Passing a wireless interface to KVM VM

Hello guys.
I am trying to, as the thread name suggests, pass a wlan interface to a KVM VM running Mikrotik RouterOS CHR.

CPU: 2x Intel Xeon e5-2620
MB: Asus Z9PE
WNIC: TP-Link TL-WN881ND (Realtek RTL8192EE)
OS: Debian 9.6, kernel 4.9.0-8

When I use a

virsh attach-interface --domain MkCHR --type direct --source wlp132s0 --target wlp132s0virt --model virtio

command, I get a wired ethernet interface in the VM, and it is not what I need. I want this VM to be a wireless CapsMan AP, so it must rule this interface completely.

Parsing the PCI-e device completely is reserved as the most complicated way Mikrotik support adviced not to use (they are not sure it would work as expected).

How can I do this?

First off, you’re not attaching the interface properly. If you want to have it show up as a wireless device, you need to use PCIe passthrough, which is much more complex.

That said, we can still make it work.

First thing’s first, have a look at your IOMMU groups, with the following script:

shopt -s nullglob
for d in /sys/kernel/iommu_groups/*/devices/*; do
    n=${d#*/iommu_groups/*}; n=${n%%/*}
    printf 'IOMMU Group %s ' "$n"
    lspci -nns "${d##*/}"

You need to make sure your wireless NIC is in a separate group from everything else. If it’s not, it’s going to get complicated. Is this device onboard or a PCIe device?

1 Like

Outputs nothing:
But it appears to be in a separate group after running just lspci:

I asked Mikrotik support before, and they don’t think PCI-E passthrough is going to work properly for some reason:

So I don’t have any other choice? I have a basic idea about passing through devices, my host hardware and software completely allow it, but with this I will rely on RouterOS drivers to handle the NIC, and this is a setup which I can not really believe too much in.

NIC is a discrete PCI-E expansion card plugged into a server-grade motherboard, slot controlled by the second CPU, CPUs and BIOS support VT-x and have it enabled.

@SgtAwesomesauce, could you please help me a bit more?

Sorry, this must’ve slipped through the cracks. I’m about to step into a meeting, but I’ll help you when I’m out.

Do you have VT-d enabled?

Yes, everything togglebale about virtualization is turned on in bios.
If it’s just about passing through a pci-e device without any alternatives, I can use some manuals and not consume your time unless I have major troubles. And I will continue tomorrow, going to sleep for today.

That’s going to be the main component.

As far as what Mikrotik said, I’m not sure how it’s going to be impossible. They don’t exactly understand how passthrough works, because it’s transparent to the Guest OS when something’s passed through. (for the most part)

Yes, and with passthrough it’s up to Guest’s drivers to handle the device. I am not so sure about RouterOS wi-fi NICs compatibility.
Or am I wrong?

Their nic compatibility is what needs to be evaluated. You can always just try it to see what happens, but you need to use pcie passthrough to get the desired results.

1 Like

Sorry for my inactivity, am currently having a lot of stuff going on at work and 2 semi-dead GPUs at home.
Will play with virtualization and post here in the beginning of next week, probably.

1 Like

Sounds good. Let us know if you have any questions/problems.

I’m trying to understand what benefit / purpose would there be to running a capsman AP in a VM like that. (Also, still not sure CHR would have the wireless drivers, …but assuming it does).

  1. It is fun
  2. I want to populate this server
  3. Why not?
    Mikrotik said I should be able to, want to find out.

Alright, in that case you may want to give regular RouterOS a spin, as opposed to trying the CHR version.

I am not sure it is available for x86, but thanks, would try if anything goes wrong. And CHR costs less, if my memory serves me right.

It is available, you can get 24h of functionality free for testing.
I only mention it because wireless on x86 on RouterOS is actually a supported use case (has all the right drivers and so on), not sure about CHR.

Also, they sell their own R11e… mini PCIe based cards, that have the right firmware on them and can fit into a regular slot via an adapter card. You’d need some pigtails too at that point.

In general it’s much easier to get one of those hAP/cap boxes to play with capsman than it is to setup a VM. Especially if they’re arm based instead of mips and therefore not starved on CPU.

Have fun!

I have a physical CapsMan AP, want to play with virtual too, creating a mesh network with both of them. CHR has a 60 days trial and Mikrotik support said it should work fine as an AP.
Well, would see in a couple of days.

Sorry for inactivity again, just got a third GPU that gave the third chunk of troubles, mostly unsolveable ones.
Will try to do something tomorrow and post about progress.