Help with static route?

Fffrank · November 10, 2020, 6:26am

Working on a new setup and I've probably made it more complicated than necessary but I am struggling to make it work the way I want.

Router A - PFSense serving DHCP to 192.168.1.x via 802.11
Router B - OpenWRT in dumb AP mode, connected via LAN to C.
Router C - OpenWRT handling DHCP for B on 192.168.100.x -- WAN via LTE.

Connected to Router B. I've setup a wireless relayd bridge from B to A and can ping my 192.168.1.x hosts through SSH but not from a wifi client or from router C. Seems like I need to setup static routes for the 192.168.1.1/24 subnet but I've been unable to figure out the right combination of settings that will work.

Here's my config on router B:

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.100.2'

config interface 'relay_bridge'
        option proto 'relay'
        option ipaddr '192.168.1.188'
        list network 'lan'
        list network 'wwan'

config route
        option target '192.168.1.0/24'
        option netmask '255.255.255.0'
        option gateway '192.168.1.1'
        option interface 'lan'

vgaetera · November 10, 2020, 7:11am

In this mode routes apply only for OpenWrt itself but not for its clients.

trendy · November 10, 2020, 8:04am

In relayd mode the IP address of lan is used for management of the router from its lan.
If you want every device to be in the same network, router C must not provide dhcp, only router A.
Otherwise you can have a layer 3 link from B to A and layer 2 from B to C.

mk24 · November 10, 2020, 8:22am

Do not use relayd. It transfers DHCP traffic between networks which is not what you want here. B should make a regular STA connection to A.

Router B has two interfaces holding IP addresses on the A and C networks. A packet sent to one of those will automatically be forwarded to the other network, as long as the firewall allows it. It is not necessary to add any routes to B.

The main router for network A needs to be set with a route to the C network via the A interface IP on router B. And vise versa.

lleachii · November 10, 2020, 4:04pm

Ummm, unless I'm missing something serious, this route is...useless (if not invalid), you already specified an interface at which 192.168.1.0/24 is located

You failed to specify a subnet here, this config is probably incomplete
Also, you placed the CIDR notation and the subnet mask notation

This device is a dumb AP anyway!

You lost me here, why are you placing a route here?

trendy · November 10, 2020, 4:09pm

In relay interface the subnet is not used.

Fffrank · November 10, 2020, 6:49pm

Dumping RelayD was a good tip. Thank you.

I've successfully created the static route/gateway pairing on my pfsense router (Router A.) I can now access Router B and Router C when connected to that the WiFi on Router A -- this was my goal and it's working!

But I can't make vice versa work. While connected to Router C, I'm not finding a route to Router A. It appears to be routing through the WAN interface when I do a tracert?

config interface 'lan'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.100.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option delegate '0'
        option multipath 'off'
        option ip4table 'lan'
        option macaddr 'dc:a6:32:c0:e6:21'
        option modalias 'of:NethernetT(null)Cbrcm,bcm2711-genet-v5Cbrcm,genet-v5'
        option metric '8'
        option label 'lan'
        option defaultroute '0'
        option peerdns '0'

config route
        option interface 'lan'
        option target '192.168.1.0/24'
        option netmask '255.255.255.0'
        option gateway '192.168.100.2'

It's worth noting that I'm running OpenMPTCPRouter on Router C -- if my rule above seems correct there must be something in it's settings that is routing this traffic?

Fffrank · November 10, 2020, 6:51pm

Dumb user trying to modify the dumb ap lol!

Fffrank · November 10, 2020, 7:24pm

OK now it appears to be routing through the correct gateway of Router B but not being forwarded from there -- do I need to bridge the two lan interfaces on Router B somehow?

Tracing route to 192.168.1.1 over a maximum of 30 hops

  1     2 ms     3 ms     2 ms  OpenMPTCProuter.lan [192.168.100.1]
  2     4 ms     1 ms     1 ms  192.168.100.2
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.

mk24 · November 11, 2020, 1:35am

The firewall in B needs to allow forwarding. The easiest way to do that is to put both interfaces in the lan zone and make sure the default forward is accept.

Fffrank · November 11, 2020, 4:02am

Thank you. They were both on LAN but thought changing default forward to accept would make it work but it did not. Any other ideas?

trendy · November 11, 2020, 7:43am

Post the configs to see how it looks like:

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
iptables-save -c; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru

Fffrank · November 11, 2020, 4:02pm

Here is the output on my router C. There's a lot so hoping you don't mind viewing a pastebin.

trendy · November 11, 2020, 4:22pm

I don't mind so much, although you could split it in 2 posts. The issue is that you are running OpenMPTCProuter distro, which is modified OpenWrt. I suppose this is router C.
The only weird thing I could see is the the mangle rule which marks the packets for the lan doesn't have any hits:
[0:0] -A omr-bypass -m set --match-set omr_dst_bypass_eth0 dst -j MARK --set-xmark 0x5398/0xffffffff

mk24 · November 11, 2020, 4:25pm

It should not be necessary to mark or mangle anything to make this work. Run route -n on all three routers to see their basic routing tables.

Fffrank · November 11, 2020, 4:37pm

Router C:

root@OpenMPTCProuter:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.255.255.1    0.0.0.0         UG    0      0        0 tun0
0.0.0.0         10.255.255.1    0.0.0.0         UG    11     0        0 tun0
0.0.0.0         192.168.42.129  0.0.0.0         UG    16     0        0 usb0
10.255.255.1    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.255.255.2    0.0.0.0         255.255.255.255 UH    11     0        0 tun0
23.237.137.237  192.168.42.129  255.255.255.255 UGH   0      0        0 usb0
127.0.0.0       0.0.0.0         255.0.0.0       U     7      0        0 lo
192.168.1.0     192.168.100.2   255.255.255.0   UG    0      0        0 eth0
192.168.42.0    0.0.0.0         255.255.255.0   U     16     0        0 usb0
192.168.42.0    0.0.0.0         255.255.255.0   U     18     0        0 usb1

Router B:

root@OCTOPUS:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 wlan0
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 br-lan

trendy · November 11, 2020, 5:15pm

Post these commands from router B too.

Fffrank · November 11, 2020, 8:06pm

Here's another pastebin for you. Thanks for helping me try to figure this out!

trendy · November 11, 2020, 8:10pm

Delete the static route.
Other than that this device is alright. Verify that router A has a static route for 192.168.100.0/24 via 192.168.1.15.

Fffrank · November 11, 2020, 9:14pm

Confirmed.
https://i.imgur.com/8I0iOgA.png