====== Aufbau Heimnetz ====== * Doku über die heimische "Verkabelung" und das Zeug das so rumsteht * Notizen über die diversen Dienste die so im Heimnetz aktiv sind * Planung von Verbesserungen ===== Übersicht =====



Internet --LAN--> Netgear 8P Switch --LAN--> opnSense auf NAS --LAN--> Switch --LAN--> router-wohnzimmer --802.11s-Mesh--> router-arbeitszimmer

===== Netzwerk ===== * VLANs * 1 (Default PVID) - LAN * 192.168.107.0/24 * 10 (openwrt wan default): Internet/WAN - von HÜP/Modem M-Net zu Switch * derzeit: 192.168.178.0/24 via fritzbox 1&1 * 20: DMZ * 192.168.220.0/24 * router: 192.168.220.1 - DHCP .50-.250 * 21: IOT/MQTT * 192.168.221.0/24 * router: 192.168.221.1 - DHCP .50-.250 * 22: Guest * 192.168.22.0/24 * router: 192.168.222.1 - DHCP .50-.250 * 40: mnet-wan * PPPoE zugang zum Internet (via ONT) * Hängt am ONT, Switch Port 7 kommt Tagged rein * Geht auf neue Bridge auf NAS zum opnSense ==== Internet ==== ==== opnSense - Router/FW ==== ==== WiFi ==== * 2x [[https://openwrt.org/toh/netgear/r7800|Netgear R7800]] * router-wohnzimmer * 192.168.107.2 * bekommt LAN aus Keller * router-arbeitszimmer * 192.168.107.3 * Netz via 802.11s Mesh ===== Konfig ===== ==== nas ==== * Netzwerk via systemd-networkd === Konfigfiles === [Match] Name=enp7s0 [Network] VLAN=wan-vlan VLAN=dmz-vlan VLAN=iot-vlan VLAN=mnet-wan-vlan Bridge=kohlennet-br [NetDev] Name=dmz-bridge Kind=bridge [NetDev] Name=guest-bridge Kind=bridge [NetDev] Name=iot-bridge Kind=bridge [NetDev] Name=kohlennet-br Kind=bridge [NetDev] Name=mnet-wan-bridge Kind=bridge [NetDev] Name=wan-bridge Kind=bridge [NetDev] Name=dmz-vlan Kind=vlan [VLAN] Id=20 [Network] Bridge=dmz-bridge [Match] Name=dmz-vlan [Network] Bridge=dmz-bridge [NetDev] Name=guest-vlan Kind=vlan [VLAN] Id=22 [Network] Bridge=guest-bridge [Match] Name=guest-vlan [Network] Bridge=guest-bridge [NetDev] Name=iot-vlan Kind=vlan [VLAN] Id=21 [Match] Name=iot-vlan [Network] Bridge=iot-bridge [NetDev] Name=kohlennet-vlan Kind=vlan [VLAN] Id=1 [Network] Bridge=kohlennet-br [NetDev] Name=mnet-wan-vlan Kind=vlan [VLAN] Id=40 [Network] Bridge=mnet-wan-bridge [Match] Name=mnet-wan-vlan [Network] Bridge=mnet-wan-bridge [NetDev] Name=wan-vlan Kind=vlan [VLAN] Id=10 [Network] Bridge=wan-bridge [Match] Name=wan-vlan [Network] Bridge=wan-bridge [Match] Name=dmz-bridge [Network] DHCP=no [DHCP] RouteMetric=9999 [Match] Name=guest-bridge [Network] DHCP=no [DHCP] RouteMetric=9999 [Match] Name=iot-bridge [Network] DHCP=no [DHCP] RouteMetric=9999 [Match] Name=kohlennet-br [Network] Address=192.168.107.107/24 Gateway=192.168.107.1 DNS=192.168.107.1 Domains=kohlennet.local [Match] Name=mnet-wan-bridge [Network] DHCP=no IPv6AcceptRA=no [DHCP] RouteMetric=9999 [Match] Name=wan-bridge [Network] DHCP=no IPv6AcceptRA=no [DHCP] RouteMetric=9999 ==== opnsense ==== TODO ==== openwrt ==== * 802.11r - Fast Roaming * Siehe: https://www.simianer.de/blog/home-wifi-setup-with-802.11s-meshing-and-802.11r-roaming * evtl schon done durch haken im luci? *

[  147.493987] wlp3s0: disconnect from AP 16:59:c0:5a:4c:81 for new auth to 16:59:c0:5a:4c:a8
[  147.573859] wlp3s0: authenticate with 16:59:c0:5a:4c:a8
[  147.585831] wlp3s0: send auth to 16:59:c0:5a:4c:a8 (try 1/3)
[  147.623454] wlp3s0: authenticated
[  147.626035] wlp3s0: associate with 16:59:c0:5a:4c:a8 (try 1/3)
[  147.629848] wlp3s0: RX ReassocResp from 16:59:c0:5a:4c:a8 (capab=0x11 status=0 aid=2)
[  147.661426] wlp3s0: associated
[  177.764194] wlp3s0: disconnect from AP 16:59:c0:5a:4c:a8 for new auth to 16:59:c0:5a:4c:81
[  177.849750] wlp3s0: authenticate with 16:59:c0:5a:4c:81
[  177.861627] wlp3s0: send auth to 16:59:c0:5a:4c:81 (try 1/3)
[  177.895841] wlp3s0: authenticated
[  177.899567] wlp3s0: associate with 16:59:c0:5a:4c:81 (try 1/3)
[  177.902458] wlp3s0: RX ReassocResp from 16:59:c0:5a:4c:81 (capab=0x11 status=17 aid=1)
[  177.902478] wlp3s0: 16:59:c0:5a:4c:81 denied association (code=17)
[  178.091236] wlp3s0: authenticate with 16:59:c0:5a:4c:a8
[  178.100102] wlp3s0: send auth to 16:59:c0:5a:4c:a8 (try 1/3)
[  179.400394] wlp3s0: send auth to 16:59:c0:5a:4c:a8 (try 2/3)
[  179.430455] wlp3s0: authenticated
[  179.432905] wlp3s0: associate with 16:59:c0:5a:4c:a8 (try 1/3)
[  179.435326] wlp3s0: RX AssocResp from 16:59:c0:5a:4c:a8 (capab=0x11 status=30 aid=2)
[  179.435338] wlp3s0: 16:59:c0:5a:4c:a8 rejected association temporarily; comeback duration 1000 TU (1024 ms)

=== wifi-config ===


root@router-wohnzimmer:~# cat /etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option country 'DE'
        option channel '36'
        option htmode 'VHT80'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'kohlenhydratenet'
        option network 'lan'
        option key 'lolkey'
        option ieee80211w '1'
        option encryption 'sae-mixed'

config wifi-iface 'mesh'
        option network 'lan'
        option device 'radio0'
        option mode 'mesh'
        option mesh_id 'kohlenhydrate-mesh'
        option mesh_rssi_threshold '0'
        option mesh_fwding '1'
        option key 'lolkey'
        option encryption 'sae'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option htmode 'HT20'
        option channel '1'
        option txpower '10'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'kohlennet'
        option network 'lan'
        option encryption 'psk2'
        option key 'lolkey'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'besuch@kohlennet'
        option encryption 'psk2'
        option key 'lolkey'
        option network 'lan'
        option disabled '1'