PVE on Laptop - another Wifi Bridge Thread

[Elleni]

I read that wifi cards can be problematic as packets coming from non authorized so I am aware of that. Despite this my boss wants me to configure it similar to the ethernet nic, meaning no nat, just brided device.

Furthermore I have installed a debian first, where wifi is working fine - meaning I can connect wifi through gnome gui interface. But the wifi network device is not showing in /etc/networking/Interfaces. And then ProxMox on top.

I tried to copy the configuration of the first nic and vmbr0 for creating the wifi device and bridge vmbr1 but in webgui on network device I saw the manually created device entries were not recogniced by Type Network Device but Unknown.

I am aware that Wifi can be problematic, but this testinstall is to find out, if we can acheive our goals, and I read about a setting net.ipv4.conf.all.proxy_arp set to 1 could help.

But before I can get there I need help on howto create the network device that is listed by doing lspci or

ip addr:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
link/ether dc:4a:3e:61:bf:2e brd ff:ff:ff:ff:ff:ff
3: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether dc:53:60:b3:03:30 brd ff:ff:ff:ff:ff:ff
altname wlp3s0
inet 10.157.99.245/22 brd 10.157.99.255 scope global dynamic noprefixroute wlo1
valid_lft 415sec preferred_lft 415sec
inet6 fe80::3cd1:52fb:32e4:96ee/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether dc:4a:3e:61:bf:2e brd ff:ff:ff:ff:ff:ff
inet 10.57.50.100/24 brd 10.201.50.255 scope global dynamic vmbr0
valid_lft 691143sec preferred_lft 691143sec
inet6 fe80::de4a:3eff:fe61:bf2e/64 scope link
valid_lft forever preferred_lft forever

I tried creating iface wlo1 or wlp3s0 alongside with vmbr1 in networking interfaces, and they got listet in network section in webgui of proxmox but type of the device was unknown instead of network device.

Now I would like to understand if the wlo1 device is created by networkmanager, while connecting to a wifi. And if at all possible, how I could create a bridge and bring this configuration to work within ProxMox. Or am I supposed to create the bridge by etworkmanager and how is it being

And finally if possible create the needed config to rewrite the packet headers so they seem to come from the host nic, to enable the bridging for VMs through.


lspci:
lspci
00:00.0 Host bridge: Intel Corporation Broadwell-U Host Bridge -OPI (rev 09)
00:02.0 VGA compatible controller: Intel Corporation HD Graphics 5500 (rev 09)
00:03.0 Audio device: Intel Corporation Broadwell-U Audio Controller (rev 09)
00:14.0 USB controller: Intel Corporation Wildcat Point-LP USB xHCI Controller (rev 03)
00:16.0 Communication controller: Intel Corporation Wildcat Point-LP MEI Controller #1 (rev 03)
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection (3) I218-LM (rev 03)
00:1b.0 Audio device: Intel Corporation Wildcat Point-LP High Definition Audio Controller (rev 03)
00:1c.0 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root Port #1 (rev e3)
00:1c.1 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root Port #2 (rev e3)
00:1c.3 PCI bridge: Intel Corporation Wildcat Point-LP PCI Express Root Port #4 (rev e3)
00:1d.0 USB controller: Intel Corporation Wildcat Point-LP USB EHCI Controller (rev 03)
00:1f.0 ISA bridge: Intel Corporation Wildcat Point-LP LPC Controller (rev 03)
00:1f.2 RAID bus controller: Intel Corporation 82801 Mobile SATA Controller [RAID mode] (rev 03)
00:1f.3 SMBus: Intel Corporation Wildcat Point-LP SMBus Controller (rev 03)
02:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5227 PCI Express Card Reader (rev 01)
03:00.0 Network controller: Intel Corporation Wireless 7265 (rev 48)

If I cannot acheive this I might try to pass through the wireless card to a vm and connect from there as last resort (and would probably need help for that too).

What other information can I provide that might help you understand my setup, maybe some networkmanager config?

Thanks in advance for your very appreciated support.

 

[BobhWasatch]

I read that wifi cards can be problematic as packets coming from non authorized so I am aware of that. Despite this my boss wants me to configure it similar to the ethernet nic, meaning no nat, just brided device.

There is a way to do it but it is complex and you need to do configuration for each VM that will be using the bridge.

Furthermore I have installed a debian first, where wifi is working fine - meaning I can connect wifi through gnome gui interface. But the wifi network device is not showing in /etc/networking/Interfaces. And then ProxMox on top.

Because when you installed a Desktop Environment it brought in Network Manager to control the interfaces. If you want to do it manually with /etc/network/interfaces you should read the Debian Wifi Wiki to learn how to specify the SSID and password:

https://wiki.debian.org/WiFi/HowToUse#Using_ifupdown_and_wireless-tools

If you do a manual configuration in /etc/network/interfaces then Network Manager is supposed to give up control of the interface. Or you can uninstall it.

Then you need to configure ebtables:

https://wiki.debian.org/BridgeNetworkConnections

I'm not here to teach you Linux networking, so have fun and good luck!

 

[Elleni]

There is a way to do it but it is complex and you need to do configuration for each VM that will be using the bridge.


Because when you installed a Desktop Environment it brought in Network Manager to control the interfaces. If you want to do it manually with /etc/network/interfaces you should read the Debian Wifi Wiki to learn how to specify the SSID and password:

https://wiki.debian.org/WiFi/HowToUse#Using_ifupdown_and_wireless-tools

If you do a manual configuration in /etc/network/interfaces then Network Manager is supposed to give up control of the interface. Or you can uninstall it.

Then you need to configure ebtables:

https://wiki.debian.org/BridgeNetworkConnections

I'm not here to teach you Linux networking, so have fun and good luck!

Hi BobhWasatch, indeed you are not here to teach me Linux networking, thus thanks for having taken the time to reply anyways! My point was to find out my options and which way to go makes most sense. In fact being used configuring things manually - using and loving gentoo for ages now. I am just new to ProxMox and only started using other distros like not that long ago.

As my task is to make wifi work without nat but only direct bridging - analog to the wired nic, uninstalling Networkmanager and configuring /etc/networking/interfaces and wpa_supplicant won't help then, as this would mean configuring ebtables for nat-ing, at least thats my understanding.

Do I understand you correctly that ProxMox sees this as unknown device because the wifi card wlo1 IS controlled by Networkmanager and would see it as network card IF configured manually while having removed Networkmanager? - Not that important - as it wouldn't work anyway out of the box, just asking out of couriosity.

As you stated that there is a complex way to do it - do you mean by rewriting the packets so they seem to come from the host instead of the vms? Can you point me to the direction by giving me some keywords so I can investigate if its worth going that way? I want to check and find out if this is a practical enough configuration - especially as you say it involves configuration of each vm using that bridge, and I want to assess if we can prepare the laptops in a way a developper can use this conveniently enough.

Else it might be the easiest solution, to try pass through the pci device completely to the vm and configure wifi access from there.

Again thanks for your helpful input, really appreciated.

 

[aureladmin]

I have trouble understanding the request, I put the solution that I use in "Developer Workstation" mode

1) Have a laptop in "Developer Workstation" mode, see: https://forum.proxmox.com/threads/developer-workstation-proxmox-ve-8-with-cinnamon-lmde6.133736/

2) Let the Wifi be managed via network manager (and other physical network card)

3) create VMBR with nat to wifi card or other network card:

## EMULATION WAN WITH NAT wlo1 or enp4s0
auto vmbr0
iface vmbr0 inet static
address 192.168.199.254/24
bridge-ports none
bridge-stp off
bridge-fd 0
metric 100
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.199.0/24' -o wlo1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.199.0/24' -o wlo1 -j MASQUERADE
# post-up iptables -t nat -A POSTROUTING -s '192.168.199.0/24' -o enp4s0 -j MASQUERADE
# post-down iptables -t nat -D POSTROUTING -s '192.168.199.0/24' -o enp4s0 -j MASQUERADE


4) remember to put an IP to the VM in the same range as the Proxmox host



This works for me every day and allows me to give "WAN" access to my VMs even when traveling.
It should be possible to do almost the same with the new SDN function of proxmox which offers DHCP in addition, I have not yet looked at how to do it for the moment.

 

[Elleni]

The requirement is that nat is not allowed - thus I need to find out if I can either find a way to operate wireless nic bridged like the wired one, or pass through the wifi card directly to the vm. I saw your link to the dev. workstation and will definitively check that one out too (in fact I already downloaded and installed the container and am looking forward to play around with it). At the moment I am looking at some threads to check if that could help, like:

https://forum.proxmox.com/threads/howto-proxmox-ve-8-x-x-wifi-with-routed-configuration.147714/

or the last two comments from intrax in these threads:
https://forum.proxmox.com/threads/proxmox-wifi-interface-in-bridge.125624/

 

[aureladmin]

The requirement is that nat is not allowed - thus I need to find out if I can either find a way to operate wireless nic bridged like the wired one, or pass through the wifi card directly to the vm. I saw your link to the dev. workstation and will definitively check that one out too (in fact I already downloaded and installed the container and am looking forward to play around with it). At the moment I am looking at some threads to check if that could help, like:

https://forum.proxmox.com/threads/howto-proxmox-ve-8-x-x-wifi-with-routed-configuration.147714/

or the last two comments from intrax in these threads:
https://forum.proxmox.com/threads/proxmox-wifi-interface-in-bridge.125624/

Have you looked at "connman"?
You can bridge the wired network card to the wifi interface. The wired network interface will act as a switch to which you bridge VMBR.

I would look at that side.

PS1 : TetheringTechnologies

 

[Elleni]

will do - sounds interesting, ty.

 

[BobhWasatch]

As my task is to make wifi work without nat but only direct bridging - analog to the wired nic, uninstalling Networkmanager and configuring /etc/networking/interfaces and wpa_supplicant won't help then, as this would mean configuring ebtables for nat-ing, at least thats my understanding.

Yes, it is NAT at layer 2, basically.

The problem is that the access point your PVE is connected to won't (usually...there are exceptions) accept Ethernet frames that did not come from the MAC address that is associated with it. So I don't see any way to do this without some kind of NAT.

Unless, that is, your client NIC and the AP both support Wireless Distribution System (WDS). But that would mean you also need to configure the AP, not just the client. Plus it is unlikely that the NIC in the laptop supports WDS.

You could also do a pure routed configuration but then you need to configure the gateway router to know about the new subnet.

Do I understand you correctly that ProxMox sees this as unknown device because the wifi card wlo1 IS controlled by Networkmanager and would see it as network card IF configured manually while having removed Networkmanager? - Not that important - as it wouldn't work anyway out of the box, just asking out of couriosity.

If you configure the card with /etc/network/interfaces then Network Manager will treat it as an unknown device and leave it alone.

As you stated that there is a complex way to do it - do you mean by rewriting the packets so they seem to come from the host instead of the vms?

That is what the second Wiki link does using ebtables. But the return packets need to be handled somehow, as do connections from outside. The example does this by associating a VM MAC with a destination IP address. That's why it need to be configured manually or by script.

Else it might be the easiest solution, to try pass through the pci device completely to the vm and configure wifi access from there.

This will work as long as your laptop supports it. But only for one VM at a time.