Creating a different WAN network on an Access Point

I don't know if that's been asked before, but I searched and found the VLAN method and it didn't work.

So basically, my Openwrt AP (C7 v5) connected to a router via ethernet in same LAN, acting as a wireless AP. I want my AP to join another WAN via wireless, get internet from there via DHCP client and distribute it with a new wireless network to someone outside my network to join later on.

I did all that, but I couldn't seem to isolate the new network because when I'm trace-routing in Network->Diagnostics, I see the path of the new WAN. I want it to be (not interfere with my APs internet) invisible/isolated by my home network and AP. VLAN didn't seem to make it so...

Suggestions?

https://openwrt.org/docs/guide-user/network/ip_rules#examples

1 Like

I'm thinking that it's not possible to achieve this while using the device as an AP, can't do both I guess. Now I tested, I can't even get secondary Wi-Fi (master) for the other WAN link to work with clients, it gets connected but can't go to internet. Also, somehow AP itself sticks with secondary WAN link for internet (that works) but when I block that for it to use my own internet again, it just refuses.

Think about it in reverse-- start by setting up a router with a wireless WAN, also called a routed client.

Then add a dumb AP to it, on the wired network. Detach the Ethernet port from the lan network and create a new network bridge to link Ethernet to an AP. If this bridge is Unmanaged, it won't interact with the kernel's other networks and routing at all. You could also give it a static IP on the wired network (to log in and administer OpenWrt) but don't add a default route. The router's own Internet use will be from the wireless connection.

Wired access can be important especially on a single band router, because if a wifi client (STA mode) interface loses contact with its AP, all the AP interfaces on the same radio will go off the air. The travelmate package detects this situation and temporarily disables the STA so the APs can stay on the air.

It was the default-route of my home network getting disappearing, fixed it by adding a static route and now AP has the main internet. Wi-Fi points are also working separately.

Everything is working, except, that second master Wi-Fi point which supposed to give WAN2's internet is not working. I suspect firewall rules, I make sure that's its masquerading for separate LAN. Where's the problem here?

To have the effect of two independent routers running in parallel on the same OS,. you need policy based routing or multiple route tables. Which gets complicated but it's not necessary for what you're wanting to do. The important thing is do not establish a default route through the wired network. Without multiple tables there is only one system-wide default route. The new wifi to wifi network is the one you need to route, so the default route should be out the wifi STA.

The wifi to wifi function is routed and masqueraded, because when you connect to an ordinary AP (non WDS) it can't be bridged. I would set that up first, using the standard lan and wan networks, with wan being wireless.

The dumb AP function (wifi to wired) is a bridge not a router. Add another network bridge for it. This bridge doesn't even need to hold an IP address though you likely want to for administration.

All of your networks (wifi feed, wifi LAN, and wired LAN administration) need to be different non-overlapping subnets. When you connect to someone else's AP of course you must use their subnet, so start there in deciding what the other networks should be.

its in a different subnet and its not a "dumb" AP, it's doing nextdns cli serving my home network, so thats why i need a default route for main subnet, for it to have main internet.

Hear this, phone is connected to secondary Wi-Fi AP that has isolated subnet 192.168.7.1 and phone got its IP from DHCP 192.168.7.3, I told before that internet is not working right? I cannot even ping 192.168.7.1 from my phone either.

Whats going on here?

edit: DHCP is not working!

I can now ping 192.168.7.1 and go to internet from my phone using secondary WAN2. DHCP still not working but I can assign static anyways not a problem.

Yet when I force AP to use WAN1 internet I lose WAN2 internet on my phone. I'm looking for forcing a specific default route for an interface.

Specify different metric for each connection.
The lower metric, the higher the priority.

I tried it but then phone who gets WAN2 disconnects from internet. So it ties my hands to use only one default route at a time.

well, all this for nothing. it worked but I didnt like the performance (i was getting 20Mbps+ months ago with different setup but now i got 8Mbps), and wpa_supplicant went haywire kicking out my ordinary clients.

anyways i reverted back. thanks for the help.

So using policy-based routing with this setting, I was able to achieve what I want. AP (device) is going for LAN (router's) internet and SLAN is going for SWAN internet separately. Of course with the appropriate firewall rules.

config rule
	option in 'slan'
	option dest '0.0.0.0/0'
	option priority '2'
	option lookup '2'

config route
	option interface 'swan'
	option gateway '192.168.5.1'
	option table '2'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option metric '1'
	option onlink '1'

config route
	option interface 'lan'
	option target '0.0.0.0/0'
	option netmask '255.255.255.0'
	option gateway '192.168.1.1'

My question is, sometimes SWAN gets down and I DO NOT want SLAN to use other default route of lan for internet. In other words, SLAN should have only SWAN route no matter what.

Does above setting make sure of that, or do I need additional setting?

edit: In firewall, I also have slan->lan and lan->slan dropping everything. Not sure if this is enough or need also additional routing options...
edit2: I think that was enough for that, previous downtimes showed it.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.