[TUTORIAL] HOWTO - Proxmox VE 8-x.x Wifi with routed configuration

[jeenam]

I previously wrote up a HOWTO for configuring Proxmox 8-x.x Wifi with SNAT and am now providing a HOWTO for Wifi with a routed configuration. The reason why I ditched the SNAT configuration is because I simply wanted full routing capabilities between VMs/containers hosted with Proxmox over Wifi and the rest of my network devices. Specifically, I wanted to use barrier to share my mouse and keyboard with my Windows VM that runs iGPU passthrough for my Ryzen 7840HS w/ Radeon 780M iGPU. Unfortunately barrier wouldn't work with SNAT even with iptables port forwarding rules so I needed a fully routed networking setup. The routed configuration is preferred over SNAT because you will have full networking capabilities without the hassle of dealing with port forwarding if you want to access network devices that are only reachable via the Wifi interface on your Proxmox server.

I came across a lot of posts that openly discourage people from using Wifi with Proxmox and that argument makes zero sense to me. I've been using Proxmox over Wifi for months now and have NEVER had any problems. In fact, I game on a Windows 11 VM w/ GPU passthrough on Proxmox and consistently ping <25ms to servers.

Note: If you want to add DHCP capabilities, refer to https://pve.proxmox.com/wiki/Setup_Simple_Zone_With_SNAT_and_DHCP. When configuring DHCP for the subnet, DO NOT check the SNAT box since you'll be using a routed configuration and there's no need for SNAT.

Note2: If your router cannot support the addition of specific static routes this setup will not work.


Prerequisites:

NOTE: You can also gather up the files required to install wpasupplicant so that next time you install you don't need to be connected to a wired ethernet configuration. The commands are as follows:

- This will gather up the wpasupplicant package and dependencies for offline install:

apt install apt-rdepends && mkdir /tmp/wpasupplicant && chown _apt /tmp/wpasupplicant && cd /tmp/wpasupplicant
apt-get download $(apt-rdepends wpasupplicant | grep -v "^ " | sed 's/debconf-2.0/debconf/g')
tar czf /path/to/destination.file.tar.gz /tmp/wpasupplicant

- Install with the following:

tar zxf wpasupplicant.tar.gz
<cd to directory where files were extracted>
dpkg -i *

1) Wired ethernet connection - this is required to install wpasupplicant unless you already have the packages handy as per the note above.

2) Configure your wifi router to route to networks that will be associated with wifi adapter. Example for /24 network:

Destination = 192.168.3.0
Netmask = 255.255.255.0
Gateway = 192.168.1.100 (specify IP address of wifi adapter)

If your router cannot support the addition of specific static routes this setup will not work.


Setup:

1) Connect ethernet cable.

2) Install Proxmox 8-x.x.

3) After the install completes and the system has rebooted, install wpasupplicant (and install vim while you're at it):

apt update && apt install wpasupplicant vim
systemctl disable wpa_supplicant

4) Configure wpasupplicant:

wpa_passphrase SSIDNAME PASSWORD >> /etc/wpa_supplicant/wpa_supplicant.conf

5) Determine wireless adapter device name:

root@px1:~# dmesg | grep wlp
[    4.374531] iwlwifi 0000:04:00.0 wlp4s0: renamed from wlan0

6) Create /etc/systemd/system/wpa_supplicant.service and add configuration (specify YOUR wireless interface on the ExecStart line):

touch /etc/systemd/system/wpa_supplicant.service

[Unit]
Description=WPA supplicant
Before=network.target
After=dbus.service
Wants=network.target
IgnoreOnIsolate=true
 
[Service]
Type=dbus
BusName=fi.w1.wpa_supplicant1
ExecStart=/sbin/wpa_supplicant -u -s -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlp4s0
Restart=always
 
[Install]
WantedBy=multi-user.target
Alias=dbus-fi.w1.wpa_supplicant1.service

7) Enable wpasupplicant service:

systemctl enable wpa_supplicant

8) Configure /etc/network/interfaces:

auto lo
iface lo inet loopback

iface enp1s0 inet manual

auto wlp4s0
iface wlp4s0 inet manual
    address 192.168.1.100/24
    gateway 192.168.1.1

auto vmbr0
iface vmbr0 inet static
    address 192.168.2.1/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0

source /etc/network/interfaces.d/*

9) Restart wpa_supplicant and networking services to connect wireless adapter to wifi network:

systemctl restart wpa_supplicant && systemctl restart networking

10) Remove subscription nag message (optional):

LINK

11) Log into proxmox web interface: https://<ip_of_your_wifi_adapter>:8006

12) Create SDN config (Datacenter --> SDN):

Zones: Simple, ID = Zone1 (use any name you like for ID)
Vnet: Name = vnet1 (use any name you like for Name), Zone = Zone1 (must match Zone ID)
Subnet: Subnet = 192.168.3.0/24, Gateway = 192.168.3.1

13) Apply config: SDN --> Apply

14) Edit /etc/network/interfaces. The hwaddress setting forces the bridge to report a consistent MAC address. If you leave it out Proxmox will change the MAC address of the vnet1 adapter after every reboot, which can be annoying because OS's like Windows rename the network every time they detect a new gateway MAC address since it uses the MAC to determine if devices are connected to public/private networks.

auto lo
iface lo inet loopback

iface enp1s0 inet manual

auto wlp4s0
iface wlp4s0 inet manual
               address 192.168.1.100/24
               gateway 192.168.1.1

auto vmbr0
iface vmbr0 inet static
               address 192.168.2.1/24
               bridge-ports none
               bridge-stp off
               bridge-fd 0

auto vnet1
iface vnet1 inet static
               address 192.168.3.1/24
               bridge-ports none
               bridge-stp off
               bridge-fd 0
               hwaddress f6:c7:43:09:0b:45
               post-up echo 1 > /proc/sys/net/ipv4/ip_forward
               post-up iptables -A FORWARD -i wlp4s0 -j ACCEPT
               post-up iptables -A FORWARD -0 wlp4s0 -j ACCEPT
               post-up iptables -A FORWARD -i vnet1 -j ACCEPT
               post-up iptables -A FORWARD -0 vnet1 -j ACCEPT


source /etc/network/interfaces.d/*

15) Restart network service:

systemctl restart networking

16) If your Wifi router does not push static routes to DHCP clients (mine doesn't) you will also need to configure your other network devices to communicate with the private network on the vnet via static routes. Instructions for MacOS are included below. Instructions for Windows are at link. The process for Linux is different depending on which distro you are using so do a web search for '<os_distribution> configure persistent static route'. RHEL and Debian howto link.

MacOS instructions for persistent static route:

- Open terminal
- Determine network service name:

user@macos ~ % networksetup -listallnetworkservices
An asterisk (*) denotes that a network service is disabled.
Thunderbolt Bridge
Wi-Fi

- Add static route: networksetup -setadditionalroutes 'Wi-Fi' 192.168.3.0 255.255.255.0 192.168.1.100

17) Done. Profit.

 

[UdoB]

It is really great that this works for you. Fine!

As a sidenote you should really remove this:

10) Remove subscription nag message:

Best regards - and thanks for the writeup

 

[spartandrew18]

I tried to follow but my VM would never get internet? I cannot figure out why.

 

[jeenam]

I tried to follow but my VM would never get internet? I cannot figure out why.

We debugged this issue and the reason their setup wasn't working was not due to the instructions in the TUTORIAL being incorrect. The problem was that they were unable to configure a static route on their router to reach the private network they configured for the vnet1 interface.

Static routing is a requirement and is listed in the Prerequisites of the TUTORIAL. If your router cannot support the addition of specific static routes this setup will not work.

 

[asyncx]

First of all, thanks @jeenam for this awesome tutorial. I created an account here just to thank you cause I've been looking everywhere for a detailed step-by-step process on how to setup proxmox with wifi.

I also had the same problem with @spartandrew18 while I was setting up an LXC, I search around for a bit about SDN and how it should be setup (I'm new in selfhosting and proxmox), and I found this video https://youtu.be/UZ9mfxNMyHw?t=420 . Correct me if I'm wrong on this one, I think we still need to change the network bridge to "vnet1" in every LXC or VM. I changed mine and it worked as expected.

By the way, in determining wireless adapter device name (Setup #5), I did a little differently dmesg | grep wlan0. I guess this is more specific. Thanks again!

 

[jeenam]

First of all, thanks @jeenam for this awesome tutorial. I created an account here just to thank you cause I've been looking everywhere for a detailed step-by-step process on how to setup proxmox with wifi.

I also had the same problem with @spartandrew18 while I was setting up an LXC, I search around for a bit about SDN and how it should be setup (I'm new in selfhosting and proxmox), and I found this video https://youtu.be/UZ9mfxNMyHw?t=420 . Correct me if I'm wrong on this one, I think we still need to change the network bridge to "vnet1" in every LXC or VM. I changed mine and it worked as expected.

By the way, in determining wireless adapter device name (Setup #5), I did a little differently dmesg | grep wlan0. I guess this is more specific. Thanks again!

Yes, the "Bridge" for the virtual network interface for VM's and containers should be set to vnet1 based on the example that I posted. The vnet1 is essentially a virtual switch. In SDN terms, it's referred to as a Bridge even though the wireless interface doesn't bridge to a physical adapter.

 

[asyncx]

Thanks! That clears things up.

Say I want to access my LXC dashboard using my browser, and it is in 192.168.3.3. How can I access it if it is under the vnet1? I'm still new to this, did a quick search, but unable to resolve this one. Thank you for your help again @jeenam !

 

[jeenam]

Thanks! That clears things up.

Say I want to access my LXC dashboard using my browser, and it is in 192.168.3.3. How can I access it if it is under the vnet1? I'm still new to this, did a quick search, but unable to resolve this one. Thank you for your help again @jeenam !

Instructions for allowing devices that are not on the vnet1 subnet to connect to subnets associated with vnet1 are detailed in step 16. I posted explicit instructions for MacOS and provided links for instructions for Linux and Windows.

 

[asyncx]

Thanks @jeenam . I tested it last night and it worked.

I did a fresh install again, and for some reason, the lxc doesn't have an internet again. I followed your instructions thoroughly, I just changed the ip address of the adapter to

192.168.254.199

. Can you help me identify what seems to be the cause?

Thank you again for helping me!

 

[jeenam]

Thanks @jeenam . I tested it last night and it worked.

I did a fresh install again, and for some reason, the lxc doesn't have an internet again. I followed your instructions thoroughly, I just changed the ip address of the adapter to

192.168.254.199

. Can you help me identify what seems to be the cause?

Thank you again for helping me!

Your config looks good. Though I can't tell if your router allows for specifying entire networks in the static routing configuration. Perhaps try adding an explicit route for the IP address you want to reach. Instead of specifying the 192.168.3.0 address (which normally represents the entire network/subnet), use 192.168.3.2 (the address of the container in the screenshot).

 

[asyncx]

I tried that as well but to no avail. I'm suspecting maybe it is because of my router. I might play around for a bit and update you here if I found anything useful. Thanks for the help as always!