I given up. My own solution:
I’ve bought a small tp-link router TL-WR902AC. This has 1 ETH NIC, a UBS power connector and 2,4 GHz and 5GHz AP-Mode. The USB-Port of my firewall is the power supply und the NIC ist assigned/connected to blue net. And is even cheaper than the USB stick.
I also tried to compile this driver with instruction from https://wiki.ipfire.org/devel/ipfire-2-x/addon-howto, but didn’t succeed because of module signing … I successfully compile module, but didn’t manage to us it because of module signing …
I am not sure if it is a good idea then to run this hardware when there is no mainline driver available. You might run into a lot of bugs and it will be hard work to keep it working.
On the other hand, a couple of posts above it is explained how to compile the whole kernel in one go and what is needed to copy it over to the system so that module signing is working. You can - optionally - disable signing in your own kernel and then build your module manually, too. But that step will need to be redone with most Core Updates. And you should not think about not updating your kernel any more.
Hmm, Alfa AWUS036ACH (Realtek RTL8812AU) is an excellent piece of hardware, outperform most of other wifi devices. So that main reason why I’m using it…
Thanks for explanation, I will try then how to compile with module signing…
Linux mainline make decisions, on what support and what not. The same, more or less fair, that any OS developer does. After that, some hardware producers loan developers or finance linux kernel, or other projects, for being sure that the customers will have support for their hardware.
Therefore the answer to the question of @bbitsch are sometimes political, sometimes technical, sometimes money driven.
Because the IPFire project uses Linux as a platform, obeying security aspects, we can support the mainline only.
The kernel signing is a further step to security. It assures that only these modules chosen by the core devs are installed in the system. You may compile your kernel/system with own modules, but this cntradicts the security philosophy of the project, IMHO.
Another part of this philosophy is “trust us, fully swallow our decisions”. Updates are monolithic, not referred to the kernel, which is updated time to time, but also the changes of the other packages.
I can see the perspective of “signing everithing”, and the addon concept, but it taks the same leap of faith for software designed in San Jose, Sunnyvale, Abingdon or whatever place.
Great advantages respect to other companies:
Open Source
No License-fee based model (for client or services)