Re: OpenBSD as a non-routing access point

2017-06-12 Thread Comète 
Hi,

I had the same problem with 6.1 on Alix 2D13 boards, I've created a bridge0 
interface with vr0, vr1, vr2 and athn0 (the wireless one configured in hostap 
mode) but no ip address was given to any of the wifi connected devices by my 
dhcp server. 
However, all the computers linked with an ethernet cable to vr0, vr1 or vr2 get 
an ip...

But I found that specifying a "chan " option in the interface configuration 
file allowed the dhcp to pass on the wireless interface.

Is it a bug ?? 

By the way, no need to enable ipv4 forwarding with sysctl as I read in some 
posts.


Thanks

Re: OpenBSD as a non-routing access point

2017-04-13 Thread Stuart Henderson 
On 2017-04-12, trondd  wrote:
>
> I have this problem as well.  DHCP requests go out over the bridge to the
> main interface.  The response comes back to the main interface but never
> goes to the bridge.
>
> I'm trying to use vmm VMs on a bridge.  I've tried set skip on {bridge
> tap}, and pass quick on {egress bridge tap} proto {tcp udp} from any to
> any port {67 68}
> Also disabling pf altogether.

Bridging vmm to wired or wifi?

Bridging to wifi requires hostap (or WDS, or L2 NAT, neither of which we
support).

Re: OpenBSD as a non-routing access point

2017-04-13 Thread Stuart Henderson 
On 2017-04-12, Jordon  wrote:
> When one buys a linksys/netgear/whatever “Wireless Access Point”, it is
> often intended to be a full Internet gateway (router, NAT, DHCP, etc) that
> also does wifi.

Those tend to get called "router" or "wireless gateway" or similar,
AP usually denotes something which only bridges.

>   I am guessing that OpenBSD does not forward broadcasts over a
> bridged connection.

Nope.. IPv4 relies on broadcasts for ARP, those are required.

Re: OpenBSD as a non-routing access point

2017-04-12 Thread Eike Lantzsch 
On Wednesday, 12 April 2017 14:40:28 -04 trondd wrote:
> On Wed, April 12, 2017 4:27 am, Stuart Henderson wrote:
> > On 2017-04-12, Jordon  wrote:
> >>> rcctl enable dhcrelay
> >>> rcctl set dhcrelay flags -i athn0 192.168.1.1 "assuming that is your
> >>> routers
> >> 
> >> address"
> >> 
> >>> rcctl start dhcrelay
> >>> 
> >>> and possibly add -d (log to stderr) to see what its doing.
> >> 
> >> Thank you!  That got it working!  So why is that necessary?  Doesnt the
> >> bridge
> >> just forward everything?  Or are DHCP requests broadcasts that dont get
> >> forwarded?
> > 
> > It shouldn't be necessary, dhcrelay is normally used when you have a
> > subnet behind a router, and the DHCP server is a separate machine on a
> > different subnet.
> > 
> > Could it be a PF rule problem?
> > 
> > Normally you would only have an IP address on one member of the bridge,
> > just "up" on the others..
> 
> I have this problem as well.  DHCP requests go out over the bridge to the
> main interface.  The response comes back to the main interface but never
> goes to the bridge.
> 
Same here. I read somewhere (need to look it up again) that with 6.1 this DHCP 
problem with bridges got solved. I'm on 6.0 right now but will report back as 
soon as I upgraded to 6.1.
My bridge is between athn0, re2 and vether0 on an APU1.
My DHCP server is on another machine on the same network.

> I'm trying to use vmm VMs on a bridge.  I've tried set skip on {bridge
> tap}, and pass quick on {egress bridge tap} proto {tcp udp} from any to
> any port {67 68}
> Also disabling pf altogether.
Tried that too - nogo however.

-- 
Eike Lantzsch ZP6CGE

Zuviel Zucker ist ungesund. Daher:
Tragt den Zuckerberg ab!

Re: OpenBSD as a non-routing access point

2017-04-12 Thread Jordon 
> On Apr 12, 2017, at 3:27 AM, Stuart Henderson  wrote:
>
> On 2017-04-12, Jordon  wrote:
>>> rcctl enable dhcrelay
>>> rcctl set dhcrelay flags -i athn0 192.168.1.1 "assuming that is your
routers
>> address"
>>> rcctl start dhcrelay
>>>
>>> and possibly add -d (log to stderr) to see what its doing.
>>>
>>
>> Thank you!  That got it working!  So why is that necessary?  Doesnt the
bridge
>> just forward everything?  Or are DHCP requests broadcasts that dont get
>> forwarded?
>
> It shouldn't be necessary, dhcrelay is normally used when you have a
> subnet behind a router, and the DHCP server is a separate machine on a
> different subnet.
>
> Could it be a PF rule problem?
>
> Normally you would only have an IP address on one member of the bridge,
> just "up" on the others..
>

I have done nothing with PF on this machine.

Re: OpenBSD as a non-routing access point

2017-04-12 Thread Jordon 
> On Apr 12, 2017, at 1:47 PM, Mihai Popescu  wrote:
>
> Because of titles like this post there is no clear anymore what
> someone is reffering to when one is using words like bridge, switch,
> hub, access point, router, ...
> Add the IPv6 in the mix and you think you understand the spagetti of
internet.
>
> Bleah, looking again at "non-routing access point". What about the "no
> pancake making CPU".
>
> Sorry for the rant.
>

You have a valid point.

When one buys a linksys/netgear/whatever “Wireless Access Point”, it is
often intended to be a full Internet gateway (router, NAT, DHCP, etc) that
also does wifi.

For all examples I found for making an OpenBSD access point, the OpenBSD
machine is used as the main router/DHCP server/gateway/buzzword on the
network.  I have a separate machine (currently running pfSense, though I plan
on switching it to OpenBSD soon) that is handling the routing/NAT/DHCP/etc
functionality on my network.  I just want to see if I can make my openbsd
machine an access point to this network.

I got the hostname.athn0 set up so other devices could connect to it.  I then
though that just bridging it to the ethernet NIC would make it ‘just work’
- whatever comes in one port goes out the other and vice-versa.  It turned out
that DHCP requests weren’t going though.  I saw a tutorial online that
showed enabling the ipforwarding sysctl so i tried that but it made no
difference.  The suggestion here about turning on relayctld is what made this
work for me.  I am guessing that OpenBSD does not forward broadcasts over a
bridged connection.

If there is better terminology for what I am trying to do, I am more than
interested in learning it! :)

Jordon

Re: OpenBSD as a non-routing access point

2017-04-12 Thread Jordon 
> On Apr 12, 2017, at 1:54 AM, Stefan Sperling  wrote:
> 
> On Tue, Apr 11, 2017 at 08:04:45PM -0500, Jordon wrote:
>>   /ets/hostname.athn0
>> media autoselect mode 11n media opt host ap chan 1
> 
> Is there actual whitespace between 'media' and 'opt' and between
> 'host' and 'ap' in your config file? Or is this a copy/paste error?
> 
> It should look like this:
> media autoselect mode 11n mediaopt hostap chan 1
> 

No, that must have been a copy/paste error - sorry!

Jordon

Re: OpenBSD as a non-routing access point

2017-04-12 Thread Mihai Popescu 
Because of titles like this post there is no clear anymore what
someone is reffering to when one is using words like bridge, switch,
hub, access point, router, ...
Add the IPv6 in the mix and you think you understand the spagetti of internet.

Bleah, looking again at "non-routing access point". What about the "no
pancake making CPU".

Sorry for the rant.

Re: OpenBSD as a non-routing access point

2017-04-12 Thread trondd 
On Wed, April 12, 2017 4:27 am, Stuart Henderson wrote:
> On 2017-04-12, Jordon  wrote:
>>> rcctl enable dhcrelay
>>> rcctl set dhcrelay flags -i athn0 192.168.1.1 "assuming that is your
>>> routers
>> address"
>>> rcctl start dhcrelay
>>>
>>> and possibly add -d (log to stderr) to see what its doing.
>>>
>>
>> Thank you!  That got it working!  So why is that necessary?  Doesnt the
>> bridge
>> just forward everything?  Or are DHCP requests broadcasts that dont get
>> forwarded?
>
> It shouldn't be necessary, dhcrelay is normally used when you have a
> subnet behind a router, and the DHCP server is a separate machine on a
> different subnet.
>
> Could it be a PF rule problem?
>
> Normally you would only have an IP address on one member of the bridge,
> just "up" on the others..
>

I have this problem as well.  DHCP requests go out over the bridge to the
main interface.  The response comes back to the main interface but never
goes to the bridge.

I'm trying to use vmm VMs on a bridge.  I've tried set skip on {bridge
tap}, and pass quick on {egress bridge tap} proto {tcp udp} from any to
any port {67 68}
Also disabling pf altogether.

Re: OpenBSD as a non-routing access point

2017-04-12 Thread Stuart Henderson 
On 2017-04-12, Jordon  wrote:
>> rcctl enable dhcrelay
>> rcctl set dhcrelay flags -i athn0 192.168.1.1 "assuming that is your routers
> address"
>> rcctl start dhcrelay
>>
>> and possibly add -d (log to stderr) to see what its doing.
>>
>
> Thank you!  That got it working!  So why is that necessary?  Doesnt the bridge
> just forward everything?  Or are DHCP requests broadcasts that dont get
> forwarded?

It shouldn't be necessary, dhcrelay is normally used when you have a
subnet behind a router, and the DHCP server is a separate machine on a
different subnet.

Could it be a PF rule problem?

Normally you would only have an IP address on one member of the bridge,
just "up" on the others..

Re: OpenBSD as a non-routing access point

2017-04-12 Thread Stefan Sperling 
On Tue, Apr 11, 2017 at 08:04:45PM -0500, Jordon wrote:
>/ets/hostname.athn0
> media autoselect mode 11n media opt host ap chan 1

Is there actual whitespace between 'media' and 'opt' and between
'host' and 'ap' in your config file? Or is this a copy/paste error?

It should look like this:
 media autoselect mode 11n mediaopt hostap chan 1

Re: OpenBSD as a non-routing access point

2017-04-11 Thread Jordon 
> I'm not certain but I suspect you're athn address is outside your routers
> subnet.
>

No, they’re both on 192.168.77.x

Re: OpenBSD as a non-routing access point

2017-04-11 Thread Edgar Pettijohn 
Sent from my iPhone

On Apr 11, 2017, at 9:55 PM, Jordon  wrote:

>>
>> rcctl enable dhcrelay
>> rcctl set dhcrelay flags -i athn0 192.168.1.1 "assuming that is your
routers address"
>> rcctl start dhcrelay
>>
>> and possibly add -d (log to stderr) to see what its doing.
>>
>
> Thank you!  That got it working!  So why is that necessary?  Doesnt the
bridge just forward everything?  Or are DHCP requests broadcasts that dont get
forwarded?
>
> Jordon

I'm not certain but I suspect you're athn address is outside your routers
subnet.

Re: OpenBSD as a non-routing access point

2017-04-11 Thread Jordon 
> rcctl enable dhcrelay
> rcctl set dhcrelay flags -i athn0 192.168.1.1 "assuming that is your routers
address"
> rcctl start dhcrelay
>
> and possibly add -d (log to stderr) to see what its doing.
>

Thank you!  That got it working!  So why is that necessary?  Doesnt the bridge
just forward everything?  Or are DHCP requests broadcasts that dont get
forwarded?

Jordon

Re: OpenBSD as a non-routing access point

2017-04-11 Thread Edgar Pettijohn 

On 04/11/17 20:13, Jordon wrote:

What is your dhcpd.conf and have you verified it's running?


There is none - the OpenBSD machine that I am trying to turn into an access
point is not the DHCP server or router in my network.  With bridging enabled,
shouldn’t DHCP requests just be forwarded to the wired network, where the
actual router/DHCP server will see it and respond?

Jordon

try:

rcctl enable dhcrelay
rcctl set dhcrelay flags -i athn0 192.168.1.1 "assuming that is your 
routers address"

rcctl start dhcrelay

and possibly add -d (log to stderr) to see what its doing.

Re: OpenBSD as a non-routing access point

2017-04-11 Thread Jordon 
> What is your dhcpd.conf and have you verified it's running?
>

There is none - the OpenBSD machine that I am trying to turn into an access
point is not the DHCP server or router in my network.  With bridging enabled,
shouldn’t DHCP requests just be forwarded to the wired network, where the
actual router/DHCP server will see it and respond?

Jordon

Re: OpenBSD as a non-routing access point

2017-04-11 Thread Edgar Pettijohn 
Sent from my iPhone

> On Apr 11, 2017, at 8:04 PM, Jordon  wrote:
>
> Ok, lets try this again…
>
> I got the 9280 installed.  My configs are like this:
>
> My interfaces are configured like this:
>
>   /etc/hostname.re0
> dhcp
>
>   /ets/hostname.athn0
> media autoselect mode 11n media opt host ap chan 1
> nwid testytesterson
> wpakey testingx
> inet 192.168.77.253 255.255.255.0
>
>   /etc/hostname.bridge0
> add athn0
> add re0
> up
>
> I also set the net.inet.ip.forwarding sysctl to 1
>
> From a different machine, if I ping 192.168.77.253, it responds.  If I
unplug
> the network cable going to the OpenBSD box (to re0), the pings stop
> responding.  If I reconnect the cable, they start up again.  However, if I
try
> to connect a wireless device, I think it connects, but it doesnt pull an IP
> address.  Seems to me that with ip.forwarding enabled and the bridge in
place,
> DHCP requests should be forwarded through.  Am I missing something?
>
> Jordon

What is your dhcpd.conf and have you verified it's running?

Re: OpenBSD as a non-routing access point

2017-04-11 Thread Jordon 
Ok, lets try this again…

I got the 9280 installed.  My configs are like this:

My interfaces are configured like this:

   /etc/hostname.re0
dhcp

   /ets/hostname.athn0
media autoselect mode 11n media opt host ap chan 1
nwid testytesterson
wpakey testingx
inet 192.168.77.253 255.255.255.0

   /etc/hostname.bridge0
add athn0
add re0
up

I also set the net.inet.ip.forwarding sysctl to 1

>From a different machine, if I ping 192.168.77.253, it responds.  If I unplug
the network cable going to the OpenBSD box (to re0), the pings stop
responding.  If I reconnect the cable, they start up again.  However, if I try
to connect a wireless device, I think it connects, but it doesnt pull an IP
address.  Seems to me that with ip.forwarding enabled and the bridge in place,
DHCP requests should be forwarded through.  Am I missing something?

Jordon

Re: OpenBSD as a non-routing access point

2017-04-09 Thread Stefan Sperling 
On Sat, Apr 08, 2017 at 09:43:29AM -0500, Jordon wrote:
> 
> > On Apr 8, 2017, at 3:38 AM, Stefan Sperling  wrote:
> > 
> > On Fri, Apr 07, 2017 at 05:06:22PM -0500, Jordon wrote:
> >> My new wifi adapter finally arrived today (AR9271) so I want to give 
> >> hostap a
> >> try with its new 802.11n support.
> > 
> >> Am I on the right track?
> > 
> > No. AR9271 is a USB device, and unfortunately there are bugs in the
> > driver that prevent hostap from working properly with USB devices.
> > 
> > At least in my testing, the device sends no beacons. I have not yet
> > found a way to fix it and am not currently investing more time into it.
> > Perhaps it will get fixed some day.
> > 
> 
> 
> Dang.  Although, IIRC, beacons are what announce the presence of the access 
> point.  I definitely saw it on the client machine, so I think that part was 
> working.  But, yeah, anything beyond that is unsupported so I guess I’ll have 
> to get a PCIe one.
> 
> 

My USB athn(4) AP responds to probe requests but does not send beacons.

A client can connect if you set the SSID and do a "directed scan" for this AP.
The AP will respond with a probe response directed at the client.
A beacon is a probe response sent to the broadcast address periodically.

Beacons are required for proper operation for several reasons.
Off the top of my head, two of those are:

 - Clients read configuration settings from beacons (such as frame protection
   rules for proper interop with 11a/b/g clients on the same channel).
   These settings can change over time. Using stale settings is bad for
   clients but won't actually cause severe problems in most situations.

 - Some clients monitor beacons to find out if they've gone out of range.
   They will re-connect over and over if they don't see any beacon.

Re: OpenBSD as a non-routing access point

2017-04-08 Thread Juan Francisco Cantero Hurtado 
On Sat, Apr 08, 2017 at 01:22:27PM -0400, mabi wrote:
> Earlier this week on this mailing list someone recommended the following 
> product:
> 
> https://www.olimex.com/Products/USB-Modules/USB-CAP/
> 
> I thought I will give it a try and ordered it...

That's not going to fix any bug in the athn code :P


>  Original Message ----
> Subject: Re: OpenBSD as a non-routing access point
> Local Time: April 8, 2017 4:43 PM
> UTC Time: April 8, 2017 2:43 PM
> From: open...@sirjorj.com
> To: Stefan Sperling <s...@stsp.name>
> openbsd-misc <misc@openbsd.org>
> 
> > On Apr 8, 2017, at 3:38 AM, Stefan Sperling <s...@stsp.name> wrote:
> >
> > On Fri, Apr 07, 2017 at 05:06:22PM -0500, Jordon wrote:
> >> My new wifi adapter finally arrived today (AR9271) so I want to give hostap
> a
> >> try with its new 802.11n support.
> >
> >> Am I on the right track?
> >
> > No. AR9271 is a USB device, and unfortunately there are bugs in the
> > driver that prevent hostap from working properly with USB devices.
> >
> > At least in my testing, the device sends no beacons. I have not yet
> > found a way to fix it and am not currently investing more time into it.
> > Perhaps it will get fixed some day.
> >
> 
> Dang. Although, IIRC, beacons are what announce the presence of the access
> point. I definitely saw it on the client machine, so I think that part was
> working. But, yeah, anything beyond that is unsupported so I guess I???ll
> have to get a PCIe one.
> 
> Thanks!
> Jordon
> 

-- 
Juan Francisco Cantero Hurtado http://juanfra.info

Re: OpenBSD as a non-routing access point

2017-04-08 Thread Jordon 
> Or ar9280 may be better. Pcie devices are usually more capable too.
>

Exactly what I ordered!  And an antenna/pigtail kit.  Total price under $30.
My openbsd machine (a broadwell Shuttle system) has the mini pcie slot for it,
so no pice adapter card needed.

Re: OpenBSD as a non-routing access point

2017-04-08 Thread Kevin Chadwick 
On 8 Apr 2017 6:56 pm, "Kevin Chadwick"  wrote:



On 8 Apr 2017 3:44 pm, "Jordon"  wrote:

> On Apr 8, 2017, at 3:38 AM, Stefan Sperling  wrote:
>
> On Fri, Apr 07, 2017 at 05:06:22PM -0500, Jordon wrote:
>> My new wifi adapter finally arrived today (AR9271) so I want to give
hostap
a
>> try with its new 802.11n support.
>
>> Am I on the right track?
>
> No. AR9271 is a USB device, and unfortunately there are bugs in the
> driver that prevent hostap from working properly with USB devices.
>
> At least in my testing, the device sends no beacons. I have not yet
> found a way to fix it and am not currently investing more time into it.
> Perhaps it will get fixed some day.
>


Dang.  Although, IIRC, beacons are what announce the presence of the access
point.  I definitely saw it on the client machine, so I think that part was
working.  But, yeah, anything beyond that is unsupported so I guess I’ll
have to get a PCIe one.

Thanks!
Jordon

I would, but you may find 802.11b works well enough in the meantime. Set
mode 802.11b in hostname.athn0



Or ar9280 may be better. Pcie devices are usually more capable too.

Re: OpenBSD as a non-routing access point

2017-04-08 Thread mabi 
Earlier this week on this mailing list someone recommended the following 
product:

https://www.olimex.com/Products/USB-Modules/USB-CAP/

I thought I will give it a try and ordered it...

 Original Message 
Subject: Re: OpenBSD as a non-routing access point
Local Time: April 8, 2017 4:43 PM
UTC Time: April 8, 2017 2:43 PM
From: open...@sirjorj.com
To: Stefan Sperling <s...@stsp.name>
openbsd-misc <misc@openbsd.org>

> On Apr 8, 2017, at 3:38 AM, Stefan Sperling <s...@stsp.name> wrote:
>
> On Fri, Apr 07, 2017 at 05:06:22PM -0500, Jordon wrote:
>> My new wifi adapter finally arrived today (AR9271) so I want to give hostap
a
>> try with its new 802.11n support.
>
>> Am I on the right track?
>
> No. AR9271 is a USB device, and unfortunately there are bugs in the
> driver that prevent hostap from working properly with USB devices.
>
> At least in my testing, the device sends no beacons. I have not yet
> found a way to fix it and am not currently investing more time into it.
> Perhaps it will get fixed some day.
>

Dang. Although, IIRC, beacons are what announce the presence of the access
point. I definitely saw it on the client machine, so I think that part was
working. But, yeah, anything beyond that is unsupported so I guess I’ll
have to get a PCIe one.

Thanks!
Jordon

Re: OpenBSD as a non-routing access point

2017-04-08 Thread Jordon 
> On Apr 8, 2017, at 3:38 AM, Stefan Sperling  wrote:
>
> On Fri, Apr 07, 2017 at 05:06:22PM -0500, Jordon wrote:
>> My new wifi adapter finally arrived today (AR9271) so I want to give hostap
a
>> try with its new 802.11n support.
>
>> Am I on the right track?
>
> No. AR9271 is a USB device, and unfortunately there are bugs in the
> driver that prevent hostap from working properly with USB devices.
>
> At least in my testing, the device sends no beacons. I have not yet
> found a way to fix it and am not currently investing more time into it.
> Perhaps it will get fixed some day.
>


Dang.  Although, IIRC, beacons are what announce the presence of the access
point.  I definitely saw it on the client machine, so I think that part was
working.  But, yeah, anything beyond that is unsupported so I guess I’ll
have to get a PCIe one.

Thanks!
Jordon

Re: OpenBSD as a non-routing access point

2017-04-08 Thread Stefan Sperling 
On Fri, Apr 07, 2017 at 05:06:22PM -0500, Jordon wrote:
> My new wifi adapter finally arrived today (AR9271) so I want to give hostap a
> try with its new 802.11n support.

> Am I on the right track?

No. AR9271 is a USB device, and unfortunately there are bugs in the
driver that prevent hostap from working properly with USB devices.

At least in my testing, the device sends no beacons. I have not yet
found a way to fix it and am not currently investing more time into it.
Perhaps it will get fixed some day.

ATHN(4)  Device Drivers Manual ATHN(4)
...

BUGS
 Host AP mode does not work with USB devices.

Re: OpenBSD as a non-routing access point

2017-04-08 Thread Remco 

Op 04/08/17 om 00:06 schreef Jordon:

My new wifi adapter finally arrived today (AR9271) so I want to give hostap a
try with its new 802.11n support.  Unfortunately, all the examples I’ve
found center around creating a router/AP when all I want to make is an AP - as
in, no DHCP or routing.  I just want to bridge my wired network to the
wireless one.  I want all DHCP requests from wireless devices to get passed to
my router so it assigns the address (192.168.77.x).

My interfaces are configured like this:

/etc/hostname.re0
dhcp

/ets/hostname.athn0
media autoselect mode 11n media opt host ap chan 1
nwid testytesterson
wpakey testingx
inet 192.168.77.253 255.255.255.0

/etc/hostname.bridge0
add athn0
add re0
up

A client laptop (running linux mint) sees the access point but will not
connect to it.

Am I on the right track?  Should a bridge be adequate or do I need to
configure pf to route between the interfaces?
Perhaps the configs for a simple AP-only setup would be a good example for the
faq.

Thanks
Jordon




You may want to use tcpdump(8) on the various interfaces, including 
pflog0, to see what's going on.


It's not clear to me whether the bridge needs IP forwarding enabled. 
Assuming that it does, and you don't have it active, see sysctl.conf(5) 
for an example to enable it. (I'd say only do this if there's really no 
traffic at all from the one interface to the other)