Virtual domain controller wirelessly

So I would like to set up my own network inside my home wifi. I’m a bit new to this so I may have some of this wrong

The set up should be really simple but let me explain:

The broadband router is virgin media wifi and any device should be able to connect to this without anything changing. Basically the new network should not change anything for any of the existing users of the broadband connection.

Then I will set up a PC with Windows 10 pro that will connect to the wifi.
Within that PC I will set up a virtual linux box which will be the domain controller - running Nethserver & Samba for active directory. The virtual machine will be running on Virtual box.

This is where I think things will get a bit tricky.

I want all computers that join this domain to go through the domain controller for internet access - the domain controller to act as a gateway/firewall.

All workstations will need to connect wirelessly to the domain controller so the enventual outcome will be

Workstation-[wirelessly connect to] ->Domain controller (virtual box within another PC) -[wirelessly connects to]->Virgin media router->Internet

All workstations will be running Windows 10 Pro

What do I need to achieve this. I feel like some sort of wireless router or network switch that sits between the workstations and the domain controller with that router connected by ethernet cable to the PC and then somehow that connections piped in to the virtual machine that is hosting the domain controller.

Is this correct? Any recommendations on which hardware

These two goals are not compatible. If you want the domain controller to be the gateway, then your clients are going to need to use the DC as the gateway. In order to do that, they can’t be connecting directly to the Virgin Media router.

1 Like

@Gareth_Atkinson, @danb35

Hi

Theroretically, it could be done…

You’ld have to have massive use of vLANs (And this on WLan as extra difficulty), add to the unsurmountables is a - most likely - rather limited Virgin Media router.

If you happen to be a VLan Guru, a WLan Guru & a Virgin Media router Guru, be welcome to do so…

If not, you might save yourself a lot of time and headache by getting a second (decent) router - and maybe a real virtualization solution. Virtualbox can work, but is not the stable solution you’re probably looking for.

I wouldn’t touch such a solution with a loooong pole… :slight_smile:

My 2 cents
Andy

Assuming the Virgin router has a wired LAN interface, and that its WiFi can be turned off, and that there’s a spare NIC in the Windows box, and you have or can get another WiFi access point, this wouldn’t be too terribly difficult:

  • In VirtualBox, dedicate one NIC to the Neth VM. Assign a second bridged interface to the VM as well.
  • In Neth, assign the dedicated NIC as Red, and the bridged interface as Green
  • Plug the dedicated NIC into the router
  • Turn off WiFi on the router
  • Set up the other access point as desired–you can even duplicate the SSID/password if you want, in which case the client devices shouldn’t need any reconfiguration. But disable routing on that device, if it also has that capability.

The problem with this whole arrangement is that nothing on the network–including the Windows 10 system–will have Internet access until the Neth VM is up and running. And, as Andy said, VirtualBox isn’t the greatest hypervisor, though it’s worked pretty well for me.

A much better, and simpler, solution would be to use dedicated hardware (even a Raspberry Pi) for Nethserver, and put it between the router and the rest of your network. But you’d still need a separate access point for that.

1 Like

Using OpenWRT, I recently found out that even a Raspberry PI 3B can make a WLan AP with several options, a RPI4 is much better, of course. There are finished OpenWRT images for both Raspberries…

:slight_smile:

some is quite an understatement.

Two buddies here had a nice set of hints. But IMVHO the only way you can trickle the user is… Use more hardware.

  • Change subnet of your router, disable the wireless interface
  • connect your domain controller with the red interface to your router; set the green interface with your current ISP router address and subnet
  • connect a properly configured AP (pick a good one) with the same SSID, protocol, cypher and passphrase for allowing connection on your green network

AFAIK Apple devices will be less trustful: iOS should not trust “the same network, different emitter” without tell you/the users something.
Windows will tell you “dude, that’s a new network, watcha gonna do?”
Other devices should comply…

@pike

If you replicate the MAC Address of the old WiFi AP (IP, name, ssid, pass), both Apple &Windows will be satisfied and not notice the change, Both rely on tha AP’s MAC Address…

A decent (good) WLan AP will allow this.

OpenWRT allows this.

My 2 cents
Andy

Windows issue is not the AP Macaddress, but the DHCP Server Macaddres…

True for both OS / Environments…

And both can be done in a virtualized environment…

My concern about a Pi as a router is the second NIC, but I guess it can route wired-to-WiFi?

The PI, using OpenWRT, can be switched over to pure WLan AP, not router. The IP Address of the LAN Nic becomes valid for the WLan too. Very easy, I was plaesantly surprised who well it works.

It can do almost all imaginable options, even several WLan APs in one. Routing - very flexible.
DNS / DHCP / vLANs - almost on par with PF / OPNsense…

:slight_smile:

Supported Hardware (If not a Raspberry…)

Thanks for all your responses. Yes I am quite new to this but we all gotta start somewhere!
I should have been a bit clearer in what I am trying to achieve. This will be a bit of a lab network to test whether I can do it.
Longer term I would want to set up an office network in a new office for my business using Nethserver as the server, rather than shelling out for Microsoft server.
This would be about the most simple office network set up imaginable.
For now, I want to see how this would work, so bandwidth is not really an issue as I will just be testing things and would prefer not to have to run a cable from my office to the wifi router if possible.
Would it maybe be better if I scrapped the virtual machine idea and just install nethserver directly onto the PC?

Hi @Gareth_Atkinson (BTW welcome to the Nethserver Community),

Maybe the responses are a bit overwhelming and not being very knowledgeable on network stuff myself going to try to simply ( In other words how I understand it…)

Regarding to wifi access It is important to understand the difference between a wifi-router and a wifi-access point (AP).
In the end of the day, if you want a simple setup, you are likely looking for a wifi-access point and leave the routing to the Nethserver-DC. However for more advanced setups the routing capabilities of nethserver can fall sort, this has not happened to me upon this day though.

Most “home” wifi routers can not act as an wifi-AP, to achieve this with my Netgear WNDR3700 flashed it with dd-wrt (some-what similar to OpenWRT @Andy_Wismer was referring to).

In my opinion the most straight forward setup is a netherver running on something (does not have to be much for testing, it runs quite decent on a RPI4) with 2 nic’s (red connect to internet , green to lan) and a wifi-AP.

I Leave it to experts from here on :grinning:

1 Like

Are you sure about this? Granted, I’ve been on Unifi a while, but I haven’t encountered one that can’t act as an AP. And even if you can’t turn off routing mode, just disable DHCP (though you’d obviously need to serve it somewhere else, like from the Neth server) and don’t connect the WAN port–presto, an AP.

Now, an ISP-provided unit may not give you even that level of control–but normal, off-the-shelf Linksys/Netgear/D-Link stuff always has in my experience.

Well the important part I tried to convey is : use a wifi device that can act as an AP.

(back in the day when my Netgear WNDR3700 was one of the more capable ‘home’ devices it did not do a good job, IIRC especially in the environment where computers are actually joined to the domain controller)

@danb35

Just for clarification:

Most WiFi APs on the market nowadays are AP-Routers, and can’t actually work as only AP.

A router WILL create a “new” network, and will always see itself as default gateway on this network…

What can be done is deactivating anything “WAN”, deactivating anything to do with DHCP and set a static IP (From your existing LAN). This way, the AP can be used as an AP.

Caveats:
One major one: You can’t access the AP from anywhere besides the local LAN. No remote management! If you have more than one network (vLan included) you can only access the box from that network.
The box will always see itself as default gateway, even if you deactivate everything possible. And therefore can’t reach another network… :frowning:

By chance, I have the WNDR3800 at home, the follow up of what @mark_nl is using at home. Only: mine isn’t flashed yet, one of the reasons I wanted to test OpenWRT before flashing my WLan AP at home.

This is valid for almost all Netgear, D-Link and Linksys stuff available here on the market…

So there is a GOOD reasnon to flash these boxes with decent FOSS. By the way, both WRT packages startet out with a OpenSourced LinkSys router…

My 2 cents
Andy