Fully routed setup - OpenWrt router and Android hotspot

Hi,
I want a fully routed setup between OpenWrt router (WC) and Android Mobile hotspot (WP). The android mobile has high speed 4G connection and provides internet connectivity using its wireless hotspot (WP). An OpenWrt router (STA) is setup as wireless bridge with relayd, associates with the WP and provides wired connectivity to OpenWrt router (WC) which is setup as wireless AP for client hosts as shown in the figure below.

I have already setup routing on WC router and client hosts are able to reach the internet using the masquerade feature on WC. But in this setup, the client hosts on 10.0.0.x network are able to reach lan hosts on 192.168.43.x network and the reverse is not possible. So I want a fully routed setup between these two subnets. That way I can access resources on client hosts (laptops,nas, ftp server, tv with dlna etc) from my android mobile (WP) and from the wireless hosts associated to it. FYI I have full root access on my android mobile to make changes in its routing table.

Please guide me with this setup.

The current firewall and network config on WC router is as follows:

(/etc/config/firewall)

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'LAN'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'WAN'
	option input 'REJECT'

(/etc/config/network)

config interface 'LAN'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.0.0.1'
	option type 'bridge'
	option gateway '10.0.0.1'
	option dns '10.0.0.1'
	option ifname 'eth0.1'

config interface 'WAN'
	option ifname 'eth0.2'
	option proto 'static'
	option ipaddr '192.168.43.101'
	option netmask '255.255.255.0'
	option gateway '192.168.43.1'

config forwarding
	option src 'lan'
	option dest 'wan'

No modifications were done at WP router (Android hotspot). With this config, the client hosts are able to reach WP router subnet and from there to the internet. What has to be done on these routers to make hosts on these subnets communicate with each other and also have internet access?

Maybe a dumb question, but ... have you setup the OpenWRT router as a real router, not just NAT? From my point of view it looks like just NAT, where the clients on 10.x.x.x subnet are able to reach those on 192.x.x.x, but not vice versa. To be fully routed, you also have to define the route on the 192.168.43.1 hotspot that the 10.x.x.x net is available at 10.0.0.1 bridge, otherwise those 192.x.x.x clients would not know where to go for the 10.x.x.x addresses. Try to traceroute the path from 192.168.43.x client to 10.0.0.x host.

1 Like

Yes, the OpenWrt router (WC) is setup for Routing and NAT. That's why clients on WC side can access 192.168.43.x and internet. Like you said, I have to add a static route on my android phone to reach 10.0.0.x subnet. You are right about that. But what else needs to be done?

You don't need NAT on the WC.
That is handled by the hotspot

1 Like

Here's how I manually added a route on hotspot to reach 10.0.0.x subnet via 192.168.43.101 (wan side of WC). But pinging to 10.0.0.1 fails on the hotspot. The nexthop 192.168.43.101 in the route is reachable on the hotspot.

Do you need a separate subnet , try relayd

https://openwrt.org/docs/guide-user/network/wifi/relay_configuration

You need to set up the WC as a pure router, not NAT. I'd start here. I've never done this before on OpenWRT (did it only on classic linux distro), but I think this link would be a good starting point.

Here's what I observed on the hotspot router (WP)

Static route to 10.0.0.x works only when 4g/Mobile data was turned off.

looks like your 4G is using 10.x.x.x subnet, reassign your 10.0.0.0/24 to 192.x.x.x/24

The hotspot is a mobile and it hands out 192.168.43.x addresses to all hosts via dhcp. Here the relayd runs on wireless bridge and connects to WC router with a wire. WC client hosts are on 10.0.0.x subnet :slight_smile:

Right. Longest prefix match? Is that the reason?

1 Like

I started from there. Tried the configs and failed. So I approached OpenWrt forum :slight_smile:

Instead of reassigning a different subnet to WC lan, is there any other solution to this issue?

How can we instruct the hotspot router to prefer the manual static route to reach 10.0.0.x subnet?

ip route add 10.0.0.0/24 via 192.168.43.101 dev wlan0

but that might be problematic for you, the preferred solution is to change your 10.0.0.0/24 to something like 192.168.44.0/24

Just a doubt:
Two entries in the routing table:
10.0.0.0/16
10.0.0.0/24

If a packet with destination address 10.1.1.1 comes in, both entries in the routing table match. But the route with 'longest prefix' gets chosen. That is 10.0.0.0/24 entry.

In our case, the two entries are
10.0.0.0/24
10.89.160.0/26

For an address, 10.0.0.1 there exists only a single match. That is 10.0.0.0/24. Why would the hotspot router pick 10.89.160.0/26 entry?

Unless there is policy routing the router will prefer the 10.0.0.0/24. The 10.89.160.0/26 doesn't even include 10.0.0.1

1 Like

The route that is most specific is choosen

Right. But the router chooses that route for 10.0.0.1 even though 10.0.0.0/24 is present in the table! Why does that happen?