Configuring networks for a LoRa gateway


I have a Dragino LPS8 LoRa gateway which I have running OpenWRT 19.07.

I'm trying to get the network set up in a particular way, but I'm not very experienced with this config so some advice or example config would be greatly appreciated.

I'm essentially trying to allow the gateway to connect to the internet by one or both of the below:

  1. connect to an existing ethernet network
  2. connect to an existing WiFi network

I then want to have the gateway run a WiFi AP that I can connect to so that I can access LuCI.

The three networks should essentially be independent. E.g. WiFi being configured or not shouldn't affect the availability of the AP, WiFi shouldn't be able to talk to Ethernet, etc.

So ideally, I essentially want three different networks. Each network shouldn’t interact with each other

  1. Ethernet
    • Connects as a client on an existing Ethernet network
    • I can access LuCI and SSH
    • The gateway has internet access available through this connection
  2. WiFi Client
    • Connects as a client to an existing WiFi network
    • I can access LuCI and SSH
    • The gateway has internet access available through this connection
  3. WiFi Access Point
    • Clients (phones, laptops) can connect to this AP
    • I can access LuCI and SSH
    • The gateway does not get internet access through this connection

Is this possible in OpenWRT? I'm assuming I will need to do some firewall config but I'm not sure where to start.

Any advice would be greatly appreciated!


Hello James,
yes it is possible, however there are a few catches. For example, operating a wifi client and access point at the same time can be tricky. If the device has a single radio, then the ap will have to work on the same channel as the client. travelmate package can help you with that.
Regarding the default gateway from 2 interfaces, it is not an issue, as long as you set a proper metric on the connections, so that there is precedence of one gateway over the other. If you need loadbalancing or failover, then mwan3 package is your friend.
Ethernet and Wifi Client interfaces should belong to wan firewall zone. You'd need to allow ssh and luci with firewall rules, however be careful because dropbear and uhttpd are not hardened to withstand an attack. It would be better to use a vpn or OpenSSH-server and don't allow Luci from the internet.