OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: Babiz on November 10, 2015, 11:13:31 pm

Title: Manual WIFI adapter setup (WPA) WAN failover. It's safe to editing /etc/rc.conf?
Post by: Babiz on November 10, 2015, 11:13:31 pm

Hi  :) I'm not pro or coder, simply an IT admin from Dolomiti, so in these days I try to  test OPNsense (running on eeepc) with simple wan failover feaures,  for my public network installation , for increase security level and monitoring stuffs plus (ifwork as expected) I will use dns resolver and squid for optimizing outbond traffic generated by road warrior on free hotspot and some of my server (smtp, imap and some else under synology box)

Well I look for wifi configuration compared like pfsense is missing, so i read and follow the basic guideline at https://www.freebsd.org/doc/handbook/network-wireless.html

for setup wifi interface, next my rc.conf:

Code: [Select]

# -- BEGIN BSD Installer automatically generated configuration  -- #
# -- Written on Mon Nov 9 12:44:35 UTC 2015-- #
keymap='it.iso'
# -- END of BSD Installer automatically generated configuration -- #
# Next do manual override for WLAN networks adapters failover setup#
# --Here is first adapter connected to a default route trought Hyperlan provider#
wlans_ath0="ath0_wlan0" #internal adapter ath0#
ifconfig_ath0_wlan0="ssid Babiz channel 6 WPA inet 192.168.3.2 netmask 255.255.255.0"
#--Here is second adapter connected to a backup route trought common Android Wi-Fi router smartphone 3G/4G#
wlans_urtw0="urtw0_wlan0" #external usb adapter urtw0#
ifconfig_urtw0_wlan0="ssid AndroidAP WPA inet 192.168.43.2 netmask 255.255.255.0"
In according to this I put wpa_supplicant.conf file entry for every two WPA Wireless network of course.
My configuration of interfaces with webui is the same, TCPv4 STATIC and plus I add group for gateway in System: Gateway Groups section as well look like all working!  ;)

(http://s13.postimg.org/ifehaay03/opn_gw_tier.jpg) (http://postimg.org/image/ifehaay03/)

I guess a configuration :D lol but some little problem , does not start at boot process! Ho no!  :( ::)

(Ex, for next reboot,of eee pc box,  gw should be down)
(http://s13.postimg.org/rbturze03/opn_gw_offline_first_start.jpg) (http://postimg.org/image/rbturze03/)

Well for fix it,  when I again connect to a shell and I do service netif start command print this on console:

Quote

ifconfig: SIOCIFCREATE2: Input/output error
ifconfig: interface name does not exist
ifconfig: inet: bad value
Starting wpa_supplicant.
ifconfig: SIOCIFCREATE2: Input/output error
ifconfig: interface name does not exist
ifconfig: inet: bad value
Starting wpa_supplicant.
ifconfig: inet: bad value
wpa_supplicant already running?  (pid=7091).
ifconfig: inet: bad value
wpa_supplicant already running?  (pid=74817).
Starting Network: lo0 jme0 enc0 urtw0 ath0_wlan0 urtw0_wlan0.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
jme0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=c209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO,LINKSTATE>
        ether f4:6d:04:47:90:3c
        inet 192.168.1.1 netmask 0xffffff80 broadcast 192.168.1.127
        inet6 fe80::f66d:4ff:fe47:903c%jme0 prefixlen 64 tentative scopeid 0x1
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect <flowcontrol> (100baseTX <full-duplex,flowcontrol,rxpause,txpause>)
        status: active
enc0: flags=0<> metric 0 mtu 1536
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
urtw0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether 00:1e:2a:bb:88:be
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g
        status: associated
ath0_wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether e0:b9:a5:7e:0b:d9
        inet6 fe80::e2b9:a5ff:fe7e:bd9%ath0_wlan0 prefixlen 64 scopeid 0x8
        inet 192.168.3.2 netmask 0xffffff00 broadcast 192.168.3.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet MCS mode 11ng
        status: associated
        ssid Babiz channel 6 (2437 MHz 11g ht/20) bssid 64:66:b3:c7:4b:30
        regdomain 96 indoor ecm authmode WPA2/802.11i privacy ON
        deftxkey UNDEF AES-CCM 2:128-bit txpower 20 bmiss 7 scanvalid 60
        protmode CTS ampdulimit 64k shortgi wme burst roaming MANUAL
urtw0_wlan0: flags=8c43<UP,BROADCAST,RUNNING,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:1e:2a:bb:88:be
        inet6 fe80::21e:2aff:febb:88be%urtw0_wlan0 prefixlen 64 tentative scopeid 0x9
        inet 192.168.43.2 netmask 0xffffff00 broadcast 192.168.43.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
        status: no carrier
        ssid AndroidAP channel 9 (2452 MHz 11g)
        country US authmode WPA1+WPA2/802.11i privacy MIXED deftxkey UNDEF
        txpower 0 bmiss 7 scanvalid 60 bgscan bgscanintvl 300 bgscanidle 250
        roam:rssi 7 roam:rate 5 protmode CTS roaming MANUAL

And I go to check status of GW return working as well.

(http://s13.postimg.org/yp4nd78o3/opn_gw_online_netif_start.jpg) (http://postimg.org/image/yp4nd78o3/)

Next i made little dns resolving test over it and all looks great.

(http://s10.postimg.org/66i8zoa1x/opn_gw_dns_lookup.jpg) (http://postimg.org/image/66i8zoa1x/)

Yes, all is great (127.0.0.1 go in timeout by a first lookup of google.jp, it take more more time to complete :D lol, second try is immediatly, and dns resolver works great too)

Next the big question is :

I will to put service netif start in some kind of RC script to run (or maybe RE-run?) at end of boot process ?
Is not a problem for me find and tweak the right rc script , but I don't really know if this stuff may be to compromise stability of OPNsense scripting/php/webui interaction.
Maybe Is possible to setup wifi wpa connections by other hands? (I don't see anithing on webui or wiki)

Well big thanks for any reply in advance and take a great congratulations to all dev,team for yours hard work on this project!
Bye!

Title: Re: Manual WIFI adapter setup (WPA) WAN failover. It's safe to editing /etc/rc.conf?
Post by: franco on November 12, 2015, 09:03:31 pm

Hi Babiz,

Glad to hear you like OPNsense. It means a lot. :)

service netif start is unsafe and will probably destroy your routing and interface config.

Which part of wifi setup is missing? It should not be the case. One needs to set up a wireless clone in the interfaces section and assign this to a new zone.

Hoping to clear this up. :)


Cheers,
Franco