A foolproof guide to setting up further wifi coverage

I got 3 really cheap OpenWRT devices (Zyxel WSM20). I thought it would be easy to understand all this but I'm having trouble.

My goal is basically just wireless access in a 3 story house and the garden. I currently achieve this with a Eero system pretty well but I thought it would be cool to get the same with OpenWRT for way less. I want to make it clear that the 3 devices will all be connected wirelessly. Setup: a modem connected to one of the Zyxel WSM20 then 2 other WSM20 plotted around the place like Eero.

Right now I have all 3 devices flashed and that's it. The thing I'm having trouble with is how to actually achieve what I want. I see so much stuff flung around like relayd, wds and mesh (802.11s).

From what I know 802.11s is just kind of what the Eero does but that seems hard to setup and people have said wds or whatever has much faster speeds. Not gonna lie I only sort of know my way around luci so when I see stuff like: "Now, open the /etc/config/wireless configuration file and add the following line"... I just get lost. I understand I probably have to do this in ssh but unsure of the commands.

Hopefully that's enough back story for what I want so ultimately my questions:

1: Is there any full luci configuration I can follow or if ssh is needed, will it be fully explained anywhere?

2: What approach would be the most reliable? I know mesh will be harder to setup but if reliability will be better than relayd or wds I don't mind.

Thank you

1. For configuring your openwrt devices you can achieve almost all you want from the LUCI web interface. What you have been reading on the forum is probably related to more complex configurations which is what might be overwhelming you.

2. Most reliable in my opinion is copper wire. But this is not always achievable. If you need to connect your devices via wireless then you have different options like you have listed. For now ignore relayd. So your other two options then are WDS or 802.11s (both are considered mesh standards). WDS is the older standard and works across different manufacturers which is why I use WDS at home because I have a mixture of Mediatek and Qualcom/Atheros devices in my home network. WDS is simpler than 802.11s but requires that the wired device acts as a WDS station and the wireless connecting device acts as a WDS client (i.e. it is not peer based). The benefit in terms of openwrt is WDS can be setup straight after flashing your device without installing further packages. This is a real benefit when upgrading to new firmware. On the other hand 802.11s is the newer standard and has more features and more importantly is peer based (all nodes can act has station/client) and will self heal if one of the nodes goes down. The down side is different hardware manufacturers will not talk to each other and also you must install additional packages after flashing new firmware which also makes it less convenient when upgrading to new firmware. Speed wise between WDS and 802.11s there is not much difference. What is most important when setting up a mesh network is the signal between the mesh devices is strong and reliable rather than your end devices i.e. there is absolutely no point that your phone has a strong signal to the remote AP if the mesh wireless connection is weak.

Relayd is used for dissimilar h/w and s/w. So for example I would use Relayd if I was connecting into an access point in an office where I have no admin access to the network but want some kind of pseudo wire.

Whenever your satellites are relatively static and not moving around regularly, WDS/ 4addr should be the easier and faster approach (ideally you avoid daisy-chaining repeaters, as the repeater effect comes into play, and have all repeaters connect to the 'central' router).

Real meshing (and not what most vendors call that) comes into play if your satellites are mobile, if you have multiple (potential) uplink scenarios or even routes (as well as more than a handful of satellites).

But… A wired backhaul connection (with a dumb AP setup) is always to be preferred to the extent possible, even if that might not be possible for all repeaters, at least do that for those that can be wired up.

Thank you. That is what I wanted to know.

Based on your info I have tried to look at YouTube. This looks pretty simple:

So if I'm right the steps would be:

1: Set computer to have a static IP of like 192.168.1.15 (just something higher up)

2: WSM20 connected to modem has IP 192.168.1.1 by default and this has internet access. Set up 2.4 Ghz and 5 Ghz SSID with WPA2-PSK.

3: On second WSM20 in OpenWRT I set up a LAN IP address on the device of 192.168.1.2 and disable DHCP server

4: Save changes and relog in at 192.168.1.2

5: Go to Network > Wireless and Scan. Join the wireless network from the first WSM20. Not clear in that YouTube video is the firewall zone it appears empty. I doubt that matters since the first WSM20 will take care of that but wanted to make sure.

6: Change Mode to WDS (Client) and assign network to LAN and untick wan.

7: Repeat steps 3 to 6 for the third WSM20 but that has an IP of 192.168.1.3

8: Probably not needed but set computer back to DHCP

Am I in the right ballpark?

As for mesh I luckily stumbled upon this video: https://www.youtube.com/watch?v=KmSKCE1QHK4

It was hard to find but this is the devices I have. Way more configuration but it seems to all be in luci so that's a start!

Actually one thing I didn't think about for all this is how clients will choose what access point they connect to. In WDS will clients be smart enough to say "hey this -75 db signal is kinda bad let me automatically join this -57 db node instead".

I take it that is more often going to happen on mesh 802.11s than wds?

Do 1-step at a time:

1. Setup the wired WDS station first. I assume your main router is going to be providing your DNS and DHCP services. So configure your 3 x Zxyel Access Points as dumb APs by disabling DNSMasq, DHCP, and firewall. Give it an IP different than your main router. Choose Access Point (WDS) and WPA2/AES and give it a useful name like MyWDS and a password. If the Zyxel has a 5GHz radio put the WDS station on the 5GHz radio. Set the frequency. Bridge this to LAN.

2. Next setup the non-wired APs. Give them a unique IP address on the same subnet and disable services so they are dumb APs. Choose Client (WDS) WPA2/AES and name it MyWDS with same password. Bridge this to LAN. Set the frequency same as wired AP. Wait for a while and the non-wired AP will automatically connect to the wired AP using WDS. If not move the AP closer and play with the antennas. Once they connect you should be able to ping the non-wired AP from the wired AP.

3. Repeat step 2 for the last and final AP. You should now be able to ping all your non-wired APs.

4. Setup the radio stations for your Wifi devices on each AP exactly the same for all APs. Most phones and laptops will automatically roam between the APs at default setting. You can search the forums about fine tuning other settings to achieve quicker roaming times.

There is no difference in roaming between 802.11s and WDS. Roaming is a client feature. Your phone either supports it or it doesn't. Some phone models roam more aggressively than others so different phones play differently. Search the forum for tips on improving roaming. There is a feature called 802.11r than you can configure but I have found that this is not as effective as fine tuning the signal coverage and offering of data rates i.e. that if the signal is too low and the data rate being offered is also too low the AP will kick-off the phone and force it to search for a new AP.

The setup I was thinking of doing is I have a dumb modem and I would have one WSM20 connected to it as the main router. I would also install cake on it. Hopefully this would help explain:

setup813×782 7.25 KB

Based on this I looked at the guide again for the luci section: https://openwrt.org/docs/guide-user/network/wifi/atheroswds

So in this case I would just do:

Step 1: With the WSM20 connected to the modem set the wireless mode to "Access Point (WDS)". Nothing else has to be done because it will handle DHCP etc. Firewall rules should be auto applied and make sure it is bridged to LAN.

Step 2: On the first non wired AP, set 192.168.1.2 and disable DHCP.

Step 3: Scan and join the network on 5Ghz with same channel but set to Client (WDS) mode and change to lan.

Step 4: Unsure. Is this needed still?

Go to Network, DHCP and DNS. Set DNS forwardings to the IP address of the access point.

Go to Network, Interfaces, Lan, Edit. Set IPv4 gateway to the IP address of the access point.

Go to Network, Interfaces, Devices tab, Configure... on br-lan, Advanced device options and enable STP. Failing to do so can allow a network loop to form that will take down all routers.

If so I just put in 192.168.1.1 right?

Step 5: Repeat step 2 to 4 on the other non wired AP.

Step 6: Done?

Actually thinking more about this I'm getting more confused. I kind of understand the approach of setting up wds but how do you actually handle a access point that is dual band? It's all well in good setting up say 5 Ghz as backhaul but how do further clients (or say 2.4 Ghz only clients) on a non hardwired ap connect to 2.4 Ghz? Do I still enter the same 2.4 Ghz SSID details on the non hardwired aps as the hardwired ap? Sorry if that doesn't make sense.

On this point, cake can be heavy on cpu, so test it with htop running. Make sure you’re not maxing out the processor

My internet is max 65 Mbps and I saw Cake can do about 135 Mbps on this soc. I think I gave myself decent headroom.

Very nice! Is there zero option for wired?

Depending on age of home a lot of times the phone lines are actually Ethernet lines with unused pairs. Check your basement near the power panel for a phone line connection set.

You may even have blank plates with Ethernet behind them.

Another hack, if there are 2 phone lines in a room you can use them both as split twisted pairs, make sure both ends are the same.

3. Do not scan and join network as this will create a Wireless WAN. Just create a new wireless station and configure it as WDS Client.

Blockquote Go to Network, DHCP and DNS. Set DNS forwardings to the IP address of the access point.

Go to Network, Interfaces, Lan, Edit. Set IPv4 gateway to the IP address of the access point.

Go to Network, Interfaces, Devices tab, Configure... on br-lan, Advanced device options and enable STP. Failing to do so can allow a network loop to form that will take down all routers.

If so I just put in 192.168.1.1 right?

Blockquote

No need for STP. A Dumb AP is exactly that, a Dumb AP. Disable DNS, DHCP, Firewall services on all 3 x Zyxel APs. These services will be provided for by the router (assuming the router has been configured this way). The only thing the dumb APs need to be configured is for their own IP address and gateway and DNS pointing to the router. Nothing else needs to be configured on the LAN interface.

BlockquoteActually thinking more about this I'm getting more confused. I kind of understand the approach of setting up wds but how do you actually handle a access point that is dual band? It's all well in good setting up say 5 Ghz as backhaul but how do further clients (or say 2.4 Ghz only clients) on a non hardwired ap connect to 2.4 Ghz? Do I still enter the same 2.4 Ghz SSID details on the non hardwired aps as the hardwired ap? Sorry if that doesn't make sense.
Blockquote

On each AP create SSIDs for both 2.4 and 5 radios. So on each AP create MySSID on both the 2.4 and 5Ghz radios. All same password. As an option you may want to create a MySSID_5Ghz on each of the 5Ghz radios for those devices you want to only connect to 5 Ghz and not 2.4.

@alex24 @slh

This is very much not true in the OpenWrt world. As long as the wireless driver supports mesh it does not matter what the manufacturer of the device is. Just about all wireless drivers support mesh these days. However if your wireless chipset is Broadcom, you are out of luck.

As for installing additional packages for mesh, all you need is to replace wpad-basic-mbedtls with wpad-mesh-mbedtls and install mesh11sd.

With just 2 devices, yes the speed of WDS is pretty much the same as 802.11s. But with 3 or more, 802.11s mesh becomes progressively more efficient with its built in mac-routing protocol (aka HWMP) in comparison with WDS.

Actually, relayd is a legacy tunnelling protocol dating back to when most wireless drivers could not support concurrent AP and STA modes. As almost all now do support concurrent AP and STA, relayd is largely redundant.

The mesh11sd package is designed to make building a mesh as simple as possible.
Once you have wpad-mesh-mbedtls you can go into luci and configure the basic mesh interface, making it the same id and passkey on every node, then let mesh11sd do the rest.

You would start with the default image, one node at a time.

1. connect wan to your isp router
2. install wpad-mesh-mbed
3. install mesh11sd
4. configure a mesh interface (to be the same on each node).
5. reboot

Do the same for every node.
Place "satellites" where you want them .
Connect the "master" router wan port to the isp router on a lan port.

Done.

Edit: The next release of mesh11sd (v3) will even configure the mesh interfaces for you. (Currently in testing, release coming soon).

@papdee

Thanks for your help. After reading what bluewavenet said and also reading about the scalability of mesh, I think I will be looking at 802.11s. Most of the stuff is still helpful though. I learned alot!

@bluewavenet

Thank you for the info it seems really great. I'll do more reading and attempt soon but does seem really simple.

if you do go for 802.11s note that you will need to manually update each of the APs when flashing updated firmware. If your APs are in a difficult to reach location this could be a lot of hassle.

How is that different to reflashing any configuration?

The mesh11sd utility provides remote connect and remote copy functions for remote reflashing, remote reconfig or remote file copy to help with those meshnodes you might have put on the roof....

Assuming flashing stock firmware, how would you get the remote mesh radios up after flashing the remote APs ?

I take it you mean default Openwrt.

Same way you would get a remote WDS AP by connecting a cable and doing whatever is necessary.

But you would not flash the default firmware, you would make a custom version using imagebuilder or even simpler using the OpenWrt firmware selector to build it for you.
With mesh11sd, you can have the same mesh config on all devices, even if those devices are different models.
https://firmware-selector.openwrt.org/

I am working on the assumption the OP is just new to openwrt and not yet ready to build custom firmware.

That's fine, but the old days of having to figure out Imagebuilder first are over (not a trivial task for a new user), with the availability of the Firmware Selector. Just a few minutes and your custom firmware is built for you online and ready to download.

I managed to somewhat do the setup last night, can get people in the house to test it soon. Actually quite nervous lol. Some points I noticed:

1: I'm probably doing something wrong here but on the second node when inputting the 192.168.1.1 gateway it told me this:

I had to first change the IP to 192.168.1.2, save and then it would let me put 192.68.1.1. I sort of understand why since I haven't actually changed the IP yet but I thought it would still allow. Only alert the user if the static address was the same as the gateway when clicking save.

2: I wasn't sure about how to make node 2 and 3 pure mesh and ap (or what people would refer to as dumb I guess). I did just connect each 3 units individually and did the exact same setup for the most part to get wpad-mesh-mbedtls and mesh11sd installed.

Then my attempt at making the 2 satellites dumb, I just changed IPs, set default gateway to main node and ignored dhcp interface. I don't know if I should have done more. Maybe disabling firewall and dhcpv6 etc but I'd like to get some extra recommendations on that.

3: @bluewavenet It definitely would have helped doing imagebuilder especially if it's as easy as this:

imagebuilder1059×680 12.9 KB

I just took out wpad-basic-mbedtls and added wpad-mesh-mbedtls and mesh11sd. Would mean I could have skipped the PPPoE internet login step for the 2 satellites.

4: I still have to look into configuration and make sure mesh11sd is setup. Will see the wiki later. As per wiki I take it I just look into /etc/config/mesh11sd?

Thanks again

Intriguing - would you be able to expand on this a little for those interested specifically in this?

Right now I pass GUEST traffic over 5 GHz WDS backhaul for LAN traffic using VXLAN - would one do the same under 802.11s?