On 2020-12-01, michal.lyszc...@bofc.pl <michal.lyszc...@bofc.pl> wrote: > Hello, > I was wondering if and how I could bridge 2 WAN interfaces into single > cable over vlan. Sounds cryptic, so let's start with the diagram of what > I'd like to achieve: > > lte wifi > \|/ \|/ I have 2 WAN interfaces, LTE and WIFI > | | Both are connected to OBSD1 box via > | | USB cable, installation is on a rooftop > +-------+ > | OBSD1 | OBSD1 is a raspberry pi 4 network thingy > +-------+ > | From the roof, to my server goes single > | CAT5E ethernet cable > +-------+ > | OBSD2 | OBSD2 is a firewall/router > +-------+ > | | | The rest are various computers, I got that > | | | part covered > | | | > LAN DMZ IOT > > > Now, both LTE and WIFI are USB devices that can give OBSD1 direct > IP address - like modem. I know I could simply operate OBSD1 like > router - install dhcpd to give IP to OBSD2 and forward traffic with > pf. But that seems like unnecessary overhead and I'd like to setup > packet priority/queueing on OBSD2 and treat OBSD1 like a stupid device. > > So I was wondering, is it possible to bridge network so that: > (it's easier with another diagram) > > IP IP > 1.2.3.4 4.3.2.1 > \|/ \|/ > | | > +-----o---------*-----+ o - lte usb modem; * - wifi usb card > | | | | > | vlan1 vlan2 | OBSD1 packs raw layer2 frames into > | `----+----' | separate vlans > | | | > +----------o----------+ o - em0 interface > | > | Data goes through single cable > | > +----------o----------+ o - em0 interface > | | | > | .-----+-----. | OBSD2 unpacks vlan1 and 2 into separate > | vlan1 vlan2 | virtual interfaces. > | 1.2.3.4 4.3.2.1 | > +---------------------+ > > Now I'd like for vlan1 and vlan2 on OBSD2 to have 1.2.3.4 and 4.3.2.1 > IPs, so that I can perform redundancy/load balancing/queueing/whatever > directly on OBSD2 device, and treat OBSD1 like some kind of stupid > switch/hub. Hope it's clear what I'd like to do.
This is clear, you have explained it well. > Is it possible? Or am I imaging things and it's better to do it with > dhcp/pf routing? If it's possible to do with vlans on layer2, then > what am I suppose to look for? I can read man pages, but honestly > I don't really know how to approach that problem, so some keywords, > programs, rfcs would be nice to have:) If they were wired ethernet interfaces then you could do this directly with bridge. But bridge needs an ethernet-type layer 2 interface. The LTE devices are a layer 3 type interface so this would need to be routed (and usually also natted, unless you have a fancy provider that can route a block of addresses to it). With wifi, an AP often works by bridging to ethernet and that is OK, but when connecting a wired device behind a wireless client there are problems. The standard frame format has source/destination/AP MAC addresses, but for "client bridge" to work it needs a fourth so it can pass on the MAC address of the wired client. APs that support WDS mode can cope with this, but OpenBSD doesn't have support for this, either in client or in AP mode. So normally you'll need to use routing and possibly NAT to have OpenBSD connect a wired client to a wifi interface. I think the way to get as close as possible to what you want with OpenBSD in a way that will definitely work is to do this on OBSD1: - configure whichever you consider the "main" connection to fetch an address, use nat and routing to pass traffic to OBSD2 on one vlan - configure the second connection and vlan2 in another rdomain. again use nat and routing to pass traffic. (separate rdomain so you can use the normal method to fetch an address/gateway without interfering with the other interface). However there is a possible hack to allow this for a single client. I haven't tested but there is at least a chance that it may work. You can try configuring the wifi interface "up" but with no IP address. Use tpmr(4) instead of bridge(4) (they are configured the same way, just with the different interface name). And on OBSD2 use "ifconfig lladdr" to change the MAC address to that of OBSD1's wifi interface. Whichever method you use on OBSD1 to get the connections across, on OBSD2 you would configure the vlans however you want (maybe with rdomains, maybe with route-to/reply-to, whichever is easiest). Outside of OpenBSD, mikrotik has "LTE passthrough" which fetches the address from the mobile network and doesn't use it itself but instead passes it to a single host (done via DHCP with a short lease time), so if the mobile network hands out an internet-routed IP the server would be able to use it directly. They also support wifi client bridge mode (or if you're unlucky and it doesn't work with the AP then can be routed/natted). https://wiki.mikrotik.com/wiki/Manual:Interface/LTE#Passthrough_Example https://mikrotik.com/products/group/lte-products?filter&s=c&r={%22minipci%22:{%22s%22:%221%22,%22e%22:%222%22},%22wired_interfaces%22:{%22s%22:%221%22,%22e%22:%225%22}} If you go down this route, the mips-based ones are cheaper, but if you will be pushing much traffic use the arm ones (I think all the dual-band ones on the above page are arm).
