Difference between revisions of "WLAN"

From Proxmox VE
Jump to navigation Jump to search
(better than nothing)
 
(re-work, focus on PVE side and drawbacks, only reference WLAN setup itself to already good resources from Debian, Ubuntu, Arch Linux)
Line 1: Line 1:
= WLAN =
+
== Important Notes ==
This wiki page describes how to prepare and connect a wireless adapter for host use in Proxmox VE. Example connects to a WPA/WPA2 network
 
  
== Setup ==
+
Avoid using WLAN if possible, it has several technical limitations making it not really suitable as single interface of a hyper-visor like PVE.
find adapter name:
 
  $ ip addr
 
bring interface down:
 
  # ifdown $WLAN_NIC
 
backup configuration:
 
  # cp /etc/network/interfaces /etc/network/interfaces.bak
 
restrict permissions:
 
  # chmod 0600 /etc/network/interfaces
 
calculate WPA PSK hash for wireless-network:
 
  $ wpa_passphrase $NETWORK_name $SECRET_password
 
* output:
 
  network={
 
          ssid="$NETWORK_name"
 
          #psk="$SECRET_password"
 
          psk=$HASHED_password
 
  }
 
  
* if no password included: you will be prompted '# reading passprhase from stdin' where you enter it there
+
At least the following disadvantages apply:
* use \ if $NETWORK_name has spaces
+
* Wi-Fi adapters can only be used as Linux bridge interface through workarounds, as most Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP.
** E.g: "My Home Network" would be "My\ Home\ Network" for $NETWORK_name
+
* compared to wired Ethernet connections you will experience more latency spikes, reduced bandwidth and depending on distance and barriers between host and the AP even spotty connections
copy '''$HASHED_password''' and choose a method:
 
  
 +
== Initial Setup ==
  
== method 1 ==
+
Setting up the Wi-Fi itself is not different in Proxmox VE than with a default Debian installation.
'''/etc/network/interfaces'''
+
But '''avoid''' installing advanced, network daemons like NetworkManager as those are normally suited for desktops only and may interfere with Proxmox VEs network requirements.
* best for desktops with WLAN modules?
 
add to /etc/network/interfaces:
 
  
  ...
+
Checkout the following references for setting up the wireless connection:
  auto wlp3s0
 
  iface wlp3s0 inet dhcp
 
            wpa-ssid '''$NETWORK_name'''
 
            wpa-psk '''$HASHED_password'''
 
  ...
 
  
 +
* https://wiki.debian.org/WiFi/HowToUse
 +
* https://ubuntuforums.org/showthread.php?t=1238387
 +
* http://forums.debian.net/viewtopic.php?t=17199
 +
* https://wiki.archlinux.org/index.php/WPA_supplicant#Configuration
 +
* https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
  
== method 2 ==
+
== Guest Network Setup ==
'''/etc/wpa_supplicant/wpa_supplicant.conf'''
 
* best for roaming laptops?
 
 
 
create file /etc/wpa_supplicant/wpa_supplicant.conf:
 
  ctrl_interface=/var/run/wpa_supplicant
 
  ap_scan=1
 
  network={
 
          ## home settings
 
          ssid='''$NETWORK_name'''
 
          key_mgmt=WPA-PSK
 
          psk='''$HASHED_password'''
 
  }
 
  network={
 
          ssid="MyFriendsWirelessLAN"
 
          key_mgmt=NONE
 
          wep_key0="HerPasswd"
 
          wep_tx_idx=0
 
  }
 
  network={
 
          ssid="OpenHotSpotProvider"
 
          key_mgmt=NONE
 
  }
 
  network={
 
          scan_ssid=1
 
          key_mgmt=NONE
 
  }
 
  network={
 
          ssid="eduroam"
 
          scan_ssid=1
 
          key_mgmt=IEEE8021X
 
          eap=TTLS
 
          anonymous_identity="anonymous@your.school"
 
          identity="yourID@your.school"
 
          password="yourPassword"
 
          phase2="auth=PAP"
 
          ca_cert="/path/to/certificates/eduroam.der"
 
          priority=2
 
  }
 
 
 
references
 
* local: /usr/share/doc/wpa_supplicant/examples/
 
* web: https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
 
  
== cleaning up ==
+
=== Masquerading (NAT) ===
manually assign IP on router
 
* consult your DHCP server
 
change root adapter IP address:
 
  # ifconfig $WLAN_NIC $IP_ADDRESS netmask $NETMASK
 
if required, change Default Gateway:
 
  # route add default gw $IP_GATEWAY $WLAN_NIC
 
check settings on routing table:
 
  $ route -n
 
bring network adapter up:
 
  $ ifup $WLAN_NIC
 
check $IP_ADDRESS:
 
  $ ip addr
 
test:
 
  $ ping -c 3 $SOME_HOST
 
  
 +
See the [[Network_Configuration#_masquerading_nat_with_tt_span_class_monospaced_iptables_span_tt Masquerading (NAT) section of the Network Configuration article]]
  
== restarting network ==
+
=== Bridge Port ===
if a connection hasn't been made consider the following commands:
 
  # /etc/init.d/networking restart
 
 
 
  #wpa_action $WLAN_NIC reload
 
  
  # /etc/init.d/network-manager restart
+
Note, as Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP. This is a problem with Linux Bridges as they transparently forward the network packets with the original source address of the CT or VM, but the AP only knows about the host source address, so it rejects those packets.
  
* full reboot consistently works
+
You can try to still add the wireless interface directly as bridge port by [https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC using extra ebtable rules to rewrite the source MAC address].
 
 
 
 
 
 
= references =
 
* https://wiki.debian.org/WiFi/HowToUse
 
* https://ubuntuforums.org/showthread.php?t=1238387
 
* http://forums.debian.net/viewtopic.php?t=17199
 
* https://wiki.archlinux.org/index.php/WPA_supplicant#Configuration
 
* https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
 

Revision as of 13:40, 12 January 2021

Important Notes

Avoid using WLAN if possible, it has several technical limitations making it not really suitable as single interface of a hyper-visor like PVE.

At least the following disadvantages apply:

  • Wi-Fi adapters can only be used as Linux bridge interface through workarounds, as most Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP.
  • compared to wired Ethernet connections you will experience more latency spikes, reduced bandwidth and depending on distance and barriers between host and the AP even spotty connections

Initial Setup

Setting up the Wi-Fi itself is not different in Proxmox VE than with a default Debian installation. But avoid installing advanced, network daemons like NetworkManager as those are normally suited for desktops only and may interfere with Proxmox VEs network requirements.

Checkout the following references for setting up the wireless connection:

Guest Network Setup

Masquerading (NAT)

See the Network_Configuration#_masquerading_nat_with_tt_span_class_monospaced_iptables_span_tt Masquerading (NAT) section of the Network Configuration article

Bridge Port

Note, as Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP. This is a problem with Linux Bridges as they transparently forward the network packets with the original source address of the CT or VM, but the AP only knows about the host source address, so it rejects those packets.

You can try to still add the wireless interface directly as bridge port by using extra ebtable rules to rewrite the source MAC address.

Retrieved from "https://pve.proxmox.com/mediawiki/index.php?title=WLAN&oldid=10960"