Proxmox over WIFI (WLAN)

M

Magform

New Member
Mar 7, 2023
5
0
1
Hi, I was trying to configure my proxmox server to connect to the internet via wifi, so I configured my /etc/network/interface like this
Code: 
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
    address 192.168.1.2/24
    gateway 192.168.1.1
    bridge-std off
    bridge-fd 0
    wpa-essid [MyESSID]
    wpa-psk [MyPASSWORD]

The server is then able to connect to the internet without problems but due to the lack of a bridge I cannot connect the VMs to the internet. I then edited /etc/network/interfaces to

Code: 
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
    address 192.168.1.2/24
    gateway 192.168.1.1
    bridge-std off
    bridge-fd 0
    wpa-essid [MyESSID]
    wpa-psk [MyPASSWORD]

auto br0
iface br0 inet static
    bridge-ports wlan0
    bridge-stp off
    bridge-fd 0

But when I try to run ifreload -a I get Error: Device does not allow enslaving to a bridge
Following some other post I try also to run iw dev wlan0 set 4addr on but I get command failed: Operation not supported (-95)
Is there something I can do to create a bridge or is the only thing I can do is change the network adapter?
 
You cannot really use Wi-Fi adapters in Linux bridges, except for some spotty workarounds, which is why Wi-Fi interfaces are not really suitable for usage with PVE and strongly recommended against. Even then you might run into some problems.

I strongly suggest you get a wired connection instead.

You can also read a bit more about this in our wiki [1]

[1] https://pve.proxmox.com/wiki/WLAN
 
Thanks for the answer, proceeding by trial and error and looking at some wikis including the one you suggested, the best combination I've found is
Code: 
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
    address 192.168.1.2/24
    gateway 192.168.1.1
   netmask 255.255.0.0
    bridge-std off
    bridge-fd 0
    wpa-essid [MyESSID]
    wpa-psk [MyPASSWORD]
    post-up echo 1 > /proc/sys/net/ipv4/conf/wlan0/proxy_arp

auto vmbr0
iface vmbr0 inet static
    address 192.168.2.1
    netmask 255.255.255.0
    bridge-ports none
    bridge-stp off
    bridge-fd 0

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '192.168.2.0/24' -o wlxac15a2988223 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/24' -o wlxac15a2988223 -j MASQUERADE

    post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
    post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

And thanks to this my VMs were able to connect to vmbr0 and the machines were able to ping each other and the server (192.168.2.1) but it seems that no machine can access the internet or can ping out of the bridge (for example 8.8.8.8).

I strongly suggest you get a wired connection instead
Click to expand...

I thought about it a lot but in the room where my server is it seems impossible to get a wired connection, I also thought about using a raspberry to "transform" the wifi into lan and maybe with a switch connect to the server, but I think it's rather difficult to configure to use it on proxmox, and even if not this will surely give worse performance, due to high latency.
 
Be aware that you configured the address on wlan0 as follows:
Code: 
    address 192.168.1.2/24

but the netmask as follows, which would correspond to /16
Code: 
   netmask 255.255.0.0

Not 100% sure, but this might be why outbound connections aren't working.
 
Thanks for the answer, I've tried changing /etc/network/interface to
Code: 
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
    address 192.168.1.2/24
    gateway 192.168.1.1
   netmask 255.255.255.0
    bridge-std off
    bridge-fd 0
    wpa-essid [MyESSID]
    wpa-psk [MyPASSWORD]
    post-up echo 1 > /proc/sys/net/ipv4/conf/wlan0/proxy_arp

auto vmbr0
iface vmbr0 inet static
    address 192.168.2.1
    netmask 255.255.255.0
    bridge-ports none
    bridge-stp off
    bridge-fd 0

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up iptables -t nat -A POSTROUTING -s '192.168.2.0/24' -o wlxac15a2988223 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/24' -o wlxac15a2988223 -j MASQUERADE

    post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
    post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

But the problem seem also present, I can always ping all the machine inside the bridge but not outside.
There is some test that I can do to discover what the problem might be? Can the problem be the router?
 
Code: 
    post-up iptables -t nat -A POSTROUTING -s '192.168.2.0/24' -o wlxac15a2988223 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/24' -o wlxac15a2988223 -j MASQUERADE

Is wlxac15a2988223 the proper device? Have you tried with wlan0?
You can also check via tcpdump which packets get sent and see if you discover any issues there.
Can you ping 192.168.1.2 from within the VMs?
 
Magform said:
I thought about it a lot but in the room where my server is it seems impossible to get a wired connection, I also thought about using a raspberry to "transform" the wifi into lan and maybe with a switch connect to the server, but I think it's rather difficult to configure to use it on proxmox, and even if not this will surely give worse performance, due to high latency.
Click to expand...
Did that once with a router I installed OpenWRT on, as TrueNAS wasn't supporting Wifi and I were not allowed to drill some holes in the floor for a cable. So this is an option, when everything else will not work, but still no great solution. Ping was high, connection not that reliable and quite slow.
If using an ethernet cable isn't an option you might want to try these powerline boxes, where you can send your packets over your existing wall sockets.
 
Oh sorry, yes wlxac15a2988223 is right i was tryng to made the case more general possible substituting wlxac15a2988223 with wlan0 everywere but I forget to substitute it here.
Can you ping 192.168.1.2 from within the VMs?
Click to expand...
No, I can't ping it but I can ping 192.168.2.1 that I think is the server IP inside the bridge

You can also check via tcpdump which packets get sent and see if you discover any issues there.
Click to expand...

If I try to ping something off the network I get (test is my machine name ):

ARP, Request who-has _gateway tell test, lenght 28
 
Magform said:
I thought about it a lot but in the room where my server is it seems impossible to get a wired connection
Click to expand...
Did you think of Power-Line adapters? Depending on your 110V/240V (depending on country) cabling and "routing" of the wires they might be more stable than wireless.

But please: this is not a recommendation - but WLAN is really a no-go.

Just my two €¢...
 
Thanks everyone I think that I'll do my last try today, and next to this if I'm not able to make it working I'll buy a Power-Line adapter.
 
Hello Magform and the Team,
Hope you are doing well.

Magform, just to notice - you setup is working just fine for me, the only thing what you need to do to make it work for you - is to put physical network interface into vmbr0 configuration, like this (here below is my /etc/network/interfaces file):

=============================================================================================
auto lo
iface lo inet loopback

iface enp0s31f6 inet manual # physical Ethernet interface

auto vmbr0
iface vmbr0 inet static
address 192.168.0.252/24
bridge-ports enp0s31f6 # bridge is based on physical network interface
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward

post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o wlp1s0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o wlp1s0 -j MASQUERADE

post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

iface wlp1s0 inet manual # Wi-Fi interface; actual configuration is done with wpa-supplicant
=============================================================================================

You do not even need to enable proxy-arp on Wi-Fi interface:
"
root@pve01:~# cat /proc/sys/net/ipv4/conf/wlp1s0/proxy_arp
0
",
though you can.

The trick here is that packets are being forwarded between physical network interfaces.

When you just use bridge address (192.168.0.252 in my case) as a default gateway on your VMs.


Hope this will help.

Thanks a lot and kind regards,
Alexander Fershtein
 
Last edited:
@Alexander Fershtein , if it is possible, I have a request for support in configuring wpa_supplicant.

Based on the material I found on the internet, I managed to pre-configure wpa_supplicatn. The wifi interface started to work. Theoretically, I was able to configure access to my wifi network correctly. Only theoretically, because practically, I didn't get an IP address for the wifi interface, and I don't see my device in the list of devices connected to the router.

I don't know how to set a (dynamic/static) IP address for the wifi interface.

Best regards,
 
You have to set your vmbr0 from "static" to "dhcp" so it will ask your DHCP server for a IP, DNS and gateway. But even with wpa_supplicant working you really shouldn't use Wifi because it's:
- unreliable
- slow
- bad for privacy
- usually not supported to be bridged. This is the main point because without workarounds no VM/LXC would be able to access the internet. This requires you to manually set up NAT/routing and this again is advanced networking that isn't covered by the webUI anyway.
 
Last edited:
Hello.

Sorry for my bad English!

My network config:

code_language.shell: 
auto lo
iface lo inet loopback

iface enp4s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.88.109/24
        gateway 192.168.88.1
        bridge-ports enp4s0
        bridge-stp off
        bridge-fd 0

auto wlx1cbfce08dfe9
iface wlx1cbfce08dfe9 inet dhcp
        wpa-ssid Office
        wpa-psk "MyP@ssw0rd2!"

Code: 
ifreload -a

Proxmox 8.1.10
 
I recently ran into the same situation. While I'm all with "don't use proxmox w/ wifi in a production environment", I needed to test a few things in precisely this setup. I got it working with the following setup, with a slight change from Alexander Fershtein's config file.

So the idea is that, as others have already commented above, you can't use the bridge mode through wifi. However, there's nothing preventing us NAT Masquerading to wifi. Since in my setup I was using NAT in the first place, it kinda worked out-of-box without any further tweaking.

Here's my config:

Code: 
auto lo
iface lo inet loopback

auto enp42s0
iface enp42s0 inet dhcp

auto vmbr0
iface vmbr0 inet status
        address 192.168.101.99/24
        bridge-ports none
        # no need to bridge
        bridge-stp off
        bridge-fd 0
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.101.0/24' -o wlo1 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.101.0/24' -o wlo1 -j MASQUERADE
        # note that set to wlo1 instead of enp42s0
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1


# I also use wpa_supplicant to setup my wifi
iface wlo1 inet manual

source /etc/network/interfaces.d/*

Note that you don't need to set bridge-ports between vmbr0 and the ethernet interface. Just set the routing to wlo1 and it works, well, at least for me. Good luck everyone.
 
Last edited:
Hello everyone, it seems that the theme is popular and I hope for some advice from someone other than ChatGPT. I'm a newbie to Proxmox so could you please help.

I've installed Proxmox latest version on the home PC and now I'm trying to connect it to the WiFi using TP-LINK TL-WN722N adapter. It seems to work using Ethernet but when I plug out the Ethernet cable all the link goes down - even the router does not ping. I understand that in production conection via WiFi is not a great idea, but since it's a small lab at home I hope it's possible.

So network works via Ethernet and both IP addresses are accessible - from the Ethernet and WiFi adapters - but I do not understand what should I do with bridge to make it work via WiFi. I've tried to adapt some configurations from this topic and others but never got it working.

Also maybe it's an important note but I do not have wpa_supplicant because when I install it I lose all network connection.

I would greatly appreciate any help.
 
mimimiururu said:
I understand that in production conection via WiFi is not a great idea, but since it's a small lab at home I hope it's possible.
Click to expand...
Even for a homelab a bad idea. There you want a reliable, low latency connection too.

when using wifi you will have to turn your PVE host into a router doing NAT or otherwise no VM/LXC will be able to access the internet because of limitations of the Wifi AP.
mimimiururu said:
So network works via Ethernet and both IP addresses are accessible - from the Ethernet and WiFi adapters - but I do not understand what should I do with bridge to make it work via WiFi. I've tried to adapt some configurations from this topic and others but never got it working.
Click to expand...
You can't connect that bridge to a wifi device. You will have to NAT. See:
https://pve.proxmox.com/wiki/Network_Configuration#sysadmin_network_masquerading
https://pve.proxmox.com/wiki/WLAN
 
  • Like
Reactions: news
Hello again, thank you Dunuin for your wisdom
Dunuin said:
You will have to NAT
Click to expand...
and tnanks bosonbear for the config
bosonbear said:
Here's my config:
Click to expand...

I've managed to fix the issue but now I do not get the idea why does it work. Let me explain, I plugged out the Ethernet cable but I still can login via Ethernet interface IP to the ssh and web both.

Code: 
auto lo
iface lo inet loopback

#wireless interface settings wlx18a6f70bc768
auto wlx18a6f70bc768
iface wlx18a6f70bc768 inet manual
    address  192.168.88.89/24
    gateway  192.168.88.1
    wpa-driver wext
    wpa-ap-scan 1
    wpa-ssid NAME
    wpa-psk PASSWORD
    wpa-key-mgmt WPA-PSK
    wpa-proto RSN
    wpa-pairwise CCMP

# Ethernet interface settings eno1
auto eno1
iface eno1 inet static
        address  192.168.88.88/24
        #gateway  192.168.88.1

#bridge settings vmbr0
auto vmbr0
iface vmbr0 inet static
        address 192.168.88.99/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.88.99/24' -o wlx18a6f70bc768 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.88.99/24' -o wlx18a6f70bc768 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

source /etc/network/interfaces.d/*
 
mimimiururu said:
Hello again, thank you Dunuin for your wisdom

and tnanks bosonbear for the config


I've managed to fix the issue but now I do not get the idea why does it work. Let me explain, I plugged out the Ethernet cable but I still can login via Ethernet interface IP to the ssh and web both.

Code: 
auto lo
iface lo inet loopback

#wireless interface settings wlx18a6f70bc768
auto wlx18a6f70bc768
iface wlx18a6f70bc768 inet manual
    address  192.168.88.89/24
    gateway  192.168.88.1
    wpa-driver wext
    wpa-ap-scan 1
    wpa-ssid NAME
    wpa-psk PASSWORD
    wpa-key-mgmt WPA-PSK
    wpa-proto RSN
    wpa-pairwise CCMP

# Ethernet interface settings eno1
auto eno1
iface eno1 inet static
        address  192.168.88.88/24
        #gateway  192.168.88.1

#bridge settings vmbr0
auto vmbr0
iface vmbr0 inet static
        address 192.168.88.99/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '192.168.88.99/24' -o wlx18a6f70bc768 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.88.99/24' -o wlx18a6f70bc768 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

source /etc/network/interfaces.d/*
Click to expand...
Don't do that. A host shouldn't have multiple IPs assigned to the same subnet. This will screw up routing. So either use 192.168.88.88/24, 192.168.88.99/24 or 192.168.88.89/24 but only one of them. In your case you probably want to use DHCP on wlx18a6f70bc768 for the 192.168.88.0/24 subnet and some other subnet for vmbr0.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back