Without the switch being VLAN-aware and configurable, there isn't a clean/safe way to trunk the two VLANs on a single Ethernet cable. The "usual" solution would be a dedicated Ethernet cable between the EdgeRouter and the DIR carrying the VLANs, and then one carrying the "LAN" (untagged) to the switch. I'm guessing you've got the ERLite-3 with only three ports, which seems it may then be one port short of what you need.
AT&T FIOS ONT port (Internet)
AT&T Router(192.168.1.254): authorizes EdgeRouter with AT&T FIOS through a proxy script then functions only as Wireless AP
"LAN" (192.168.1.0/24) (untagged)
Trunk (multiple VLANs, all tagged) to DIR
Which model switch do you have? They usually have either or both a HTTP-accessed GUI or telnet/ssh access if they are managed.
If it isn't able to be configured for "full" VLAN (as opposed to "port-based VLAN"), are you able to, for example, move "AT&T Router(192.168.1.254): authorizes EdgeRouter with AT&T FIOS through a proxy script" to the switch?
Then you could set up
AT&T FIOS ONT port (Internet)
"LAN" (192.168.1.0/24) (untagged) to switch
Trunk to DIR
and run a cable directly from the EdgeRouter to the DIR (and not need one from the switch to the DIR)
Yes! 4095 is the "blackhole" VLAN -- any packet with that VLAN tag can't leave the switch (well, isn't supposed to). By setting the PVID to 4095, it effectively says "if an untagged packet arrives, discard it".
When configuring OpenWrt for GRE, I'd use /etc/config/network as getting it right with ip commands can be challenging. You also don't need ip-full if you're flash-challenged on the device if you configure with UCI.
On the EdgeRouter, I assumed, perhaps incorrectly, that the three ports presented themselves as a switch, with one or two Ethernet interfaces connected to the switch. If they present themselves as three Ethernet devices, the configuration will be slightly different, as an interface typically doesn't have a "PVID" (untagged packets end up on the main interface, rather than the VLAN-specific sub-interfaces) and packets sent out a VLAN-specific interface are already tagged on the wire.
Yes, I have the Erlite-3. eth1,eth2, and eth3 are the interface names that correspond to the physical ethernet ports 1,2, and 3 on the EdgeRouter. The only other port it has is a "console" port but I don't think it can be used for networking. I know the EdgeRouter has VLAN support through it's GUI. It has a pretty robust web accessible GUI.
I'm not sure what brand the switch is. It's a cheap switch I bought from Amazon around 5 or 6 years ago. I think it's either D-Link or Linksys but I'm not in the room right now so I can't look at it at the moment. Ethernet port #2 or eth1 on the EdgeRouter connects directly to the switch if that makes any difference. AFAIK the switch has no web GUI or user configuration of any kind.
I could definitely try to move the AT&T router to the switch to free up the third ethernet port on the EdgeRouter. I'll try to test it tomorrow and let you know if it works while it's connected to the switch.
Hello everybody
This is something very important for many of us, so... Why have we deviated from the subject? It is okay to provide alternative solutions, such as the GRE tunnel, but the really important thing would be to know if OpenWrt firmware is capable of behaving like a manufacturer's firmware. Because some repeaters stop being universal repeaters when they are flashed with OpenWrt firmware, and it makes no sense, since the hardware has not changed. So does anyone know how to do it?
TIA
Yeah, it's basically a "hack" called relayd or something that works along the same lines, and only works for IPv4. Manufacturers may wrap it in fancy UI, but it's still a hack.
If you've got a fixed setup with control of both/all end-points, any of the Layer 2 bridging approaches (WDS, GRE, batman-adv, ... ) are superior.
@jeff I was able to get a connection between two of my PCs with gretap. I was able to ping the other end of the gretap, and I opened a port on one end and was able to connect on the other end. Both computers have their gretap interface attached to the ethernet adapter. I haven't created bridges yet.
I know this, I did it in the past and works well more or less, but only with Atheros chipsets.
Anyway, it would be a good thing to put a drop-down menu in the Luci interface to select what we want to do with our router, similar to Gargoyle firmware. So if we select "Repeater" in that drop-down menu, the corresponding configuration will be automatically loaded. This is only possible if Relayd and Travelmate are included by default in the official firmware.
If things are not facilitated, this firmware will only be available to a few, and its configuration will only be available to qualified people.
I still remember my beginnings with this firmware ...
Likely WDS, which is exposed in LuCI, as I recall. relayd is completely different and, as you note, the Travelmate package handles this use case very well.
@jeff I tried setting up a gretap tunnel between my wifi extender running OpenWrt and a PC running linux that is in a different subnet of my LAN. I never was able to ping either side of the tunnel after setting it up.
This is basically as far as I got. I started trying to add the interfaces to bridges but it didn't seem to make any difference.
Networks
A: 192.168.1.0/24
B: 192.168.2.0/24
RouterA: 192.168.1.51
RouterB: 192.168.2.3
sysctl net.ipv4.conf.all.forwarding=1
ip link add gretap1 type gretap local 192.168.1.51 remote 192.168.2.3
ip link set gretap1 up
ip addr add 172.16.0.1 dev gretap1
ip link add tunnel type gretap local 192.168.2.3 remote 192.168.1.51
ip link set tunnel up
ip addr add 172.16.0.2 dev tunnel
Pinging one of the 172.16.0.* addresses from the other side of the tunnel would say that the destination host is unreachable.
I can't believe there isn't better documentation on the internet regarding how to set up these gretap tunnels. I'm about done trying to get the gretap tunnel working and start reading up on openvpn's L2 bridging to see if I can use openvpn to bridge the two subnets of my lan.
@jeff btw thanks for all your help with this. I'm sure they work great when they are set up properly. I may give it another shot later after I try out some other things.
I've been trying to set it up all evening to run through a level 2 openvpn tunnel. I was having trouble with the openvpn package on openwrt not wanting to read the client key that I generated on another machine. I finally got it working, though. It's actually about the speed as I was getting without a tunnel, but I'm limited by the 2.4 GHz connection between my wireless router and wireless extender.
This is a test between a wireless client on the extender and a wired client connected to a switch then to the wireless router on the other side of the network.
"iperf3 -c 192.168.1.51" on my Xiaomi Mi A2 through Termux
<-(5 GHz wifi link)->
Extender
<-(2.4ghz wifi link)->
Router
<-(1 Gbps ethernet link)->
"iperf -s" on a Dell Optiplex running Alpine Linux
