VLAN in HyperV ,message nat?

mingwei · July 26, 2024, 2:23pm

I want to build a openWRT to do a NAT and add Vlan tag,My OS is win11，Use openWRT in HyperV 。like this image

the step is
1,creat 2 virtualSwitchs in HyperV named SW1,SW2
2,creat 1 openWRT in HyperV ,add 2 net adapter from SW1,SW2
3，add IP 172.16.5.2/16 to the interface of SW1 in Windows ，no-gateway。cmd run "route -p add 172.16.12.101 mask 255.255.255,255 172.16.12.10"
4 .put “network”，“firewall” to /etc/config/
5,put "sysctl.conf" to /etc/
6,reboot

##network



config device
	option type '8021ad'
	option ifname 'eth1'
	option vid '212'    ###################################
	option name 'eth1.212'##################################


config interface 'VLAN212'  ##################
	option proto 'static'
	option device 'eth1.212'    #########################
	option ipaddr '198.18.32.1'
	option netmask '255.255.0.0'


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fda0:63c9:f8e9::/48'


config interface 'if0'
	option device 'eth0'
	option proto 'static'
	option ipaddr '172.16.12.10'   #################################
	option netmask '255.255.0.0'

#firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'


config zone
	option name 'outside'           #区域名称, 可以根据实际需要修改
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'VLAN212'         #属于本区域的接口, 名称由配置ip端口时定义, 此处应包含上方配置的所有对应被控设备网段的接口  ################################################################################################


config zone
	option name 'inside'            #区域名称, 可以根据实际需要修改
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'if0'             #属于本区域的接口, 名称由配置ip端口时定义, 此处应包含上方配置中用于windows访问的接口




#172.16.12.101_198.18.32.1            ################################################################################################################################################################################
config redirect
	option dest 'inside'                    #接口名称, 对应上方配置的, 属于windows访问区域
	option target 'DNAT'
	option name 'DNAT_UP1'              #规则名称, 根据实际需要修改
	option src 'outside'                    #接口名称, 对应上方配置的, 属于被控端设备区域
	option src_dip '198.18.32.1'        #被控段设备主动发起连接时使用的ip ****************************************
	option dest_ip '172.16.5.2'           #windows服务器的ip地址, 需要和上方eth0配置的ip地址对应, 在本机上必须可以访问
	list proto 'all'

config redirect
	option dest 'outside'                   #接口名称, 对应上方配置的, 属于被控端设备区域
	option target 'DNAT'
	option name 'DNAT_DOWN1'              #规则名称, 根据实际需要修改
	option src 'inside'                     #接口名称, 对应上方配置的, 属于windows访问区域
	option src_dip '172.16.12.101'             #windows服务器主动发起连接时使用的ip, windows系统上需要配置相关的路由, 将访问此ip的路由指向eth0 ****************   #####################################################################t
	option dest_ip '198.168.36.96'         #被控端设备的真实ip地址
	list proto 'all'



config nat
	option name 'SNAT'
	list proto 'all'
	option src '*'
	option target 'MASQUERADE'

#sysctl.conf

# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
net.ipv4.conf.eth1/212.proxy_arp_pvlan=1

it works well when I change eth1.212 to eth1 ,So the nat is right but I can`t see any Vlan message on another PC connected to eth1.

I also tred QinQ in this system works well.
anything wrong with it? It is really don`t make sense

brada4 · July 26, 2024, 8:01pm

You can have 12 adapters in hyperv vm.

mingwei · July 29, 2024, 1:43am

I uesd "Set-VMnetworkAdapterVlan ....-Trunk -NativeVlanID 201 -AllowedVlanIdlist "1-4094"" to deal wtith it .
windows HyperV cm.
But I still dont know the reason of Vlan message cant put out from openSWRT to hyperV

brada4 · July 29, 2024, 2:35am

You can totally use 2 adapters. This is not windows help phone.

mingwei · July 29, 2024, 3:58am

yes ，I have 12 adapters,NAT works well without vlan.But I need 12 same S-IP,S-port，D-IP,D-port messages in same switch ，I want to use Vlan to isolation them. the question is the OpenWRT s Vlan message cant put out.
I think it is Hyper-Vs VMswitch question when I did it use "-Trunk -NativeVlanID 201" cmd to adapter yesterday. But, I have another system use QinQ VLAN in openWRT &hyper-V, it works well also. and I checked the Hyper-Vs VMswitch adapter set is Untaged .
I dont know where is wrong, 2 parts : 1,Is openWRT Wrong? but I did as openWRT VLANs help.
2,Is hyper-V wrong ? but my another QinQ systerm don`t need any trunk config windows hyper-V.

brada4 · July 29, 2024, 4:09am

This is not microsoft helpdesk, no telling how microsoft tags/untags your configuration. You can run network traces and try to guess next parameter to do right way.

There should be space better, or even better commens on separate lines/

You use QinQ aka 11ad - double encapsulation. Thats not what microsoft claims supporting.