alexhaydock
commented
6 months ago Hi @jjlee
Yep, this setup definitely works just fine for ethernet routing despite the single port on the Pi. I have the regular single-ethernet port version of the Pi 4 plugged in via a single ethernet cable to a relatively cheap switch that's VLAN-aware.
I've got one of these switches, but any switch that's got an interface you can configure VLANs with ought to work fine.
I configure it so that my Pi is plugged into a port on the switch that supports all of the VLANs, and I plug my modem into another port on the switch which is configured to only support one specific VLAN.
In /etc/network/configs I do some magic to bring up a VLAN interface without giving it an IP address and then run pon to dial my PPPoE connection:
auto eth0
iface eth0 inet static
address 192.168.200.1
netmask 255.255.255.0
post-up /sbin/ip link add link eth0 name vlan888 type vlan id 888 || true
post-up /sbin/ip link set vlan888 up
post-up /usr/bin/ponThen I just tell my PPPoE config to expect that the upstream ISP modem is on that specific VLAN when dialing the connection:
plugin pppoe.so vlan888Even with the single port, this works well enough for me since I've only got VDSL. I'm not quite sure how it would fare once you start trying to route faster connections. There's a few boards you can get to put a Pi 4 Compute Module on which will add a second ethernet controller but I've not tested those and I'm not sure how good they are.
I don't use the Pi itself as a Wi-Fi AP, but I think it's definitely something you could do if you really wanted. I'm not sure if it'd be a good idea since the range isn't going to be great and it's definitely more optimised to be a client chip than an AP chip, but it's definitely something that could be done. I just have a relatively cheap TP-Link WiFi 5 AP plugged into one of the other ports on the switch though.
In terms of updating the microSD, since I'm building this in GitLab CI/CD, it's easy enough there to configure a build schedule. I have it set to build the image weekly at the moment. If I get the chance, I can just write the new image to my second microSD and then slot it in to update the system. If something breaks, I can just put the previous card back in and roll back immediately. It's maybe not ideal, but I've found that there's relatively little change in the system really when it's based on such a small number of packages.
Hopefully this helps! :smile: It's probably not a deployment method used by many, but it's worked well for me for a few years now! If you get stuck I'll try and help if I can. Good luck!
Oh and about:
I'm not a networking expert
I think you might find that if you start the journey of building something like this and end up writing an entire multi-VLAN nftables config from scratch, you'll probably end up as an "expert" faster than you think :laughing:
jjlee
CalumDay
Given the single RJ45 port on rpi 4 and 5, how do you deploy this? Are you using wifi only with the pi as a wifi access point, or do you have some add-on board that adds additional RJ45 ports, or a USB to ethernet adapter, or some sort of VLAN setup? Can you provide any details, especially re hardware that supports your VLAN if it's that? I'm not a networking expert but I'll probably understand if you explain in concrete ELI5 terms: "I have this hardware, x is plugged into y, y runs this software" :-)
Motivation for my question: I'm looking for something simple like pinewall (no UI, hackable through simple nftables etc. configuration, easy to keep updated) but want to avoid adding yet another operating system instance to manage in the form of extra hardware to support a VLAN! So I wonder if for example I might find it workable to get away with using the pi's wifi as AP, and USB hardware as 2nd ethernet port, without causing myself other problems - e.g. limiting wifi range or ethernet bandwidth too drastically? (I also wonder how often you update your microsd image to track security updates, but that takes me off the focus of my question)