Difference between revisions of "WLAN"

From Proxmox VE
Jump to: navigation, search
(better than nothing)
 
(Guest Network Setup: add wds/4-addr frames as theoretical alternative)
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
= WLAN =
+
== Important Notes ==
This wiki page describes how to prepare and connect a wireless adapter for host use in Proxmox VE. Example connects to a WPA/WPA2 network
 
  
== Setup ==
+
Avoid using WLAN if possible, it has several technical limitations making it not really suitable as single interface of a hyper-visor like PVE.
find adapter name:
 
  $ ip addr
 
bring interface down:
 
  # ifdown $WLAN_NIC
 
backup configuration:
 
  # cp /etc/network/interfaces /etc/network/interfaces.bak
 
restrict permissions:
 
  # chmod 0600 /etc/network/interfaces
 
calculate WPA PSK hash for wireless-network:
 
  $ wpa_passphrase $NETWORK_name $SECRET_password
 
* output:
 
  network={
 
          ssid="$NETWORK_name"
 
          #psk="$SECRET_password"
 
          psk=$HASHED_password
 
  }
 
  
* if no password included: you will be prompted '# reading passprhase from stdin' where you enter it there
+
At least the following disadvantages apply:
* use \ if $NETWORK_name has spaces
+
* Wi-Fi adapters can only be used as Linux bridge interface through workarounds, as most Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP.
** E.g: "My Home Network" would be "My\ Home\ Network" for $NETWORK_name
+
* compared to wired Ethernet connections you will experience more latency spikes, reduced bandwidth and depending on distance and barriers between host and the AP even spotty connections
copy '''$HASHED_password''' and choose a method:
 
  
 +
== Initial Setup ==
  
== method 1 ==
+
Setting up the Wi-Fi itself is not different in Proxmox VE than with a default Debian installation.
'''/etc/network/interfaces'''
+
But '''avoid''' installing advanced, network daemons like NetworkManager as those are normally suited for desktops only and may interfere with Proxmox VEs network requirements.
* best for desktops with WLAN modules?
 
add to /etc/network/interfaces:
 
  
  ...
+
Checkout the following references for setting up the wireless connection:
  auto wlp3s0
 
  iface wlp3s0 inet dhcp
 
            wpa-ssid '''$NETWORK_name'''
 
            wpa-psk '''$HASHED_password'''
 
  ...
 
  
 +
* https://wiki.debian.org/WiFi/HowToUse
 +
* https://ubuntuforums.org/showthread.php?t=1238387
 +
* http://forums.debian.net/viewtopic.php?t=17199
 +
* https://wiki.archlinux.org/index.php/WPA_supplicant#Configuration
 +
* https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
  
== method 2 ==
+
== Guest Network Setup ==
'''/etc/wpa_supplicant/wpa_supplicant.conf'''
 
* best for roaming laptops?
 
  
create file /etc/wpa_supplicant/wpa_supplicant.conf:
+
=== Masquerading (NAT) ===
  ctrl_interface=/var/run/wpa_supplicant
 
  ap_scan=1
 
  network={
 
          ## home settings
 
          ssid='''$NETWORK_name'''
 
          key_mgmt=WPA-PSK
 
          psk='''$HASHED_password'''
 
  }
 
  network={
 
          ssid="MyFriendsWirelessLAN"
 
          key_mgmt=NONE
 
          wep_key0="HerPasswd"
 
          wep_tx_idx=0
 
  }
 
  network={
 
          ssid="OpenHotSpotProvider"
 
          key_mgmt=NONE
 
  }
 
  network={
 
          scan_ssid=1
 
          key_mgmt=NONE
 
  }
 
  network={
 
          ssid="eduroam"
 
          scan_ssid=1
 
          key_mgmt=IEEE8021X
 
          eap=TTLS
 
          anonymous_identity="anonymous@your.school"
 
          identity="yourID@your.school"
 
          password="yourPassword"
 
          phase2="auth=PAP"
 
          ca_cert="/path/to/certificates/eduroam.der"
 
          priority=2
 
  }
 
  
references
+
See the [[Network_Configuration#_masquerading_nat_with_tt_span_class_monospaced_iptables_span_tt| Masquerading (NAT) section of the Network Configuration article]]
* local: /usr/share/doc/wpa_supplicant/examples/
 
* web: https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
 
  
== cleaning up ==
+
=== Bridge Port ===
manually assign IP on router
 
* consult your DHCP server
 
change root adapter IP address:
 
  # ifconfig $WLAN_NIC $IP_ADDRESS netmask $NETMASK
 
if required, change Default Gateway:
 
  # route add default gw $IP_GATEWAY $WLAN_NIC
 
check settings on routing table:
 
  $ route -n
 
bring network adapter up:
 
  $ ifup $WLAN_NIC
 
check $IP_ADDRESS:
 
  $ ip addr
 
test:
 
  $ ping -c 3 $SOME_HOST
 
  
 +
Note, as Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP. This is a problem with Linux Bridges as they transparently forward the network packets with the original source address of the CT or VM, but the AP only knows about the host source address, so it rejects those packets.
  
== restarting network ==
+
You can try to still add the wireless interface directly as bridge port by [https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC using extra ebtable rules to rewrite the source MAC address].
if a connection hasn't been made consider the following commands:
 
  # /etc/init.d/networking restart
 
 
 
  #wpa_action $WLAN_NIC reload
 
  
  # /etc/init.d/network-manager restart
+
=== 4 address mode (WDS) ===
  
* full reboot consistently works
+
Theoretically you could try to enable the 4-address frame format, also called wireless distribution system (WDS) if your Access Point (AP) supports it.
  
 +
The advantage is that it the bridge and network behaves just like it would when using a wired connection, the guests are connected transparently to the LAN, no need for NAT or ebtable rules.
 +
The disadvantage is that getting it to work is a hit or miss and depends on the support of the wireless interface of your host and the AP.
  
 
+
You will need to install the <code>iw</code> utility, for further information see: http://nullroute.eu.org/~grawity/journal-2011.html#post:20110826 for some hints about setting it up.
= references =
 
* https://wiki.debian.org/WiFi/HowToUse
 
* https://ubuntuforums.org/showthread.php?t=1238387
 
* http://forums.debian.net/viewtopic.php?t=17199
 
* https://wiki.archlinux.org/index.php/WPA_supplicant#Configuration
 
* https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
 

Revision as of 14:52, 12 January 2021

Important Notes

Avoid using WLAN if possible, it has several technical limitations making it not really suitable as single interface of a hyper-visor like PVE.

At least the following disadvantages apply:

  • Wi-Fi adapters can only be used as Linux bridge interface through workarounds, as most Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP.
  • compared to wired Ethernet connections you will experience more latency spikes, reduced bandwidth and depending on distance and barriers between host and the AP even spotty connections

Initial Setup

Setting up the Wi-Fi itself is not different in Proxmox VE than with a default Debian installation. But avoid installing advanced, network daemons like NetworkManager as those are normally suited for desktops only and may interfere with Proxmox VEs network requirements.

Checkout the following references for setting up the wireless connection:

Guest Network Setup

Masquerading (NAT)

See the Masquerading (NAT) section of the Network Configuration article

Bridge Port

Note, as Access Points (APs) will reject frames that have a source address that didn’t authenticate with the AP. This is a problem with Linux Bridges as they transparently forward the network packets with the original source address of the CT or VM, but the AP only knows about the host source address, so it rejects those packets.

You can try to still add the wireless interface directly as bridge port by using extra ebtable rules to rewrite the source MAC address.

4 address mode (WDS)

Theoretically you could try to enable the 4-address frame format, also called wireless distribution system (WDS) if your Access Point (AP) supports it.

The advantage is that it the bridge and network behaves just like it would when using a wired connection, the guests are connected transparently to the LAN, no need for NAT or ebtable rules. The disadvantage is that getting it to work is a hit or miss and depends on the support of the wireless interface of your host and the AP.

You will need to install the iw utility, for further information see: http://nullroute.eu.org/~grawity/journal-2011.html#post:20110826 for some hints about setting it up.