Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] WIFI Access Point DHCP troubles
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
MasterGollom
n00b
n00b


Joined: 23 May 2016
Posts: 10
Location: Luxembourg

PostPosted: Fri Aug 04, 2017 9:50 am    Post subject: [Solved] WIFI Access Point DHCP troubles Reply with quote

Hi guys,

Based on this post: https://forums.gentoo.org/viewtopic-t-1045244.html I'm extending my network with an Access Point for the VPN-LAN


Code:
                          +-------------------------+                     
               (public IP)|   Router  DHCP-Server   |       SSID = mywlan
  {INTERNET}=============={                     WLAN}-----> 192.168.1.0/24
                          |                         |                     
                          |         LAN switch      |                     
                          +------------+------------+
                                       | (192.168.1.1)
                                       |
                                       |              +-----------------------+
                                       |              |                       |
                                       |              |        OpenVPN        |  eth1: 192.168.1.207/24
                                       +--------------{eth1    Client         |  eth0: 10.0.0.1/24            +-------------------+
                                       |              |                       |                               |    Access Point   |  eth0: 10.0.0.10/24
                                       |              |                   eth0}-------------------------------{eth0               |  wlan0: 10.0.0.2/24
                                       |              +-----------------------+                               |   DHCP-Server     |          SSID = mywlan_vpn                 
                                       |                                                                      |              wlan0}----------> 10.0.0.0/24
                              +--------+-----------+                                                          |                   |
                              |                    |                                                          +-------------------+
                              |  Other LAN clients |                                                       
                              |                    |                                                       
                              |   192.168.1.0/24   |                                                   
                              |   (internal net)   |                                                             
                              +--------------------+                                                         



So, I'm having two DHCP-Servers in my entire network. One for the LAN 192.168.1.0/24 and one for the VPN-LAN 10.0.0.0/24.

The Problem I'm experiencing now is that when I'm connecting my tablet to mywlan_vpn I'm getting an IP from the DHCP on the Router and not the DHCP on the AP (but only when I'm activating the bridge br0 on the AP)and my tablet is not accessing the internet via the VPN.

Here's how i configured the AP:

/etc/conf.d/net
Code:
modules_wlan0="!iwconfig !wpa_supplicant"
config_wlan0="10.0.0.9/24"

config_eth0="null"

config_br0="10.0.0.10/24"
routes_br0="default via 10.0.0.1"

bridge_forward_delay_br0=0
bridge_hello_time_br0=1000
bridge_stp_state_br0_0
bridge_br0="eth0"


/etc/dnsmasq/dnsmasq.conf
Code:
interface=wlan0
no-dhcp-interface=eth0
dhcp-range=10.0.0.100,10.0.0.250,24h


/etc/hostapd/hostapd.conf
Code:

interface=wlan0
hw_mode=g
channel=10
ieee80211d=1
country_code=FR
ieee80211n=1
wmm_enabled=1

ssid=mywlan_vpn
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=0123456789

bridge=br0


When I disable the bridge br0 I'm getting an IP by the APs DHCP-Server. With the bridge enabled I'm getting an IP by the Routers DHCP...this is driving me nuts... I don't understand how this is even possible that I'm getting an IP from a DHCP that isn't even in the same network as the AP, am I missing something?


Last edited by MasterGollom on Thu Feb 08, 2018 9:22 am; edited 1 time in total
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Fri Aug 04, 2017 11:55 am    Post subject: Reply with quote

If I'm reading this correctly this is what is happening.

1: The AP bridge will just forward all traffic to the "openVPN Client" box ( I assume this is a seperate box with a client running) ?
2: If that's the case the traffic is just forwarded through the "openVPN Client" box where the client on mywlan_vpn will receive a lease from Router DHCP-Server ( 192.168.1.0/24 ).
3: Even if "OpenVPN Client" is not a physical box the bridging is where you are missing the Access Point DHCP-Server lease.
Back to top
View user's profile Send private message
MasterGollom
n00b
n00b


Joined: 23 May 2016
Posts: 10
Location: Luxembourg

PostPosted: Fri Aug 04, 2017 12:31 pm    Post subject: Reply with quote

Hi chiefbag,

Yes this exactly what's happening. As long ass the bridge is deactivated, the clients on mywlan_vpn receive their IP from the AP. When activating the bridge the lease comes from the router DHCP.
I cannot understand how it's possible to get a lease from the router, since the AP's network is 10.0.0.0/24. The 192.168.1.0/24 network should be invisible to the AP or am I wrong here? :oops:

The openVPN Client is a seperate Gentoo box.
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Fri Aug 04, 2017 1:30 pm    Post subject: Reply with quote

Take a look at the following link which will probably explain things a bit better then I can.
https://wiki.gentoo.org/wiki/Network_bridge

Essentially you are looping out your AP DHCP-Server box by creating the bridge as it's layer2.

You will need to run the DHCP Server on the bridge "br0" not "wlan0" I would think.

Code:
/etc/dnsmasq/dnsmasq.conf
Code:
interface=wlan0
no-dhcp-interface=eth0
dhcp-range=10.0.0.100,10.0.0.250,24h


[Moderator edit: changed [code] tag to [url] tag; changed [quote] tags to [code] tags to preserve output layout. -Hu]
Back to top
View user's profile Send private message
MasterGollom
n00b
n00b


Joined: 23 May 2016
Posts: 10
Location: Luxembourg

PostPosted: Fri Aug 04, 2017 6:31 pm    Post subject: Reply with quote

Thx man, now I'm getting the IP from the right DHCP-Server, but there's one more problem...my Wifi clients can't ping anything.
Pinging www.gentoo.org from the AP works fine, but when I try it from a Wifi client it resolves the IP from the site but I don't get a reply...
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Fri Aug 04, 2017 7:31 pm    Post subject: Reply with quote

You might need to use iptables to masquerade your traffic leaving the AP as the source IP address of the client will be different and it will not be able to return through your AP box.
Back to top
View user's profile Send private message
MasterGollom
n00b
n00b


Joined: 23 May 2016
Posts: 10
Location: Luxembourg

PostPosted: Fri Aug 04, 2017 9:08 pm    Post subject: Reply with quote

tried this

Code:
iptables -A FORWARD -o br0 -i wlan0 -s 10.0.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE


but it doesn't make any difference :cry:


Last edited by MasterGollom on Fri Aug 04, 2017 9:36 pm; edited 2 times in total
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Fri Aug 04, 2017 9:33 pm    Post subject: Reply with quote

I might be wrong here, but just try masqurading on the interface leaving the box and not the bridge.

Code:
iptables -F
iptables -i -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Back to top
View user's profile Send private message
MasterGollom
n00b
n00b


Joined: 23 May 2016
Posts: 10
Location: Luxembourg

PostPosted: Fri Aug 04, 2017 9:36 pm    Post subject: Reply with quote

I got it!

the following lines did the trick

Code:

echo 1 > /proc/sys/net/ipv4/ip_forward

nano /etc/sysctl.conf
look for: net.ipv4.ip_forward = 0 and set it to 1 then save & close

iptables -t nat -A POSTROUTING \-o eth0 -j MASQUERADE
/etc/init.d/iptables save
rc-update add iptables default


and it's finally working

thx chiefbag for your help and pointing me in the right direction
Back to top
View user's profile Send private message
chiefbag
Guru
Guru


Joined: 01 Oct 2010
Posts: 542
Location: The Kingdom

PostPosted: Fri Aug 04, 2017 9:48 pm    Post subject: Reply with quote

Your welcome, glad it's working for you
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13498

PostPosted: Fri Aug 04, 2017 11:57 pm    Post subject: Reply with quote

MasterGollom: are there any remaining unresolved issues you want to address in this thread? If not, please mark the thread solved. :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum