I think the problem is that.
is router one able to do access point wds? if yes you need set the ip address of your client router on the same range, like 192.168.1.1 router a, 192.168.1.2 router client
@anon4457646's remark is correct, the IP should be in the address range of the AP.
However even if it was wrong, it would not affect the DHCP. Have you switched off DHCP server on this one?
Can you ping from this router the AP? (after you fix the IP address).
I cannot ping the AP from this router. I did fix the network address so it was in the same subnet. In my first example I was just assigning a static IP in another network so I could ssh into it from an ethernet device and see if I could ping the base IP
Some other observations, and I think it might be the base AP doesn't support WDS (or at least properly)
With the stock firmware I can get WDS bridge working, but only with 2.4GHz and Open security or WPA, not WPA2. I only didn't notice because ISPs by default allowed both WPA and WPA2, and even then buggy router somehow flipped itself to Open security, where it was working great! Never got it to work on the 5GHz band, which is kind of why I decided to try other firmware.
OpenWRT firmware works great if I just use the OpenWRT device as a router and WLAN interface is a regular client treated as WWAN. I wanted to avoid double-NAT scenario though.
After my experiments with the stock firmware, even tried open security on the base AP as from what I've researched, WDS support/non support can be affected by supported ciphers,etc.
When trying to do WDS bridge, in the GUI it always shows traffic outgoing from OpenWRT on the wireless interface and nothing coming back, which may be the fault of the base AP? Data rate shows nothing coming back as well as bytes in/out showing only traffic out. Looks fine when the wlan is assigned a client and functioning as WWAN. I'm going to try to bridge the OpenWRT (TP-Link Archer C7 v2) with another device and see if I fair better.
This is essential to assume that there is connectivity.
In accordance with
I suppose the client has not connected properly.
Keep in mind that in station (or client) mode the wireless interface can be routed only. To achieve bridging you need WDS preferably or mesh, l2 gre tunnel, relayd.
It was essentially the ISP router not supporting WDS, even though it would somewhat go with the stock TP-Link firmware for some strange reason.
Got a D-Link DIR-835 that my friend had retired (but already had OpenWRT on it), and it worked pretty much straight away using the D-Link as the Master WDS.
What I have now:
ISP router - 192.168.0.1, acting as gateway and DHCP server (stuck with it because it contains the cable modem)
DIR-835 - WDS Master - 192.168.0.253
Archer C7 v2 - WDS Client 192.168.0.254
OpenWRT devices are running the lastest flash.
The client is connected in 5Ghz/40Mhz to the Master (802.11n as the D-Link is pre-802.11ac).
After playing a bit with the antennae orientations, I'm getting 270-450 data rates reported, and over 200mbit actual throughput on some file copies. Now I don't need to buy wireless adapters for several wired devices. Posting all my results for archival purposes.
One thing I do experience now, is access the WDS Client device via HTTP or SSH seems very unreliable. I reset it to factory several times and the results seem repeatable. If I disconnect the Client OpenWRT device from the Master via the HTTP interface(keep in mind I'm doing this from a client connected to the Client device via ethernet - connectivity to the far side of the bridge seems rock soild), it starts working again for a while then seems to die, like a firewall rule is blocking it. I can always ping the WDS client's static IP of 192.168.0.254 from my test workstation, and internet traffic, DHCP, everything is working. Once the WDS (Client) reconnects to the Master, it might work for a minute, it might work for 15 minutes. I might try an older flash image on the client device to see if I've hit a bug or something with the latest version on the Archer C7 device. But this is minor if it works otherwise.
This is all working with the exception I can't ssh/http to the client on 192.168.0.254 once the bridge comes up. I can ping 192.168.0.254. The requests are actively refused, not timing out so it must be something strange with the firewall config I don't know how to fix.
I can ssh from the machine on the client ap to the base ap. From any machine to the client ap... well mostly it says connection was rejected, but then will work randomly at times, for no reason, and with no config changes. But the bridge for all other purposes works fine.
Base station firewall config:
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
# port redirect of remapped ssh port (22001) on wan
#config redirect
# option src wan
# option src_dport 22001
# option dest lan
# option dest_port 22
# option proto tcp
# allow IPsec/ESP and ISAKMP passthrough
#config rule
# option src wan
# option dest lan
# option protocol esp
# option target ACCEPT
#config rule
# option src wan
# option dest lan
# option src_port 500
# option dest_port 500
# option proto udp
# option target ACCEPT
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
Client firewall config.
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wds'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
It is a bit curious there is quite a few differences in the firewall config. I didn't really change anything from defaults, the only thing I can say, as opposed to yourself I have two different devices, but both running the latest 19.07.2 firmware build.
