Discussion:
Using NetBSD as a travel router
(too old to reply)
D'Arcy Cain
2017-12-29 22:54:33 UTC
Permalink
I was going to look for a travel router but I realize that my NetBSD
machine can probably do everything I need but let me run through my
scenario and see if it is correct.

Basically a travel router is a router that will connect to a service
provider, wireless or wired, and become a hotspot for all of your
devices. For example, if you are in a campground with wifi you can make
one connection and then connect your phones and laptops to it.

Ideally you can service your wired network as well. Those tend to be a
bit more expensive and I don't know how well they work.

I am thinking that a NetBSD box can do everything I need. I have no
issues setting up routing on it. My questions are about the wifi cards.
First, does anyone have any suggestions for wireless cards that work
well with NetBSD? Also, can I use one card for both ingress and hotspot
or should I get two?

Once I get it working I may work on a user friendly web interface to
manage it.
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
i***@beverly.kleinbus.org
2017-12-30 09:31:53 UTC
Permalink
Hi,
Post by D'Arcy Cain
First, does anyone have any suggestions for wireless cards that work
well with NetBSD? Also, can I use one card for both ingress and hotspot
or should I get two?
Last I looked (NetBSD-7),

- iwn (as built into my T61)
- urtw (as in a VIVENCO usb wifi stick I posess)

didn't support hotspot mode, at least not with our drivers. If this changed,
please tell me.

Regards,
-is

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2017-12-30 18:35:50 UTC
Permalink
Post by i***@beverly.kleinbus.org
Post by D'Arcy Cain
First, does anyone have any suggestions for wireless cards that work
well with NetBSD? Also, can I use one card for both ingress and hotspot
or should I get two?
Last I looked (NetBSD-7),
- iwn (as built into my T61)
- urtw (as in a VIVENCO usb wifi stick I posess)
I was hoping for a list of actual cards that work well with NetBSD. Our
site lists chipsets but I assume that some cards use them better than
others. I also was hoping for PCI cards if possible.
Post by i***@beverly.kleinbus.org
didn't support hotspot mode, at least not with our drivers. If this changed,
please tell me.
Doesn't wpa_supplicant work with them? Why would the card determine
whether hotspot works? Network is network, right?
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Michael van Elst
2017-12-30 22:24:14 UTC
Permalink
Post by D'Arcy Cain
I was hoping for a list of actual cards that work well with NetBSD. Our
site lists chipsets but I assume that some cards use them better than
others. I also was hoping for PCI cards if possible.
There are PCI cards that have different wifi chipsets but are sold as the
same brand and model.
Post by D'Arcy Cain
Post by i***@beverly.kleinbus.org
didn't support hotspot mode, at least not with our drivers. If this changed,
please tell me.
Doesn't wpa_supplicant work with them? Why would the card determine
whether hotspot works? Network is network, right?
This works below the network level and is partially implemented in
driver, net80211 layer and firmware. Hostap mode usually means that
it has to be supporteed by the firmware or that you need a very low-level
control over the hardware.
--
--
Michael van Elst
Internet: ***@serpens.de
"A potential Snark may lurk in every tree."

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Ignatios Souvatzis
2017-12-31 08:41:43 UTC
Permalink
Post by D'Arcy Cain
I was hoping for a list of actual cards that work well with NetBSD.
Doesn't wpa_supplicant work with them? Why would the card determine
whether hotspot works? Network is network, right?
The driver still has to switch it into hotspot mode.

Regards,
-is

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Thor Lancelot Simon
2017-12-31 14:28:54 UTC
Permalink
Post by Ignatios Souvatzis
Post by D'Arcy Cain
I was hoping for a list of actual cards that work well with NetBSD.
Doesn't wpa_supplicant work with them? Why would the card determine
whether hotspot works? Network is network, right?
The driver still has to switch it into hotspot mode.
The "travel router" use case is even trickier -- the device has to
participate in one network as a client while participating in another as
an AP. Presumably on different channels.

Thor

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2017-12-31 17:11:10 UTC
Permalink
Post by Thor Lancelot Simon
The "travel router" use case is even trickier -- the device has to
participate in one network as a client while participating in another as
an AP. Presumably on different channels.
Although I asked, I did assume that I would have to use two wifi cards.
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2018-01-01 16:01:29 UTC
Permalink
Post by Ignatios Souvatzis
Post by D'Arcy Cain
Doesn't wpa_supplicant work with them? Why would the card determine
whether hotspot works? Network is network, right?
The driver still has to switch it into hotspot mode.
Right. So I looked at hostapd(8) and in the "SEE ALSO" it lists a bunch
of wifi chipsets. Can I assume that anything with those chipsets will
work or do I still have to check the specific card? Does anyone know
where I can find a list of cards that support hotspot?
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2018-01-02 15:36:43 UTC
Permalink
Post by D'Arcy Cain
Post by Ignatios Souvatzis
Post by D'Arcy Cain
Doesn't wpa_supplicant work with them? Why would the card determine
whether hotspot works? Network is network, right?
The driver still has to switch it into hotspot mode.
Right. So I looked at hostapd(8) and in the "SEE ALSO" it lists a bunch
of wifi chipsets. Can I assume that anything with those chipsets will
work or do I still have to check the specific card? Does anyone know
where I can find a list of cards that support hotspot?
I have been doing further reading. Am I correct that anything
supporting 802.11 (virtually everything available today) will work or do
I need a letter like 802.11n or something to do hotspot?
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
David Young
2018-01-02 16:33:03 UTC
Permalink
Post by D'Arcy Cain
Post by D'Arcy Cain
Post by Ignatios Souvatzis
Post by D'Arcy Cain
Doesn't wpa_supplicant work with them? Why would the card determine
whether hotspot works? Network is network, right?
The driver still has to switch it into hotspot mode.
Right. So I looked at hostapd(8) and in the "SEE ALSO" it lists a bunch
of wifi chipsets. Can I assume that anything with those chipsets will
work or do I still have to check the specific card? Does anyone know
where I can find a list of cards that support hotspot?
I have been doing further reading. Am I correct that anything
supporting 802.11 (virtually everything available today) will work or do
I need a letter like 802.11n or something to do hotspot?
There are .11b, .11g, and .11a adapters that support access point
("hotspot") mode.

Atheros adapters used to be a pretty good bet.

Dave
--
David Young
***@pobox.com Urbana, IL (217) 721-9981

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
David Young
2018-01-02 16:47:09 UTC
Permalink
Post by Thor Lancelot Simon
The "travel router" use case is even trickier -- the device has to
participate in one network as a client while participating in another as
an AP. Presumably on different channels.
There have been 802.11 adapters that let you operate both as client
and AP on the same channel, but NetBSD would need the "virtual AP"
improvements to net80211 (or the moral equivalent) to do that.

Years ago, a research project (at Microsoft, I think) showed one adapter
participating simultaneously in networks on more than one channel by
exploiting the 802.11 power-save features: essentially, the adapter
would tell one AP it was going to sleep, tune a different channel, talk
to a second AP for a while, tell the second AP it was going to sleep,
tune back to the first channel and "wake" there. (IIRC, it takes only
microseconds to tune a new channel.) I believe background scanning is
performed using a similar trick.

There were a lot of buggy power-save implementations at the time the
research was performed, so I think that a lot of people shrugged off the
multiple-channel operation as impractical. I don't know if it is more
or less practical, now.

Dave
--
David Young
***@pobox.com Urbana, IL (217) 721-9981

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2018-01-02 17:59:53 UTC
Permalink
Post by David Young
Post by Thor Lancelot Simon
The "travel router" use case is even trickier -- the device has to
participate in one network as a client while participating in another as
an AP. Presumably on different channels.
There have been 802.11 adapters that let you operate both as client
and AP on the same channel, but NetBSD would need the "virtual AP"
improvements to net80211 (or the moral equivalent) to do that.
I have resigned myself to needing two wifi cards. The question is, will
any 802.11 card operate as an access point?
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2018-01-24 23:20:09 UTC
Permalink
Post by D'Arcy Cain
I have resigned myself to needing two wifi cards. The question is, will
any 802.11 card operate as an access point?
Turns out I only have one PCI slot in the computer that I am doing this
on. Have to look for a new system.

However, I still have a problem that I can't seem to solve. I have set
up wpa_supplicant, ipfilter, ipnat, etc. and everything mostly works.
From that system I can get out to any place on the net. When I try to
make it the gateway it doesn't work. Here's what I have so far.

rc.conf:
hostname=dilbert.druid.net
ifconfig_wm0="inet 192.168.215.105 netmask 0xffffff00"
dhcpd=YES dhcpd_flags="-cf /home/darcy/svn/Druid/etc/dhcpd.conf wm0"
wpa_supplicant=YES
wpa_supplicant_flags="-c/etc/wpa_supplicant.conf -B -iathn0"
dhclient=YES dhclient_flags="-4 athn0 -pf /var/run/dhclient.pid"
ipfilter=YES # uses /etc/ipf.conf
ipnat=YES # uses /etc/ipnat.conf

ifconfig.athn0:
up
dhcp

ipf.conf:
pass in from any to any
pass out from any to any

ipnat.conf:
map athn0 192.168.215.111/32 -> 0/32 proxy port ftp ftp/tcp
map athn0 192.168.215.111/32 -> 0/32 portmap tcp/udp 10000:20000
map athn0 192.168.215.111/32 -> 0/32

wpa_supplicant.conf:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
update_config=1
network={
ssid="Chalmetterv"
key_mgmt=NONE
}

And net.inet.ip.forwarding = 1.

I can connect to the gateway server from another host but when I
traceroute it goes to the gateway and stops. I can't tell if it is
failing to go through the wifi or if it is not coming back.

Anything jump out at anyone here?

Thanks.
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
John Nemeth
2018-01-25 06:01:18 UTC
Permalink
On Jan 24, 5:20pm, "D'Arcy Cain" wrote:
} On 01/02/2018 11:59 AM, D'Arcy Cain wrote:
} > I have resigned myself to needing two wifi cards. The question is, will
} > any 802.11 card operate as an access point?
}
} Turns out I only have one PCI slot in the computer that I am doing this
} on. Have to look for a new system.
}
} However, I still have a problem that I can't seem to solve. I have set
} up wpa_supplicant, ipfilter, ipnat, etc. and everything mostly works.
} From that system I can get out to any place on the net. When I try to
} make it the gateway it doesn't work. Here's what I have so far.
}
} rc.conf:
} hostname=dilbert.druid.net
} ifconfig_wm0="inet 192.168.215.105 netmask 0xffffff00"
} dhcpd=YES dhcpd_flags="-cf /home/darcy/svn/Druid/etc/dhcpd.conf wm0"
} wpa_supplicant=YES
} wpa_supplicant_flags="-c/etc/wpa_supplicant.conf -B -iathn0"
} dhclient=YES dhclient_flags="-4 athn0 -pf /var/run/dhclient.pid"
} ipfilter=YES # uses /etc/ipf.conf
} ipnat=YES # uses /etc/ipnat.conf
}
} ifconfig.athn0:
} up
} dhcp

Don't use both "dhcp" here and "dhclient=YES" as "dhcp" here
enables dhcpcd (a different DHCP client program).

} ipf.conf:
} pass in from any to any
} pass out from any to any
}
} ipnat.conf:
} map athn0 192.168.215.111/32 -> 0/32 proxy port ftp ftp/tcp
} map athn0 192.168.215.111/32 -> 0/32 portmap tcp/udp 10000:20000
} map athn0 192.168.215.111/32 -> 0/32
}
} wpa_supplicant.conf:
} ctrl_interface=/var/run/wpa_supplicant
} ctrl_interface_group=wheel
} update_config=1
} network={
} ssid="Chalmetterv"
} key_mgmt=NONE
} }
}
} And net.inet.ip.forwarding = 1.
}
} I can connect to the gateway server from another host but when I
} traceroute it goes to the gateway and stops. I can't tell if it is
} failing to go through the wifi or if it is not coming back.
}
} Anything jump out at anyone here?

At a quick look, all I see is the attempt to start two DHCP clients.

}-- End of excerpt from "D'Arcy Cain"

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2018-01-25 15:14:56 UTC
Permalink
Post by John Nemeth
} up
} dhcp
Don't use both "dhcp" here and "dhclient=YES" as "dhcp" here
enables dhcpcd (a different DHCP client program).
In fact it never ran anyway beause the address was already in use. I
guess that explains it. Should I set dhcpcd=YES in rc.conf? It seems
to be running anyway.
Post by John Nemeth
} Anything jump out at anyone here?
At a quick look, all I see is the attempt to start two DHCP clients.
Can't be that since dhclient never started anyway. I am pretty sure
that the issue has something to do with NAT but I can't figure out what.

Thanks.
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
John Nemeth
2018-01-25 16:23:03 UTC
Permalink
On Jan 25, 9:14am, "D'Arcy Cain" wrote:
} On 01/25/2018 12:01 AM, John Nemeth wrote:
} > On Jan 24, 5:20pm, "D'Arcy Cain" wrote:
} > } ifconfig.athn0:
} > } up
} > } dhcp
} >
} > Don't use both "dhcp" here and "dhclient=YES" as "dhcp" here
} > enables dhcpcd (a different DHCP client program).
}
} In fact it never ran anyway beause the address was already in use. I
} guess that explains it. Should I set dhcpcd=YES in rc.conf? It seems
} to be running anyway.

You have three options:

- leave the dhclient stuff in rc.conf and remove dhcp from ifconfig.*
- remove dhclient stuff from rc.conf, remove dhcp ifconfig.* and add
dhcpcd=YES to rc.conf
- remove dhclient stuff from rc.conf and leave dhcp in ifconfig.*

I don't recommend the second option as dhcpcd would try to manage
all interfaces unless you took additional steps to limit it.

} > } Anything jump out at anyone here?
} >
} > At a quick look, all I see is the attempt to start two DHCP clients.
}
} Can't be that since dhclient never started anyway. I am pretty sure
} that the issue has something to do with NAT but I can't figure out what.

My first thought was the ipforwarding sysctl, but you got
that. I would have to go back and take a closer look at the ipnat
configuration. But, you could try pinging from an inside machine
to an outside machine then run tcpdump on both the inside and
outside interfaces to look for the ping packets.

}-- End of excerpt from "D'Arcy Cain"

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2018-01-25 21:43:57 UTC
Permalink
Post by John Nemeth
- leave the dhclient stuff in rc.conf and remove dhcp from ifconfig.*
- remove dhclient stuff from rc.conf, remove dhcp ifconfig.* and add
dhcpcd=YES to rc.conf
- remove dhclient stuff from rc.conf and leave dhcp in ifconfig.*
Effectively option 3 was the one I used all along.
Post by John Nemeth
I don't recommend the second option as dhcpcd would try to manage
all interfaces unless you took additional steps to limit it.
Would dhclient have the same issue?
Post by John Nemeth
My first thought was the ipforwarding sysctl, but you got
Yah, I keep checking that one because it sure looks like that is the
issue. Is there any way that forwarding could be disabled even with
that set?
Post by John Nemeth
that. I would have to go back and take a closer look at the ipnat
configuration. But, you could try pinging from an inside machine
to an outside machine then run tcpdump on both the inside and
outside interfaces to look for the ping packets.
I did try ipmon but all it says is that the mapping happened. I ran
tcpdump but nothing seemed obvious. I will delve deeper.

I almost wonder if the provider (Cox) is doing something to mess me up
but I can't imagine what.
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2018-01-26 23:01:46 UTC
Permalink
Post by D'Arcy Cain
Yah, I keep checking that one because it sure looks like that is the
issue. Is there any way that forwarding could be disabled even with
that set?
OK, I got it working sort of. When I looked at the packets going
through the wifi interface I saw this.

15:57:20.388862 IP 0.0.0.0 > vex.net: ICMP echo request, id 12998, seq
16, length 64

I had assumed that the 0.0.0.0 was a place holder for whatever IP
address was on the interface as supplied by DHCP but then I saw this in
the output of ifconfig as well as the correct address.

inet 0.0.0.0/8 broadcast 255.255.255.255 flags 0x0

As soon as I did "ifconfig athn0 -0.0.0.0" the packets started flowing.
So now the question is, how did that address get installed on the
interface. It's great that I can make it work by running a simple
command but it would be nice if it came up properly in the first place.
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
John Nemeth
2018-01-27 02:35:24 UTC
Permalink
On Jan 26, 5:01pm, "D'Arcy Cain" wrote:
} On 01/25/2018 03:43 PM, D'Arcy Cain wrote:
} > Yah, I keep checking that one because it sure looks like that is the
} > issue. Is there any way that forwarding could be disabled even with
} > that set?
}
} OK, I got it working sort of. When I looked at the packets going
} through the wifi interface I saw this.
}
} 15:57:20.388862 IP 0.0.0.0 > vex.net: ICMP echo request, id 12998, seq
} 16, length 64
}
} I had assumed that the 0.0.0.0 was a place holder for whatever IP
} address was on the interface as supplied by DHCP but then I saw this in

Nope. You should never see a source address of 0.0.0.0 on
the wire except as part of the exchange when the DHCP client is
trying to get an address.

} the output of ifconfig as well as the correct address.
}
} inet 0.0.0.0/8 broadcast 255.255.255.255 flags 0x0
}
} As soon as I did "ifconfig athn0 -0.0.0.0" the packets started flowing.
} So now the question is, how did that address get installed on the
} interface. It's great that I can make it work by running a simple

It might have been an artifact of trying to run two different
DHCP clients at the same time.

} command but it would be nice if it came up properly in the first place.
}
}-- End of excerpt from "D'Arcy Cain"

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
D'Arcy Cain
2018-01-27 13:27:15 UTC
Permalink
Post by John Nemeth
It might have been an artifact of trying to run two different
DHCP clients at the same time.
I think that that was it. Even though dhclient failed to run it seems
to have added that bad address. Removing it from rc.conf and rebooting
seems to have fixed it.

Things seem to be mostly working now. I think that the AP that I am
connecting to is having problems. Linux has iwconfig to view things
like TX power and other things. Does NetBSD have a similar facility?

Also, if I have two networks in wpa_supplicant.conf and the one I am
currently connected to disappears, should it automatically connect to
the other or do I have to restart something?
--
D'Arcy J.M. Cain <***@NetBSD.org>
http://www.NetBSD.org/ IM:***@Vex.Net

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Roy Marples
2018-01-27 10:13:45 UTC
Permalink
Post by D'Arcy Cain
Post by D'Arcy Cain
Yah, I keep checking that one because it sure looks like that is the
issue. Is there any way that forwarding could be disabled even with
that set?
OK, I got it working sort of. When I looked at the packets going
through the wifi interface I saw this.
15:57:20.388862 IP 0.0.0.0 > vex.net: ICMP echo request, id 12998, seq
16, length 64
I had assumed that the 0.0.0.0 was a place holder for whatever IP
address was on the interface as supplied by DHCP but then I saw this in
the output of ifconfig as well as the correct address.
inet 0.0.0.0/8 broadcast 255.255.255.255 flags 0x0
As soon as I did "ifconfig athn0 -0.0.0.0" the packets started flowing.
So now the question is, how did that address get installed on the
interface. It's great that I can make it work by running a simple
command but it would be nice if it came up properly in the first place.
dhclient puts it there when it first starts up.
See /sbin/dhclient-script PREINIT phase.

If you don't want to hack that script then use dhcpcd instead where
there is no need to assign the unspecified address to the interface to
get DHCP working.

Roy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Lloyd Parkes
2018-01-25 00:18:32 UTC
Permalink
Hi D’Arcy,
It’s been a while since I have used IPF, so I’m not going to spot anything wrong in your config, but I can think of two suggestions.
Post by D'Arcy Cain
pass in from any to any
pass out from any to any
map athn0 192.168.215.111/32 -> 0/32 proxy port ftp ftp/tcp
map athn0 192.168.215.111/32 -> 0/32 portmap tcp/udp 10000:20000
map athn0 192.168.215.111/32 -> 0/32
1) This ruleset looks a bit short to me. I could be mistaken, but every time I’ve thought “she’ll be right” with IPF, I’ve been wrong.

2) You can use the ipmon command to view real-time activity and unviewed recent activity. This is a superb utility.

Cheers,
Lloyd
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...