Setting up a bridged AP

[Philip Prindeville <philipp_subx redfish-solutions com>]

Hi,

I’m working on CentOS 8 Stream on a Raspberry Pi4 (64-bit mode), but I don’t think that my issues are 
platform specific.

I’d like to be able to decompose configuration into separate steps, and fine tune them individually.

I’ve got “eth1” (an external USB 3.0 Ethernet dongle, but I could be using “eth0” just as easily).

I’ve got “wlan0”, the built-in Wifi hardware.

I’d like to join them into a bridge called “br0”.

All of that is easy enough to do so far:

nmcli conn add con-name “Bridge 0” \
    type bridge ifname “br0" \
    connection.autoconnect true \
    ipv4.method “manual” \
    ipv4.address “$LOCALIP/$LOCALPREFIX” \
    +ipv4.routes “224.0.0.0/4”

nmcli conn add con-name “Bridge slave 0” \
    master “Bridge 0” \
    type ethernet ifname eth1

nmcli conn add con-name “Bridge slave 1” \
    master “Bridge 0” \
    type wifi ifname wlan0 \
    mode ap ssid “$SSID” \
    802-11-wireless.band “bg” \
    802-11-wireless-security.key-mgmt “wpa-psk” \
    802-11-wireless-security.psk “$PASSPHRASE”

So far, seems simple enough.

I’ve also got a DHCP server provisioned and running, but I could just as easily be running one elsewhere, 
since the bridging would flood broadcasts from wlan0 to eth1 and vice versa.  Or I could have set up a 
dhcp-relay and pointed that to a server on a different subnet.  The point being that there’s more than one 
way to skin that cat.

The DHCP server also points at the correct default gateway, and that default gateway (being a border router) 
also provides NATting for me, so that’s working fine also.

But when I try to authenticate it fails.

If I disable wpa_supplicant and run it manually as:

wpa_supplicant -b br0 -i wlan0 -c …

then it seems to authenticate.  Looking through the NM sources, I don’t see anywhere that the parameter 
“BridgeIfname” gets squirted into wpa_supplicant.

What am I missing?

Thanks,

-Philip