Closed Stan-Tastic closed 1 year ago
dchristl
commented
1 year ago Hello @Stan-Tastic ,
Is it possible that you mean a mesh network? Currently, this is not possible as the router always creates its own network. However, it is on the list of many points I still want to implement.
Stan-Tastic
commented
1 year ago Well, not really - I don't want a second network under the same SSID, I prefer to use a new one so that I direct IoT my devices to connect to it, and nothing else.
NAT is masking client IPs behind the IP of the router (here: extender). I don't want that, I want to "see" the IPs behind the extender.
pt., 21 lip 2023, 15:23 użytkownik dchristl @.***> napisał:
Hello @Stan-Tastic https://github.com/Stan-Tastic ,
Is it possible that you mean a mesh network https://en.wikipedia.org/wiki/Mesh_networking? Currently, this is not possible as the router always creates its own network. However, it is on the list of many points I still want to implement.
— Reply to this email directly, view it on GitHub https://github.com/dchristl/esp32_nat_router_extended/issues/73#issuecomment-1645579225, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGBTRL56I2QNRNOW4X2KQ3XRJ7GBANCNFSM6AAAAAA2SSE3IY . You are receiving this because you were mentioned.Message ID: @.***>
dchristl
commented
1 year ago Sorry, but this is technically not possible. No network will provide the real IP, because that is the whole point of it. Do you know any commercial router providing this. I can't imagine how this will work. There are only two options. Mesh, like I mentioned or port forwarding. But port forwarding is only for ports, the IP is not visible outside the network. If I don't understand you correctly, can you name any device/router realizing this?
Stan-Tastic
commented
1 year ago Trust me when I say this is possible, I have been a network engineer for 20 years :-)
Any router will do that for you happily. Perhaps some old or very limited devices won't have the option, but anything modern from Cisco, TP-Link, Mikrotik, as well as software routers like OPNsense, OpenWRT, DD-WRT and similar will have this capability.
Allow me to elaborate.
The situation is usually like this:
<internet> - <home router> - <home network>
Where home network, for the sake of an example, is something like 192.168.1.0/24, and router address is 192.168.1.1.
What I'm after is:
<internet> - <home router> - <home network> - <extender> - <extended network>
Let's say extended network uses 192.168.4.0/24, as with this firmware, and extender's home network address is 192.168.1.10 (because why not).
The problematic part is making sure that hosts from 192.168.1.1/24 can talk to 192.168.4.1/24. This can be realized in a few ways:
voila, nothing on the router needed.
You can configure static route on the home router (if you use a router that accepts that) that will say "192.168.4.0/24 via 192.168.1.10". The problem here is that this will yield "asymmetric routing" situation. If 192.168.1.30 will try to reach 192.168.4.10, it will first go the home router, it will in turn send the packet to extender, and extender to final host. So far so good, but on the way back the extender will see "hey, 192.168.1.30 is from a network I know, I'll send the packet directly" and will skip the home router step. This may or may not cause issues, depending the router and software on end hosts.
A third way is to set up DHCP option 121, which allows sending static classless routes to hosts. This is built into every modern DHCP client, the problem is that most routers don't implement this option in the GUI/CLI - however, they usually implement something like "custom DHCP option", which in this case would be "DHCP option 121". In such case the payload can be calculater here: https://www.medo64.com/2018/01/configuring-classless-static-route-option/
I don't know C all too well, but I found these lines:
ip_napt_enable(my_ap_ip, 1);
ESP_LOGI(TAG, "NAT is enabled");Would it be possible to build in a radio switch, NAT ON/OFF?
Also, thanks for all your hard work, this is all greatly appreciated. Still useful as it is (and fantastically so!), but requires a lot of workarounds to function with more than 1 ESPHome device on the extender side...
dchristl
commented
1 year ago I haven't fully understood your explanation yet (I'm not a networking engineer ;) ), but I think I have a better understanding of where the issue lies. If simply deactivating the NAT functionality solves it, then I am happy to implement that. I can provide you with a temporary version with NAT disabled, and if you are happy with it, I will include it in the next release. Do you have a regular ESP32 or S2/C3?
Stan-Tastic
commented
1 year ago Fair enough, but if you're interested and can tell me where I lost you I can try to explain better :-)
I have a regular ESP32.
dchristl
commented
1 year ago Thank you for your offer, but I think I need to familiarize myself with the topic in general first. I wasn't really aware of how it works and why NAT prevents it. For example, if I disable NAT, my clients lose internet connectivity.
I've attached the full and the update version for the ESP32 with disabled NAT:
Stan-Tastic
commented
1 year ago Jackpot! It just works. For the record, I used this instruction: https://community.home-assistant.io/t/declare-a-static-route-to-reach-other-lan/311442 to configure a static route on Home Assistant instance, as this is basically the only host that needs that.
Routing on Windows can be set with:
route add 192.168.4.0 mask 255.255.255.0 <extender_IP>
Thanks for your help!
dchristl
commented
1 year ago Great :) I will add this feature in the next release (1-2 weeks). Thanks for testing. Now, with your link, I understand for what this is for. It is more a corporate setup than a consumer/home setup. This is used to physical divide LANs from each other to handle accesses separately and define firewall rules, right?
Stan-Tastic
commented
1 year ago I would call it "power user setup". With just this, there's no real separation between LANs - router will happily move packets between networks, no questions asked :-) With this extender software it's not even possible to add any firewall rules or block access.
It would be easier (from end-user perspective) to set this up as mesh, but it opens a whole new host of issues:
Overall, I think current option of defining a new network and then doing some routing mambo-jumbo is much better.
Also, within IoT/home automation community having a separate VLAN for IoT devices is relatively popular, as it provides "cleaner" network, and reduces a risk from potentially vulnerable IoT devices.
I think you'll find networking quite interesting :-)
dchristl
commented
1 year ago Thank you, I welcome your further explanations. Especially with the differentiation from Mesh, I believe I now understand the background.
Is there a way to disable NAT, so that the device acts as a straight-up router? I'm using this in my internal network to extend coverage for some far-off IoT devices, I just want to create a static route for them, no NAT.