Question Bridging LAN/WiFi connections on at-sea network results in flaky network connectivity (Windows 10)

[Fred G Meyer]

First, the caveat – I am a biologist and not an IT person; my coworkers and I developed this network with no adult supervision out of necessity due to lack of trained pros on staff.

TL;DR – see diagram below; when primary computer shuts down, the on-deck wifi stuff can’t see the LAN stuff unless we disconnect and then re-connect the bridge.

We deploy a fairly basic network on research boats that includes wifi and Ethernet components. The Ethernet stuff (a primary computer connected via unmanaged switch to a serial device server and a GPS-based time server) is inside the house. The wifi AP is on deck along with tablets, print stations, and a couple other devices. All of the wireless devices communication (including the primary computer’s wifi) pass through the AP. In earlier years before we added the time server, It all worked pretty well because the wifi and LAN were separate and had no need to communicate directly. This year, we added the switch and time server so all devices on the entire network could sync to it and have a common clock time. We had difficulty getting the on-deck wifi stuff to consistently see and sync with the time server, so after much experimentation, we decided to bridge the primary computer’s LAN and wifi connections and then assign the bridged connection the same IP address as the computer’s wifi connection. We tried a lot of various configurations, but this seems to be the only thing that has worked, and even this has been flaky at times. Occasionally, the tablets won’t be able to see the time server and the auto time sync capability in Windows will fail, but usually that can be overcome with a manual sync. I’m 100% positive we haven’t set this up correctly, but I was OK with that since it was generally doing what we wanted at least some of the time. The problem now, however, is that if the primary computer ever shuts down for any reason, when it comes back online, the on-deck wifi stuff doesn’t see anything on the LAN unless we go into Windows adapter settings on the primary computer, disconnect the bridge, then re-connect. This is a no-go for a variety of reasons. Thanks in advance for any suggestions.

Other details: The computers are all Dells (7070 micros or Latitude 7212s) running Windows 10. WiFi access point is EnGenius ENS620EXT. All devices have static IP addresses because we deploy these networks on multiple vessels and want to be able to easily keep track of everything. Note that the IP addresses are dummy addresses but do follow the pattern we use on the network. Everything is on the same subnet mask 255.255.255.0

 

[bill001g]

Why don't you use actual hardware designed for your problem rather than trying to use a computer. This is like using a hammer when you need a screwdriver.

What you need is a repeater outside rather than a AP. The device you have may be able to run in repeater mode which I think it is calling WDS. I have not spent the time to read the manual.

Instead of the computer inside I would run a simple router or if you have some other router to get to say the internet run a cheap router as a AP.

 

[Fred G Meyer]

Thanks for the comments. I'm not sure what a repeater would be repeating in our situation - the access point is what is used to create our wireless network and facilitate the communication among the wireless devices, so I'm pretty sure we need it. We use an access point because we are sending data from the tablets to the print stations and to the primary computer inside which is running the project's database and other centralized software. The time server is a new addition to the network and really a small part of the overall effort. What we need is fairly basic (allowing wifi devices to access the LAN's time server) and I think we're on the right track - we just have some of the networking details incorrect, hence the post here.

Why don't you use actual hardware designed for your problem rather than trying to use a computer. This is like using a hammer when you need a screwdriver.

What you need is a repeater outside rather than a AP. The device you have may be able to run in repeater mode which I think it is calling WDS. I have not spent the time to read the manual.

Instead of the computer inside I would run a simple router or if you have some other router to get to say the internet run a cheap router as a AP.

 

[bill001g]

I am somewhat unclear how you got this to work even using the PC. The PC must be in effect doing part of the repeater function.

If you are not running encrypted wifi then this might function been so long since I have seen anyone not using encryption it is hard to say.

So here is the problem. The wifi encryption uses the mac address of the device as part of the encryption keys. The PC is connecting to the AP as a end user device....I assume you are not running the pc as the AP and the ens620 connecting as the client.
The AP will only allow the mac address of the PC to pass over the encrypted session. So even when you bridge the lan to the wifi the mac addresses of the other device can not pass over the wifi connection.

Now microsoft has a couple of non standard things like ICS or some other forms of bridging that spoofs mac addresses. My guess is your problems are in this software but it is so messy to implement this almost nobody does this.

If you really want to use the PC as a network device you are better off loading one of the many linux based router images.

Nobody really uses a pc for this function unless they don't have any money to buy another device or they just want to hack on things.

You could I guess just buy another ens620 and configure them to talk using WDS (to fix the encryption issue) setting one to run as the client and the other as the AP(ie server).

 

[Fred G Meyer]

I think I probably wasn't very clear in my previous posts. You are correct that the PC is an end user on the wireless network and not the AP. Primarily, it receives data from the back deck tablets via the AP and writes that information to a database. The EnGenius is the network's wireless AP. In addition to being on the wireless network launched by the EnGenius, the PC is also connected via Ethernet to a couple devices inside the house. One of these, the time server, we'd like to make available to the devices on the wireless network which are located out on the deck. Bridging the PC's LAN and WiFi networks via Windows' "Network and Sharing Center" actually works - it's only during a shutdown and reboot that we lose the ability for devices on the wireless to see devices on the LAN. Manually unbridging and then re-bridging the LAN and WiFi connections in Windows seems to fix it each time, which leads me to think we are pretty much on the right track and likely just have misspecified an IP address or gateway somewhere. As I mentioned, we're biologists, not network engineers. This doesn't have to be pretty, it just needs to work.

 

[bill001g]

Again I am not sure how you managed to get that to work. The time server has a different mac address as the pc. This means when you bridge it the mac address is stripped off the ethernet packet and then sent over the wifi connection using the pc mac address as part of the encryption. Traffic that would then be sent back would be sent back to the pc mac instead of the actual time server. Somehow the pc must figure out how to send the traffic back. This is much more than a simple bridge. Microsoft has a number of things that do stuff like this but they all are rather unstable.

What you are doing technically can't be done because of the security built into the wifi. Everything that makes this work is some kind of hack to get past the security limitation. Not sure what microsoft has done, they do lots of proprietary stuff. The solution used by repeaters is called WDS this too is not actually part of the wifi standard. The manufacture have used the WDS hack for so long they are now all pretty much compatible but I do not think they have added it to the standard. I know WDS will not function with the latest WPA3 encryption standards.

So it is hard to say why this works inconsistently. It has to be something that is not "fixing" the mac addresses correctly. The method used by networks equipment using WDS is pretty well known. With microsoft who knows what they have implemented.

Another note you really don't want to do anything with the pc that is doing this function. Any software running might cause delays in the traffic passing between the wifi and ethernet. You have in effect made a very cheap router/repeater out of a very expensive pc.

 

[Fred G Meyer]

Again, thanks for your thoughts. Getting into the fate of MAC addresses as they pass across various nodes is well beyond my skillset, but are we certain that the MAC addresses are in fact being dropped as they pass through the PC's bridged connection? All of the devices on the network - whether connected via Ethernet, wifi, or both (in the case of the PC), are on the same subnet, they all have static IP addresses, all have the same network ID, and none of the traffic is passing through any formal router. I imagine I could test the MAC stripping by setting up the AP to filter the time server's MAC address and see what happens. If I set it to filter the time server's MAC address and it does filter it - can we then assume the MAC address isn't being stripped by the PC's bridge?

I guess I'm not seeing how what we're proposing is strange, difficult, or even uncommon. Thinking about what we are trying to do using a hypothetical home network scenario - let's say you've got a PC that has internet access via wifi and is also connected to a printer via an Ethernet cable. You can have a tablets, phones, etc., on that wireless network that can print to that non-wireless printer through the printer software and/or apps which must be serving as some sort of bridge between the wireless and Ethernet connections. That happens all the time. Not following how what we want to do is a huge departure from the home network example. Is this really a bridge too far? (sorry, couldn't resist).

Final detail which may or may not be relevant - nothing on these networks connects to the internet. All of the traffic is internal from device to device via the AP - and everything has a static IP with the same network ID. The network exists solely to facilitate communication among the devices via the AP.

 

[bill001g]

People generally do not hook the printer to the PC via ethernet they hook it to the common router. I guess they could but it would work similar to a USB printer or accessing the disk in the pc. The traffic would all go to the IP of the PC and it would send the data to the actual device using file and print sharing feature in microsoft.

What you are trying to do is directly talk to the printer ip from a remote device.

I have no idea what feature you are trying to use. Microsoft has all kinds of strange crap so if you are using something like that you are going to have to dig around microsoft.

Technically what you want to do can't be done. The connection to the remote AP can only have a single mac address because of the encryption. So only the mac address of the actual wifi nic in the pc can be used.

For this to work there has to be other software that attempts to get around this restriction. You can not simply bridge the networks........again assuming you are encrypting it you can if you run without encryption.

There are fairly well know methods of doing this using unix and that what many of the ap/bridge units run. Hard to say about windows, the different version like home,pro,enterprise etc have support of different things.

 

[Fred G Meyer]

I appreciate your time here. Last question - if I activate the EnGenius AP's ability to filter traffic by MAC addresses and set it to filter the time server's MAC address - and it does actually filter that address, does that indicate that Windows' bridged connection is not stripping the MAC address...for whatever reason (lack of encryption somewhere, oddity of Microsoft, etc.)?

 

[Ralston18]

Going out of my comfort zone here.....

I am wondering about the GPS time server gateway 192.250.100.5 (WiFi).

Why not 192.250.100.10 (LAN)?

FYI:

https://www.how2shout.com/how-to/bridge-wifi-to-ethernet-adapter-to-share-internet.html

On the Primary computer, do you seen Enabled, Bridged per Step 7?

"Step 7: As soon you make the bridge between the two adapters, the other ethernet device that is connected to your host computer can use the internet connection. When both adapters are bound into a single bridge connection, it will show “Enabled, Bridged” text on the shared adapters. Furthermore, also a Network bridge adapter will be created by Windows separately from where you can check the IP address range or other properties shared by both the adapters. "

And I understand that the IP addresses shown in the diagram are dummy/pattern addresses.

Can you edit the diagram to show the actual IP addresses? For your vessel at least....

And regarding MAC's. On the Primary computer run "arp -a" via the Command Prompt.

Match up the Static IP addresses to the In-House and On-Deck devices' respective Physical addresses. Are all as expected?

Again, out of my comfort zone, but no harm in wondering about things and asking.