Choosing a network for a wireless interface

What does it mean to attach a wireless interface to a network?

This "having to choose the network for your new wireless interface" happens at this stage

LuCI > Network > Wireless > on row for "radio0" or "radio1" button "Add" > Interface Configuration > General Setup

Or as in this screenshot:

When I click the pop-up menu for Network (indicated in orange), I see: lan, wan, and wan6.

So the question is what it means to attach the wireless interface to one of those.

I can imagine that attaching the wireless interface to lan will result in a wireless device (e.g. a phone) using that interface to join the LAN. This is just what happens on a "regular" router. The phone can then access shared folders of the computers in LAN. Is that what happens in OpenWrt too?

But what would it mean to attach a wireless interface to wan?

What happens when you leave Network as unspecified?

I am not yet worried about a wireless interface for Internet only (no LAN access), which I imagine might involve creating a new network for the wireless interface.

Your assumptions are correct.

If you set it up as WAN, it'll be treated as "external", and have the traffic routed via the firewall.

not sure about unspecified, but probably not handled by the firewall/rules.

Thank you. But on:

My firewall configuration on WAN is the OpenWrt default. I believe this default is to reject anything that tries to come in from WAN (unless there is a specific exception to allow).

So attaching a wireless interface to WAN would cause any connection from that interface to be rejected? Why would that be useful to anyone?

Or do I wholly misunderstand?

This is correct

Yes, unless specifically allowed by manual configuration.

Think outside the box ....
You could have several WANs, for redundancy, or load balancing, and openwrt doesn't care if it's wired and wireless, or even IP over Avian Carriers ( ).
The assignment (LAN/WAN) is to know how/where to route the traffic within the router.

Just because it isn't useful to you, doesn't mean the rest of the world have an identical usage scenario as you do.

Leaving unspecified means that the AP has no network behind it. A device can reach the first stage of connecting, but will fail at "Obtaining IP Address". This is not a usable configuration.

In the default configuration, wan is not a bridge, which means it can only have one physical port. That port is the eth connection to the ISP modem. Attempting to add an additional physical device will fail one of two ways, either the eth is kicked off (so no Internet for anyone) or simply the wifi doesn't attach, and the result is like Unspecified. Not usable.

So what if you were to check the "Bridge" box under wan and try it again? Now the wifi users are bridged to the modem or other upstream network. Depending on the upstream network, they may even have Internet access but it is completely bypassing the router. The firewall rules do not apply. This is a "dumb AP" situation that is useful in some usage cases but not on a main router where you do want to firewall everything, and have the users inside that firewall rather than outside.

Realize that OpenWrt's philosophy is to give the user total control of settings rather than enforce canned "operating modes." This means that a lot of potential settings can be made that won't work at all, or won't do anything practical.

Thanks again. "Why useful" was meant to draw out cases of usefulness, as indeed you have supplied. Yes, I do see that an OpenWrt router may expect traffic to come to it over WAN through the wireless interface and want to accept the traffic only on some criteria being met.

1 Like

I'm doing that in my setup. But yes it is an "advanced option" for special cases, most people using default setup don't want that because in the most common situations there is nothing that can receive the connection from the devices that connect to wifi on the WAN side.

I have two routers chained to each other.

One router is connected to the internet, and the other router is connected to its LAN with the WAN port and creating its own LAN for other devices. I'm doing this to separate the important devices in a "secure" area of my network from the other devices that stay in the "less secure" area of my network.

I cannot just use a single router connected to the internet because there I need to run a special fork of OpenWrt (OpenMPTCP Router) for other reasons, and I prefer to not trust a third party fork with running the "secure" part of my network too.

This first router is actually a mini PC and has no slots for a wifi card (using USB wifi dongles makes a weak wifi) so it cannot create a "guest wifi" for guests and untrusted IoT like the smart TV and other things.

The second router has integrated wifi. So I've created the wifi network on the first router and bridged it to WAN, so that all devices connecting to wifi are bounced to the second router WAN, that is also the first router LAN and therefore they will be handled by the first router, and will stay isolated in the "less secure" network.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.