CentOS virt - Sep 2015 - OT: adding a wifi adapter to openvswitch

Hi all,

  Finally, I have installed openvswitch from source to two CentOS hosts: 
one 6.x and other 7.x.

  I will do some tests using openvswitch bridges to my KVM machines. One 
of these tests is to add a wlan0 adapter from comandline but only when 
this wlan0 is associated with a ssid without assign an IP.

  Is this posible? Do I nees to add some ebtables like, for example, 
Debian's wiki says here: 
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC?

Thanks

On 09/24/2015 01:59 PM, C.L. Martinez wrote:
>   I will do some tests using openvswitch bridges to my KVM machines. One
> of these tests is to add a wlan0 adapter from comandline but only when
> this wlan0 is associated with a ssid without assign an IP.
>
>   Is this posible?
Usually it's not.

When you connect as a station to the infrastructure (AP) - e.g without 
WDS or proprietary extensions enabled, every frame transmitted in 
between has three addresses: your station MAC, BSSID (AP MAC for 
simplicity), destination MAC.

WPA(2) PSK encryption is using your station MAC. So if you try to 
transmit a packet with MAC address other than yours, it won't be 
decrypted thus no transmission.

To cut the long story short AFAIK you can't bridge on WiFi client side 
with WPA(2) PSK encryption. But you can using WEP (or no encryption at 
all). Beware - WEP is as insecure as no encryption - it's cracked 
literally in minutes.

You could run WDS in AP-AP mode with the help of hostap suite or have a 
proprietary solution (WNIC and/or driver).

Otherwise you can NAT/route it.

Best regards,
	Dmitry Mikhailov

Followup

On 09/24/2015 01:59 PM, C.L. Martinez wrote:
>
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC?
They are doing an interesting Ethernet NAT with the following idea:

Your wireless station has MAC "A" and IP "X"
The virtual machine on the wireless station has MAC "B" and IP
"Y"

1) To the outside world both your wireless station and virtual machine 
IPs would share the same MAC:
Arp:
IP "X": MAC "A"
IP "Y": MAC "A" (translated from "B")

2) Every ingress packet coming to your wireless station with the VM's IP 
"Y" would have it's MAC changed back

This scheme could provide you connectivity but it's hacky and it 
requires you to know the MAC and IP address combination of VM. So IMHO 
it's not really everyday mess-free usable.

I'd prefer to have a real routing set up. Simple, fast and reliable.

On Thu, Sep 24, 2015 at 11:28 AM, Dmitry E. Mikhailov
<d.mikhailov at infocommunications.ru> wrote:
> Followup
>
> On 09/24/2015 01:59 PM, C.L. Martinez wrote:
>>
>>
>>
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC?
>
> They are doing an interesting Ethernet NAT with the following idea:
>
> Your wireless station has MAC "A" and IP "X"
> The virtual machine on the wireless station has MAC "B" and IP
"Y"
>
> 1) To the outside world both your wireless station and virtual machine IPs
> would share the same MAC:
> Arp:
> IP "X": MAC "A"
> IP "Y": MAC "A" (translated from "B")
>
> 2) Every ingress packet coming to your wireless station with the VM's
IP "Y"
> would have it's MAC changed back
>
> This scheme could provide you connectivity but it's hacky and it
requires
> you to know the MAC and IP address combination of VM. So IMHO it's not
> really everyday mess-free usable.
>
> I'd prefer to have a real routing set up. Simple, fast and reliable.
Thanks Dimitry, but I use wlan0 or eth0 to connect my laptop to
different networks. I use a vm as fw and I would like to have all vms
and laptop behind this fw vm guest.

Another option is to assign an IP to these interfaces and natting all
to this fw vm ... but I don't like this option