Routing between two isolated systems without VPN

networking linux wireless-networking router

Weird scenario for you:

I have two Raspberry Pis running Raspbian 8 (jessie) connected to each other by a cross-over cable between their Ethernet ports. The Ethernet port on unit A is statically configured as 10.5.10.1. The Ethernet port on unit B is statically configured as 10.5.10.2. Subnet mask for the Ethernet interface is 255.255.255.0 - /24.

Both units are running the host access point daemon (hostapd) and DHCP server on their Wifi interface (wlan0). They each have a unique SSID: unit A is “raspiA” while unit B is “raspiB”. Unit A runs on channel 1. Unit B runs on channel 11.

The wlan0 adapter on unit A is statically assigned as 10.10.1.1. The DHCP server on unit A serves addresses in the range of 10.10.1.50 - 10.10.1.250. The wlan0 adapter on unit B is statically assigned as 10.10.2.1. The DHCP server on unit B seven addresses in the range of 10.10.2.50 - 10.10.2.250. Subnet masks for the wlan0 adapters are both /24.

The systems are completely isolated - there is no connection to the Internet.

Both systems run a process which runs an HTTP server on port 80, available from either interface (eth0 or wlan0).

I want a client connected to the access point on system A to be able to access the process on system B on 10.10.1.2.

I want a client connected to the access point on system B to be able to access the process on system A on 10.10.2.2.

[Client 1]         [Unit A              ]        [Unit B ]
10.10.1.50 —wifi—> 10.10.1.2 —> 10.5.10.1 —eth—> 10.5.10.2

And...

[Unit A ]        [Unit B              ]         [Client 2]
10.5.10.1 <—eth— 10.5.10.2 <— 10.10.2.2 <—wifi— 10.10.2.50

What is the best way to make this happen?


Solution 1:

All you need to do is enable ip forwarding on A and B ( as root ):

echo 1 > /proc/sys/net/ipv4/ip_forward

Solution 2:

I finally found a configuration that works. It allows a client to join either network and have access to both systems. It also does not require routing, which is important as any scheme which assigns a router (default gateway) causes mobile clients (iOS, Android) to prioritize their Wifi interface over their 4G interface, cutting off Internet access.

I simplified the IP scheme by moving everything into the same /24 (class c) segment. I set up bridges between the eth0 interface and the wlan0 interface on both systems. The bridge on system A was assigned .1 and the bridge on system B was assigned .2. All services provided by the system are bound to / available on the bridge address.

I adjusted the DHCP daemons on each system to serve a different range from the /24 (i.e. system A was .50 - .149 and system B was 150 - 249). Because the systems are bridged together (i.e. all on the same segment) any DHCP request turns into a race, with both daemons responding. Since both offers will be in the same /24, it doesn’t matter which one “wins”.

This creates a certain form of redundancy. If either system dies, the clients can re-associate with the access point on the other system. If the application on either system crashes, the clients can connect to the instance on the other system. The two systems can also monitor each other, mirror configuration, and cross-check data.

One limitation of this approach is that the clients must know that the applications are available on .1 and .2. A future iteration may include some sort of MDSN / Avahi support that allows clients to discover servers automatically.

Steps:

  1. Install bridge-utils, hostapd, and isc-dhcp-server
  2. Edit /etc/sysctl.conf:
    1. Either add or uncomment net.ipv4.ip_forward = 1
  3. In /etc/network/interfaces:
    1. Mark both eth0 and wlan0 as manual
    2. Add the br0 bridge with the desired static network configuration
    3. Add only the eth0 interface (the wlan0 will be added by hostapd)
  4. Edit /etc/dhcpcd.conf:
    1. Exclude eth0 and wlan0 from DHCP by adding denyinterfaces eth0 wlan0 at the bottom.
  5. Edit /etc/default/isc-dhcp-server:
    1. Set the INTERFACES value to br0
  6. Edit /etc/dhcp/dhcpd.conf:
    1. Create a new subnet entry
    2. Add some number of client-available IPs to the range
    3. Do NOT add "option routers"
  7. Edit /etc/hostapd/hostapd.conf:
    1. Add bridge=br0 at the bottom

Repeat this process for the other system, altering the IP assigned to the bridge (step 2.2) and the range of addresses served by the DHCP server (step 5.2). Connect the Ethernet ports with a cable. Reboot. Voila - redundant, flat network.

Related

How download dropbox directory or files with command line on a linux server [duplicate]
How would I restore data of a Chrome extension only using backup?
How to make Ctrl+D detach tmux, while retaining GNU readline capabilities in Bash?
Home directories created with wrong Selinux context
Accessing a PLC with a hardcoded IP on our internal DHCP based network
Network shares over 4TB
GPO option for "Show Desktop Icons"?
Non standard ssh port: should I edit /etc/services?
What are my options for moving my LetsEncrypt certificate from one server to another?
Why to use a commercial packet/protocol analyzer vs. WireShark?
3rd party RAM for Mac Book Pro
Website Backup and Download