Configure LAN clients

You can connect up 254 LAN clients to the physical lan interface of the VM. For more than one connection, you’ll need to use a network switch in between.

graph LR
    A[LAN Client 1]
    F[LAN Client 2]
    B[...LAN Client X]
    C[LAN switch]
    D[LAN <<< Router >>> WAN]
    E[Internet]

A --> C
F --> C
B --> C
C --> D
D --> E

Setup DHCP client

For most clients, you simply need to plug the cable in and they will automatically configure themselves via DHCP.

To make DHCP explicit on the client, configure systemd-network:

Run this on the LAN client machine
## The current interface name (this will be renamed 'lan'):
INTERFACE=eth0

## Retrieve the MAC address of your interface:
MAC=$(ip link show ${INTERFACE} | awk '/ether/ {print $2}')

## Create the systemd-network link config:
cat <<EOF > /etc/systemd/network/01-lan.link
[Match]
MACAddress=${MAC}

[Link]
Name=lan
EOF

## Create the systemd-network DHCP config:
cat <<EOF > /etc/systemd/network/20-lan.network
[Match]
Name=lan

[Network]
DHCP=yes
EOF

## Restart network:
systemctl restart systemd-network

Test networking

Verify the interface has the proper IP address for the LAN network.

Run this on a LAN client
ip addr show dev lan
(stdout)
3: lan:  mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 1c:fd:08:7c:74:b6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.1/24 brd 192.168.10.255 scope global lan
       valid_lft forever preferred_lft forever
    inet6 fe80::1efd:8ff:fe7c:74b6/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
Tip

The proper IP address (e.g., 192.168.10.2) should be according to your dnsmasq configuration, randomly in the range set by DHCP_LAN_RANGE_START to DHCP_LAN_RANGE_END, or explicly by the static lease in DHCP_LAN_STATIC_LEASES.

Test that the client can ping the router IP address:

Run this on a LAN client
$ ping -c3 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.726 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.371 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=0.847 ms

Test that the client can ping an Internet IP address:

Run this on a LAN client
$ ping -c3 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=13.6 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=55 time=11.2 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=55 time=10.7 ms

Verify that the client DNS resolver is the router IP address and LAN domain name:

Run this on a LAN client
$ cat /etc/resolv.conf
domain lan.example.com
search lan.example.com
nameserver 192.168.10.1

Test that the client can query DNS names on the Internet (this query goes through dnscrypt):

Run this on a LAN client
$ dig time.xmission.com
...
;; ANSWER SECTION:
time.xmission.com.      151     IN      CNAME   clock.xmission.com.
clock.xmission.com.     151     IN      A       198.60.22.240

Test that the client can query DNS names from the router /etc/hosts file (this query is handled by dnsmasq directly):

Run this on a LAN client
$ dig foo.lan.example.com
...
;; ANSWER SECTION:
foo.lan.example.com.    0       IN      A       192.168.10.2

Test that you can ping an Internet server by name:

Run this on a LAN client
$ ping -c3 time.xmission.com
PING clock.xmission.com (198.60.22.240) 56(84) bytes of data.
64 bytes from clock.xmission.com (198.60.22.240): icmp_seq=1 ttl=51 time=15.4 ms
64 bytes from clock.xmission.com (198.60.22.240): icmp_seq=2 ttl=51 time=11.5 ms
64 bytes from clock.xmission.com (198.60.22.240): icmp_seq=3 ttl=51 time=10.5 ms

Find your public gateway IP address:

Run this on a LAN client
$ curl https://ifconfig.me && echo