[CentOS-virt] OT: adding a wifi adapter to openvswitch

Thu Sep 24 15:22:08 UTC 2015
Nux! <nux at li.nux.ro>

I know people used Parprouted to help with bridging wired with wireless. Have a look at it.

Sent from the Delta quadrant using Borg technology!


----- Original Message -----
> From: "C. L. Martinez" <carlopmart at gmail.com>
> To: "Discussion about the virtualization on CentOS" <centos-virt at centos.org>
> Sent: Thursday, 24 September, 2015 14:52:56
> Subject: Re: [CentOS-virt] OT: adding a wifi adapter to openvswitch

> On Thu, Sep 24, 2015 at 2:08 PM, Dmitry E. Mikhailov
> <d.mikhailov at infocommunications.ru> wrote:
>> On 09/24/2015 04:47 PM, Alvin Starr wrote:
>>> Actually I do a similar thing.
>> Do you?
>>> I use a VM as my home/office firewall.
>> If your laptop/server/smth is permanently wired to the internet, there's no
>> problem to bridge this interface to the VM.
>> But the topic starter wants to connect to the cable or wifi and still have a
>> firewall VM. WiFi client connection with WPA(2) PSK encryption does allow
>> only the station's MAC in the air.
>> Thus topic starter needs some hotplug event scripting, wpa_supplicant being
>> started manually, fancy ebtables rules to make it work, some way to notice
>> the fw WM that network config changed so it would rerun dhclient. Yea, and
>> he should have some GUI/TUI to have it managed. No NetworkManager GUI here.
>>> It works quite well and I would argue it is as secure as your standard
>>> firewall based on something like openWRT running on dedicated hardware.
>> As aforementioned, it's a bit complicated setup. And if you're thinking
>> security-wise, imagine you need T#r or some fancy VPN to get your job done
>> AND due to some miniscule scripting glitch a SINGLE packet would fly out of
>> your real IP address - you're busted.
>> To be self-assured during such an intimate workout, you'd want to have a
>> physical cable to the physical router that's perforing the encryption job.
>> No VPN/T#r/smth - no juice. Simple, bulletproof.
>>> I also run a wireless AP in bridged mode to allow local network access
>>> on an appliance.
>> Do you connect to the AP wirelessly as the client to have a firewall VM
>> running over that WiFi?
>> Or have you connected the AP via cable to the server/router with fw VM to
>> provide connectivity to other clients?
>>> There should be no reason that you could not put both on the same
>>> physical hardware.
>> You could. But it's hard to use in everyday life of typical usage. If the
>> user is a sysadm/hacker who doesn't mind issuing several commands from the
>> console upon every succesful wifi/wired connection - then welcome!
>>> As for the openvswitch original question.
>>> Openvswitch has an API that you can access to manage your traffic along
>>> with supporting Openflow.
>>> If you can get events from your wireless interface then you could write
>>> some programs to connect to the switch API.
>> I do want to see a neat solution please. May be I'm just too lazy.
> Thank you both for your help, I have done another test. I have setup
> another laptop with windows 2012 R2 Hyper-V and I have bridged
> wireless interface and assigned this bridge to a vm guest, and voila!!
> works without problem. Using some powershell scripts, I can change
> between SSID's without problems. Easy, really easy. And I don't need
> to use WDS features,
> I don't understand why it doesn't works with CentOS using the same
> approach. I am trying using brctl commands, but it doesn't works also
> because wlan0 can't authenticate with AP ...
> _______________________________________________
> CentOS-virt mailing list
> CentOS-virt at centos.org
> https://lists.centos.org/mailman/listinfo/centos-virt