Having similar issue myself, I have found simpler and cheaper alternative - $20 Gl.inet mini router [1] that runs OpenWRT, but also has frienly UI where you can turn STA mode, connect it to your wireless network and have wired internet on the ethernet port.
I use it for wireless Wake-on-Lan for my homelab PC, integrated with homeassistant and Google Assistant voice command “Hey Google, turn on homelab”.
I ended up doing something very similar, if for different reasons. There was an elongated period of time when I had no home Internet service. It was more or less a nonissue, since I had 5GB of LTE-speed tethering, and most of my devices spoke Wi-Fi.
Note that I said most, not all. I had a few Raspberry Pi's, and an old Xbox and 486 PC that I used for old games.
I ended up using DD-WRT in access point mode, and rather than having it run in station mode, it would connect to my phone as a Wi-Fi client, and forward Wi-Fi packets out the Ethernet switch.
It was quite handy, and made the summer much more bearable. As an added bonus, I now keep that router config as a backup. If my actual ISP is ever having an outage, I can reupload that config, and get all of the devices on my network back online, without having to switch them over to Wi-Fi.
I use one of those GL.inet routers. It's been reliable for 1.5 years. I configured it to route all traffic through a proxy service (aka VPN). Most VPN clients fail open, which defeats the purpose of using a proxy for privacy. The GL.inet firmware has an option to fail-closed when the proxy connection is down.
I use a ZTE MF820B USB 4G LTE modem as a backup Internet connection. I configured the GL.inet router to talk to the modem on /dev/cdc-wdm0 and added my LTE service provider's APN hostname. With those two settings, it just works. I keep the LTE modem unplugged and on-hand for when my fiber (Webpass) goes down.
GL.inet is based in Hong Kong and is now under the control of the Chinese red party.
Those little devices are in high demand. I've been buying them in quantities of 10-at-a-time (Especially when they were cheaper) since they are useful for putting VOIP phones securley behind VPN. I've seen a lot of folks recommend them on HN. They support OpenVPN + Wireguard out of the box and are easy enough for non-techs to reconfigure in the field w/ remote instructions.
simpler is boring & un-educatuonal but thanks anyways for the good resources. those trying to learn & improve ought know what provided offerings there are about. that is openwrt based is extra compelling that we should better document & explain explain what is really afoot here!!!
The post isn't mentioning DHCPv6-PD[*] (prefix delegation.) I feel like murphy's law is kicking into effect right now and the ISP-provided router actually supports PD to give downstream routers their own /64.
(Or maybe not. Who knows. I feel like the post would've mentioned PD if they tried it.)
Also:
I divided it into a smaller subnet 2001:db8:abc:123:40::/76
Anything on a broadcast/multinode segment that isn't /64 is heresy ;)
Out of interest, why didn't you just bridge the two interfaces? Did you want everything on a separate subnet? (maybe I missed that but but you mentioned before how everything used to be directly plugged in anyway)
You can't bridge regular 802.11 wireless into ethernet at the client side. The on-air addressing requires the client MAC address to be the same as the ethernet packet's sender.
802.11 has the concept of "transmitter address" and "receiver address" in addition to source and destination. Those are MAC addresses too, but they're relevant for the on-air radio management. Things like RTS, CTS, ACKs, and fancier things like beamforming and sounding. The problem is that the design only includes 3 address fields in on-air frames; the AP can specify separate SA and TA (i.e. send a packet for somebody else, SA=real source, TA=AP MAC, RA=DA=client.) There is no mechanism for the client to do the same thing; that would require 4 address fields.
Coincidentally, 4 address fields is exactly what you get with "WDS" / "Wireless Extender" / ... modes. However, these need to be supported, enabled and configured on both the AP and client. The author of the post seems to have no access to the AP to do so (and the AP possibly doesn't support it anyway.)
> Right from the beginning, it’s worth to mention, that the router (Sagemcom F@st) is super limited in what it allows configuring. [...] Similarly, I can’t set up any custom routing or configure which DNS servers the router’s built-in DHCP provides for the home networks — the configuration is locked by the vendor
I had the same problems with my modem/router, a Fastgate by Fastweb (in .it)
No custom static routes, dns fixed by the provider, no vpn functionalities. Some arbitrary tcp ports can't be forwarded via NAT. TR-069 was up and running, at least in ~2017, and at the same year at CCC in Hamburg (or Leipzig?) there was a nice talk about how good of an attack vector TR-069 is.
All this is quite infuriating, specifically the DNS thing.
I ended up replacing the whole thing with custom equipment (ONT + a Linksys WRT3200ACM running OpenWrt).
But I honestly think that stuff like this should be illegal.
And this is all because WiFi doesn't act like a proper layer 2... It isn't possible to have a network which is ethernet -> wifi -> ethernet and have the whole thing one broadcast domain.
Well, as at least one other commenter in this thread already pointed out, this is possible with WDS (Wireless Distribution System). However, this needs to be supported by the access points. If it is supported (for example on APs running OpenWRT), it is literally just a matter of enabling WDS on the station and client APs, and bridging the wireless interfaces to the ethernet interfaces.
I've been using this setup in my home network for years now (with a dedicated OpenWRT device for each wired "island") and it works great.
Edit: To clarify, yes, this establishes a single broadcast domain. For example, DHCP and ARP requests are propagated through the entire network.
> The router is set with ... a global unicast IPv6 address (GUA) prefix 2001:db8:abc:123::/64, which the ISP designates to us (of course, that’s not the real prefix, but I will use this one in all examples below).
On a side note, I have more trust in documentation that is compliant with the relevant RFCs (i.e., RFC1918, RFC3849, RFC5737, et al).
In my experience, such documentation is much more likely to be "technically correct" and get the small details right.
As far as I can tell, I have the same IPv6 prefix for at least a year. Of course, if the prefix's changed, I'll have to reconfigure the homelab. If that started to become annoying I would automate that with an ansible task. But will probably need to search for a better and more stable solution.
avahi (the standard Linux mDNS implementation) has settings to set up proxying between multiple segments.
It's not ARP relay, it's proxy ARP. That's a builtin feature on the Linux kernel, with 2 distinct modes to configure and enable it. (a) /proc/sys/net/.../proxy_arp, or (b) ip neigh add proxy ...; the latter way is more fine grained while the former is just an interface-wide switch that you flick on.
coolspot|4 years ago
I use it for wireless Wake-on-Lan for my homelab PC, integrated with homeassistant and Google Assistant voice command “Hey Google, turn on homelab”.
[1] - perhaps due to chip shortage, it is closer to $30 now - https://www.amazon.com/dp/B073TSK26W
don-code|4 years ago
Note that I said most, not all. I had a few Raspberry Pi's, and an old Xbox and 486 PC that I used for old games.
I ended up using DD-WRT in access point mode, and rather than having it run in station mode, it would connect to my phone as a Wi-Fi client, and forward Wi-Fi packets out the Ethernet switch.
It was quite handy, and made the summer much more bearable. As an added bonus, I now keep that router config as a backup. If my actual ISP is ever having an outage, I can reupload that config, and get all of the devices on my network back online, without having to switch them over to Wi-Fi.
mleonhard|4 years ago
I use a ZTE MF820B USB 4G LTE modem as a backup Internet connection. I configured the GL.inet router to talk to the modem on /dev/cdc-wdm0 and added my LTE service provider's APN hostname. With those two settings, it just works. I keep the LTE modem unplugged and on-hand for when my fiber (Webpass) goes down.
GL.inet is based in Hong Kong and is now under the control of the Chinese red party.
cschneid|4 years ago
I played with it some, with two nodes, although there's nobody near me to mesh with unfortunately.
jasonjayr|4 years ago
rektide|4 years ago
ur-whale|4 years ago
For example: can you run tcpflow on your mini router?
eqvinox|4 years ago
(Or maybe not. Who knows. I feel like the post would've mentioned PD if they tried it.)
Also:
Anything on a broadcast/multinode segment that isn't /64 is heresy ;)---
[*]: https://en.wikipedia.org/wiki/Prefix_delegation
[*]: https://tools.ietf.org/html/rfc3633
[*]: https://github.com/openwrt/odhcp6c (-P option)
amaccuish|4 years ago
amaccuish|4 years ago
eqvinox|4 years ago
802.11 has the concept of "transmitter address" and "receiver address" in addition to source and destination. Those are MAC addresses too, but they're relevant for the on-air radio management. Things like RTS, CTS, ACKs, and fancier things like beamforming and sounding. The problem is that the design only includes 3 address fields in on-air frames; the AP can specify separate SA and TA (i.e. send a packet for somebody else, SA=real source, TA=AP MAC, RA=DA=client.) There is no mechanism for the client to do the same thing; that would require 4 address fields.
Coincidentally, 4 address fields is exactly what you get with "WDS" / "Wireless Extender" / ... modes. However, these need to be supported, enabled and configured on both the AP and client. The author of the post seems to have no access to the AP to do so (and the AP possibly doesn't support it anyway.)
znpy|4 years ago
I had the same problems with my modem/router, a Fastgate by Fastweb (in .it)
No custom static routes, dns fixed by the provider, no vpn functionalities. Some arbitrary tcp ports can't be forwarded via NAT. TR-069 was up and running, at least in ~2017, and at the same year at CCC in Hamburg (or Leipzig?) there was a nice talk about how good of an attack vector TR-069 is.
All this is quite infuriating, specifically the DNS thing.
I ended up replacing the whole thing with custom equipment (ONT + a Linksys WRT3200ACM running OpenWrt).
But I honestly think that stuff like this should be illegal.
londons_explore|4 years ago
aurelian15|4 years ago
I've been using this setup in my home network for years now (with a dedicated OpenWRT device for each wired "island") and it works great.
Edit: To clarify, yes, this establishes a single broadcast domain. For example, DHCP and ARP requests are propagated through the entire network.
zamadatix|4 years ago
jlgaddis|4 years ago
On a side note, I have more trust in documentation that is compliant with the relevant RFCs (i.e., RFC1918, RFC3849, RFC5737, et al).
In my experience, such documentation is much more likely to be "technically correct" and get the small details right.
Havoc|4 years ago
BXWPU|4 years ago
varankinv|4 years ago
ac50hz|4 years ago
daniellarusso|4 years ago
The article mentioned an ARP relay.
Any recommendations?
eqvinox|4 years ago
It's not ARP relay, it's proxy ARP. That's a builtin feature on the Linux kernel, with 2 distinct modes to configure and enable it. (a) /proc/sys/net/.../proxy_arp, or (b) ip neigh add proxy ...; the latter way is more fine grained while the former is just an interface-wide switch that you flick on.
sneak|4 years ago
zrail|4 years ago
I see this is your first introduction to the homelab hobby. Welcome!
Havoc|4 years ago
whalesalad|4 years ago