Skip to content

Instantly share code, notes, and snippets.

@gdamjan

gdamjan/README.md

Last active October 11, 2024 06:36
Show Gist options
  • Save gdamjan/ed095763b8c322ee5bed17e11bbaed6d to your computer and use it in GitHub Desktop.
Save gdamjan/ed095763b8c322ee5bed17e11bbaed6d to your computer and use it in GitHub Desktop.
Download ZIP
libvirt with ipvtap over wifi
Raw
README.md

ipvtap over wifi for libvirt

ipvtap is similar to macvtap, but works over wifi too, since it uses the same mac address as the wifi interface.

libvirt doesn't support ipvtap, so we have to configure everything manually. Important data we need before we start:

  • the name of the wifi interface, wlan0 in my case (it's already connected - use NM or networkd+iwd).
  • the mac address of the wifi interface (it must be the same in the guest too)

On the host:

sudo ip link add name ipvtap0 link wlan0 type ipvtap  mode l2 bridge
sudo ip link set up ipvtap0

The network interface for the guest is configured via the following xml using the mac address from wlan0/ipvtap0:

<interface type="ethernet">
  <mac address="f8:d1:11:18:81:c3"/>
  <target dev="ipvtap0" managed="no"/>
  <model type="virtio"/>
  <alias name="net0"/>
  <address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
</interface>

⚠️ DHCP is a … bit complicated

Now, I can start the VM, but I can't ping from/to router to/from the VM, until I configure the guest address on the host ipvtap0 too:

sudo ip addr add dev ipvtap0 192.168.17.111/32

this might be fixable with some proxy-arp?

Tested on:

Host:

  • Archlinux, 5.6.15-arch1-1
  • libvirt 6.4.0-1
  • qemu-headless 5.0.0-6

Guest:

  • Archlinux testing, 5.7.0-zen1-1-zen
@ja-cop
Copy link

ja-cop commented Jul 31, 2024
edited
Loading

Does anyone know if/how this can work with multiple VMs on the same host? i.e. multiple VMs connected directly to the same LAN as the hypervisor host. It seems like libvirt complains if you try to attach a network interface to a VM that has the same MAC address as an interface on an existing VM.

@mcnels1
Copy link

mcnels1 commented Oct 5, 2024

I've used these instructions to set up an Intel wireless card in AP mode as an interface for pfSense running inside KVM, using hostapd in the Linux host OS to configure the card. I'm planning to use this to isolate IOT devices from my main network.

I use virt-install to set up my VMs, and so far as I can tell virt-install does not natively support <interface>. But it can be generated using virt-install's --xml option:

  --xml ./devices/interface/@type=ethernet \
  --xml ./devices/interface/mac/@address=94:e2:3c:17:f6:ce \
  --xml ./devices/interface/target/@dev=ipvtap0 \
  --xml ./devices/interface/target/@managed=no \
  --xml ./devices/interface/model/@type=virtio

@mcnels1
Copy link

mcnels1 commented Oct 5, 2024

@wrobelda I am configuring the same IP address on ipvtap0 in my host OS and on the interface inside the VM; if I do not it is not reachable. I am not setting up any namespaces, and libvirt does not seem to be implicitly creating namespaces, as ip netns list returns nothing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment