[B.A.T.M.A.N.] Connecting through Batman advanced interface

[B.A.T.M.A.N.] Connecting through Batman advanced interface

[Clemens John]

[-- Attachment #1: Type: text/plain, Size: 1362 bytes --]

Hi,

I have a special question on confgurating our batman advanced setup.
We have a Tinc VPN on tap0, and behind this VPN is a dhcp server and an 
internet gateway which is reachable trough the ip 10.18.0.1.
On the router I have ath1, an adhoc wlan device, on which batman advanced is 
sending packagets. Now bat0 and tap0 are brindged to br-mesh. Like you can see 
in the configuration:

root@Floh:~# cat /etc/config/network 
[...]
config 'interface' 'mesh'
        option 'type' 'bridge'
        option 'ifname' 'bat0 tap0'
        option 'stp'    '1'
[...]

root@Floh:~# cat /etc/config/batman-adv 
config 'mesh' 'bat0'
        option 'interfaces' 'ath1'
        option 'orig_interval'
        option 'log_level'

                  [batman]      
[client]-->[adhoc ath1]-->[bat0][br-mesh][tap0]-->internet-->[gateway/dhcp]

Other nodes running the same configuration but not connecting trought vpn can 
connect to the dhcp server through batman advanced and the adhoc device.

If a client (laptop) without batman advanced tries to connect, it has no 
success because it does not get an I address.

What can I do?
I can not open a second wifi device in ap mode and add it to mesh. I know that 
this would be the best way but I´m trying this on an wrt54g and the b43 driver 
does not support multi essid.

Regards
Clemens

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [B.A.T.M.A.N.] Connecting through Batman advanced interface

[Bjoern Franke]

Hi,

Am Freitag, den 28.01.2011, 23:46 +0100 schrieb Clemens John:

> What can I do?
> I can not open a second wifi device in ap mode and add it to mesh. I know that 
> this would be the best way but I´m trying this on an wrt54g and the b43 driver 
> does not support multi essid.

I think if we don't want to change back our configuration (batman-adv on
vpn with its mtu-problems etc.) the simplest way would be connecting a
usual router to the wrt54g.

regards
Bjoern 
-- 
jabber: bjo@schafweide.org
bjo.nord-west.org | nord-west.org | freifunk-ol.de

Re: [B.A.T.M.A.N.] Connecting through Batman advanced interface

[Marek Lindner]

Hi,

> I think if we don't want to change back our configuration (batman-adv on
> vpn with its mtu-problems etc.) the simplest way would be connecting a
> usual router to the wrt54g.

I don't think the VPN is the problem here but the fact that you can't bridge 
an interface running in adhoc mode. Ad-hoc is "lacks" a field in the wifi header 
which makes bridging impossible.
However, I agree with your proposed solution - another router connected to the 
Ethernet of the wrt54g can solve the issue.

Regards,
Marek

Re: [B.A.T.M.A.N.] Connecting through Batman advanced interface

[Clemens John]

[-- Attachment #1: Type: Text/Plain, Size: 901 bytes --]

Am Samstag 29 Januar 2011, 19:00:50 schrieb Marek Lindner:
> Hi,
> 
> > I think if we don't want to change back our configuration (batman-adv on
> > vpn with its mtu-problems etc.) the simplest way would be connecting a
> > usual router to the wrt54g.
> 
> I don't think the VPN is the problem here but the fact that you can't
> bridge an interface running in adhoc mode. Ad-hoc is "lacks" a field in
> the wifi header which makes bridging impossible.
> However, I agree with your proposed solution - another router connected to
> the Ethernet of the wrt54g can solve the issue.

This is not possible in this case (I don´t have another router).

Is there onother (maybe harder) way or a hack to do get the same result like 
when bridging two interfaces? Maybe with iptables?

Or does anyone know what the status of multiple ssid on wrt54g with kernel 2.6 
is?

Regards
Clemens

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [B.A.T.M.A.N.] Connecting through Batman advanced interface

[wayne]

Clemens John wrote:
> Am Samstag 29 Januar 2011, 19:00:50 schrieb Marek Lindner:
>> Hi,
>>
>>> I think if we don't want to change back our configuration (batman-adv on
>>> vpn with its mtu-problems etc.) the simplest way would be connecting a
>>> usual router to the wrt54g.
>> I don't think the VPN is the problem here but the fact that you can't
>> bridge an interface running in adhoc mode. Ad-hoc is "lacks" a field in
>> the wifi header which makes bridging impossible.
>> However, I agree with your proposed solution - another router connected to
>> the Ethernet of the wrt54g can solve the issue.
> 
> This is not possible in this case (I don´t have another router).
> 
> Is there onother (maybe harder) way or a hack to do get the same result like 
> when bridging two interfaces? Maybe with iptables?
> 
> Or does anyone know what the status of multiple ssid on wrt54g with kernel 2.6 
> is?
> 
> Regards
> Clemens


IIRC, this is not a software problem, this is a limitation with the 
hardware radio device, so I wouldnt hold my breath.

Wayne A

Re: [B.A.T.M.A.N.] Connecting through Batman advanced interface

[Kevin Steen]

On 31/01/11 18:32, Clemens John wrote:
> Am Samstag 29 Januar 2011, 19:00:50 schrieb Marek Lindner:
>> Hi,
>>
>>> I think if we don't want to change back our configuration (batman-adv on
>>> vpn with its mtu-problems etc.) the simplest way would be connecting a
>>> usual router to the wrt54g.
>> I don't think the VPN is the problem here but the fact that you can't
>> bridge an interface running in adhoc mode. Ad-hoc is "lacks" a field in
>> the wifi header which makes bridging impossible.
>> However, I agree with your proposed solution - another router connected to
>> the Ethernet of the wrt54g can solve the issue.
> This is not possible in this case (I don´t have another router).
>
> Is there onother (maybe harder) way or a hack to do get the same result like
> when bridging two interfaces? Maybe with iptables?
>
> Or does anyone know what the status of multiple ssid on wrt54g with kernel 2.6
> is?
>
> Regards
> Clemens
If your non-batman clients don't need incoming connections, you could 
NAT outgoing connections :
   [client]-->[adhoc ath1]-->NAT-->[br-mesh]
You would have to run a DHCP server on the ath1 interface to give those 
clients a private IP and tell them to use the private IP on ath1 as 
their router.

-Kevin

---
Have a vacancy for a Network Engineer/IT guy in London, UK? Please let me know.

Re: [B.A.T.M.A.N.] Connecting through Batman advanced interface

[Bjoern Franke]

Hi,

> > I don't think the VPN is the problem here but the fact that you can't
> > bridge an interface running in adhoc mode. Ad-hoc is "lacks" a field in
> > the wifi header which makes bridging impossible.
> > However, I agree with your proposed solution - another router connected to
> > the Ethernet of the wrt54g can solve the issue.
> 
> This is not possible in this case (I don´t have another router).

Does Franco have another router which he could connect to the wrt54g? 

> Is there onother (maybe harder) way or a hack to do get the same result like 
> when bridging two interfaces? Maybe with iptables?

I think this would break our setup.

> Or does anyone know what the status of multiple ssid on wrt54g with kernel 2.6 
> is?

Maybe we should ask here:
http://wireless.kernel.org/en/users/Drivers/b43#support

I have no experience with brcm-chips due to I have only a brcm4318 in my
laptop.

regards
Bjoern
-- 
jabber: bjo@schafweide.org
bjo.nord-west.org | nord-west.org | freifunk-ol.de

Re: [B.A.T.M.A.N.] Connecting through Batman advanced interface

[Clemens John]

[-- Attachment #1: Type: Text/Plain, Size: 486 bytes --]

Am Dienstag 01 Februar 2011, 11:51:16 schrieben Sie:
> If your non-batman clients don't need incoming connections, you could
> NAT outgoing connections :
>    [client]-->[adhoc ath1]-->NAT-->[br-mesh]
> You would have to run a DHCP server on the ath1 interface to give those
> clients a private IP and tell them to use the private IP on ath1 as
> their router.

What do I have do insert into iptables to NAT ath1 to br-mesh? I´m a complete 
firewall noob.

Regards
Clemens

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [B.A.T.M.A.N.] Connecting through Batman advanced interface

[Kevin Steen]

On 04/02/11 15:38, Clemens John wrote:
> Am Dienstag 01 Februar 2011, 11:51:16 schrieben Sie:
>> If your non-batman clients don't need incoming connections, you could
>> NAT outgoing connections :
>>     [client]-->[adhoc ath1]-->NAT-->[br-mesh]
>> You would have to run a DHCP server on the ath1 interface to give those
>> clients a private IP and tell them to use the private IP on ath1 as
>> their router.
> What do I have do insert into iptables to NAT ath1 to br-mesh? I´m a complete
> firewall noob.
There might be an easier way using the config files of the distribution 
you're using, but from a script it would look something like this:

#! /bin/sh
modprobe iptable_nat
## Work-around for bad ISPs which drop ICMP Fragmentation Needed 
packets: (Needs to be early in list)
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
--clamp-mss-to-pmtu
iptables -t nat -A POSTROUTING -o br-mesh -j MASQUERADE

-Kevin

Re: [B.A.T.M.A.N.] Connecting through Batman advanced interface

[Clemens John]

[-- Attachment #1: Type: text/plain, Size: 1556 bytes --]

Am Sonntag 06 Februar 2011, 23:18:25 schrieben Sie:
> On 04/02/11 15:38, Clemens John wrote:
> > Am Dienstag 01 Februar 2011, 11:51:16 schrieben Sie:
> >> If your non-batman clients don't need incoming connections, you could
> >> 
> >> NAT outgoing connections :
> >>     [client]-->[adhoc ath1]-->NAT-->[br-mesh]
> >> 
> >> You would have to run a DHCP server on the ath1 interface to give those
> >> clients a private IP and tell them to use the private IP on ath1 as
> >> their router.
> > 
> > What do I have do insert into iptables to NAT ath1 to br-mesh? I´m a
> > complete firewall noob.
> 
> There might be an easier way using the config files of the distribution
> you're using, but from a script it would look something like this:
> 
> #! /bin/sh
> modprobe iptable_nat
> ## Work-around for bad ISPs which drop ICMP Fragmentation Needed
> packets: (Needs to be early in list)
> iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
> --clamp-mss-to-pmtu
> iptables -t nat -A POSTROUTING -o br-mesh -j MASQUERADE
> 
> -Kevin

Thank you that got me a little bit further.
But now the traffic from the wlan client (wlan0) gets into the router (br-mesh) 
and tries to reach the internet over the default route of the router, my local 
lan port. But I want to Use a special gateway (10.18.0.1) behind the vpn and 
in the same network as br-mesh, only for traffic comming from the clients. Traffic 
comming from the router itself should use the default gateway furthermore.

What can I do?

Regards
Clemens

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]