Enable all (main + secondary AP) Guest wifi radios from main router

Learning about OpenWrt and would appreciate some guidance on how to approach the subject task? Guest WiFi is typically in the Disabled state until such time that I turn it on (Enable). However, the issue with this approach is that it appears to require manually turning on the radio(s) in each device. This seems unnecessarily burdensome from a network management point of view.

To accomplish the goal of having the secondary network devices (APs) stay in sync with the Guest WiFi radio state of the main router/AP, what tools/packages would (or already do) support this kind of multi-device management?

My devices are Linksys EA3500s which use the arm-xscale architecture.

TIA

1 Like

Set up SSH key-based authentication from each secondary device to the primary one:
https://openwrt.org/docs/guide-user/security/dropbear.public-key.auth

Sync the wireless status with cron over SSH:

cat << "EOF" > /root/wifi-sync
SSH_USER="root"
SSH_HOST="openwrt"
SSH_KEY="/etc/dropbear/dropbear_ed25519_host_key"
WIFI_SET="$(ssh -i "${SSH_KEY}" \
    "${SSH_USER}"@"${SSH_HOST}" \
    uci -q get wireless.guest.disabled)"
WIFI_GET="$(uci -q get wireless.guest.disabled)"
if [ -n "${WIFI_SET}" ] \
&& [ "${WIFI_SET}" != "${WIFI_GET}" ]
then
    uci set wireless.guest.disabled="${WIFI_SET}"
    uci commit wireless
    wifi reload
fi
EOF
cat << "EOF" >> /etc/crontabs/root
* * * * * . /root/wifi-sync
EOF
uci set system.@system[0].cronloglevel="9"
uci commit system
/etc/init.d/cron restart
2 Likes

Can this be modified to synchronize wifi passwords to multiple APs?

I did not find how to setup intra-device SSH on the suggested page. Key-based logon works on both devices via Putty. Another thread Controling WiFi from another router did suggest using the below command to create the necessary key linkage between devices.

ssh root:password2@router2

Running the above command resulted in 3 requests for the password before disconnecting. This seems odd given that the password was provided in the command (not shown above but 'password2' was replaced as was the IP for router2).

ssh: Connection to root:password2@router2 exited: Remote closed the connection

Uncertain whether this was the expected result, I checked /root/.ssh/known_hosts and discovered that router2's key ID had been added although in ed25519 format rather RSA. Apparently dropbear's standard key format is ed25519.

Still trying to figure out the rest of this process, i.e., Router1 has no file id_rsa in /root/.ssh/.

Also, and this was a surprise, the DHCP and DNS firewall rules for the Guest Wifi disappear permanently whenever the Guest Wifi radio is disabled. Thus, playing with the radio's Enabled/Disabled button has undesired consequences. May be better to Stop the Guest interface except that that leaves the Guest Wifi radio transmitting while concurrently removing the ability to connect. So, that seems like taking a wrong turn off the highway. Perhaps better to re-instantiate the firewall rules each time.

Or you can leave the guest network enabled all the time, and configure the firewall on the router to allow or block traffic.

1 Like
SSH_USER="root"
SSH_HOST="openwrt"
SSH_KEY="/etc/dropbear/dropbear_ed25519_host_key"
SSH_CMD="tee -a /etc/dropbear/authorized_keys"
dropbearkey -y -f "${SSH_KEY}" \
| grep -o -e "^ssh-.*" \
| ssh "${SSH_USER}"@"${SSH_HOST}" "${SSH_CMD}"
3 Likes

Keying issue is solved.
Setting up VLANs, however, is still a work-in-progress due to the transition of OpenWrt away from the swconfig based driver not being implemented in OW ver 21.02 for my Linksys EA3500. Will work thru the new (in-work) DSA Mini-Tutorial to learn how to achieve my goal.

TY Vlad for your support code-lets both here and on my other related posts.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.