Can I assign a virtual interface of wireless to a network namespace?
I am trying to make a VPN router while keeping the host itself accessing Internet without VPN. The host has only one NIC which is wireless. So I have added two virtual interfaces via iw phy phy0 interface add xxxxx
. One (wlan0_sta) as station to connect wireless to Internet. The other (wlan0_ap) as AP to connect clients. Also a wireguard device (wg0) as VPN endpoint. hostapd and iptables were involved.
Now every part worked, except data from clients were routed to wlan0_sta, instead of wg0. So I planned to have wlan0_ap and wg0 in a separated network namespace to make the routing work. But I found that iw
cannot put virtual interface into network namespace. Only a "phy" can be put into network namespace.
So what should I do?
routing network-namespaces iw
add a comment |
I am trying to make a VPN router while keeping the host itself accessing Internet without VPN. The host has only one NIC which is wireless. So I have added two virtual interfaces via iw phy phy0 interface add xxxxx
. One (wlan0_sta) as station to connect wireless to Internet. The other (wlan0_ap) as AP to connect clients. Also a wireguard device (wg0) as VPN endpoint. hostapd and iptables were involved.
Now every part worked, except data from clients were routed to wlan0_sta, instead of wg0. So I planned to have wlan0_ap and wg0 in a separated network namespace to make the routing work. But I found that iw
cannot put virtual interface into network namespace. Only a "phy" can be put into network namespace.
So what should I do?
routing network-namespaces iw
1
In order to achieve what you desire, you do not need a network namespace, but you need to learn what policy routing is. Try this, unix.stackexchange.com/a/22794/49626, then ask again.
– MariusMatutiae
Oct 16 '18 at 12:14
I think Wireguard's pages have a clever use of built-in mark andip rule add table main suppress_prefixlength 0
to force traffic into the tunnel (which is anyway policy routing as MariusMatutiae tells): Wireguard Routing & Network Namespaces - Improved Rule-based Routing. Other solutions might be available in that page, like having a dedicated network namespace for all physical interfaces thus compatible with your wifi setup.
– A.B
Nov 9 '18 at 12:27
@MariusMatutiae, thanks. That is harder than I thought. I have not succeeded yet....
– Magicloud
Nov 11 '18 at 1:28
@A.B, yes, that was read. I have not got rule based routing working. So I tried the namespace solution, which falled into this question.
– Magicloud
Nov 11 '18 at 1:29
add a comment |
I am trying to make a VPN router while keeping the host itself accessing Internet without VPN. The host has only one NIC which is wireless. So I have added two virtual interfaces via iw phy phy0 interface add xxxxx
. One (wlan0_sta) as station to connect wireless to Internet. The other (wlan0_ap) as AP to connect clients. Also a wireguard device (wg0) as VPN endpoint. hostapd and iptables were involved.
Now every part worked, except data from clients were routed to wlan0_sta, instead of wg0. So I planned to have wlan0_ap and wg0 in a separated network namespace to make the routing work. But I found that iw
cannot put virtual interface into network namespace. Only a "phy" can be put into network namespace.
So what should I do?
routing network-namespaces iw
I am trying to make a VPN router while keeping the host itself accessing Internet without VPN. The host has only one NIC which is wireless. So I have added two virtual interfaces via iw phy phy0 interface add xxxxx
. One (wlan0_sta) as station to connect wireless to Internet. The other (wlan0_ap) as AP to connect clients. Also a wireguard device (wg0) as VPN endpoint. hostapd and iptables were involved.
Now every part worked, except data from clients were routed to wlan0_sta, instead of wg0. So I planned to have wlan0_ap and wg0 in a separated network namespace to make the routing work. But I found that iw
cannot put virtual interface into network namespace. Only a "phy" can be put into network namespace.
So what should I do?
routing network-namespaces iw
routing network-namespaces iw
asked Oct 16 '18 at 10:31
MagicloudMagicloud
238213
238213
1
In order to achieve what you desire, you do not need a network namespace, but you need to learn what policy routing is. Try this, unix.stackexchange.com/a/22794/49626, then ask again.
– MariusMatutiae
Oct 16 '18 at 12:14
I think Wireguard's pages have a clever use of built-in mark andip rule add table main suppress_prefixlength 0
to force traffic into the tunnel (which is anyway policy routing as MariusMatutiae tells): Wireguard Routing & Network Namespaces - Improved Rule-based Routing. Other solutions might be available in that page, like having a dedicated network namespace for all physical interfaces thus compatible with your wifi setup.
– A.B
Nov 9 '18 at 12:27
@MariusMatutiae, thanks. That is harder than I thought. I have not succeeded yet....
– Magicloud
Nov 11 '18 at 1:28
@A.B, yes, that was read. I have not got rule based routing working. So I tried the namespace solution, which falled into this question.
– Magicloud
Nov 11 '18 at 1:29
add a comment |
1
In order to achieve what you desire, you do not need a network namespace, but you need to learn what policy routing is. Try this, unix.stackexchange.com/a/22794/49626, then ask again.
– MariusMatutiae
Oct 16 '18 at 12:14
I think Wireguard's pages have a clever use of built-in mark andip rule add table main suppress_prefixlength 0
to force traffic into the tunnel (which is anyway policy routing as MariusMatutiae tells): Wireguard Routing & Network Namespaces - Improved Rule-based Routing. Other solutions might be available in that page, like having a dedicated network namespace for all physical interfaces thus compatible with your wifi setup.
– A.B
Nov 9 '18 at 12:27
@MariusMatutiae, thanks. That is harder than I thought. I have not succeeded yet....
– Magicloud
Nov 11 '18 at 1:28
@A.B, yes, that was read. I have not got rule based routing working. So I tried the namespace solution, which falled into this question.
– Magicloud
Nov 11 '18 at 1:29
1
1
In order to achieve what you desire, you do not need a network namespace, but you need to learn what policy routing is. Try this, unix.stackexchange.com/a/22794/49626, then ask again.
– MariusMatutiae
Oct 16 '18 at 12:14
In order to achieve what you desire, you do not need a network namespace, but you need to learn what policy routing is. Try this, unix.stackexchange.com/a/22794/49626, then ask again.
– MariusMatutiae
Oct 16 '18 at 12:14
I think Wireguard's pages have a clever use of built-in mark and
ip rule add table main suppress_prefixlength 0
to force traffic into the tunnel (which is anyway policy routing as MariusMatutiae tells): Wireguard Routing & Network Namespaces - Improved Rule-based Routing. Other solutions might be available in that page, like having a dedicated network namespace for all physical interfaces thus compatible with your wifi setup.– A.B
Nov 9 '18 at 12:27
I think Wireguard's pages have a clever use of built-in mark and
ip rule add table main suppress_prefixlength 0
to force traffic into the tunnel (which is anyway policy routing as MariusMatutiae tells): Wireguard Routing & Network Namespaces - Improved Rule-based Routing. Other solutions might be available in that page, like having a dedicated network namespace for all physical interfaces thus compatible with your wifi setup.– A.B
Nov 9 '18 at 12:27
@MariusMatutiae, thanks. That is harder than I thought. I have not succeeded yet....
– Magicloud
Nov 11 '18 at 1:28
@MariusMatutiae, thanks. That is harder than I thought. I have not succeeded yet....
– Magicloud
Nov 11 '18 at 1:28
@A.B, yes, that was read. I have not got rule based routing working. So I tried the namespace solution, which falled into this question.
– Magicloud
Nov 11 '18 at 1:29
@A.B, yes, that was read. I have not got rule based routing working. So I tried the namespace solution, which falled into this question.
– Magicloud
Nov 11 '18 at 1:29
add a comment |
1 Answer
1
active
oldest
votes
Probably no, at least as in Linux kernel version 4.9 for nl80211-based drivers.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f475769%2fcan-i-assign-a-virtual-interface-of-wireless-to-a-network-namespace%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Probably no, at least as in Linux kernel version 4.9 for nl80211-based drivers.
add a comment |
Probably no, at least as in Linux kernel version 4.9 for nl80211-based drivers.
add a comment |
Probably no, at least as in Linux kernel version 4.9 for nl80211-based drivers.
Probably no, at least as in Linux kernel version 4.9 for nl80211-based drivers.
answered Jan 16 at 20:14
Vi.Vi.
2,41732039
2,41732039
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f475769%2fcan-i-assign-a-virtual-interface-of-wireless-to-a-network-namespace%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
In order to achieve what you desire, you do not need a network namespace, but you need to learn what policy routing is. Try this, unix.stackexchange.com/a/22794/49626, then ask again.
– MariusMatutiae
Oct 16 '18 at 12:14
I think Wireguard's pages have a clever use of built-in mark and
ip rule add table main suppress_prefixlength 0
to force traffic into the tunnel (which is anyway policy routing as MariusMatutiae tells): Wireguard Routing & Network Namespaces - Improved Rule-based Routing. Other solutions might be available in that page, like having a dedicated network namespace for all physical interfaces thus compatible with your wifi setup.– A.B
Nov 9 '18 at 12:27
@MariusMatutiae, thanks. That is harder than I thought. I have not succeeded yet....
– Magicloud
Nov 11 '18 at 1:28
@A.B, yes, that was read. I have not got rule based routing working. So I tried the namespace solution, which falled into this question.
– Magicloud
Nov 11 '18 at 1:29