DHCP problem with wifi extender configuration

Willy · December 22, 2018, 2:53pm

Hello and Merry Christmas
I have followed the instructions in the following documentation
https://openwrt.org/docs/guide-user/network/wifi/relay_configuration
and I have read many post, but I can not get an IP of the main router on the devices connected to the repeater. I have installed lucy-proto-relay and relayd. I have also created the necessary "bridge", etc. Nothing works This is my configuration:

NETWORK

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd7d:e86d:a9dd::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.0.1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

config interface 'wwan'
	option proto 'dhcp'

config interface 'REPEATER_BRIDGE'
	option proto 'relay'
	option ipaddr '192.168.1.2'
	list network 'lan'
	list network 'wwan'

DHCP

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

FIREWALL

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan BRIDGE'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 wwan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

WIRELESS

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'pci0000:00/0000:00:01.0'
	option htmode 'HT20'
	option channel '8'
	option country '00'

config wifi-iface
	option network 'wwan'
	option ssid 'MainSSID'
	option encryption 'psk2'
	option device 'radio0'
	option mode 'sta'
	option bssid '00:11:22:33:44:55'
	option key 'WifiPasswordHere'

config wifi-iface
	option device 'radio0'
	option mode 'ap'
	option network 'lan'
	option key 'SameAsWifiPasswordHere'
	option ssid 'SameAsMainSSID'
	option encryption 'psk2'

Thanks In Advance

jeff · December 22, 2018, 6:25pm

As you are finding out, relayd and its use is not straightforward, nor does it provide a Layer 2 bridge between the two network segments. It also doesn't work for IPv6.

Especially if you have Atheros wireless chips, ~~http://wiki.openwrt.org/doc/recipes/atheroswds~~ https://openwrt.org/docs/guide-user/network/wifi/atheroswds may be a simpler and more robust approach.

Willy · December 22, 2018, 6:57pm

Thanks @jeff
I do not use IPv6, and wireless chipset is not Atheros, it is Ralink RT3062F, so I can't use http://wiki.openwrt.org/doc/recipes/atheroswds .
What I can say after reading many posts, is that there are many people with the same problem, but no post gives the final solution. Frustrating. When you buy a repeater this problem never occurs, it works perfectly, it even shares IP in the same subnet, but if that same repeater it flashed with OpenWrt, it does not work properly. So the problem is configuration or relay itself.
No solution... really?

slh · December 22, 2018, 7:01pm

WDS/ 4addr as used by OpenWrt applies (depending on hardware/ firmware limitations and driver stability) to all devices with mainline kernel drivers based on mac80211 (not just QCA/ Atheros), which would be rt2x00/ rt2800pci in your case. While not all drivers (and their underlying firmware) are stable enough for it to work well (and the device must allow creating one AP and one STA interface at the same time), it's definately worth a try.

mk24 · December 22, 2018, 7:13pm

Remove the ipv6 related lines from the DHCP config. You want no DHCP server at all running on the LAN interface of the relay router, either ipv4 or ipv6.

Is your main router capable of WDS? Do you really need to bridge or psuedo bridge the LAN, or could you use a routed client instead? The routed client allows devices on the repeater router simple access to the Internet.

Willy · December 22, 2018, 7:15pm

Hi @slh
The main router and the secondary router have different brand, firmware, and chipsets. Can WDS work in a scenario like this? Remember ... WDS is not a standard.
I would like to find a configuration or a procedure that will always work, as do the purchased repeaters.
TIA

mk24 · December 22, 2018, 7:19pm

WDS is an IEEE standard and is supported by Linux / OpenWrt on most chipsets especially Atheros and MediaTek.

Purchased repeaters are still facing the same fundamental limitation that a regular AP-STA connection does not transmit the MAC address of the final destination of the packet, it is assumed to be the MAC of the STA. They use something like relayd, which is not perfectly reliable.

slh · December 22, 2018, 7:44pm

4addr functionality is provided by the common wireless stack, mac80211, all in-kernel drivers can make use of this feature - it should work across vendors (Atheros, Marvell, MediaTek, maybe even brcmfmac), but reliability might differ (it's worth a try though).

Willy · December 22, 2018, 7:58pm

Hi @mk24
I have removed the IPv6 DHCP server, look below config, but it does not work. I will try WDS.
Is it possible to configure WDS with Luci? or do I have to use SCP or command line?

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

Willy · December 22, 2018, 9:01pm

Hi again
This is the new configuration for WDS, and it doesn't work. Any suggestion about this config:

NETWORK

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd7d:e86d:a9dd::/48'

config interface 'lan'
	option ifname 'eth0.1'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.0.1'
	option gateway '192.168.1.1'
	option dns '192.168.1.1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

WIRELESS

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'pci0000:00/0000:00:01.0'
	option htmode 'HT20'
	option channel '8'
	option country '00'

config wifi-iface
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option wds '1'
	option encryption 'psk2'
	option key '1234567890'
	option ssid 'MIWIFI_ext'

config wifi-iface
	option device 'radio0'
	option network 'lan'
	option mode 'sta'
	option wds '1'
	option ssid 'MIWIFI'
	option encryption 'psk2'
	option key '1234567890'

I have removed the interface REPEATER_BRIDGE and WWAN.

Willy · December 22, 2018, 10:03pm

I give up. I think that OpenWrt does not work properly as a repeater, except for rare exceptions, since there are people who say they have achieved it. I have tried a Ralink RT3062F chipset, and another Atheros AR9285 chipset, and none works as a repeater, either connecting via client or via WDS.
However, both work as a Gateway, connecting via wireless client to the main router without problems, but then I have two separate subnets. If anyone knows of a trick to make OpenWrt work as a universal repeater, please report it.

TIA

Willy · December 23, 2018, 10:47pm

Who said "I give up"?
In the end I managed to make it work correctly only with Atheros chipsets.
I made a couple of beginner failures, the first one, that with each configuration change only did a "reboot", when the most effective result was a complete shutdown and then restart, in addition to disabling and re-enabling the net adapter. And my second failure... Windows stores a network configuration for each network you connect to and remembers that configuration and rescues it every time you connect to that network. I had more than thirty network configurations, and they made me obtain erroneous results. I have tested three different devices with different Atheros chipsets, all have worked as expected, getting an IP from the main router, and surfing the Internet. The device with Ralink RT3062F chipset also works if I assign a static IP to the PC. So, if the main router is the same for all four devices, and "RelayD" also works on all four devices, the problem is that some chipsets do not get IP from the main router in the same manner, so ... we just need to force that an IP can be obtained through the "BRIDGE" interface.
Does anyone know how?

jeff · December 23, 2018, 11:02pm

I'm not sure where relayd comes into play. At least as I understand your progress, you've got DHCP, DNS, NAT, routing, and all that running on "Router 0". "Router 1", "Router 2", and"Router 3" are not running anything but their APs that are bridged over WDS. That should work without anything else.

There might be some wonkiness if Router 3 connects to Router 2 which connects to Router 1 which connects to Router 3, leaving Router 0 out of the loop, so to speak. If that's the case, you can use one SSID for the WDS (only) and another for the AP.

Willy · December 23, 2018, 11:16pm

Hi @jeff
I only connect one router at a time with the main router. I wanted to know how different routers with different chipsets behaved. And I connect to the main router via client, not WDS.

jeff · December 23, 2018, 11:19pm

Ah, OK.

You're definitely inspiring me to write up how to use Layer 2 GRE tunnels for those that WDS isn't a turn-key kind of thing!

Willy · December 23, 2018, 11:23pm

Do it please
Meanwhile... How can I force to obtain an IP from main router through the relay?