Extend Wi-Fi on Same Subnet: Works in Official Firmware But Not in OpenWrt?

DOOH!!!

Without the switch being VLAN-aware and configurable, there isn't a clean/safe way to trunk the two VLANs on a single Ethernet cable. The "usual" solution would be a dedicated Ethernet cable between the EdgeRouter and the DIR carrying the VLANs, and then one carrying the "LAN" (untagged) to the switch. I'm guessing you've got the ERLite-3 with only three ports, which seems it may then be one port short of what you need.

  1. AT&T FIOS ONT port (Internet)
  2. AT&T Router(192.168.1.254): authorizes EdgeRouter with AT&T FIOS through a proxy script then functions only as Wireless AP
  3. "LAN" (192.168.1.0/24) (untagged)
  4. Trunk (multiple VLANs, all tagged) to DIR

Which model switch do you have? They usually have either or both a HTTP-accessed GUI or telnet/ssh access if they are managed.

If it isn't able to be configured for "full" VLAN (as opposed to "port-based VLAN"), are you able to, for example, move "AT&T Router(192.168.1.254): authorizes EdgeRouter with AT&T FIOS through a proxy script" to the switch?

Then you could set up

  1. AT&T FIOS ONT port (Internet)
  2. "LAN" (192.168.1.0/24) (untagged) to switch
  3. Trunk to DIR

and run a cable directly from the EdgeRouter to the DIR (and not need one from the switch to the DIR)


Yes! 4095 is the "blackhole" VLAN -- any packet with that VLAN tag can't leave the switch (well, isn't supposed to). By setting the PVID to 4095, it effectively says "if an untagged packet arrives, discard it".


When configuring OpenWrt for GRE, I'd use /etc/config/network as getting it right with ip commands can be challenging. You also don't need ip-full if you're flash-challenged on the device if you configure with UCI.


On the EdgeRouter, I assumed, perhaps incorrectly, that the three ports presented themselves as a switch, with one or two Ethernet interfaces connected to the switch. If they present themselves as three Ethernet devices, the configuration will be slightly different, as an interface typically doesn't have a "PVID" (untagged packets end up on the main interface, rather than the VLAN-specific sub-interfaces) and packets sent out a VLAN-specific interface are already tagged on the wire.

Yes, I have the Erlite-3. eth1,eth2, and eth3 are the interface names that correspond to the physical ethernet ports 1,2, and 3 on the EdgeRouter. The only other port it has is a "console" port but I don't think it can be used for networking. I know the EdgeRouter has VLAN support through it's GUI. It has a pretty robust web accessible GUI.

I'm not sure what brand the switch is. It's a cheap switch I bought from Amazon around 5 or 6 years ago. I think it's either D-Link or Linksys but I'm not in the room right now so I can't look at it at the moment. Ethernet port #2 or eth1 on the EdgeRouter connects directly to the switch if that makes any difference. AFAIK the switch has no web GUI or user configuration of any kind.

I could definitely try to move the AT&T router to the switch to free up the third ethernet port on the EdgeRouter. I'll try to test it tomorrow and let you know if it works while it's connected to the switch.

I meant to ask this last night but do you think this would help any with some up the gretap?

Hello everybody
This is something very important for many of us, so... Why have we deviated from the subject? It is okay to provide alternative solutions, such as the GRE tunnel, but the really important thing would be to know if OpenWrt firmware is capable of behaving like a manufacturer's firmware. Because some repeaters stop being universal repeaters when they are flashed with OpenWrt firmware, and it makes no sense, since the hardware has not changed. So does anyone know how to do it?
TIA

Yeah, it's basically a "hack" called relayd or something that works along the same lines, and only works for IPv4. Manufacturers may wrap it in fancy UI, but it's still a hack.

If you've got a fixed setup with control of both/all end-points, any of the Layer 2 bridging approaches (WDS, GRE, batman-adv, ... ) are superior.

https://openwrt.org/docs/guide-user/network/wifi/relay_configuration

1 Like

@jeff I was able to get a connection between two of my PCs with gretap. I was able to ping the other end of the gretap, and I opened a port on one end and was able to connect on the other end. Both computers have their gretap interface attached to the ethernet adapter. I haven't created bridges yet.

1 Like

I know this, I did it in the past and works well more or less, but only with Atheros chipsets.
Anyway, it would be a good thing to put a drop-down menu in the Luci interface to select what we want to do with our router, similar to Gargoyle firmware. So if we select "Repeater" in that drop-down menu, the corresponding configuration will be automatically loaded. This is only possible if Relayd and Travelmate are included by default in the official firmware.
If things are not facilitated, this firmware will only be available to a few, and its configuration will only be available to qualified people.
I still remember my beginnings with this firmware ...:slightly_smiling_face:

Likely WDS, which is exposed in LuCI, as I recall. relayd is completely different and, as you note, the Travelmate package handles this use case very well.

@jeff I tried setting up a gretap tunnel between my wifi extender running OpenWrt and a PC running linux that is in a different subnet of my LAN. I never was able to ping either side of the tunnel after setting it up.

This is basically as far as I got. I started trying to add the interfaces to bridges but it didn't seem to make any difference.

Networks
A: 192.168.1.0/24
B: 192.168.2.0/24
 
RouterA: 192.168.1.51
RouterB: 192.168.2.3

sysctl net.ipv4.conf.all.forwarding=1

ip link add gretap1 type gretap local 192.168.1.51 remote 192.168.2.3
ip link set gretap1 up
ip addr add 172.16.0.1 dev gretap1

ip link add tunnel type gretap local 192.168.2.3 remote 192.168.1.51
ip link set tunnel up
ip addr add 172.16.0.2 dev tunnel

Pinging one of the 172.16.0.* addresses from the other side of the tunnel would say that the destination host is unreachable.

I can't believe there isn't better documentation on the internet regarding how to set up these gretap tunnels. I'm about done trying to get the gretap tunnel working and start reading up on openvpn's L2 bridging to see if I can use openvpn to bridge the two subnets of my lan.

@jeff btw thanks for all your help with this. I'm sure they work great when they are set up properly. I may give it another shot later after I try out some other things.

1 Like

OpenVPN on a MIPS device is likely to be disappointing, ~10 Mbps.

I’ll try to rig up a simple L2 AP/STA bridge this week.

I've been trying to set it up all evening to run through a level 2 openvpn tunnel. I was having trouble with the openvpn package on openwrt not wanting to read the client key that I generated on another machine. I finally got it working, though. It's actually about the speed as I was getting without a tunnel, but I'm limited by the 2.4 GHz connection between my wireless router and wireless extender.
This is a test between a wireless client on the extender and a wired client connected to a switch then to the wireless router on the other side of the network.

"iperf3 -c 192.168.1.51" on my Xiaomi Mi A2 through Termux
<-(5 GHz wifi link)->
Extender
<-(2.4ghz wifi link)->
Router
<-(1 Gbps ethernet link)->
"iperf -s" on a Dell Optiplex running Alpine Linux

$ iperf3 -c 192.168.1.51
Connecting to host 192.168.1.51, port 5201             [  5] local 192.168.2.10 port 43794 connected to 192.168.1.51 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd                                              
[  5]   0.00-1.00   sec  3.34 MBytes  28.0 Mbits/sec    0   1.82 MBytes                                       
[  5]   1.00-2.00   sec  3.02 MBytes  25.3 Mbits/sec   12    911 KBytes                                       
[  5]   2.00-3.00   sec  2.78 MBytes  23.3 Mbits/sec    4    665 KBytes                                       
[  5]   3.00-4.00   sec  2.67 MBytes  22.4 Mbits/sec   10    337 KBytes                                       
[  5]   4.00-5.00   sec  2.63 MBytes  22.0 Mbits/sec    2    262 KBytes                                       
[  5]   5.00-6.00   sec  2.17 MBytes  18.2 Mbits/sec    0    297 KBytes                                       
[  5]   6.00-7.00   sec  2.42 MBytes  20.3 Mbits/sec    0    320 KBytes                                       
[  5]   7.00-8.00   sec  3.04 MBytes  25.5 Mbits/sec    0    334 KBytes                                       
[  5]   8.00-9.00   sec  2.36 MBytes  19.8 Mbits/sec   64    236 KBytes                                       
[  5]   9.00-10.00  sec  2.49 MBytes  20.9 Mbits/sec    0    277 KBytes                                       - - - - - - - - - - - - - - - - - - - - - - - - -      
[ ID] Interval           Transfer     Bitrate         Retr                                                    [  5]   0.00-10.00  sec  26.9 MBytes  22.6 Mbits/sec   92             sender                                  
[  5]   0.00-10.05  sec  26.4 MBytes  22.0 Mbits/sec                  receiver                                                                                       iperf Done.                                            
$

@jeff I just found this in the official firmware and it looks kind of interesting.

#  config LAN/WAN bridge
if [ "$opmode" = "0" ]; then
	brctl setfd br0 15
	brctl stp br0 1
else
	brctl setfd br0 1
	brctl stp br0 0
fi

#
# init ip address to all interfaces for different OperationMode:
#   0 = Bridge Mode
#   1 = Gateway Mode
#   2 = Ethernet Converter Mode
#   3 = AP Client
#
if [ "$opmode" = "0" ]; then
	addRax2Br0
	addWds2Br0
	addMesh2Br0
	APCLI=`nvram_get 2860 apClient`
	if [ "$CONFIG_RT2860V2_AP_APCLI$CONFIG_RT3090_AP_APCLI$CONFIG_RT5392_AP_APCLI$CONFIG_RT5592_AP_APCLI$CONFIG_RT3593_AP_APCLI$CONFIG_MT7610_AP_APCLI$CONFIG_RT3572_AP_APCLI$CONFIG_RT5572_AP_APCLI$CONFIG_RT3680_iNIC_AP_APCLI$CONFIG_RTPCI_AP_APCLI$CONFIG_APCLI_SUPPORT" != "" -a "$APCLI" = "1" ]; then
		ifconfig apcli0 up 1>/dev/null 2>&1
		brctl addif br0 apcli0 1>/dev/null 2>&1
	fi
# RTDEV_MII support: start mii iNIC after network interface is working
	if [ "$CONFIG_RTDEV_MII" != "" ]; then
		rmmod iNIC_mii 1>/dev/null 2>&1
		iNIC_Mii_en=`nvram_get rtdev InicMiiEnable`
		if [ "$iNIC_Mii_en" == "1" ]; then
			ifconfig rai0 down 1>/dev/null 2>&1
			insmod -q iNIC_mii miimaster=eth2 1>/dev/null 2>&1
			ifconfig rai0 up 1>/dev/null 2>&1
		fi
	fi

	if [ "$CONFIG_RTDEV" != "" -o "$CONFIG_RT2561_AP" != "" ]; then
		addRaix2Br0
		addInicWds2Br0
		addRaL02Br0

		APCLI2=`nvram_get rtdev apClient`
		if [ "$CONFIG_RT2860V2_AP_APCLI$CONFIG_RT3090_AP_APCLI$CONFIG_RT5392_AP_APCLI$CONFIG_RT5592_AP_APCLI$CONFIG_RT3593_AP_APCLI$CONFIG_MT7610_AP_APCLI$CONFIG_RT3572_AP_APCLI$CONFIG_RT5572_AP_APCLI$CONFIG_RT3680_iNIC_AP_APCLI$CONFIG_RTPCI_AP_APCLI$CONFIG_APCLI_SUPPORT" != "" -a "$APCLI2" = "1" ]; then
			ifconfig apclii0 up 1>/dev/null 2>&1
			brctl addif br0 apclii0 1>/dev/null 2>&1
		fi
	fi
elif [ "$opmode" = "1" ]; then
	addRax2Br0
	addWds2Br0
	addMesh2Br0

	if [ "$CONFIG_RTDEV" != "" -o "$CONFIG_RT2561_AP" != "" ]; then
		addRaix2Br0
		addInicWds2Br0
		addRaL02Br0
	fi
elif [ "$opmode" = "2" ]; then
	if [ "$CONFIG_RTDEV" != "" -o "$CONFIG_RT2561_AP" != "" ]; then
		addRaix2Br0
		addInicWds2Br0
		addRaL02Br0
	fi
elif [ "$opmode" = "3" ]; then
	addRax2Br0

	brctl addbr br1 1>/dev/null 2>&1
	ifconfig br1 up 1>/dev/null 2>&1
	APCLI=`nvram_get 2860 apClient`
	if [ "$CONFIG_RT2860V2_AP_APCLI$CONFIG_RT3090_AP_APCLI$CONFIG_RT5392_AP_APCLI$CONFIG_RT5592_AP_APCLI$CONFIG_RT3593_AP_APCLI$CONFIG_MT7610_AP_APCLI$CONFIG_RT3572_AP_APCLI$CONFIG_RT5572_AP_APCLI$CONFIG_RT3680_iNIC_AP_APCLI$CONFIG_RTPCI_AP_APCLI$CONFIG_APCLI_SUPPORT" != "" -a "$APCLI" = "1" ]; then
		ifconfig apcli0 up 1>/dev/null 2>&1
		brctl addif br1 apcli0 1>/dev/null 2>&1
	fi

	if [ "$CONFIG_RTDEV" != "" -o "$CONFIG_RT2561_AP" != "" ]; then
		addRaix2Br0
		addInicWds2Br0
		addRaL02Br0

		APCLI2=`nvram_get rtdev apClient`
		if [ "$CONFIG_RT2860V2_AP_APCLI$CONFIG_RT3090_AP_APCLI$CONFIG_RT5392_AP_APCLI$CONFIG_RT5592_AP_APCLI$CONFIG_RT3593_AP_APCLI$CONFIG_MT7610_AP_APCLI$CONFIG_RT3572_AP_APCLI$CONFIG_RT5572_AP_APCLI$CONFIG_RT3680_iNIC_AP_APCLI$CONFIG_RTPCI_AP_APCLI$CONFIG_APCLI_SUPPORT" != "" -a "$APCLI2" = "1" ]; then
			ifconfig apclii0 up 1>/dev/null 2>&1
			brctl addif br1 apclii0 1>/dev/null 2>&1
		fi
	fi
else
	echo "unknown OperationMode: $opmode"
	exit 1
fi