X86 build in Hyper-V no wired <-> wireless connection

Hello,

I have somehow "exotic" setup going on, that is running custom OpenWRT x86 in Windows Server 2019 Hyper-V. First, please note that setup that I am trying to achieve works perfectly fine outside Hyper-V.

Setup:

  1. Two physical Intel NICs on motherboard, NIC1 and NIC2
  • one Hyper-V external virtual switch as "LAN" using NIC1, physically connected to external switch
  • one Hyper-V external virtual switch as "WAN" using NIC2, physically connected to Internet, but disabled at this point.
  1. PCI card with two Qualcomm ath10k chips
  • PCI passthrough set up so virtual machine has access to this PCI card, works fine. Both WLANs are detected inside virtual machine
  1. Wired client PC1 connected to physical external switch and wireless client PC2, both get IP from router fine.

The problem:
PC1 cant access services running in PC2 and vice versa, both can access router, and router can access services on both PCs. I've tried ping and HTTP, disabled all firewalls (both PC Windows 10, also on router) without success. I'm struggling to understand why this is happening. If I put PC2 to wired everything works fine. wlan0 and wlan1 in router are part of br-lan interface which is bridged (lan, wlan0, wlan1). Also same configuration works fine outside Hyper-V, all network configurations are identical to what it seems.

I'm happy to provide more information if anyone has any ideas how to troubleshoot this further.

You may like to share the output of the the following commands. You could obscures any physical MAC address. Please use Pre-formatted text tool to include the code:

cat /etc/config/network
cat /etc/config/wireless 
cat /etc/config/firewall
cat /etc/config/dhcp

I trust both LAN and WLAN clients get IPs in the same subnet?

Did you try pinging from WLAN1 to WLAN2 clients?

I can reproduce the problem with pretty much default configs, all I did is set up WLAN1. WLAN2 is not in use so I haven't tried WLAN1 <-> WLAN2 traffic. LAN and WLAN clients get IPs in same subnet, yes.

dhcp


config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

network


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option ifname 'eth1'
	option proto 'dhcp'

firewall


config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/22016ce1-092d-4d0c-bad2-d8eb42819e8d/pcibad2:00/bad2:00:00.0'
	option country 'FI'
	option legacy_rates '0'
	option channel '48'
	option htmode 'VHT40'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'psk2'
	option key 'xxxxx'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:07/VMBUS:01/80e57974-447d-4649-96ab-b3a8183e5752/pci96ab:00/96ab:00:00.0'
	option htmode 'HT20'
	option disabled '1'

Any tips how to troubleshoot would be appreciated since I'm out of ideas, thanks.

What o you get of this command

 brctl show

Also while you are there, could you try adding the following to your lan interface in /etc/config/netowrk

    option stp 1

brctl show

bridge name     bridge id               STP enabled     interfaces
br-lan          7fff.00155d28e70a       no              eth0
                                                        wlan0

after adding "option stp 1" STP enabled is "yes" but still no connection LAN <-> WLAN1

Enabled WLAN2 and I tested WLAN1 <-> WLAN2 which works fine (= router <-> WLAN2 works fine). Also WLAN2 <-> WLAN2 works fine. But no connection LAN <-> WLAN2

I ran out of ideas. brctl shows the LAN and WLAN are indeed bridged.

Do you have switch support with this setup? If so, you could try making a VLAN (say VLAN 1) and change the LAN interface accordingly to be eth0.1 rather than eth0.

No, I don't have switch and therefore can't try VLANs.

I went for TCP dump for simple test:

Ping from client WLAN -> LAN gives me "Destination host unreachable."

On router tcpdump eth0 (LAN port)

tcpdump -ennqti eth0 \( arp or icmp \)

gives

WLAN_CLIENT_MAC > ff:ff:ff:ff:ff:ff, ARP, length 42: Request who-has  <LAN_CLIENT_IP> tell <WLAN_CLIENT_IP>, length 28
<line above repeated multiple times, nothing else is outputted)

Any ideas how to debug this further or what to try with tcpdump?

As I suspected this was a problem outside OpenWRT, the issue was fixed by setting "Enable MAC address spoofing" for Hyper-V virtual machine Network Adapter #0 (which is eth0 in OpenWrt)

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.