aufbau_heimnetz

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
aufbau_heimnetz [2021/08/06 20:19] brotaufbau_heimnetz [2022/04/25 11:24] (current) brot
Line 14: Line 14:
  
 ===== Netzwerk ===== ===== Netzwerk =====
 +  * VLANs
 +    * 1 (Default PVID) - LAN
 +      * 192.168.107.0/24
 +    * 10 (openwrt wan default): Internet/WAN - von HÜP/Modem M-Net zu Switch
 +      * derzeit: 192.168.178.0/24 via fritzbox 1&1
 +    * 20: DMZ
 +      * 192.168.220.0/24 
 +        * router: 192.168.220.1 - DHCP .50-.250
 +    * 21: IOT/MQTT
 +      * 192.168.221.0/24 
 +        * router: 192.168.221.1 - DHCP .50-.250
 +    * 22: Guest
 +      * 192.168.22.0/24
 +        * router: 192.168.222.1 - DHCP .50-.250
 +    * 40: mnet-wan
 +      * PPPoE zugang zum Internet (via ONT)
 +      * Hängt am ONT, Switch Port 7 kommt Tagged rein
 +      * Geht auf neue Bridge auf NAS zum opnSense
 ==== Internet ==== ==== Internet ====
 ==== opnSense - Router/FW ==== ==== opnSense - Router/FW ====
Line 25: Line 43:
     * Netz via 802.11s Mesh     * Netz via 802.11s Mesh
  
 +===== Konfig =====
 +==== nas ====
 +  * Netzwerk via systemd-networkd
  
 +=== Konfigfiles ===
 +
 +<file bash 05-enp7s0-vlans-bridges.network>
 +[Match]
 +Name=enp7s0
 +
 +[Network]
 +VLAN=wan-vlan
 +VLAN=dmz-vlan
 +VLAN=iot-vlan
 +VLAN=mnet-wan-vlan
 +Bridge=kohlennet-br
 +</file>
 +<file bash 10-dmz-bridge.netdev>
 +[NetDev]
 +Name=dmz-bridge
 +Kind=bridge
 +</file>
 +<file bash 10-guest-bridge.netdev>
 +[NetDev]
 +Name=guest-bridge
 +Kind=bridge
 +</file>
 +<file bash 10-iot-bridge.netdev>
 +[NetDev]
 +Name=iot-bridge
 +Kind=bridge
 +</file>
 +<file bash 10-kohlennet-bridge.netdev>
 +[NetDev]
 +Name=kohlennet-br
 +Kind=bridge
 +</file>
 +<file bash 10-mnet-wan-bridge.netdev>
 +[NetDev]
 +Name=mnet-wan-bridge
 +Kind=bridge
 +</file>
 +<file bash 10-wan-bridge.netdev>
 +[NetDev]
 +Name=wan-bridge
 +Kind=bridge
 +</file>
 +<file bash 20-dmz-vlan.netdev>
 +[NetDev]
 +Name=dmz-vlan
 +Kind=vlan
 +
 +[VLAN]
 +Id=20
 +
 +[Network]
 +Bridge=dmz-bridge
 +</file>
 +<file bash 20-dmz-vlan.network>
 +[Match]
 +Name=dmz-vlan
 +
 +[Network]
 +Bridge=dmz-bridge
 +</file>
 +<file bash 20-guest-vlan.netdev>
 +[NetDev]
 +Name=guest-vlan
 +Kind=vlan
 +
 +[VLAN]
 +Id=22
 +
 +[Network]
 +Bridge=guest-bridge
 +</file>
 +<file bash 20-guest-vlan.network>
 +[Match]
 +Name=guest-vlan
 +
 +[Network]
 +Bridge=guest-bridge
 +</file>
 +<file bash 20-iot-vlan.netdev>
 +[NetDev]
 +Name=iot-vlan
 +Kind=vlan
 +
 +[VLAN]
 +Id=21
 +</file>
 +<file bash 20-iot-vlan.network>
 +[Match]
 +Name=iot-vlan
 +
 +[Network]
 +Bridge=iot-bridge
 +</file>
 +<file bash 20-kohlennet-vlan.netdev>
 +[NetDev]
 +Name=kohlennet-vlan
 +Kind=vlan
 +
 +[VLAN]
 +Id=1
 +
 +[Network]
 +Bridge=kohlennet-br
 +</file>
 +<file bash 20-mnet-wan-vlan.netdev>
 +[NetDev]
 +Name=mnet-wan-vlan
 +Kind=vlan
 +
 +[VLAN]
 +Id=40
 +
 +[Network]
 +Bridge=mnet-wan-bridge
 +</file>
 +<file bash 20-mnet-wan-vlan.network>
 +[Match]
 +Name=mnet-wan-vlan
 +
 +[Network]
 +Bridge=mnet-wan-bridge
 +</file>
 +<file bash 20-wan-vlan.netdev>
 +[NetDev]
 +Name=wan-vlan
 +Kind=vlan
 +
 +[VLAN]
 +Id=10
 +
 +[Network]
 +Bridge=wan-bridge
 +</file>
 +<file bash 20-wan-vlan.network>
 +[Match]
 +Name=wan-vlan
 +
 +[Network]
 +Bridge=wan-bridge
 +</file>
 +<file bash 30-dmz-bridge.network>
 +[Match]
 +Name=dmz-bridge
 +
 +[Network]
 +DHCP=no
 +
 +[DHCP]
 +RouteMetric=9999
 +</file>
 +<file bash 30-guest-bridge.network>
 +[Match]
 +Name=guest-bridge
 +
 +[Network]
 +DHCP=no
 +
 +[DHCP]
 +RouteMetric=9999
 +</file>
 +<file bash 30-iot-bridge.network>
 +[Match]
 +Name=iot-bridge
 +
 +[Network]
 +DHCP=no
 +
 +[DHCP]
 +RouteMetric=9999
 +</file>
 +<file bash 30-kohlennet-bridge.network>
 +[Match]
 +Name=kohlennet-br
 +
 +[Network]
 +Address=192.168.107.107/24
 +Gateway=192.168.107.1
 +DNS=192.168.107.1
 +Domains=kohlennet.local
 +</file>
 +<file bash 30-mnet-wan-bridge.network>
 +[Match]
 +Name=mnet-wan-bridge
 +
 +[Network]
 +DHCP=no
 +IPv6AcceptRA=no
 +
 +[DHCP]
 +RouteMetric=9999
 +</file>
 +<file bash 30-wan-bridge.network>
 +[Match]
 +Name=wan-bridge
 +
 +[Network]
 +DHCP=no
 +IPv6AcceptRA=no
 +
 +[DHCP]
 +RouteMetric=9999
 +</file>
 +
 +
 +==== opnsense ====
 +TODO
 +
 +==== openwrt ====
 +  * 802.11r - Fast Roaming
 +    * Siehe: https://www.simianer.de/blog/home-wifi-setup-with-802.11s-meshing-and-802.11r-roaming
 +    * evtl schon done durch haken im luci?
 +      * <code> 147.493987] wlp3s0: disconnect from AP 16:59:c0:5a:4c:81 for new auth to 16:59:c0:5a:4c:a8
 +[  147.573859] wlp3s0: authenticate with 16:59:c0:5a:4c:a8
 +[  147.585831] wlp3s0: send auth to 16:59:c0:5a:4c:a8 (try 1/3)
 +[  147.623454] wlp3s0: authenticated
 +[  147.626035] wlp3s0: associate with 16:59:c0:5a:4c:a8 (try 1/3)
 +[  147.629848] wlp3s0: RX ReassocResp from 16:59:c0:5a:4c:a8 (capab=0x11 status=0 aid=2)
 +[  147.661426] wlp3s0: associated
 +[  177.764194] wlp3s0: disconnect from AP 16:59:c0:5a:4c:a8 for new auth to 16:59:c0:5a:4c:81
 +[  177.849750] wlp3s0: authenticate with 16:59:c0:5a:4c:81
 +[  177.861627] wlp3s0: send auth to 16:59:c0:5a:4c:81 (try 1/3)
 +[  177.895841] wlp3s0: authenticated
 +[  177.899567] wlp3s0: associate with 16:59:c0:5a:4c:81 (try 1/3)
 +[  177.902458] wlp3s0: RX ReassocResp from 16:59:c0:5a:4c:81 (capab=0x11 status=17 aid=1)
 +[  177.902478] wlp3s0: 16:59:c0:5a:4c:81 denied association (code=17)
 +[  178.091236] wlp3s0: authenticate with 16:59:c0:5a:4c:a8
 +[  178.100102] wlp3s0: send auth to 16:59:c0:5a:4c:a8 (try 1/3)
 +[  179.400394] wlp3s0: send auth to 16:59:c0:5a:4c:a8 (try 2/3)
 +[  179.430455] wlp3s0: authenticated
 +[  179.432905] wlp3s0: associate with 16:59:c0:5a:4c:a8 (try 1/3)
 +[  179.435326] wlp3s0: RX AssocResp from 16:59:c0:5a:4c:a8 (capab=0x11 status=30 aid=2)
 +[  179.435338] wlp3s0: 16:59:c0:5a:4c:a8 rejected association temporarily; comeback duration 1000 TU (1024 ms)
 +</code>
 +
 +
 +=== wifi-config ===
 +
 +<code>
 +root@router-wohnzimmer:~# cat /etc/config/wireless
 +config wifi-device 'radio0'
 +        option type 'mac80211'
 +        option hwmode '11a'
 +        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
 +        option country 'DE'
 +        option channel '36'
 +        option htmode 'VHT80'
 +
 +config wifi-iface 'default_radio0'
 +        option device 'radio0'
 +        option mode 'ap'
 +        option ssid 'kohlenhydratenet'
 +        option network 'lan'
 +        option key 'lolkey'
 +        option ieee80211w '1'
 +        option encryption 'sae-mixed'
 +
 +config wifi-iface 'mesh'
 +        option network 'lan'
 +        option device 'radio0'
 +        option mode 'mesh'
 +        option mesh_id 'kohlenhydrate-mesh'
 +        option mesh_rssi_threshold '0'
 +        option mesh_fwding '1'
 +        option key 'lolkey'
 +        option encryption 'sae'
 +
 +config wifi-device 'radio1'
 +        option type 'mac80211'
 +        option hwmode '11g'
 +        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
 +        option htmode 'HT20'
 +        option channel '1'
 +        option txpower '10'
 +
 +config wifi-iface 'wifinet1'
 +        option device 'radio1'
 +        option mode 'ap'
 +        option ssid 'kohlennet'
 +        option network 'lan'
 +        option encryption 'psk2'
 +        option key 'lolkey'
 +
 +config wifi-iface 'wifinet2'
 +        option device 'radio1'
 +        option mode 'ap'
 +        option ssid 'besuch@kohlennet'
 +        option encryption 'psk2'
 +        option key 'lolkey'
 +        option network 'lan'
 +        option disabled '1'
 +</code>
  
  
  • aufbau_heimnetz.1628281172.txt.gz
  • Last modified: 2021/08/06 20:19
  • by brot