I was successfully able to install and upgrade LEDE on my TP-Link RE450 repeater. However, I am having trouble using it as a travel router. The application is when you have only 1 connection available to a hotel wifi network and want to rebroadcast it to create your own private network such that all your devices can connect via that same connection without losing bandwidth (exploiting dual radio).
My goal is to have a configuration as follows:
Repeater connected as a client to main router's WiFi on the 2.4 GHz band.
DHCP lease provided by main router to repeater.
Repeater broadcasts a new private network with different SSID on the 5 GHz band (to prevent throughput loss).
DHCP is enabled on the repeater and any client that connects to the private 5 GHz network is assigned its lease by the repeater.
Ideally, a VPN configured onto my private network once all of the above is done as well.
In essence, as far as the main router is concerned it only sees 1 device (the repeater) connected to its 2.4 GHz network. But, the private 5 GHz network is allowing multiple devices to be connected through that connection. The private network is completely invisible to the main router or its direct clients! A picture is worth a thousand words so here is the configuration:
I could only find a Wiki page that shows how to setup a repeater using relayed with bridge configuration (click here to view). Unfortunately, this configuration cannot be used for this application because in this case:
DHCP is enabled only on the main router and it is responsible for assigning leases to new clients.
All devices on both: the repeater network and router network are connected via LAN and can see each other.
@htmt Thank you. I may go that route, just thought I should understand whats going on and try to do it myself before I install a package.
Here is where I am at. Any help would be appreciated
I have managed to create a 2.4 GHz Client that is connected to the main router's WiFi. I have also created a 5 GHz Access Point that is broadcasted across my house (see image below). However, I am unable to get any internet on the created 5 GHz hotspot.
Here are my configs: /etc/config/network
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'dhcp'
Then add a new SSID to WAN under the Wireless page (do not remove the default WiFis)
Connect that SSID to hotel WiFi
Enable the default WiFi, its already on LAN
Everything should work
For "safety" turn the 5th [WAN] switch port to "Off," or change its assignment to LAN (VLAN 1)
Under no circumstance plug anything into the 5th WAN port unless you covert it to LAN
You WiFi speed will be reduced in half, if using the same band (2.4 GHz or 5.4 GHz)
This is a Wireless Client mode (the WiFI acts at the WAN port), which is exactly what you asked for. This is good, because Wireless Bridge mode (where the clients get the same IP as the Master AP) doesn't setup quite well on all devices.
The 5 GHz AP and your Ethernet ports should be in LAN only.
Do not make WAN a bridge. A regular STA cannot be in a bridge. The only device attached to WAN must be the 2.4 GHz STA. Check this on the network -- wan -- physical settings page.
On the main status page you should see WAN has been assigned an IPv4 address. If this address is in the 192.168.1.x range, overlapping LAN, the Internet will not be reachable. You then need to change the LAN address range to something else.
Based on @mk24 's advice , here is my full newbie-friendly config for others who want to go about it: /etc/config/network
config interface 'loopback'
defaults
config globals 'globals'
defaults
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.1.1' # change this so that it does not conflict with your wan-assigned IP
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'dhcp'
option hostname 'optional-new-hostname'
option macaddr 'optional-new-macaddr' # make sure its the same as the one you assigned in the wireless
I used a guide by Logan Marchione to convert an MR3020 (and more recently the WR-902AC) travel router into exactly this idea.
Take a look at the link and if this is the route you want to go, I can give you some more insight and advice about how I made mine work (I've added a bunch of functionality on top of what Logan had outlined), including automatically enabling the VPN (when desired), ability to switch the ethernet port between LAN and WAN, LED indications of the status VPN and general network status,, etc.
Also, one VERY important aspect of these wireless chipsets is that if the upstream (wireless WAN) connection cannot be established, the entire radio fails to start, so you need a way to connect and/or to reset the radio(s). If you are using something with 2 radios (like the RE450 or the WR902AC) and then keep one radio purely for the private (LAN) network, you should be okay since you'll always have access. But that was one of the other improvements I made to the functions of the MR3020 and WR902AC - at boot time, if the switch is in a specific position, it will 'reset' the network and wireless settings to a known good state.
Just looked at that Travelmate package -- looks like it probably does a lot of what I was doing semi-manually. Super cool. I'll be checking that one out, for sure!
Thanks for the link. I'll check it out, seems good on a preliminary glance.
I can't install a lot of packages due to limited space on my device so I want to do as much as I can manually. Wait a second, the MR3020 has half the Flash MB (only 4 MB) available as mine. Do you have space to install packages like Travelmate?
I will always have access to the repeater because my 5 GHz AP is purely LAN. However, if in case the upstream connection fails, do you know the command to get it back up i.e. so that it tries to reconnect to the main router?
I figure it would be just the following commands but I could be wrong:
did you put the client interface in the wwan or wan firewall group?
I pack a router in my luggage to do exactly this. There's usually someplace in
the room that the router (with it's better antennas) can get a signal, and then
all my devices can connect through it (and I pay for one mac address)
@openwrt_newbie999 - Due to the very limited flash (4MB), I perform the extroot process and use a USB thumb drive to effectively increase the flash storage capacity. It is necessary to use the image builder tool to exclude LuCI and include the appropriate USB + storage drivers to get started. I have a set of scripts that performs the extroot, sets up the basic networking, and installs LuCi and all the other packages I need.
You should not have any issues getting OpenVPN on your device (8 mb I think).
There are a number of other OpenVPN pages here: https://wiki.openwrt.org/start?do=search&id=openvpn
I like the "streamlined" one the best right now.
Also travelmate is a good product, but you may want to verify with dirk some of the fine points (ie radio config). I think you should make sure you understand which is radio0 and radio1 and that it maps correctly in the product. Not too many dual radio setups out there.
I also have mini-DLNA on my travel router, but with 64GB on the phone do not use it as much as with my older phone
The paradigm of a "VPN" is quite different, but I've found it to be simple and straightforward to setup from LuCI. At this time, your other endpoints must be Linux or OSX-based, but if you plan to use a travel router to connect home for example, it would work as a ad hoc point-to-point VPN when you use the travel router away.
It sets up as a its own Interface and uses shared public keys, matching private ones you setup at install. You can use your home IP or a DDNS name to set up your home router with as a static endpoint address, and setup the travel router with no fixed remote IP, so it can "roam."
It's all safe, because only you know the key, port and permitted IPs on the tunnel. You also firewall.
Its a relatively new protocol. Do you trust that it is secure at this point in its development? AFAIK it has not gone any third party security audits so far.
Travelmate is a station manager, meaning it will allow you to define a number of "Hotspots" and automaticaly login to them as you travel (Hotels, coffee shops, etc) and also address the issue of "No AP when the STAtion is not available". This should not be an issue on a dual band radio, but if you have any 2.4ghz clients it becomes relevant.
My references to config were to make you aware that, as best I know, the travelmate product needs to know what radio is acting in what role.
I agree that it would make it a little more convenient for me, especially if I have 2.4 GHz clients like you mentioned or I was connecting to multiple hotspots. The latter issue of “No AP when the STAtion is not available” is a non-issue since this is dual radio. However, due to limited Flash MB I've decided I don't need it for now.
Looking on to the VPN side of things, I looked into Logan's guide mentioned above my @psherman but it lacks the ability for me to enable/disable the VPN from the UI.
I followed this guide instead to try and setup a VPN since it allows UI functionality.
But, again I ran into the problem where the guide only pertains to single band radios. Please could someone help me change the firewall settings such that I can use it with a dual band radio.
He mentions in the guide that the firewall forwarding settings should be like:
config zone
option name 'VPN_FW'
other options
config forwarding
option dest 'VPN_FW'
option src 'lan'
Since I am using a dual band radio, I already have the following forwarding settings in my firewall:
config forwarding
option src 'lan'
option dest 'wan'
I tried adding two forwarding configs such that it forwarding from lan -> VPN_FW -> wan but that did not work. My non-working forwarding config looked like follows:
config forwarding
option src 'lan'
other dest 'VPN_FW'
config forwarding
option src 'VPN_FW'
option src 'wan'
Appreciate the guidance
EDIT:
I made a new topic for the VPN configurations because it is slightly off-topic for this. Please comment here.
Thank You Everyone in this thread for helping me achieve this!
