WLAN: Difference between revisions
(re-work, focus on PVE side and drawbacks, only reference WLAN setup itself to already good resources from Debian, Ubuntu, Arch Linux) |
(→4 address mode (WDS): reword and link PVE bug report with setup example) |
||
(4 intermediate revisions by one other user not shown) | |||
Line 24: | Line 24: | ||
=== Masquerading (NAT) === | === Masquerading (NAT) === | ||
See the [[Network_Configuration#_masquerading_nat_with_tt_span_class_monospaced_iptables_span_tt Masquerading (NAT) section of the Network Configuration article]] | See the [[Network_Configuration#_masquerading_nat_with_tt_span_class_monospaced_iptables_span_tt| Masquerading (NAT) section of the Network Configuration article]] | ||
=== Bridge Port === | === Bridge Port Using ebtables === | ||
Note, as Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP. This is a problem with Linux Bridges as they transparently forward the network packets with the original source address of the CT or VM, but the AP only knows about the host source address, so it rejects those packets. | Note, as Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP. This is a problem with Linux Bridges as they transparently forward the network packets with the original source address of the CT or VM, but the AP only knows about the host source address, so it rejects those packets. | ||
You can try to still add the wireless interface directly as bridge port by [https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC using extra ebtable rules to rewrite the source MAC address]. | You can try to still add the wireless interface directly as bridge port by [https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC using extra ebtable rules to rewrite the source MAC address]. | ||
=== 4 address mode (WDS) === | |||
If your Access Point (AP) supports it, you can try to enable the 4-address frame format, also called wireless distribution system (WDS). | |||
The advantage is that it the bridge and network behaves just like it would when using a wired connection, the guests are connected transparently to the LAN, no need for NAT or ebtable rules. | |||
The disadvantage is that getting it to work is a hit or miss and depends on the support of the wireless interface of your host and the AP. | |||
You will need to install the <code>iw</code> utility, for further information see: http://nullroute.eu.org/~grawity/journal-2011.html#post:20110826 and https://bugzilla.proxmox.com/show_bug.cgi?id=5289 for some hints about setting it up. | |||
[[Category:HOWTO]] |
Latest revision as of 09:20, 11 March 2024
Important Notes
Avoid using WLAN if possible, it has several technical limitations making it not really suitable as single interface of a hyper-visor like PVE.
At least the following disadvantages apply:
- Wi-Fi adapters can only be used as Linux bridge interface through workarounds, as most Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP.
- compared to wired Ethernet connections you will experience more latency spikes, reduced bandwidth and depending on distance and barriers between host and the AP even spotty connections
Initial Setup
Setting up the Wi-Fi itself is not different in Proxmox VE than with a default Debian installation. But avoid installing advanced, network daemons like NetworkManager as those are normally suited for desktops only and may interfere with Proxmox VEs network requirements.
Checkout the following references for setting up the wireless connection:
- https://wiki.debian.org/WiFi/HowToUse
- https://ubuntuforums.org/showthread.php?t=1238387
- http://forums.debian.net/viewtopic.php?t=17199
- https://wiki.archlinux.org/index.php/WPA_supplicant#Configuration
- https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
Guest Network Setup
Masquerading (NAT)
See the Masquerading (NAT) section of the Network Configuration article
Bridge Port Using ebtables
Note, as Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP. This is a problem with Linux Bridges as they transparently forward the network packets with the original source address of the CT or VM, but the AP only knows about the host source address, so it rejects those packets.
You can try to still add the wireless interface directly as bridge port by using extra ebtable rules to rewrite the source MAC address.
4 address mode (WDS)
If your Access Point (AP) supports it, you can try to enable the 4-address frame format, also called wireless distribution system (WDS).
The advantage is that it the bridge and network behaves just like it would when using a wired connection, the guests are connected transparently to the LAN, no need for NAT or ebtable rules. The disadvantage is that getting it to work is a hit or miss and depends on the support of the wireless interface of your host and the AP.
You will need to install the iw
utility, for further information see: http://nullroute.eu.org/~grawity/journal-2011.html#post:20110826 and https://bugzilla.proxmox.com/show_bug.cgi?id=5289 for some hints about setting it up.