Aufbau Heimnetz
- Doku über die heimische “Verkabelung” und das Zeug das so rumsteht
- Notizen über die diversen Dienste die so im Heimnetz aktiv sind
- Planung von Verbesserungen
Übersicht
Internet --LAN--> Netgear 8P Switch --LAN--> opnSense auf NAS --LAN--> Switch --LAN--> router-wohnzimmer --802.11s-Mesh--> router-arbeitszimmer
Netzwerk
- VLANs
- 1 (Default PVID) - LAN
- 192.168.107.0/24
- 10 (openwrt wan default): Internet/WAN - von HÜP/Modem M-Net zu Switch
- derzeit: 192.168.178.0/24 via fritzbox 1&1
- 20: DMZ
- 192.168.220.0/24
- router: 192.168.220.1 - DHCP .50-.250
- 21: IOT/MQTT
- 192.168.221.0/24
- router: 192.168.221.1 - DHCP .50-.250
- 22: Guest
- 192.168.22.0/24
- router: 192.168.222.1 - DHCP .50-.250
- 40: mnet-wan
- PPPoE zugang zum Internet (via ONT)
- Hängt am ONT, Switch Port 7 kommt Tagged rein
- Geht auf neue Bridge auf NAS zum opnSense
Internet
opnSense - Router/FW
WiFi
- router-wohnzimmer
- 192.168.107.2
- bekommt LAN aus Keller
- router-arbeitszimmer
- 192.168.107.3
- Netz via 802.11s Mesh
Konfig
nas
- Netzwerk via systemd-networkd
Konfigfiles
- 05-enp7s0-vlans-bridges.network
[Match] Name=enp7s0 [Network] VLAN=wan-vlan VLAN=dmz-vlan VLAN=iot-vlan VLAN=mnet-wan-vlan Bridge=kohlennet-br
- 10-dmz-bridge.netdev
[NetDev] Name=dmz-bridge Kind=bridge
- 10-guest-bridge.netdev
[NetDev] Name=guest-bridge Kind=bridge
- 10-iot-bridge.netdev
[NetDev] Name=iot-bridge Kind=bridge
- 10-kohlennet-bridge.netdev
[NetDev] Name=kohlennet-br Kind=bridge
- 10-mnet-wan-bridge.netdev
[NetDev] Name=mnet-wan-bridge Kind=bridge
- 10-wan-bridge.netdev
[NetDev] Name=wan-bridge Kind=bridge
- 20-dmz-vlan.netdev
[NetDev] Name=dmz-vlan Kind=vlan [VLAN] Id=20 [Network] Bridge=dmz-bridge
- 20-dmz-vlan.network
[Match] Name=dmz-vlan [Network] Bridge=dmz-bridge
- 20-guest-vlan.netdev
[NetDev] Name=guest-vlan Kind=vlan [VLAN] Id=22 [Network] Bridge=guest-bridge
- 20-guest-vlan.network
[Match] Name=guest-vlan [Network] Bridge=guest-bridge
- 20-iot-vlan.netdev
[NetDev] Name=iot-vlan Kind=vlan [VLAN] Id=21
- 20-iot-vlan.network
[Match] Name=iot-vlan [Network] Bridge=iot-bridge
- 20-kohlennet-vlan.netdev
[NetDev] Name=kohlennet-vlan Kind=vlan [VLAN] Id=1 [Network] Bridge=kohlennet-br
- 20-mnet-wan-vlan.netdev
[NetDev] Name=mnet-wan-vlan Kind=vlan [VLAN] Id=40 [Network] Bridge=mnet-wan-bridge
- 20-mnet-wan-vlan.network
[Match] Name=mnet-wan-vlan [Network] Bridge=mnet-wan-bridge
- 20-wan-vlan.netdev
[NetDev] Name=wan-vlan Kind=vlan [VLAN] Id=10 [Network] Bridge=wan-bridge
- 20-wan-vlan.network
[Match] Name=wan-vlan [Network] Bridge=wan-bridge
- 30-dmz-bridge.network
[Match] Name=dmz-bridge [Network] DHCP=no [DHCP] RouteMetric=9999
- 30-guest-bridge.network
[Match] Name=guest-bridge [Network] DHCP=no [DHCP] RouteMetric=9999
- 30-iot-bridge.network
[Match] Name=iot-bridge [Network] DHCP=no [DHCP] RouteMetric=9999
- 30-kohlennet-bridge.network
[Match] Name=kohlennet-br [Network] Address=192.168.107.107/24 Gateway=192.168.107.1 DNS=192.168.107.1 Domains=kohlennet.local
- 30-mnet-wan-bridge.network
[Match] Name=mnet-wan-bridge [Network] DHCP=no IPv6AcceptRA=no [DHCP] RouteMetric=9999
- 30-wan-bridge.network
[Match] Name=wan-bridge [Network] DHCP=no IPv6AcceptRA=no [DHCP] RouteMetric=9999
opnsense
TODO
openwrt
- 802.11r - Fast Roaming
- evtl schon done durch haken im luci?
[ 147.493987] wlp3s0: disconnect from AP 16:59:c0:5a:4c:81 for new auth to 16:59:c0:5a:4c:a8 [ 147.573859] wlp3s0: authenticate with 16:59:c0:5a:4c:a8 [ 147.585831] wlp3s0: send auth to 16:59:c0:5a:4c:a8 (try 1/3) [ 147.623454] wlp3s0: authenticated [ 147.626035] wlp3s0: associate with 16:59:c0:5a:4c:a8 (try 1/3) [ 147.629848] wlp3s0: RX ReassocResp from 16:59:c0:5a:4c:a8 (capab=0x11 status=0 aid=2) [ 147.661426] wlp3s0: associated [ 177.764194] wlp3s0: disconnect from AP 16:59:c0:5a:4c:a8 for new auth to 16:59:c0:5a:4c:81 [ 177.849750] wlp3s0: authenticate with 16:59:c0:5a:4c:81 [ 177.861627] wlp3s0: send auth to 16:59:c0:5a:4c:81 (try 1/3) [ 177.895841] wlp3s0: authenticated [ 177.899567] wlp3s0: associate with 16:59:c0:5a:4c:81 (try 1/3) [ 177.902458] wlp3s0: RX ReassocResp from 16:59:c0:5a:4c:81 (capab=0x11 status=17 aid=1) [ 177.902478] wlp3s0: 16:59:c0:5a:4c:81 denied association (code=17) [ 178.091236] wlp3s0: authenticate with 16:59:c0:5a:4c:a8 [ 178.100102] wlp3s0: send auth to 16:59:c0:5a:4c:a8 (try 1/3) [ 179.400394] wlp3s0: send auth to 16:59:c0:5a:4c:a8 (try 2/3) [ 179.430455] wlp3s0: authenticated [ 179.432905] wlp3s0: associate with 16:59:c0:5a:4c:a8 (try 1/3) [ 179.435326] wlp3s0: RX AssocResp from 16:59:c0:5a:4c:a8 (capab=0x11 status=30 aid=2) [ 179.435338] wlp3s0: 16:59:c0:5a:4c:a8 rejected association temporarily; comeback duration 1000 TU (1024 ms)
wifi-config
root@router-wohnzimmer:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option country 'DE'
option channel '36'
option htmode 'VHT80'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'kohlenhydratenet'
option network 'lan'
option key 'lolkey'
option ieee80211w '1'
option encryption 'sae-mixed'
config wifi-iface 'mesh'
option network 'lan'
option device 'radio0'
option mode 'mesh'
option mesh_id 'kohlenhydrate-mesh'
option mesh_rssi_threshold '0'
option mesh_fwding '1'
option key 'lolkey'
option encryption 'sae'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option htmode 'HT20'
option channel '1'
option txpower '10'
config wifi-iface 'wifinet1'
option device 'radio1'
option mode 'ap'
option ssid 'kohlennet'
option network 'lan'
option encryption 'psk2'
option key 'lolkey'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'besuch@kohlennet'
option encryption 'psk2'
option key 'lolkey'
option network 'lan'
option disabled '1'