0d 14 2a 01 04 32 04 30 48 60 6c 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 0c 00 2d 1a 0c 00 1f ff ff 00 00 01 00 00 00 00 00 2c 01 01 00 00 00 00 00 00 00 00 00 00 3d 16 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 08 00 00 00 02 00 00 00 40 dd 18 00 50 f2 02 01 01 00 00 03 a4 00 00 27 a4 00 00 42 43 5e 00 62 32 2f 00
nl80211: ifindex=4
nl80211: beacon_int=100
nl80211: dtim_period=2
nl80211: ssid - hexdump_ascii(len=3):
53 47 31 SG1
* beacon_int=100
* dtim_period=2
nl80211: hidden SSID not in use
nl80211: privacy=1
nl80211: auth_algs=0x1
nl80211: wpa_version=0x2
nl80211: key_mgmt_suites=0x2
nl80211: pairwise_ciphers=0x10
nl80211: group_cipher=0x10
nl80211: SMPS mode - off
nl80211: beacon_ies - hexdump(len=10): 7f 08 00 00 00 02 00 00 00 40
nl80211: proberesp_ies - hexdump(len=10): 7f 08 00 00 00 02 00 00 00 40
nl80211: assocresp_ies - hexdump(len=10): 7f 08 00 00 00 02 00 00 00 40
WPA: Start group state machine to set initial keys
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
Get randomness: len=16 entropy=0
GTK - hexdump(len=16): [REMOVED]
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
wpa_driver_nl80211_set_key: ifindex=4 (wlp10s0) alg=3 addr=0x55916fde9221 key_idx=1 set_tx=1 seq_len=0 key_len=16
nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
broadcast key
nl80211: Set wlp10s0 operstate 0->1 (UP)
netlink: Operstate: ifindex=4 linkmode=-1 (no change), operstate=6 (IF_OPER_UP)
wlp10s0: interface state COUNTRY_UPDATE->ENABLED
wlp10s0: AP-ENABLED
wlp10s0: Setup of interface done.
ctrl_iface not configured!
VLAN: RTM_NEWLINK: ifi_index=4 ifname=wlp10s0 ifi_family=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
VLAN: vlan_newlink(wlp10s0)
RTM_NEWLINK: ifi_index=4 ifname=wlp10s0 operstate=6 linkmode=0 ifi_family=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
Signal 2 received - terminating
hostapd_interface_deinit_free(0x559171567020)
hostapd_interface_deinit_free: num_bss=1 conf->num_bss=1
hostapd_interface_deinit(0x559171567020)
wlp10s0: interface state ENABLED->DISABLED
hostapd_bss_deinit: deinit bss wlp10s0
wlp10s0: Deauthenticate all stations
nl80211: send_mlme - da= ff:ff:ff:ff:ff:ff noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=2412
nl80211: send_frame -> send_frame_cmd
nl80211: CMD_FRAME freq=2412 wait=0 no_cck=0 no_ack=0 offchanok=0
CMD_FRAME - hexdump(len=26): c0 00 00 00 ff ff ff ff ff ff 50 3e aa 5f 30 56 50 3e aa 5f 30 56 00 00 03 00
nl80211: Frame TX command accepted; cookie 0x27
wlp10s0: AP-DISABLED
hostapd_cleanup(hapd=0x559171568520 (wlp10s0))
hostapd_free_hapd_data(wlp10s0)
hostapd_interface_deinit_free: driver=0x559170052c60 drv_priv=0x5591715691b0 -> hapd_deinit
nl80211: deinit ifname=wlp10s0 disabled_11b_rates=0
nl80211: Remove monitor interface: refcount=0
nl80211: Remove beacon (ifindex=4)
netlink: Operstate: ifindex=4 linkmode=0 (kernel-control), operstate=6 (IF_OPER_UP)
nl80211: Set mode ifindex 4 iftype 2 (STATION)
nl80211: Teardown AP(wlp10s0) - device_ap_sme=0 use_monitor=0
nl80211: Unsubscribe mgmt frames handle 0x8888dd19f9def2f9 (AP teardown)
hostapd_interface_free(0x559171567020)
hostapd_interface_free: free hapd 0x559171568520
hostapd_cleanup_iface(0x559171567020)
hostapd_cleanup_iface_partial(0x559171567020)
hostapd_cleanup_iface: free iface=0x559171567020
|
|
|
| Back to top |
|
|
bbgermany
Veteran
Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
|
| Posted: Mon Feb 05, 2018 1:07 pm Post subject: |
|
|
Hi,
I have hostapd running in bridge mode with vlan support. If you like to get my config to adapt it to your config, just let me know. I will post it here.
greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Mon Feb 05, 2018 3:15 pm Post subject: |
|
|
Hi bbgermany,
would be great to see your config  |
|
| Back to top |
|
|
bbgermany
Veteran
Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
|
| Posted: Tue Feb 06, 2018 6:30 am Post subject: |
|
|
Hi,
I have two wireless cards and just one ethernet interface. First wireless card is an onboard mini-pci atheros card with ath9k driver. The second card is an usb adapter based on carl9170 chip.
Here are my config files (without passwords  ):
/etc/conf.d/net
| Code: |
vlans_enp2s0="1 2"
config_enp2s0="null"
config_enp2s0_1="null"
config_enp2s0_2="null"
config_brvlan1="192.168.23.221/24"
routes_brvlan1="default via 192.168.23.254"
config_brvlan2="192.168.0.200/24"
routes_brvlan2="default via 192.168.0.254"
dns_domain_lo="domain.tld"
dns_servers_lo="192.168.23.254"
dns_search_lo="domain.tld"
# brctl_brvlan1="setfd 0 sethello 10 stp on"
bridge_forward_delay_brvlan1=0
bridge_hello_time_brvlan1=1000
bridge_stp_state_brvlan1=1
bridge_brvlan1="enp2s0.1"
# brctl_brvlan2="setfd 0 sethello 10 stp on"
bridge_forward_delay_brvlan2=0
bridge_hello_time_brvlan2=1000
bridge_stp_state_brvlan2=1
bridge_brvlan2="enp2s0.2"
config_wlp3s4="null"
modules_wlp3s4="!wpa_supplicant !iwconfig"
config_wlp0s29f7u4="null"
modules_wlp0s29f7u4="!wpa_supplicant !iwconfig"
rc_net_brvlan1_need="net.enp2s0"
rc_net_brvlan2_need="net.enp2s0"
preup() {
COUNTRY=DE crda
rfkill unblock all
iw reg set DE
}
|
Since I have two wlans, one for my internal use and one for my guests, I have two config files:
internal config, 2.4GHz wireless N supported with 40MHz channel bandwidth:
| Code: |
bridge=brvlan1
interface=wlp3s4
driver=nl80211
ssid=<my ssid>
channel=6
ignore_broadcast_ssid=0
country_code=DE
ieee80211d=1
hw_mode=g
ieee80211n=1
ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][RX-STBC1][MAX-AMSDU-3839]
beacon_int=100
dtim_period=2
macaddr_acl=0
max_num_sta=10
ap_max_inactivity=1200
rts_threshold=2347
fragm_threshold=2346
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
auth_algs=1
wpa=2
rsn_preauth=1
rsn_preauth_interfaces=wlp3s4
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP TKIP
wpa_pairwise=CCMP TKIP
wpa_group_rekey=600
wpa_ptk_rekey=600
wpa_gmk_rekey=86400
wpa_passphrase=<preshared key>
|
for my guests, i have the following config, 5.5MBits only:
| Code: |
bridge=brvlan2
interface=wlp0s29f7u4
driver=nl80211
ssid=guest_wlan
channel=1
ignore_broadcast_ssid=0
country_code=DE
ieee80211d=1
ieee80211h=1
hw_mode=g
ieee80211n=0
supported_rates=10 20 55
basic_rates=10 20 55
ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][RX-STBC1][MAX-AMSDU-3839]
beacon_int=100
dtim_period=2
macaddr_acl=0
max_num_sta=10
ap_max_inactivity=1200
rts_threshold=2347
fragm_threshold=2346
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
auth_algs=1
wpa=2
rsn_preauth=1
rsn_preauth_interfaces=wlp0s29f7u4
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP TKIP
wpa_pairwise=CCMP TKIP
wpa_group_rekey=600
wpa_ptk_rekey=600
wpa_gmk_rekey=86400
wpa_passphrase=<preshared key>
|
/etc/conf.d/hostapd is looking like this:
| Code: |
# Space separated List of interfaces which needs to be started before
# hostapd
INTERFACES="brvlan1 brvlan2 wlp3s4 wlp0s29f7u4"
# Space separated list of configuration files
CONFIGS="/etc/hostapd/hostapd_intern.conf /etc/hostapd/hostapd_extern.conf"
# Extra options to pass to hostapd, see hostapd(8)
OPTIONS=""
|
Since in Germany its not quite easy with free wlan access, i still have a key for the guest wlan. I used an article out of the heise ct (german it magazine) for creating a wlan ap with a changing password.
| Code: |
#!/bin/bash
WLANPSK=$(dd if=/dev/urandom count=1 status=none | tr -d -c 'a-z' | cut -b1-10)
sed -i "s/wpa_passphrase=.*/wpa_passphrase=${WLANPSK}/" /etc/hostapd/hostapd_extern.conf
/etc/init.d/hostapd restart
qrencode -t PNG -o /tmp/android.png -s 4 "WIFI:T:WPA;S:guest_wlan;P:${WLANPSK};H:false;"
qrencode -t PNG -o /tmp/windows.png -s 4 "WIFI;T:WPA;S:guest_wlan;P:${WLANPSK};H:false;"
sed -e "s/<string>wlanpsk/<string>${WLANPSK}/" /usr/local/etc/guestwlan.mobileconfig.in > /tmp/mobileconfig
scp /tmp/mobileconfig root@webserver:/var/www/html/wlan
qrencode -t PNG -o /tmp/ios.png -s 4 "https://<hostname>/wlan/mobileconfig"
scp /tmp/*.png root@webserver:/var/www/html/wlan
|
guestwlan.mobileconfig.in
| Code: |
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>EncryptionType</key>
<string>Any</string>
<key>HIDDEN_NETWORK</key>
<false/>
<key>Password</key>
<string>wlanpsk</string>
<key>PayloadIdentifier</key>
<string>tld.domain.wlan</string>
<key>PayloadType</key>
<string>com.apple.wifi.managed</string>
<key>PayloadUUID</key>
<string>gast_wlan</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>SSID_STR</key>
<string>guest_wlan</string>
</dict>
</array>
<key>PayloadDescription</key>
<string>Profile, for connecting to the guest wlan.</string>
<key>PayloadDisplayName</key>
<string>WLAN: guest_wlan</string>
<key>PayloadIdentifier</key>
<string>tld.domain</string>
<key>PayloadOrganization</key>
<string>DOMAIN</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>guest_wlan</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
|
I hope this helps a bit. If you have further questions, just ask.
greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Tue Feb 06, 2018 4:46 pm Post subject: |
|
|
I'm not managing to get an ip address form dhcp with nmap i only get answer on 1 vlan (br0.2 192.168.2.0/24)
I configured the following now:
/etc/conf.d/net
| Code: |
config_enp6s0="192.168.178.29/24"
routes_enp6s0="default via 192.168.178.1"
dns_servers_enp6s0="localhost 192.168.178.1"
config_enp7s0="null"
modules_wlp10s0="!iwconfig !wpa_supplicant"
config_wlp10s0="null"
bridge_br0="enp7s0"
rc_net_br0_need="net.enp7s0"
bridge_forward_delay_br0=0
bridge_hello_time_br0=1000
vlans_br0="1 2"
config_br0="null"
config_br0_1="192.168.1.1/24"
config_br0_2="192.168.2.1/24"
preup() {
rfkill unblock all
}
|
/etc/conf.d/dhcpd
| Code: |
DHCPD_IFACE="br0.1 br0.2"
|
/etc/conf.d/hostapd
| Code: |
INTERFACES="br0.1 br0.2"
|
ip addr
| Code: |
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 1c:1b:0d:9e:18:27 brd ff:ff:ff:ff:ff:ff
inet6 fe80::1e1b:dff:fe9e:1827/64 scope link
valid_lft forever preferred_lft forever
3: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 1c:1b:0d:9e:18:25 brd ff:ff:ff:ff:ff:ff
inet 192.168.178.29/24 brd 192.168.178.255 scope global enp6s0
valid_lft forever preferred_lft forever
inet6 fe80::1e1b:dff:fe9e:1825/64 scope link
valid_lft forever preferred_lft forever
4: wlp10s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 50:3e:aa:5f:30:56 brd ff:ff:ff:ff:ff:ff
5: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1
link/sit 0.0.0.0 brd 0.0.0.0
6: br0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 1c:1b:0d:9e:18:27 brd ff:ff:ff:ff:ff:ff
inet6 fe80::1e1b:dff:fe9e:1827/64 scope link
valid_lft forever preferred_lft forever
7: br0.1@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 1c:1b:0d:9e:18:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br0.1
valid_lft forever preferred_lft forever
inet6 fe80::1e1b:dff:fe9e:1827/64 scope link
valid_lft forever preferred_lft forever
8: br0.2@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 1c:1b:0d:9e:18:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.2.255 scope global br0.2
valid_lft forever preferred_lft forever
inet6 fe80::1e1b:dff:fe9e:1827/64 scope link
valid_lft forever preferred_lft forever
9: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.100.0.1 peer 10.100.0.2/32 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::4e7d:a348:9839:6ad/64 scope link stable-privacy
valid_lft forever preferred_lft forever
|
iptables
| Code: |
f2b-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:873
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1900
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8200
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9001
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8000:8010
ACCEPT tcp -- 127.0.0.1 127.0.0.1 tcp dpt:10023
ACCEPT tcp -- 127.0.0.1 127.0.0.1 tcp dpt:10024
ACCEPT tcp -- 127.0.0.1 127.0.0.1 tcp dpt:10025
ACCEPT all -- 192.168.178.0/24 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID,NEW
|
/etc/dhcp/dhcpd.conf
| Code: |
option domain-name "rock.lan";
option domain-name-servers ns.rock.lan;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style interim;
ddns-updates on;
update-static-leases on;
deny-client-update;
ddns-domainname "rock.lan.";
ddns-rev-domainname "in-addr-arpa.";
authoritative;
log-facility local7;
key "DHCP_UPDATER" {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "******";
};
zone rock.lan. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
zone 1.168.192.in-addr.arpa. {
primary 127.0.0.1;
key DHCP_UPDATER;
}
zone 2.168.192.in-addr.arpa {
primary 127.0.0.1;
key DHCP_UPDATER;
}
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.254;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
option domain-search "my.lan";
ddns-domainname "my.lan";
deny unknown-clients;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.2 192.168.2.254;
option routers 192.168.2.1;
option broadcast-address 192.168.2.255;
option domain-search "my.lan";
ddns-domainname "my.lan";
allow unknown-clients;
}
|
tcpdump -i br0.1 -nev udp port 68 | nmap --script broadcast-dhcp-discover -e br0.1
| Code: |
Starting Nmap 7.40 ( https://nmap.org ) at 2018-02-06 19:42 CET
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 10.22 seconds
|
| Code: |
dropped privs to tcpdump
tcpdump: listening on br0.1, link-type EN10MB (Ethernet), capture size 262144 bytes
19:42:27.717869 1c:1b:0d:9e:18:27 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 358: (tos 0x0, ttl 64, id 41302, offset 0, flags [DF], proto UDP (17), length 344)
192.168.1.1.68 > 255.255.255.255.67: BOOTP/DHCP, Request from de:ad:c0:de:ca:fe, length 316, xid 0xe235f702, Flags [Broadcast]
Client-Ethernet-Address de:ad:c0:de:ca:fe
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 64:
Option 252, Subnet-Mask, Time-Zone, Default-Gateway
Time-Server, IEN-Name-Server, Domain-Name-Server, LOG
CS, LPR-Server, IM, RL
Hostname, BS, DP, Domain-Name
SS, RP, EP, IPF
SRT, PF, RSZ, TTL
MTU-Timeout, MTU-Table, MTU, LSN
BR, MD, MS, Router-Discovery
RSA, Static-Route, UT, AT
IE, TT, KI, KG
YD, YS, NTP, Vendor-Option
Netbios-Name-Server, WDD, Netbios-Node, Netbios-Scope
XFS, XDM, Requested-IP, Lease-Time
OO, DHCP-Message, Server-ID, Parameter-Request
MSG, MSZ, RN, RB
Vendor-Class, Client-ID, BF, TFTP
Lease-Time Option 51, length 4: 1
^C
1 packet captured
1 packet received by filter
0 packets dropped by kernel
|
tcpdump -i br0.2 -nev udp port 68 | nmap --script broadcast-dhcp-discover -e br0.2
| Code: |
Starting Nmap 7.40 ( https://nmap.org ) at 2018-02-06 19:44 CET
Pre-scan script results:
| broadcast-dhcp-discover:
| Response 1 of 1:
| IP Offered: 192.168.2.2
| DHCP Message Type: DHCPOFFER
| Server Identifier: 192.168.2.1
| IP Address Lease Time: 5m00s
| Subnet Mask: 255.255.255.0
| Router: 192.168.2.1
| Domain Name: rock.lan
|_ Broadcast Address: 192.168.2.255
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 1.24 seconds
|
| Code: |
dropped privs to tcpdump
tcpdump: listening on br0.2, link-type EN10MB (Ethernet), capture size 262144 bytes
19:44:19.927901 1c:1b:0d:9e:18:27 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 358: (tos 0x0, ttl 64, id 16779, offset 0, flags [DF], proto UDP (17), length 344)
192.168.2.1.68 > 255.255.255.255.67: BOOTP/DHCP, Request from de:ad:c0:de:ca:fe, length 316, xid 0xdb8a1467, Flags [Broadcast]
Client-Ethernet-Address de:ad:c0:de:ca:fe
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Parameter-Request Option 55, length 64:
Option 252, Subnet-Mask, Time-Zone, Default-Gateway
Time-Server, IEN-Name-Server, Domain-Name-Server, LOG
CS, LPR-Server, IM, RL
Hostname, BS, DP, Domain-Name
SS, RP, EP, IPF
SRT, PF, RSZ, TTL
MTU-Timeout, MTU-Table, MTU, LSN
BR, MD, MS, Router-Discovery
RSA, Static-Route, UT, AT
IE, TT, KI, KG
YD, YS, NTP, Vendor-Option
Netbios-Name-Server, WDD, Netbios-Node, Netbios-Scope
XFS, XDM, Requested-IP, Lease-Time
OO, DHCP-Message, Server-ID, Parameter-Request
MSG, MSZ, RN, RB
Vendor-Class, Client-ID, BF, TFTP
Lease-Time Option 51, length 4: 1
19:44:20.941556 1c:1b:0d:9e:18:27 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
192.168.2.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 300, xid 0xdb8a1467, Flags [Broadcast]
Your-IP 192.168.2.2
Client-Ethernet-Address de:ad:c0:de:ca:fe
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Server-ID Option 54, length 4: 192.168.2.1
Lease-Time Option 51, length 4: 300
Subnet-Mask Option 1, length 4: 255.255.255.0
Default-Gateway Option 3, length 4: 192.168.2.1
Domain-Name Option 15, length 8: "rock.lan"
BR Option 28, length 4: 192.168.2.255
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
|
|
|
| Back to top |
|
|
bbgermany
Veteran
Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
|
| Posted: Tue Feb 06, 2018 7:22 pm Post subject: |
|
|
Im very sorry, but I cannot follow what you are trying to do. Can you please explain?
I would suggest on the other side, you create a bridge interface with enp7s0 first and assign an ip address either static within 192.168.178.x/24 or get an ip address for the bridge via dhcp from your Fritz!Box. Then create the wireless interface with no config and add it via hostapd to your bridge.
for example like this:
/etc/conf.d/net
| Code: |
config_enp7s0="null"
config_wlp10s0="null"
bridge_br0="enp7s0"
rc_net_br0_need="net.enp7s0"
bridge_forward_delay_br0=0
bridge_hello_time_br0=1000
config_br0="dhcp"
# alternate static config
# config_br0="192.168.178.29/24"
# routes_br0="default via 192.168.178.1"
# dns_servers_br0="localhost 192.168.178.1"
preup() {
rfkill unblock all
}
|
Now take care of your hostapd.conf and /etc/conf.d/hostapd
/etc/conf.d/hostapd
| Code: |
# Space separated List of interfaces which needs to be started before
# hostapd
INTERFACES="br0 wlp10s0"
# Space separated list of configuration files
CONFIGS="/etc/hostapd/hostapd.conf"
# Extra options to pass to hostapd, see hostapd(8)
OPTIONS=""
|
/etc/hostapd/hostapd.conf
| Code: |
bridge=br0
interface=wlp10s0
driver=nl80211
ssid=<your ssid>
channel=6
ignore_broadcast_ssid=0
country_code=DE
ieee80211d=1
hw_mode=g
ieee80211n=1
ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40][RX-STBC1][MAX-AMSDU-3839]
beacon_int=100
dtim_period=2
macaddr_acl=0
max_num_sta=10
ap_max_inactivity=1200
rts_threshold=2347
fragm_threshold=2346
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
auth_algs=1
wpa=2
rsn_preauth=1
rsn_preauth_interfaces=wlp3s4
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP TKIP
wpa_pairwise=CCMP TKIP
wpa_group_rekey=600
wpa_ptk_rekey=600
wpa_gmk_rekey=86400
wpa_passphrase=<your key>
|
if this works, you should redo your vlan config. My problem was to add a single wlan interface to two vlans, so i added a second wlan adapter.
greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Tue Feb 06, 2018 7:29 pm Post subject: |
|
|
enp6s0 is my interface connected to my FritzBox.
enp7s0 and wlp10s0 are bridge br0.
hostapd woked perfectly...
What i'm now trying to do is connecting to the ap and gain an ip via my internal dhcp
The dhcp has 2 different subnets
192.168.1.0724
192.168.2.0/24
for this i think i have to use vlan because there is just one ethernet and one wlan card but 2 subnets right? |
|
| Back to top |
|
|
bbgermany
Veteran
Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
|
| Posted: Tue Feb 06, 2018 7:34 pm Post subject: |
|
|
/etc/conf.d/hostapd must contain all interfaces in the list iirc.
it wasnt working in my case if there is only the bridged interfaces named in the list.
greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Tue Feb 06, 2018 7:39 pm Post subject: |
|
|
It was starting but i didn't got an ip...
now i've got the following for the hostadap list:
INTERFACES="br0.1 br0.2 wlp10s0"...
Next thing is to set up dhcp working an then i can say if its working |
|
| Back to top |
|
|
bbgermany
Veteran
Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
|
| Posted: Tue Feb 06, 2018 7:50 pm Post subject: |
|
|
Try setting a static ip on the wlan client and ping the interfaces of the hostapd server.
greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Tue Feb 06, 2018 8:01 pm Post subject: |
|
|
Okay...
now i've got it to work with just br0 and wlp10s0
/etc/conf.d/net
| Code: |
config_enp6s0="192.168.178.29/24"
routes_enp6s0="default via 192.168.178.1"
dns_servers_enp6s0="localhost 192.168.178.1"
config_enp7s0="null"
modules_wlp10s0="!iwconfig !wpa_supplicant"
config_wlp10s0="null"
bridge_br0="enp7s0"
rc_net_br0_need="net.enp7s0"
bridge_forward_delay_br0=0
bridge_hello_time_br0=1000
#vlans_br0="1 2"
config_br0="192.168.1.1/24 192.168.2.1/24"
#config_br0_1="192.168.1.1/24"
#config_br0_2="192.168.2.1/24"
preup() {
rfkill unblock all
}
|
/etc/conf.d/dhcpd
here what now is not working in this setup:
| Code: |
Feb 6 20:56:51 sg1 dhcpd[7280]: irs_resconf_load failed: 59.
Feb 6 20:56:51 sg1 dhcpd[7280]: Unable to set resolver from resolv.conf; startup continuing but DDNS support may be affected
Feb 6 20:56:51 sg1 dhcpd[7280]: Internet Systems Consortium DHCP Server 4.3.5 Gentoo-r0
Feb 6 20:56:51 sg1 dhcpd[7280]: Copyright 2004-2016 Internet Systems Consortium.
Feb 6 20:56:51 sg1 dhcpd[7280]: All rights reserved.
Feb 6 20:56:51 sg1 dhcpd[7280]: For info, please visit https://www.isc.org/software/dhcp/
Feb 6 20:56:51 sg1 dhcpd[7280]: Wrote 0 deleted host decls to leases file.
Feb 6 20:56:51 sg1 dhcpd[7280]: Wrote 0 new dynamic host decls to leases file.
Feb 6 20:56:51 sg1 dhcpd[7280]: Wrote 0 leases to leases file.
Feb 6 20:56:51 sg1 dhcpd[7282]: Server starting service.
Feb 6 20:56:56 sg1 dhcpd[7282]: Dynamic and static leases present for 192.168.1.3.
Feb 6 20:56:56 sg1 dhcpd[7282]: Remove host declaration VENUS or remove 192.168.1.3
Feb 6 20:56:56 sg1 dhcpd[7282]: from the dynamic address pool for 192.168.1.0/24
Feb 6 20:56:56 sg1 dhcpd[7282]: DHCPREQUEST for 192.168.1.3 from c8:9c:dc:d1:b9:ba via br0
Feb 6 20:56:56 sg1 dhcpd[7282]: ns1.rock.lan: host unknown.
Feb 6 20:56:56 sg1 dhcpd[7282]: DHCPACK on 192.168.1.3 to c8:9c:dc:d1:b9:ba via br0
Feb 6 20:56:56 sg1 dhcpd[7282]: Unable to add forward map from VENUS.rock.lan to 192.168.1.3: SERVFAIL
Feb 6 20:57:17 sg1 dhcpd[7282]: DHCPDISCOVER from 8c:f5:a3:7a:19:9c via br0
Feb 6 20:57:18 sg1 dhcpd[7282]: DHCPOFFER on 192.168.1.2 to 8c:f5:a3:7a:19:9c (Samsung-Galaxy-S7) via br0
Feb 6 20:57:18 sg1 dhcpd[7282]: DHCPREQUEST for 192.168.1.2 (192.168.1.1) from 8c:f5:a3:7a:19:9c (Samsung-Galaxy-S7) via br0
Feb 6 20:57:18 sg1 dhcpd[7282]: DHCPACK on 192.168.1.2 to 8c:f5:a3:7a:19:9c (Samsung-Galaxy-S7) via br0
Feb 6 20:57:18 sg1 dhcpd[7282]: Unable to add forward map from Samsung-Galaxy-S7.rock.lan to 192.168.1.2: SERVFAIL
|
this is a result of named
/var/log/named/named.conf
| Code: |
06-Feb-2018 21:31:13.611 update-security: info: client @0x7fea80122280 127.0.0.1#61433/key dhcp_updater: signer "dhcp_updater" approved
06-Feb-2018 21:31:13.611 update: info: client @0x7fea80122280 127.0.0.1#61433/key dhcp_updater: updating zone 'rock.lan/IN': adding an RR at 'Samsung-Galaxy-S7.rock.lan' A 192.168.1.2
06-Feb-2018 21:31:13.611 update: info: client @0x7fea80122280 127.0.0.1#61433/key dhcp_updater: updating zone 'rock.lan/IN': adding an RR at 'Samsung-Galaxy-S7.rock.lan' TXT "31736cad8d609e589a58b3efa14718a76c"
06-Feb-2018 21:31:13.611 general: error: pri/rock.lan.jnl: create: permission denied
06-Feb-2018 21:31:13.611 update: info: client @0x7fea80122280 127.0.0.1#61433/key dhcp_updater: updating zone 'rock.lan/IN': error: journal open failed: unexpected error
06-Feb-2018 21:36:01.852 update-security: info: client @0x7fea80122280 127.0.0.1#61433/key dhcp_updater: signer "dhcp_updater" approved
06-Feb-2018 21:36:01.852 update: info: client @0x7fea80122280 127.0.0.1#61433/key dhcp_updater: updating zone 'rock.lan/IN': adding an RR at 'Samsung-Galaxy-S7.rock.lan' A 192.168.1.2
06-Feb-2018 21:36:01.852 update: info: client @0x7fea80122280 127.0.0.1#61433/key dhcp_updater: updating zone 'rock.lan/IN': adding an RR at 'Samsung-Galaxy-S7.rock.lan' TXT "31736cad8d609e589a58b3efa14718a76c"
06-Feb-2018 21:36:01.852 general: error: pri/rock.lan.jnl: create: permission denied
06-Feb-2018 21:36:01.852 update: info: client @0x7fea80122280 127.0.0.1#61433/key dhcp_updater: updating zone 'rock.lan/IN': error: journal open failed: unexpected error
|
Permssion overview, nothing changed just by portage
| Code: |
ls -lah /etc | grep bind
drwxr-xr-x 2 named root 4,0K 6. Feb 21:11 bind
ls -lah /etc/bind/
drwxr-xr-x 2 named root 4,0K 6. Feb 21:11 .
drwxr-xr-x 80 root root 4,0K 6. Feb 21:08 ..
-rw-r----- 1 root named 3,9K 26. Jan 18:19 bind.keys
lrwxrwxrwx 1 root root 13 26. Jan 18:19 dyn -> /var/bind/dyn
-rw-r----- 1 root named 1,6K 6. Feb 21:30 named.conf
-rw-r----- 1 root named 1,6K 6. Feb 21:11 named.conf.save
lrwxrwxrwx 1 root root 13 26. Jan 18:19 pri -> /var/bind/pri
-rw-r----- 1 root named 77 8. Aug 10:48 rndc.key
lrwxrwxrwx 1 root root 13 26. Jan 18:19 sec -> /var/bind/sec
ls -lah /etc/bind/dyn/
drwxrwx--- 2 root named 4,0K 26. Jan 18:19 .
drwxrwx--- 5 root named 4,0K 6. Feb 21:31 ..
-rw-r--r-- 1 root root 0 26. Jan 18:19 .keep_net-dns_bind-0
ls -lah /etc/bind/pri/
drwxr-x--- 2 root named 4,0K 6. Feb 15:21 .
drwxrwx--- 5 root named 4,0K 6. Feb 21:31 ..
-rw-r--r-- 1 root root 0 26. Jan 18:19 .keep_net-dns_bind-0
-rw-r--r-- 1 root named 241 6. Feb 15:16 1.168.192.zone
-rw-r--r-- 1 root named 265 6. Feb 15:17 2.168.192.zone
-rw-r----- 1 root named 426 26. Jan 18:19 localhost.zone
-rw-r--r-- 1 root named 334 6. Feb 15:19 rock.lan
ls -lah /etc/bind/sec/
drwxrwx--- 2 root named 4,0K 26. Jan 18:19 .
drwxrwx--- 5 root named 4,0K 6. Feb 21:31 ..
-rw-r--r-- 1 root root 0 26. Jan 18:19 .keep_net-dns_bind-0
ls -lah /var/ | grep bind
drwxrwx--- 5 root named 4,0K 6. Feb 21:31 bind
ls -lah /var/bind/
drwxrwx--- 5 root named 4,0K 6. Feb 21:31 .
drwxr-xr-x 13 root root 4,0K 11. Dez 20:37 ..
drwxrwx--- 2 root named 4,0K 26. Jan 18:19 dyn
-rw-r--r-- 1 named named 1,4K 6. Feb 21:31 managed-keys.bind
-rw-r--r-- 1 named named 512 6. Feb 21:31 managed-keys.bind.jnl
-rw-r----- 1 root named 3,3K 26. Jan 18:19 named.cache
drwxr-x--- 2 root named 4,0K 6. Feb 15:21 pri
lrwxrwxrwx 1 root root 11 26. Jan 18:19 root.cache -> named.cache
drwxrwx--- 2 root named 4,0K 26. Jan 18:19 sec
ls -lah /var/bind/dyn/
drwxrwx--- 2 root named 4,0K 26. Jan 18:19 .
drwxrwx--- 5 root named 4,0K 6. Feb 21:31 ..
-rw-r--r-- 1 root root 0 26. Jan 18:19 .keep_net-dns_bind-0
ls -lah /var/bind/pri/
drwxr-x--- 2 root named 4,0K 6. Feb 15:21 .
drwxrwx--- 5 root named 4,0K 6. Feb 21:31 ..
-rw-r--r-- 1 root root 0 26. Jan 18:19 .keep_net-dns_bind-0
-rw-r--r-- 1 root named 241 6. Feb 15:16 1.168.192.zone
-rw-r--r-- 1 root named 265 6. Feb 15:17 2.168.192.zone
-rw-r----- 1 root named 426 26. Jan 18:19 localhost.zone
-rw-r--r-- 1 root named 334 6. Feb 15:19 rock.lan
ls -lah /var/bind/sec/
drwxrwx--- 2 root named 4,0K 26. Jan 18:19 .
drwxrwx--- 5 root named 4,0K 6. Feb 21:31 ..
-rw-r--r-- 1 root root 0 26. Jan 18:19 .keep_net-dns_bind-0
|
|
|
| Back to top |
|
|
bbgermany
Veteran
Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
|
| Posted: Wed Feb 07, 2018 6:49 am Post subject: |
|
|
Looks like you run into the same issue as i did, one wireless interface and two vlans wont work. Adding another physical card/interface solved this for me.
greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Wed Feb 07, 2018 9:59 am Post subject: |
|
|
| Would it help first vlan and then bridging or is it the same when first bridging and then vlan? |
|
| Back to top |
|
|
bbgermany
Veteran
Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
|
| Posted: Wed Feb 07, 2018 10:59 am Post subject: |
|
|
I tried both. When first creating the vlan, i wasnt able to add the wireless interface to both vlans. If i created the bridges first, i wasnt able to create vlans anymore and run the hostapd. I just gave up, and added the usb wireless device.
but you can try by yourself, maybe you have more luck then i had.
greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Wed Feb 07, 2018 1:21 pm Post subject: |
|
|
I think i've found the solution...
hostapd has the following use flag:
- - netlink : Adding support for using netlink to create VLANs
i will try this this afternoon and let you know |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Wed Feb 07, 2018 3:48 pm Post subject: |
|
|
It's not working even with vlan enabled...
Think to use a 2nd wlan card
Is it possible with two wlan cards and just having 1 ap but 2 subnets controlled by dhcp |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3129
|
| Posted: Wed Feb 07, 2018 10:54 pm Post subject: |
|
|
I think you're doing it wrong. You have too many IPs around your bridge.
Bridge works in layer 2. You deal with MAC addresses there. You're not supposed to give IP address to the enslaved interfaces. You only give 1 IP to the bridge interface itself.
All devices connected to the bridge can see each other unless you explicitly enable firewall on bridged interfaces - the traffic passing through is not considered for filtering otherwise.
So:
* either enable routing, remove the bridge, and give IPs to all those physical interfaces you have there (And then create separate subnets in your DHCP, and put that dhcp on your router, so it can assign your clients to the correct subnets based on local interface)
* or remove IPs from all interfaces and put it on your bridge instead, and go for a uniform network with a single, shared address space. |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Thu Feb 08, 2018 6:45 pm Post subject: |
|
|
I've done it now how bbgermany has suggested....
now woks perfect.
one errir what i noticed after a few minutes of activity is the following kernel message
| Code: |
Feb 8 19:40:49 sg1 kernel: AMD-Vi: Event logged [
Feb 8 19:40:49 sg1 kernel: IO_PAGE_FAULT device=0a:00.0 domain=0x000b address=0x00000000f3fea064 flags=0x0000]
|
and then i cant connect anymore and have to restart the whole server
@bbgermany
is it possible via the lan port to get ips at you? |
|
| Back to top |
|
|
bbgermany
Veteran
Joined: 21 Feb 2005
Posts: 1844
Location: Oranienburg/Germany
|
| Posted: Fri Feb 09, 2018 6:14 am Post subject: |
|
|
| Rocky007 wrote: | I've done it now how bbgermany has suggested....
now woks perfect.
one errir what i noticed after a few minutes of activity is the following kernel message
| Code: |
Feb 8 19:40:49 sg1 kernel: AMD-Vi: Event logged [
Feb 8 19:40:49 sg1 kernel: IO_PAGE_FAULT device=0a:00.0 domain=0x000b address=0x00000000f3fea064 flags=0x0000]
|
and then i cant connect anymore and have to restart the whole server
|
Ubuntu has the same problem. They suggest to add the following to your grub cmdline:
| Rocky007 wrote: |
@bbgermany
is it possible via the lan port to get ips at you? |
Do you mean the public addresses, your provider gives to your router?
greets, bb
_________________
Desktop: Ryzen 5 5600G, 32GB, 2TB, RX7600
Notebook: Dell XPS 13 9370, 16GB, 1TB
Server #1: Ryzen 5 Pro 4650G, 64GB, 16.5TB
Server #2: Ryzen 4800H, 32GB, 22TB |
|
| Back to top |
|
|
Rocky007
n00b
Joined: 22 Dec 2014
Posts: 66
|
| Posted: Fri Feb 09, 2018 8:54 am Post subject: |
|
|
Hi bbgermany,
i mean dhcp addresses...
currently i'm just able to get ips via dhcp when in WLAN, LAN no request reaches the dhcp server.
Maybe it has something to do with my PowerLan, but both adapters i can see in the TPLINK Mangement tool and they are connected. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
