Batman-adv mesh, Multiple Networks, and policy based routing

Hello!

I use multiple Google WiFi (AC-1304) OpenWRT devices and I'm trying to accomplish a few (I'm starting to think ambitious?) goals and I need recommendations/guidance. I consider myself fairly technical (though the "F" in networking in my CS degree would disagree) and am usually pretty good at debugging.

Goals:

  • Use a batman-adv mesh (wired + wireless)
    • 1 Node is Main DHCP/DNS/Firewall and connected to ISP
    • 1 Node is Wired (dumb AP)
    • 1 Node is Wireless (dumb AP)
  • 4 Networks: LAN, Guest, IoT, and Work (192.168.1/2/3/4.0/24)
  • pbr to route the IoT network through a Wireguard VPN
  • OpenNDS for a guest WiFi portal

I can get all of this (without batman) working on one node, and I don't seem to be getting anywhere when I try to add a second node (no route advertisements are happening, there are no neighbors and so on). I've tried upgrading firmware but that doesn't seem to help. TBH I've burnt a lot of time on this so far and I'd love to see some fruit of my labor, but if the use case is to complicated, I can tone it back.

I don't know what to post in terms of config or screenshots to assist, but if you ask I can provide! (Also, general guidance would be appreciated...if I should change my approach I'm open).

You have not gone into any detail about your requirement, but from what you have said so far, I would say you are making it massively more complex than it needs to be.

For basic infrastructure you say you have a router, an access point connected by ethernet and a second access point to be connected by a wireless backhaul.

In addition you want multiple ssids for each wireless and vlans to support the networks those ssids are connected to.

Is this correct?

Of your 4 networks, you have:

  1. LAN - for family use
  2. Guest - for the use of guests and controlled by openNDS
  3. IoT - or IoT devices
  4. Work - for working at home

Is this correct?

Some questions:

  1. Why do you think you need batman-adv?
  2. Why do you need to use pbr to route IoT through a VPN?

Batman-adv is designed to support "city scale" wireless backhaul with a mix of physical media such as ethernet, fibre, radio-point-to-point etc. Sure, it can be used to connect a single access point, but this is very much an overkill!

For the four SSIDs/Networks, these would be separately layer 3 routed/nat'ed to the Internet, so would be isolated from each other.

To support vlans over the wireless backhaul to the single wireless ap, you just need to set up GRE tunnels (luci-proto-gre - Support for GRE tunnels, RFC2784).

If you only want a single wireless connected access point you can use either WDS (point to point Wireless Distribution System) or a mesh11sd link.

If you want the capability to expand to more wirelessly connected access points, then go with mesh11sd.