Hi there!
Thanks for great efforts in keeping this project alive and up2date!
Background
Recently I got an IP nestcam (to film birdies nesting inside of a nestbox that I have put on my garage wall) that I want to get access to from my regular network. The IP camera needs connection via cable.
I started by flashing both EA4500s with OpenWrt 19.07.1 r10911-c155900f66, and moved on to following the instructions in https://openwrt.org/docs/guide-user/network/wifi/atheroswds
I have read all the OpenWRT docs related to the issue here and I have tried various setups to make this work. From what I can gather WDS could be the best way to go. I've tried the CLI way of doing things, and the LUCI way.. I can't get any of them to work.
Alternative 1
I have two old Linksys 4500 routers that I can use to set up a connection between the garage and my ISP's router (SageMCOM 3890v3 that has regular ethernet and WLAN in the network with IP: 192.168.0.1) in the main house, like so:
IPcam <--cable--> LS 4500 GARAGE <--WIFI--> ISP router <--> Internet
The problem with this setup is that I cannot figure out how to get WDS setup on my ISP router, as there is no setting for this in its web interface, and there is no way to get telnet nor SSH access to it.
Alsternative 2
So I figured that this setup could be better:
IPcam <--cable--> LS 4500 GARAGE <--WIFI--> LS 4500 HOUSE <--cable--> ISP router <--> Internet
Following https://openwrt.org/docs/guide-user/network/wifi/atheroswds everything works fine, until I get to the step where I verify that the 'LS 4500 GARAGE' should give out an IP address from the 'LS 4500 HOUSE' on my laptop that is connected to 'LS 4500 GARAGE' via ethernet, but I get no IP address.
I do see the WDS link being established between the LS 4500 GARAGE and the LS 4500 HOUSE, but nothing more happens. When I boot up the 'LS 4500 GARAGE', I can see that the connection is established in the logs of 'LS 4500 HOUSE':
Sat Apr 11 13:57:46 2020 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED c8:d7:19:1c:fd:9d
Sat Apr 11 13:57:46 2020 daemon.info hostapd: wlan1: STA c8:d7:19:1c:fd:9d IEEE 802.11: authenticated
Sat Apr 11 13:57:46 2020 daemon.info hostapd: wlan1: STA c8:d7:19:1c:fd:9d IEEE 802.11: associated (aid 2)
Sat Apr 11 13:57:46 2020 daemon.notice hostapd: wlan1: AP-STA-CONNECTED c8:d7:19:1c:fd:9d
Sat Apr 11 13:57:46 2020 daemon.info hostapd: wlan1: STA c8:d7:19:1c:fd:9d WPA: pairwise key handshake completed (RSN)
Which I can also verify in the LUCI interface that shows that my phone, my laptop and the 'LS 4500 GARAGE' is connected.
And this is where it stops (from the docs):
Once this has happened, the wired interface (e.g. eth0) should succeed in getting a DHCP address through the new wireless bridge connection.
I plug in my laptop to the ethernet port of 'LS 4500 GARAGE', and manually trigger dhcp client:
root@concrete:~$ dhclient -v enp0s31f6
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/enp0s31f6/54:e1:ad:ec:80:0c
Sending on LPF/enp0s31f6/54:e1:ad:ec:80:0c
Sending on Socket/fallback
DHCPDISCOVER on enp0s31f6 to 255.255.255.255 port 67 interval 3 (xid=0x634add7b)
DHCPDISCOVER on enp0s31f6 to 255.255.255.255 port 67 interval 7 (xid=0x634add7b)
DHCPDISCOVER on enp0s31f6 to 255.255.255.255 port 67 interval 19 (xid=0x634add7b)
...
No IP received from wired connection to the 'LS 4500 GARAGE'. Just to compare, if I connect my laptop directly into the 'LS 4500 HOUSE', I do get an IP:
root@concrete:~$ dhclient -v enp0s31f6
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/enp0s31f6/54:e1:ad:ec:80:0c
Sending on LPF/enp0s31f6/54:e1:ad:ec:80:0c
Sending on Socket/fallback
DHCPDISCOVER on enp0s31f6 to 255.255.255.255 port 67 interval 3 (xid=0x615f7144)
DHCPDISCOVER on enp0s31f6 to 255.255.255.255 port 67 interval 3 (xid=0x615f7144)
DHCPOFFER of 192.168.1.112 from 192.168.1.1
DHCPREQUEST for 192.168.1.112 on enp0s31f6 to 255.255.255.255 port 67 (xid=0x44715f61)
DHCPACK of 192.168.1.112 from 192.168.1.1 (xid=0x615f7144)
cmp: EOF on /tmp/tmp.CJMezwouBS which is empty
bound to 192.168.1.112 -- renewal in 21060 seconds.
There clairly is a problem related to the forwarding of the DHCPREQUEST from the 'LS 4500 GARAGE' to the 'LS 4500 HOUSE', as the logs show that the 'LS 4500 GARAGE' gets the request from the laptop, but nothing shows in the logs of 'LS 4500 HOUSE'.
Help would be greatly appreciated!
Here follows details on my config files.
CONFIG FILES ON 'LS 4500 GARAGE'
'LS 4500 GARAGE' /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd79:08af:ecb7::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option ip6assign '60'
option stp '1'
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
option hostname 'luftig2ap'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'wwan'
option proto 'dhcp'
'LS 4500 GARAGE' /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'HT20'
option txpower '20'
option channel '8'
option disabled '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option encryption 'psk2'
option key 'supersecret'
option ssid 'luftig3'
option disabled '0'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'HT20'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'sta'
option key 'supersecret'
option ssid 'luftig2'
option encryption 'psk2'
option wds '1'
I noticed that I haven't set the macaddr, as suggested in
https://openwrt.org/docs/guide-user/network/wifi/atheroswds but I don't know
what to set it to, so I left it unset. Could this be a problem?
'LS 4500 GARAGE' /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wwan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
'LS 4500 GARAGE' /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option rebind_protection '0'
list server '192.168.1.1'
config dhcp 'lan'
option interface 'lan'
option ignore '1'
option dhcpv6 'disabled'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
CONFIG FILES ON 'LS 4500 HOUSE'
'LS 4500 HOUSE' /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd6f:3849:4dc6::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
option dns '8.8.8.8 8.8.4.4'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
'LS 4500 HOUSE'/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'HT20'
option country 'NO'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'luftig2'
option encryption 'psk2'
option key 'supersecret'
option wds '1'
option disabled '1'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'mbus@f1000000/mbus@f1000000:pcie@82000000/pci0000:00/0000:00:02.0/0000:02:00.0'
option country 'NO'
option htmode 'HT20'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option key 'supersecret'
option ssid 'luftig2'
option encryption 'psk2'
option wds '1'
I noticed that I haven't set the macaddr, as suggested in
https://openwrt.org/docs/guide-user/network/wifi/atheroswds but I don't know
what to set it to, so I left it unset. Could this be a problem?
'LS 4500 HOUSE' /etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fc00::/6
option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
'LS 4500 HOUSE' /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'