Today I was finally able to realize my plan to use the MT7922
wireless NIC on my my Gigabyte Aorus x670 Elite motherboard as
access point. From there I could bridge the traffic to my OpnSense VM running on Proxmox 8.1. Throughout this journey I had some
insights that I want to share with the internet.
Firstly I learned that at least on this board it's much easier to pass the wireless card to a LXC instead of passing it through
to a virtual machine. I tried the latter first and the vfio-pci
driver was just loaded fine for the wifi card but for some reason
also for the 2.5Gb realtek NIC, so that I didn't have ethernet on proxmox anymore. So, given that the correct drivers for the MT7922
were loaded on proxmox I just set up an unpriviliged LXC with Debian 12 + the following lines in its config (/etc/pve/lxc/{ID}.conf
):
lxc.net.1.type: phys
lxc.net.1.link: wlp17s0
lxc.net.1.flags: up
lxc.net.1.name: wlan0
and voila I had the card functioning in the container (ok, almost: had to apt install lw
on proxmox first, but anyway).
Then I added my LAN bridge, also connected to OpnSense as network for the container to eth0
,
cloned Catty2014/linux-wifi-hotspot (which is a fork of the nice
original from lakinduakash to add 802.11ax support),
ran make install-cli-only
and finally ran
create_ap --ieee80211ax --ieee80211ac --ieee80211n -m bridge wlan0 eth0 MySSID MyPassPhrase
and went to town \o/
... but only on the 2.4GHz band and when I wanted to switch to the 5G band, things got a liiittle more complex:
The error message from create_ap
was ERROR: Your adapter can not transmit to channel 36, frequency band 5GHz.
. Hrm, ok - this
was unexpected, as the card is supposed to support up to 6G. After clicking through the issues in the linux-wifi-hotspot repo I
stumbled across this comment, looked
into my iw
output and just saw that everything above 2.4GHz was either with no-IR
or disabled
.
My dear friend ChatGPT then gave me the hint that this could be due to regulatory restrictions that would apply for the country
code set for iw
which seemed logical - esp. after a iw reg get
gave me a 00 country code (global). I then tried to iw reg set DE
from within the LXC which gave me Operation not permitted
which was because I did this in an unpriviliged container
and - thanks ChatGPT - one should rather do it on the host - where it didn't work (without error but also without effect).
So I googled again for the symptom and found out that it could be because the regulatory.db
required by cfg80211
could not be loaded.
I then had a look at dmesg
and yes, there were the messages: platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
and cfg80211: failed to load regulatory.db
.
It took me a while to find out that the problem was not with the /lib/firmware/regulatory.db
files (which were fine) but related to
another error that came a few lines later in dmesg
: direct firmware load for mediatek/BT_RAM_CODE_MT7922_1_1_hdr.bin failed with error -2
.
It then just was the -2
in the error code that made me think this could be related - and it was: This particular file was really missing
in /lib/firmware/mediatek
(please don't ask me why). So I just downloaded it from the
kernel sources, rebooted,
successfully ran iw reg set DE
on the host and there were my missing channels \o/ \o/ \o/