Failing to set up mesh network

fidian · November 21, 2020, 11:24pm

I purchased three TP-Link Archer A7 AC1750 routers because I read that they were compatible with OpenWrt and that they supported 802.11s mesh networking. I'm looking to allow users to roam anywhere within range of these routers and for these routers to ideally find their own paths to route traffic. Configuring them as repeaters would not be ideal. Downloaded and installed OpenWrt 19.07.4, which went well without renaming the file and using the stock firmware's manual upgrade approach.

I've spent the whole day pouring over the guide: https://openwrt.org/docs/guide-user/network/wifi/mesh/80211s
Unfortunately, it seems that the config there doesn't work. When I go through the Config section, LuCI says the encryption configuration is invalid. I also get to the step "iw dev wlan0 station dump" and I don't know what a success and what a failure would look like, so I don't know what to see. One problem I noticed with the documentation is that it doesn't mention to use "opkg update", which is an important step that newbies to OpenWrt (like myself) would need to do on a newly flashed system.

Progressing to the Using the command-line CLI section and I've done steps there to see what's going on and it appears that I can't get the "ifconfig mesh up" command to work. Am I supposed to perform these commands as well, or is this an alternate method of setting up mesh networking?

I've tried setting this up using "option network" as per https://github.com/openwrt/mt76/issues/72 but that didn't really help. It did let me set up WPS3 encryption, supposedly, but not sure. There are also instructions at https://github.com/o11s/open80211s/wiki/HOWTO that I didn't yet feel I should follow - the OpenWrt page looked newer.

LuCI appears to be able to set this up in the UI as well. I deleted my earlier attempts and tried again using my browser. Encryption isn't supported, but it looks like it could have worked. Setting it up on a second router didn't help and so I feel like it's stuck.

I think I need someone to help me get this working. I've got lots of Linux experience and very little OpenWrt knowledge and lots of questions. For instance, can the 5GHz channel be used for both mesh communications and clients? Would anyone be able to help guide me? Is 802.11s the right option, or should I give up and set up networks with batman-adv or a simple repeater? Diagnostic commands with information about what's expected to be seen would be ideal, and ideally this would go to help improve the documentation so the next user doesn't have the same questions.

slh · November 22, 2020, 12:18am

You may have to use ath10k instead of ath10k-ct drivers for your qca9980 wave1 radio hardware and mesh support.

fidian · November 22, 2020, 3:42pm

I don't see ath10k loaded when I use lsmod. What is the reason behind the suggestion? Does ath10k-ct not work for mesh networking?

ath                    18240  4 ath9k,ath9k_common,ath9k_hw,ath10k_core
ath10k_core           381712  1 ath10k_pci
ath10k_pci             35344  0 
ath9k                  98960  0 
ath9k_common           11232  1 ath9k
ath9k_hw              343488  2 ath9k,ath9k_common
cfg80211              222864  5 ath9k,ath9k_common,ath10k_core,ath,mac80211
compat                  5888  4 ath9k,ath9k_common,mac80211,cfg80211
crc_ccitt                960  1 ppp_async
ehci_hcd               35312  1 ehci_platform
ehci_platform           4992  0 
gpio_button_hotplug     6816  0 
ip_tables              10576  4 iptable_nat,iptable_mangle,iptable_filter
ip6_tables             10464 24 ip6table_mangle,ip6table_filter
ip6t_REJECT              992  2 
ip6table_filter          608  1 
ip6table_mangle         1184  1 
ipt_MASQUERADE           640  1 
ipt_REJECT               928  2 
iptable_filter           608  1 
iptable_mangle           896  1 
iptable_nat              672  1 
ledtrig_usbport         2704  0 
mac80211              443840  2 ath9k,ath10k_core
nf_conntrack           60832 13 nf_conntrack_ipv6,ipt_MASQUERADE,xt_state,xt_nat,xt_conntrack,xt_REDIRECT,xt_CT,nf_nat_masquerade_ipv4,nf_conntrack_ipv4,nf_nat_ipv4,nf_nat,nf_flow_table,nf_conntrack_rtcache
nf_conntrack_ipv4       5056 11 
nf_conntrack_ipv6       5424  5 
nf_conntrack_rtcache    2592  0 
nf_defrag_ipv4          1056  1 nf_conntrack_ipv4
nf_defrag_ipv6          4704  1 nf_conntrack_ipv6
nf_flow_table          13136  2 xt_FLOWOFFLOAD,nf_flow_table_hw
nf_flow_table_hw        2112  1 
nf_log_common           2592  2 nf_log_ipv4,nf_log_ipv6
nf_log_ipv4             3296  0 
nf_log_ipv6             4000  0 
nf_nat                 10000  4 xt_nat,nf_nat_redirect,nf_nat_masquerade_ipv4,nf_nat_ipv4
nf_nat_ipv4             3824  1 iptable_nat
nf_nat_masquerade_ipv4    1584  1 ipt_MASQUERADE
nf_nat_redirect         1408  1 xt_REDIRECT
nf_reject_ipv4          2080  1 ipt_REJECT
nf_reject_ipv6          2432  1 ip6t_REJECT
nls_base                4832  1 usbcore
ppp_async               6816  0 
ppp_generic            22288  3 pppoe,ppp_async,pppox
pppoe                   9152  0 
pppox                   1168  1 pppoe
slhc                    4992  1 ppp_generic
usb_common              2208  1 usbcore
usbcore               129264  3 ledtrig_usbport,ehci_platform,ehci_hcd
x_tables               12656 24 ipt_REJECT,ipt_MASQUERADE,xt_time,xt_tcpudp,xt_state,xt_nat,xt_multiport,xt_mark,xt_mac,xt_limit,xt_conntrack,xt_comment,xt_TCPMSS,xt_REDIRECT,xt_LOG,xt_FLOWOFFLOAD,xt_CT,iptable_mangle,iptable_filter,ip_tables,ip6table_mangle,ip6table_filter,ip6_tables,ip6t_REJECT
xt_CT                   2624  0 
xt_FLOWOFFLOAD          3024  0 
xt_LOG                   736  0 
xt_REDIRECT              672  0 
xt_TCPMSS               2720  4 
xt_comment               448127 
xt_conntrack            2272 14 
xt_limit                1152 20 
xt_mac                   576  0 
xt_mark                  640  0 
xt_multiport            1216  0 
xt_nat                  1504  0 
xt_state                 672  0 
xt_tcpudp               1728 12 
xt_time                 1728  0

fidian · November 26, 2020, 10:16pm

Does anyone have a working config and possibly steps for their working mesh network? I'm happy to figure this out myself if there's no other option.

94121-usr · November 27, 2020, 7:11am

I have a Belkin F9K1115v2 and two WD MyNet600 in a mesh network, using the 5Ghz band as a backhaul only (WPA3) and clients connecting only (WPA2) to the 2.4Ghz band.

You must remove the following software packages:
wpad-mini or wpad-basic
ath10k-firmware-qca988x-ct (This is for the Belkin)
kmod-ath10k-ct (This is for the Belkin)
The "-ct" suffix indicates "Candela Technologies". These drivers are not compatible with mesh. Use the standard packages without the "-ct"

and install:
luci-ssl (optional)
wpad-wolfssl
ath10k-firmware-qca988x (This is for the Belkin)
kmod-ath10k (This is for the Belkin)

create a wireless interface
from my /etc/config/wireless, but you can use the LUCI GUI
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option country 'US'
option txpower '14'
option channel '40'
option htmode 'HT40'

config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option key 'password'
option encryption 'sae'
option mesh_rssi_threshold '0'
option mesh_fwding '1'
option mode 'mesh'
option mesh_id 'meshXXX'

Mesh configurations must match on all APs

Bridge the LAN, mesh wireless and client wireless interfaces

In my setup, the mesh would go to sleep after 5 minutes.
maybe it's related to this

The wifi interface will disassociate after 300 sec (default)

So I put a cron script to ping back to the main router every 4 minutes

*/4 * * * * sleep 10 && ping 192.168.2.1 -c 3

set system logging, cronloglevel to warning to prevent log flooding.

fidian · November 29, 2020, 4:58am

Thanks for posting your config. I really appreciate that you're helping me figure out what's going on.

I'm not using ath10k and am not using ath10k-ct (nor any -ct module) according to lsmod. I have uninstalled wpad-basic and wpad-mini (only one was installed, but I forgot which) and have installed wpad-openssl as per the HOWTO. I have the same config on two routers. When I look in LuCI, I get the following:

I'm bothered that it says Wireless is not associated on both sides and the icon/graphic on the left indicates that it is disabled, but the "Disable" button on the right indicates it is enabled.

Here's my config.

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0'
	option htmode 'VHT80'
	option country 'US'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/ahb/18100000.wmac'
	option htmode 'HT20'
	option country 'US'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option key 'password'
	option ssid 'mynet'
	option encryption 'psk2'

config wifi-iface 'wifinet2'
	option mesh_rssi_threshold '0'
	option network 'lan'
	option device 'radio0'
	option mode 'mesh'
	option mesh_fwding '1'
	option encryption 'sae'
	option key 'password'
	option mesh_id 'mynet-mesh'

94121-usr · November 29, 2020, 6:33am

I don't have a C7, so verify mesh compatibility by typing
$ iw list | grep "Supported interface modes" -A 9
Look for supported interface mode "MESH POINT"

wpad-openssl will work, but I use wpad-wolfssl. It's a lighter CPU load.

The wireless firmware drivers will not be listed using the command line "lsmod"
Verify that the "-ct" firmware and kernel mod is not installed by typing
$ opkg list-installed

The only other thing:
config wifi-iface 'wifinet2' this should be config wifi-iface 'default_radio0'
but I use the GUI to set it up, and this is what it creates

castillofrancodamian · November 29, 2020, 4:47pm

Is the -ct version not compatible with 802.11s?

94121-usr · November 29, 2020, 5:27pm

that is correct

castillofrancodamian · November 29, 2020, 5:49pm

Could you easily tell me why?

94121-usr · November 29, 2020, 9:04pm

Not easily...
With the Belkin F9K1115v2, which uses the 'ath10k-firmware-qca988x-ct' firmware and 'kmod-ath10k-ct' kernel mod by default, I could not get it connect to the mesh that the WD MyNet600 were running.
So searching the web leads to a series of search results suggesting that the CT drivers and kmods were the culprit.
I removed the '-ct' software packages and replaced them. And the Belkin now connects with the others.

fidian · December 9, 2020, 2:35am

Thank you for your explanations and what you've done to make something similar work on your side. Sorry it took so long to get back to you. My ethernet adapter died in my laptop and that caused some unforeseen issues when trying to set up the network. Right now some clients are not able to maintain connections, but that might be due to other software I have running. I will provide an update later if this continues to be a problem and if I find a solution. As it stands, I consider the topic SOLVED but I don't see how I can change the subject line to indicate this.

Here's a log of what I've done in order to make it work. Maybe this will help if anyone wants to update the documentation?

Verify that mesh is supported.

 # iw list | grep "Supported interface modes" -A 9 | grep -i "mesh point"
                  * mesh point
                  * mesh point

Remove wpad that came with the router and install one that supports SSL and mesh. Using wpad-mesh-openssl could also work, though wolfSSL is designed to be lighter and specifically targets embedded platforms.
```
 # opkg update
 # opkg remove wpad-mini wpad-basic
 # opkg install wpad-mesh-wolfssl
```

Checked the wireless firmware drivers to see if I am using the *-ct variants. These are from Candela Technologies and appear to not be compatible with mesh. If you're using these, replace them with the same packages but without the -ct suffix.

 # opkg list-installed | grep ath10
 ath10k-firmware-qca988x-ct - 2020-07-02-1
 kmod-ath10k-ct - 4.14.195+2019-09-09-5e8cd86f-1
 # opkg remove ath10k-firmware-qca988x-ct remove kmod-ath10k-ct
 # opkg install ath10k-firmware-qca988x kmod-ath10k

After rebooting, I noticed that LuCI said that I needed hostapd to enable WPA encryption of my wireless network. Also, in order to enable WPA3-SAE, I needed to install wpa-supplicant that supported SAE. These steps worked for one router. The other two didn't need this to be done. I don't know why there was a difference - probably due to me experimenting more on the first.
```
 # opkg update
 # opkg install hostapd-wolfssl wpa-supplicant-mesh-wolfssl
```
I changed the IP address to be 192.168.1.x (one distinct number per router). .1 was assigned to the router with an internet connection. The other two use .1 as their gateway. Disabled DHCP on the network interface so only one DHCP server on the network.
From here, I had to set up radio0 to be the same on all routers. I also assigned static IPs to each one (192.168.1.1 through 192.168.1.3 for ease). I've completed this through the GUI and only am showing the config here because that's how I often see this sort of config displayed.

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0'
	option htmode 'VHT80'
	option country 'US'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/ahb/18100000.wmac'
	option htmode 'HT20'
	option country 'US'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option key 'Super secret password.'
	option ssid 'mynet'
	option encryption 'psk2'

config wifi-iface 'wifinet2'
	option mesh_rssi_threshold '0'
	option network 'lan'
	option device 'radio0'
	option mode 'mesh'
	option mesh_fwding '1'
	option encryption 'sae'
	option key 'Super secret password.'
	option mesh_id 'mynet-mesh'