LXC USB Wi-Fi Card Passthrough

soxrok2212

New Member
Jan 17, 2023
3
0
1
Hi all,

I've seen a few other threads here asking about using USB Wi-Fi cards in an LXC container, but most were abandoned or restored to using a VM. I've gotten several other USB devices to work perfectly in a container, such as RTL SDRs, but I just can't seem to get my Wi-Fi card working. It is an AR9271 chip, should work with firmware-ath9k-htc. I've installed it on both the host and guest (guest is Ubuntu 22 LXC).

Here's my configs on the host:

lsusb:
Code:
# lsusb
Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 017: ID 0b05:1867 ASUSTek Computer, Inc. AURA Custom Human interface
Bus 001 Device 003: ID 0b05:185c ASUSTek Computer, Inc. Bluetooth Radio 
Bus 001 Device 018: ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

udev rules:
Code:
# cat /etc/udev/rules.d/80-tplink-wifi.rules
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0cf3", ATTRS{idProduct}=="9271", MODE="0666", GROUP="plugdev", SYMLINK+="tplink"

ls -la on device
Code:
# ls -la /dev/bus/usb/001/018
crw-rw-rw- 1 root plugdev 189, 17 Jan 17 10:18 /dev/bus/usb/001/018

Inside my containers config, I have
Code:
lxc.cgroup2.devices.allow: c 189:* rwm
lxc.mount.entry: /dev/bus/usb/001 dev/bus/usb/001 none bind,optional,create=dir
lxc.mount.entry: /dev/tplink dev/tplink none bind,optional,create=file

In the container, I can see the device

lsusb
Code:
$ lsusb
Bus 006 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 005 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 017: ID 0b05:1867 ASUSTek Computer, Inc. AURA Custom Human interface
Bus 001 Device 003: ID 0b05:185c ASUSTek Computer, Inc. Bluetooth Radio 
Bus 001 Device 018: ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

ls -la /dev/tplink
Code:
crw-rw-rw- 1 nobody nogroup 189, 17 Jan 17 15:18 /dev/tplink

I can see the ath9k firmware is loaded in the host's kernel (rtw88 is the motherboard's wifi chip, ignore)
Code:
$ lsmod | grep ath9k
ath9k_htc              94208  0
ath9k_common           45056  1 ath9k_htc
ath9k_hw              598016  2 ath9k_htc,ath9k_common
ath                    36864  3 ath9k_htc,ath9k_common,ath9k_hw
mac80211             1236992  3 ath9k_htc,rtw88_pci,rtw88_core
cfg80211              966656  5 ath9k_htc,ath9k_common,ath,rtw88_core,mac80211

But no interface is created
Code:
$ ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0@if102: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff link-netnsid 0

On the host I see the interface and it works as expected.
Code:
101: wlxXXXXXXXXXXXX: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000

Does anyone have any suggestions?
 
I second help by an expert. A use case would be for openwrt to do it's magic while runningbas container
 
I'm new to Linux and Proxmox, but I had a similar situation some time ago, when I needed a conbee stick in a container.
It was a tricky task to make it available in the container. I don't remember how I did it and the tutorial I've used, but I think I remember, that the stick was available either on the host or in the container but not both. As long it was available on the host it didn't work in the container.

I hope this is a hint to the right direction - you may look for tutorials for the conbee zigbee stick
 
Bump, i'm runnning in the same issue.

Kernel module ath9k is loaded on host and container.
Usb mounted to container with the right permissions on container.

On host interface visible aswell
229: wlx30b5c219434b: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000

But not on container, did u manage to make it work?
 
Hi,

I'm still trying to figure this out and came across this tutorial:
https://blog.simos.info/using-the-lxd-kali-container-image/

Basicly it states to be able to use a wifi dongle in a lxc container, u need to make it dissappear on the host, and only make it appear on the container.

So far so good, but i'm a little stuck on how to translate this command into the lxc.conf file on proxmox;

Let’s move this network interface into the Kali LXD container. We add to the container mykali a device called wifi, which is a NIC lxc device. The nictype is physical, with the interface name wlx000f007ce055 on the host, and in the container it will be known as wlan0.
lxc config device add mykali wifi nic nictype=physical parent=wlx000f007ce055 name=wlan0

Anybody who could help me with that?

Thanks in advance.
 
Hi again,

I figured it out after reading the man pages for lxc net , and wanted to leave the solution here if someone else is searching for this.
It is actually pretty simple, but isn't it always after u figured it out? :)

In my case i added these line into my /etc/lxc/pve/xxx.conf;

Code:
lxc.net.1.type: phys
lxc.net.1.link: wlx30b5c219434b (your host interface)
lxc.net.1.flags: up
lxc.net.1.name: wlan0 (interface name u want in container)

U will probably get this error when starting your container: Failed to move network device X to network namespace X: Operation not permitted.
To solve this u need to install iw on the host.


From inside the container:
Code:
root@test-wifidongleCT:~# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

wlan0     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm  
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
 
Last edited:
Hi,

I can confirm this works in an unprivileged container. The only thing that does not work for me is setting the country code in the container:

Code:
# iw reg set AT
command failed: Operation not permitted (-1)

Changing the country code works on the host and is visible in the container.

Does this work for you? Any ideas to address this?

Thank you.
 
Hi,

I think u need to do this on the host and not in the container itself.
I just tried it myself and from the host it is working.

Edit; sorry didn't read your comment properly as u already made it work on the host.

As it is a physical passthrough, if it is set on the host, the container will just inherit it.
So i don't really see the need why u would be wanting to do it from inside the container, unless u are running some script from inside the container to change these values based on some kind of input.

If thats the case, probably it has something to do with permissions as it a kernel module.
In that case i would myself try it from a privileged container if u really need to set it from inside the container.
Though i'm not sure if this will work aswell.

Edit 2: just tried it from privileged container and it is working.
 
Last edited:
Yes, I can set the country code on the host and it is visible in the container.

The challenge when using an unprivileged container is that I want to run hostapd with
Code:
country_code=AT
ieee80211d=1
hostapd fails to start even if the country code inherited from the host is already the same as the one requested by the hostapd configuartion file. Omitting the country_code setting leads to
Code:
Cannot enable IEEE 802.11d without setting the country code
 
Hi, i think i have a similar usecase as u do.

I have a unprivileged container functioning as a wireless acces point, routed through a vpn (wireguard).
Mainly to offload battery usage from mobile devices using that vpn, as i tried a vlan wifi on my router, but it was slow af since it only supports openvpn and has not enough processing power.

I'm not verry familiar with 802.11d, so i don't know if u really need it in your usecase.
But for me everything is working in my unprivileged container.
I have 2 (older) 2.4ghz dongles (AWUS036NHA & TL-WN722N), which both work.
In my hostapd im using; IEEE80211N=1

I don't know if this might be of any help, but u might try just IEEE80211N=1 or IEEE80211AC=1 (5ghz), depending on your dongle.

Else u might consider privileged container, or someone more knowledgeable hopping in on this matter.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!