[CentOS-virt] OT: adding a wifi adapter to openvswitch

Thu Sep 24 13:52:56 UTC 2015
C. L. Martinez <carlopmart at gmail.com>

On Thu, Sep 24, 2015 at 2:08 PM, Dmitry E. Mikhailov
<d.mikhailov at infocommunications.ru> wrote:
> On 09/24/2015 04:47 PM, Alvin Starr wrote:
>> Actually I do a similar thing.
> Do you?
>> I use a VM as my home/office firewall.
> If your laptop/server/smth is permanently wired to the internet, there's no
> problem to bridge this interface to the VM.
> But the topic starter wants to connect to the cable or wifi and still have a
> firewall VM. WiFi client connection with WPA(2) PSK encryption does allow
> only the station's MAC in the air.
> Thus topic starter needs some hotplug event scripting, wpa_supplicant being
> started manually, fancy ebtables rules to make it work, some way to notice
> the fw WM that network config changed so it would rerun dhclient. Yea, and
> he should have some GUI/TUI to have it managed. No NetworkManager GUI here.
>> It works quite well and I would argue it is as secure as your standard
>> firewall based on something like openWRT running on dedicated hardware.
> As aforementioned, it's a bit complicated setup. And if you're thinking
> security-wise, imagine you need T#r or some fancy VPN to get your job done
> AND due to some miniscule scripting glitch a SINGLE packet would fly out of
> your real IP address - you're busted.
> To be self-assured during such an intimate workout, you'd want to have a
> physical cable to the physical router that's perforing the encryption job.
> No VPN/T#r/smth - no juice. Simple, bulletproof.
>> I also run a wireless AP in bridged mode to allow local network access
>> on an appliance.
> Do you connect to the AP wirelessly as the client to have a firewall VM
> running over that WiFi?
> Or have you connected the AP via cable to the server/router with fw VM to
> provide connectivity to other clients?
>> There should be no reason that you could not put both on the same
>> physical hardware.
> You could. But it's hard to use in everyday life of typical usage. If the
> user is a sysadm/hacker who doesn't mind issuing several commands from the
> console upon every succesful wifi/wired connection - then welcome!
>> As for the openvswitch original question.
>> Openvswitch has an API that you can access to manage your traffic along
>> with supporting Openflow.
>> If you can get events from your wireless interface then you could write
>> some programs to connect to the switch API.
> I do want to see a neat solution please. May be I'm just too lazy.

Thank you both for your help, I have done another test. I have setup
another laptop with windows 2012 R2 Hyper-V and I have bridged
wireless interface and assigned this bridge to a vm guest, and voila!!
works without problem. Using some powershell scripts, I can change
between SSID's without problems. Easy, really easy. And I don't need
to use WDS features,

I don't understand why it doesn't works with CentOS using the same
approach. I am trying using brctl commands, but it doesn't works also
because wlan0 can't authenticate with AP ...