Monday, March 4, 2019

The problem with wireless bridging by Flameeyes

ILNP: 
https://tools.ietf.org/html/rfc6747

=========================
Each Ethernet switch port can have multiple MAC address associated. 


http://www.pearsonitcertification.com/articles/article.aspx?p=2474237&seqNum=2



 https://wiki.dd-wrt.com/wiki/index.php/Wireless_Bridge
Limitation section
BrainSlayer Forum Answer [1] : "Client Bridge mode will only recognize one mac address on the bridged setup, due a limitation in the 802.11 protocol, even if there are multiple clients (with multiple mac addresses) connected to the client router. If you want to bridge a full LAN you must use WDS. The problem is that the 802.11 protocol just supports one MAC address, but in a LAN there is the possibility for more than one MAC address. It may cause ARP table problems, if you connect more than one computer on the far end of a Client Bridge mode setup. You will not be able to, for example, block mac addresses of client of the bridged routers or set access restrictions based on mac addresses in the bridged router.

bobn: Multiple devices on the wireless bridge seem to work fine, including using DHCP to the 'server' AP. Although multiple devices on the client bridge (wireless bridge) appear to have the same MAC address in the arp tables of devices on the 'server' AP, something in the wireless bridge translates that MAC address on return traffic back to the correct one for a given device's IP address behind the bridge. (I suspect that there is enough of the routing function still turned on in the client bridge mode to maintain an arp table local to the client bridge and make the translations.) Most protocols (ICMP, UDP, TCP) seem to work fine for multiple devices on the bridge, based on some quick testing. I would not want to count on multiple devices using non-IP protocols, and would be suspicious of things using special MAC addresses such as multicast addresses (eg OSPF routers, multicast apps).

https://flameeyes.blog/2011/12/15/the-problem-with-wireless-bridging/

The problem with wireless bridging


   EnglishTechnical  
I want to pick up where I left with my previous post and expand a bit upon the issue with wireless bridging, and why “just use dd-wrt” is not an answer to the problem.
As I said a number of issues I learnt the hard way, by trying to get them to work… and failing. In particular, there is a limitation in 802.11, that even the dd-wrt documentationnotes:
Client Bridge mode will only recognize one mac address on the bridged setup, due a limitation in the 802.11 protocol, even if there are multiple clients (with multiple mac addresses) connected to the client router. If you want to bridge a full LAN you must use WDS. The problem is that the 802.11 protocol just supports one MAC address, but in a LAN there is the possibility for more than one MAC address. It may cause ARP table problems, if you connect more than one computer on the far end of a Client Bridge mode setup. You will not be able to, for example, block mac addresses of client of the bridged routers or set access restrictions based on mac addresses in the bridged router
This is actually putting it more bright than it is. Anything relying on proper mac address communication will fail. Indeed, if you wish to use a single DHCP server, your only choice is to run dhrelay on the bridge itself. And that’s not a good idea.
Due to the fact that 802.11 decides where to send the packets depending on the mac address, you only have two choices for this to work: you either go with what OpenRG/Linksys do, and translate addresses at second level (with probably a dhrelay to make sure that dhcp still works), or you do what D-Link did with the DAP-1160 and create a custom work mode, which I guess encapsulates the packets to preserve their addresses (I could probably have tried AP+Bridge mode and sniffed the traffic to find that out but I didn’t care), probably something along the lines of a generic Ethernet-in-Ethernet encapsulation.
Interestingly enough, there is an RFC describing Ethernet-in-IP encapsulation, and then there is a patch for Linux 2.6.10 that implements it .. it would be quite an interesting approach, to have the router listen to an EtherIP device, and have another EtherIP device here to encapsulate the packets.. unfortunately this would still require a very shallow router up here, which is what I’m trying to avoid altogether. And as it happens, looks like the patch never made it to the Kernel, and the author’s website seems to be gone as well (the domain does not have an answering webserver, even though the whois data confirms its registration .. I should try to see if the email address is still valid or not — there is a valid mx record and an answering mail server at least).
I guess I can add this to the long list of projects I’ll work with once I made enough money not to have to work twelve hours a day to pay the bills…
Posted by at No comments:

Sunday, March 3, 2019

ubuntu 18.04 / 20.04 xrdp

download 18.04 server ISO
use unetbootin 661 write USB
Install w/o any server package (minimal)

$sudo apt update
$lsb_release -a
$hostname -I
$hostname
$getconf LONG_BIT
$sudo apt-get install xrdp
$sudo apt update
$sudo apt-get install mate-core
$sudo apt-get install mate-desktop-environment
$sudo su
#sed -i.bak '/fi/a #xrdp multiple users configuration \n mate-session \n' /etc/xrdp/startwm.sh
#exit
$diff xrdp/startwm.sh /etc/xrdp/startwm.sh
$sudo ufw allow 3389/tcp
$sudo /etc/init.d/xrdp restart


From Windows 10, mstsc (remote desktop) can connect to the server

Ubuntu 20.04
https://github.com/neutrinolabs/xrdp/issues/1358
$sudo apt-get install xrdp
$sudo systemctl enable --now xrdp
$sudo ufw allow from any to any port 3389 proto tcp

unset DBUS_SESSION_BUS_ADDRESS
unset XDG_RUNTIME_DIR
. $HOME/.profile

By adding the above lines just before the test and exec in /etc/xrdp/startwm.sh, I also added the #!/bin/bash to the top of the file - also doing a chmod after you've changed the file is what some users might be forgetting.
Basically adding the line:
X-GNOME-Autostart-enabled=false
To the files:
/etc/xdg/autostart/spice-vdagent.desktop
/usr/share/gdm/autostart/LoginWindow/spice-vdagent.desktop

Then stop and disable the service:
$ sudo systemctl stop spice-vdagentd
$ sudo systemctl disable spice-vdagentd


$ systemctl status colord
● colord.service - Manage, Install and Generate Color Profiles
   Loaded: loaded (/lib/systemd/system/colord.service; static; vendor preset: enabled)
   Active: active (running) since Sun 2020-05-24 11:49:50 EDT; 1h 8min ago
 Main PID: 2252 (colord)
    Tasks: 3 (limit: 4915)
   CGroup: /system.slice/colord.service
           └─2252 /usr/lib/colord/colord

 May 24 11:50:50 u18ai colord[2252]: failed to get seat for session c3 [pid 2871]: No data available
May 24 11:50:50 u18ai colord[2252]: failed to get seat for session c3 [pid 3071]: No data available
May 24 11:53:07 u18ai colord[2252]: failed to get seat for session c4 [pid 3517]: No data available
May 24 11:53:08 u18ai colord[2252]: failed to get seat for session c4 [pid 3668]: No data available
May 24 12:11:24 u18ai colord[2252]: failed to get seat for session c5 [pid 4923]: No data available
May 24 12:11:24 u18ai colord[2252]: failed to get seat for session c5 [pid 5081]: No data available
May 24 12:55:35 u18ai colord[2252]: failed to get seat for session c6 [pid 6575]: No data available
May 24 12:55:35 u18ai colord[2252]: failed to get seat for session c6 [pid 6719]: No data available
May 24 12:56:08 u18ai colord[2252]: failed to get seat for session c7 [pid 7190]: No data available
May 24 12:56:09 u18ai colord[2252]: failed to get seat for session c7 [pid 7352]: No data available
$ sudo apt install snmp-mibs-downloader
$ sudo systemctl restart colord
● colord.service - Manage, Install and Generate Color Profiles
   Loaded: loaded (/lib/systemd/system/colord.service; static; vendor preset: enabled)
   Active: active (running) since Sun 2020-05-24 12:59:50 EDT; 2s ago
 Main PID: 11270 (colord)
    Tasks: 9 (limit: 4915)
   CGroup: /system.slice/colord.service
           ├─11270 /usr/lib/colord/colord
           └─11283 /usr/lib/colord/colord-sane

 May 24 12:59:50 u18ai systemd[1]: Starting Manage, Install and Generate Color Profiles...
May 24 12:59:50 u18ai systemd[1]: Started Manage, Install and Generate Color Profiles.
Posted by at No comments:
Subscribe to: Posts (Atom)