Skip to content

Instantly share code, notes, and snippets.

@ericwoud

ericwoud/Hostapd - One vlan per interface or bss and use of environment variables.md

Last active December 29, 2020 12:26
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ericwoud/6f14bb78c043001bfb8b984452387c08 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ericwoud/6f14bb78c043001bfb8b984452387c08 to your computer and use it in GitHub Desktop.
Download ZIP
Hostapd - One vlan per interface or bss and use of environment variables.
Raw
Hostapd - One vlan per interface or bss and use of environment variables.md

Hostapd - One vlan per interface or bss and use of environment variables.

Instead of using dynamic vlan and radius, there is another way of implementing vlan with hostapd.

It is possible to set up one vlan per interface and one vlan per bss. The interfaces and bsses need to be added to a vlan aware bridge. The only problem is to keep WPA-PSK functional, it is not possible to attach vlan devices to the bridge interface, ie no br0.100 etc. Instead we can attach a veth pair device to the bridge. For a full example see buildWubuntu

The hostapd-launch script helps to launch hostapd and setup the vlan id's. It starts hostapd with all .conf files in /etc/hostapd/

hostapd.conf:

interface=wlp1s0
bridge=br0
bridge_vlan=2

bss=guest24
bridge=br0
bridge_vlan=3

/etc/systems/system/hostapd.service.d/override.conf

[Service]
SyslogIdentifier=hostapd
ExecStart=
ExecStart=/usr/local/sbin/hostapd-launch

br0.netdev

[NetDev]
Name=br0
Kind=bridge

[Bridge]
DefaultPVID=0
VLANFiltering=1

br0.network

[Match]
Name=br0

[Network]
Address=192.168.5.1/24

[BridgeVLAN]
VLAN=2-3
PVID=2
EgressUntagged=2

eth3.netdev

[NetDev]
Name=eth3
Kind=veth

[Peer]
Name=veth3

veth3.network:

[Match]
Name=veth3

[Network]
Bridge=br0

[BridgeVLAN]
VLAN=3
PVID=3
EgressUntagged=3

eth3.network

[Match]
Name=eth3

[Network]
Address=192.168.6.1/24

The script also enables the use of environment variables like so:

hostapd.conf:

interface=wlp1s0
nas_identifier=$HOSTNAME-$conf_filename

bss=guest24
nas_identifier=$HOSTNAME-$bss
Raw
hostapd-launch
#!/bin/bash
hpath="/etc/hostapd"
out="/run/hostapdconf"
post=0
mkdir -p $out
for wifi in $hpath/*.conf
do
bss=""
conf_filename=$(basename $wifi)
outfile=$out"/"$conf_filename
conf_filename=${conf_filename/.conf/}
echo "# Generated by hostapd-launch" >$outfile
readarray -t filearray < $wifi
for (( i=0; i<${#filearray[@]}; i++ ))
do
line=${filearray[i]}
if [[ $line == "" ]]; then echo >>$outfile; continue; fi # Empty line
if [[ ${line:0:1} == '#' ]]; then continue; fi # Remove comment lines
line=${line%%#*} # Remove comment in line
line=${line/"\\"/"\\\\"} # Replace \ with \\ to save \ from the next command
line=${line@P} # Expand variables mentioned in the line
declare "$line"
case $line in
bridge_vlan=*)
[[ $bss == "" ]] && bss=$interface
execpost[post]="addvlan "$bss" "${line/"bridge_vlan="/}
((post++))
;;
*) echo $line >>$outfile;;
esac
done
exec=$exec" "$outfile
done
/usr/sbin/hostapd -B -P /run/hostapd.pid $DAEMON_OPTS $exec
function addvlan {
while [ ! -d /sys/class/net/$1/brport ]; do sleep 0.2; done
bridge vlan add dev $1 vid $2 pvid untagged
};
if [[ $? == 0 ]]; then
for (( i=0; i<$post; i++ ))
do
${execpost[i]}
done
fi
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment