Routing between two isolated systems without VPN
Weird scenario for you:
I have two Raspberry Pis running Raspbian 8 (jessie) connected to each other by a cross-over cable between their Ethernet ports. The Ethernet port on unit A is statically configured as 10.5.10.1. The Ethernet port on unit B is statically configured as 10.5.10.2. Subnet mask for the Ethernet interface is 255.255.255.0 - /24.
Both units are running the host access point daemon (hostapd) and DHCP server on their Wifi interface (wlan0). They each have a unique SSID: unit A is “raspiA” while unit B is “raspiB”. Unit A runs on channel 1. Unit B runs on channel 11.
The wlan0 adapter on unit A is statically assigned as 10.10.1.1. The DHCP server on unit A serves addresses in the range of 10.10.1.50 - 10.10.1.250. The wlan0 adapter on unit B is statically assigned as 10.10.2.1. The DHCP server on unit B seven addresses in the range of 10.10.2.50 - 10.10.2.250. Subnet masks for the wlan0 adapters are both /24.
The systems are completely isolated - there is no connection to the Internet.
Both systems run a process which runs an HTTP server on port 80, available from either interface (eth0 or wlan0).
I want a client connected to the access point on system A to be able to access the process on system B on 10.10.1.2.
I want a client connected to the access point on system B to be able to access the process on system A on 10.10.2.2.
[Client 1] [Unit A ] [Unit B ]
10.10.1.50 —wifi—> 10.10.1.2 —> 10.5.10.1 —eth—> 10.5.10.2
And...
[Unit A ] [Unit B ] [Client 2]
10.5.10.1 <—eth— 10.5.10.2 <— 10.10.2.2 <—wifi— 10.10.2.50
What is the best way to make this happen?
Solution 1:
All you need to do is enable ip forwarding on A and B ( as root ):
echo 1 > /proc/sys/net/ipv4/ip_forward
Solution 2:
I finally found a configuration that works. It allows a client to join either network and have access to both systems. It also does not require routing, which is important as any scheme which assigns a router (default gateway) causes mobile clients (iOS, Android) to prioritize their Wifi interface over their 4G interface, cutting off Internet access.
I simplified the IP scheme by moving everything into the same /24 (class c) segment. I set up bridges between the eth0 interface and the wlan0 interface on both systems. The bridge on system A was assigned .1 and the bridge on system B was assigned .2. All services provided by the system are bound to / available on the bridge address.
I adjusted the DHCP daemons on each system to serve a different range from the /24 (i.e. system A was .50 - .149 and system B was 150 - 249). Because the systems are bridged together (i.e. all on the same segment) any DHCP request turns into a race, with both daemons responding. Since both offers will be in the same /24, it doesn’t matter which one “wins”.
This creates a certain form of redundancy. If either system dies, the clients can re-associate with the access point on the other system. If the application on either system crashes, the clients can connect to the instance on the other system. The two systems can also monitor each other, mirror configuration, and cross-check data.
One limitation of this approach is that the clients must know that the applications are available on .1 and .2. A future iteration may include some sort of MDSN / Avahi support that allows clients to discover servers automatically.
Steps:
- Install
bridge-utils
,hostapd
, andisc-dhcp-server
- Edit
/etc/sysctl.conf
:- Either add or uncomment
net.ipv4.ip_forward = 1
- Either add or uncomment
- In
/etc/network/interfaces
:- Mark both eth0 and wlan0 as manual
- Add the br0 bridge with the desired static network configuration
- Add only the eth0 interface (the wlan0 will be added by hostapd)
- Edit
/etc/dhcpcd.conf
:- Exclude eth0 and wlan0 from DHCP by adding
denyinterfaces eth0 wlan0
at the bottom.
- Exclude eth0 and wlan0 from DHCP by adding
- Edit
/etc/default/isc-dhcp-server
:- Set the
INTERFACES
value tobr0
- Set the
- Edit
/etc/dhcp/dhcpd.conf
:- Create a new subnet entry
- Add some number of client-available IPs to the range
- Do NOT add "option routers"
- Edit
/etc/hostapd/hostapd.conf
:- Add
bridge=br0
at the bottom
- Add
Repeat this process for the other system, altering the IP assigned to the bridge (step 2.2) and the range of addresses served by the DHCP server (step 5.2). Connect the Ethernet ports with a cable. Reboot. Voila - redundant, flat network.