Creating a virtual router in Raspberry Pi 4B

Hey everyone,

I use a Raspberry Pi 4B running Raspberry Pi OS 11 (Buster I guess) as a media center. I would like to install OpenWrt 21.02 in the Pi. However, I do not want to lose my media center.

What I think could be a viable solution is to run the media center stuff in the host side and run OpenWrt in a container or VM.

This is what I want to achieve:

Untitled1920×1080 14.2 KB

eth0: Built in ethernet port of the Pi. This will be the LAN port.
eth1: USB connected ethernet port. This will be the WAN port.
wlan0: Built in WiFi module of the Pi. This will be used by the media center.
wlan1: USB connected WiFi module. This will be used by OpenWrt.

OpenWrt container will do all router stuff.
The host will be disconnected from OpenWrt. The host will connect to the network of the virtual router ONLY by WiFi. (wlan0 ---> wlan1)

I think this possible, but I have no idea how.

Any help is appreciated.

PS: I cannot explain stuff well. Sorry for inconvenience.
PS: Bad drawing. Hopefully good enough for illustration.

why not simply use the existing pi OS as a router / firewall, in the background of the media center solution?

I do not want to. I am setting this up for a friend. Scared of command line. A nice GUI would be great.

and you think setting up a container/VM inside an OS is a lot simpler ... ?

I know. Its comparatively more complicated than doing it everything on the host. But is it possible though?

Maybe running native OpenWrt and the media center in a container or as an app would be more realistic solution.

I count two RJ45 ports and one wireless at the minimum. Are you going to add USB-ethernet dongle?

check the details under the sketch in the 1st post.

Well, I tried. Debootstrap in OpenWrt, and then xorg and kodi. It spits out some "get_ptys" error.

Also an uneducated guess that OpenWrt is not optimized enough for graphics stuff, like graphics drivers. Raspbian is the official OS of the Pi, so its the best choice.

Maybe docker will work (??)

I stumbled upon this article.

In Teleport the Wi-Fi section, it shows how to transfer a device from the host to the container. This makes it unaccessible from the host and accessible from the container. That is indeed what I want.

If I do the same for eth0, eth1 and wlan1 I think I achieve the above mentioned topology from a hardware perspective?

I do not have access to the pi right now, so can't test it atm.

$ ip netns help
Usage:	ip netns list
	ip netns add NAME
	ip netns attach NAME PID
	ip netns set NAME NETNSID
	ip [-all] netns delete [NAME]
	ip netns identify [PID]
	ip netns pids NAME
	ip [-all] netns exec [NAME] cmd ...
	ip netns monitor
	ip netns list-id [target-nsid POSITIVE-INT] [nsid POSITIVE-INT]
NETNSID := auto | POSITIVE-INT

$ ip li help
Usage: ip link add [link DEV | parentdev NAME] [ name ] NAME
		    [ txqueuelen PACKETS ]
		    [ address LLADDR ]
		    [ broadcast LLADDR ]
		    [ mtu MTU ] [index IDX ]
		    [ numtxqueues QUEUE_COUNT ]
		    [ numrxqueues QUEUE_COUNT ]
		    type TYPE [ ARGS ]

	ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]

	ip link set { DEVICE | dev DEVICE | group DEVGROUP }
			[ { up | down } ]
			[ type TYPE ARGS ]
		[ arp { on | off } ]
		[ dynamic { on | off } ]
		[ multicast { on | off } ]
		[ allmulticast { on | off } ]
		[ promisc { on | off } ]
		[ trailers { on | off } ]
		[ carrier { on | off } ]
		[ txqueuelen PACKETS ]
		[ name NEWNAME ]
		[ address LLADDR ]
		[ broadcast LLADDR ]
		[ mtu MTU ]
		[ netns { PID | NAME } ]
...

Yeah it's called network namespace. e.g. ip netns add <openwrt> then ip li set eth0 netns <openwrt>

Maybe some ideas in this thread.

thanks that you shared this info.
i am not doing setns with eth0 right now because eth0 is the reason i can ssh into the host.

Therefore,
My steps are as follows:

• Transfer eth1 to the container.
• Set up the WAN connection and get the internet working.
• Get the Wi-Fi working.
• Create LAN with dhcp so that I can connect to the container's network.

I tried to do this, and it kind of worked!

I was able to get eth1 and wlan1 in the container. I was also able to figure out my WAN connection. I can now ping IPs and domains. I successfully ran opkg update from the WAN connection.

This is what I have achieved so far:

# Set Docker image type.
DKIMG='openwrtorg/rootfs:aarch64_cortex-a53-openwrt-21.02'

# Create OpenWrt docker container if not created.
if [ "$(docker ps -a | grep $DKIMG)" = "" ]
then
    docker create --cap-add NET_ADMIN --cap-add NET_RAW --hostname RasPi-4B --name openwrt --network none $DKIMG
fi

# Start OpenWrt docker container.
docker start openwrt

# Get container PID for network namespace.
NSPID=$(docker inspect -f '{{.State.Pid}}' openwrt)

# Add ethernet ports.
ip l set dev eth1 netns $NSPID

# Add Wi-Fi devices.
iw phy phy1 set netns $NSPID

Now I want to get my wifi to atleast brodcast its SSID. But, I cannot seem to be able to figure out how.

Firstly I installed the following packages:
kmod-mac80211, wireless-tools

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path <NOT SURE IF I AM SAFE TO SHOW THIS IDK>
        option band '2g'
        option cell_density '0'
        option htmode 'HT20'
        option channel 'auto'

config wifi-iface 'wifi_lan'
        option device 'radio0'
        option mode 'ap'
        option encryption 'psk2+ccmp'
        option key 'someRandomPassword'
        option ssid 'OpenWrtDocker'

I do not see my Wi-Fi SSID being brodcasted.
Also, I got radio0.path from the config files when OpenWrt baremetally ran on the Pi. Maybe the path is wrong?? Or maybe the other config is wrong?
How am I supposed to know then which is right?

Please suggest me something,
thanks

Okay I figured it out. I needed hostpad package.

Lesson: Always read the logs.

Also this works:

config wifi-device 'radio0'
	option type 'mac80211'
	option phy 'phy1'

I just made a virtual machine and used the official OpenWRT images. I used a virt manager with the USE of KVM for this. Remember to use Raspberry Pi os in the latest version, version 64bit.

Hmm, how is the performance?
Also virt-manager? Are you using a WM/DE?

Okay so my lan is working, dhcp working, but no internet connection...

I do not know why, the container does have internet connection. I can ping the WAN gateway, and all IPs and domains. But I cannot even ping the gateway if I am connected to LAN via Wi-Fi.

BTW I can SSH into the container/router, and can access LuCI.

If anybody knows what is going on please help.
Thanks.

I haven't tested the performance. I am using the default graphical interface shipped with RPI OS.

How does your topology look?