How Meshing / Roaming works

I recently installed openwrt 19.07.5 on my TP-Link AC1750 V2 and on a AVM Fritz!Box 7412.
On both systems I use wpad-mesh-openssl and WiFi is working good with WPA2 as an access point.

When I try to add a mesh interface I can only select "none" or "WPA3" for encryption. Same on both devices. But I do not have any device that has WPA3.

Everything I have read on the internet suggests that WPA2 is possible on a mesh network, at least in release 18.xx.

Manually adding "psk2" to /etc/config/wireless does not seam to have any effect. At least the WUI does not show that at all.

Currently I do not want to install any 18.xx release on the devices for testing.

Do I miss something here? Has anybody else had luck with WPA2 for MESH on 19.07.5?
There are plenty of articles on the internet, but none matched that problem. Using wpad-mesh-wolfssl did not change anything.

Thanks for any help


An interface in mode mesh cannot link to regular WiFi STA devices like smartphones or laptops. For this you would create an additional interface of mode AP.

Mesh points in your network should use WPA3 among the mesh points. The only reason to use a different encryption is if you have to connect to an existing mesh which does not support it.

In fact, IEEE802.11s only specifies SAE as option for encryption and that's what later down the road evolved into WPA3. Hence, devices which claim to support IEEE802.11s mesh with encryption will always do so using SAE encryption (no matter how they name it). If you experience incompatibilities, this is probably due to IEEE802.11w Management Frame Protection not being supported by the other end. While enabling IEEE802.11w is mandated by the WPA3 standard and is generally an advisable thing to do, older implementations making use of IEEE802.11s with SAE encryption may do so without supporting IEEE802.11w.
Try disabling MFP and see if that allows the other device to connect.

The mesh interfaces are for interconnection of the access points, not to directly connect with the mobile devices etc as @mk24 mentioned. Since you have OpenWrt on both devices, you should just enable WPA3 encryption on the mesh... and voila your access points can use wifi mesh as their backhaul to connect together. The mobile devices don't need to know anything about this.

Thanks a lot,
that scheds a little more light on it.
Actually that means that most of the configs I saw on the internet are wrong because they use WPA2 for the mesh.
Let me show my configuration to you and recap what I have understood so far.
On both systems I have the following identical /etc/config/wireless:
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'platform/ahb/18100000.wmac'
option htmode 'HT20'
option channel '4'

config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'MyWLAN'
option encryption 'psk2'
option ft_psk_generate_local '1'
option key 'WLANPW'

config wifi-iface 'mesh'
option network 'lan'
option device 'radio1'
option mode 'mesh'
option key 'MESHPW'
option mesh_fwding '1'
option mesh_rssi_threshold '0'
option encryption 'sae'
option mesh_id 'MyMesh'

I understood that my WLAN clients connect to "MyWLAN" via WPA2 to any of the routers.
Both mesh routers may communicate via "MyMesh" WLAN using WPA3 and can hand over WLAN connections for "MyWLAN", right?
Unfortunately the mesh does not seam to work for me. I do have interruptions.
That might be, because the mesh routers can't see each other via WLAN. They are just too far away. The WUI shows that there are no connections on the mesh WLAN.
But the routers can see each other via LAN and my devices are always in the range of at least one WLAN router.
So how does the mesh communication of the routers work if there is no WLAN connection between the routers?
I haven't seen any configuration where I can tell the routers what IP address the other mesh router has.
Is there any possibility?
Does 802.11r interfere with mesh networking? Or does it break it?
Is there any log or command where I can check the mesh activities?
Thanks to the speciallist.

If you have a wired lan between the access points, then the mesh is completely useless, unless you plan to move these APs around on a regular basis. Just get rid of the mesh.

People think that if they "enable mesh" then it will somehow improve roaming on their mobile devices (because they think the mobile devices participate in the mesh? not sure). This is just false and a misunderstanding. Mobile devices only connect to APs and the algorithm for choice of AP is entirely up to the mobile device software maker. If you don't like how your device roams, you can try enabling 802.11r but as of a few years ago, relatively few devices used it. That may be better now.

The best most fluid roaming scenario is:

  1. All APs wired together using gigabit ethernet backhaul
  2. All APs have the same SSID and security settings
  3. 802.11r is enabled and the mobile devices support it
  4. The APs use different non-overlapping channels
  5. APs have relatively low power and placed sufficiently scattered around the space so that no matter where a mobile device is it either hears at most one AP with a strong signal, or it hears two APs with a medium signal
  6. 802.11n/ac only modes, low data rates are disabled, either 6Mbps or 12Mbps is the lowest allowed data rate.

If ALL of these are in place, you should be able to roam around your house seamlessly even during a VOIP phone call. As any one of these is violated it becomes progressively less good.


Hi dlakelan,

Obviously I was putting too much hope in "mesh" without actually understanding it's nature completely.

So I will roll back to roaming. This is my best option and fiddling with some parameters might improve roaming for my devices.

Your explanations helped a lot and might help others who have a similar setup. And it helps to demystify WLAN mesh.

If you don't mind, I will close that thread.


sounds good. I changed the title to reflect the more general nature of the discussion.

one aftermath.
On my Samsung Galaxy A5 2017 running Android 8.0 I had to go to the developers options and activate WLAN roaming. Now it is working.
On my Galaxy Tab running on Android 10 I could not find that option and curently I am not sure, if romaing is working on that device.

According to this document
kba-115013403768.htm (please use internet search because I don't know if I am allowed to add a link)
Samsung devices with Android 9 or higher support fast roaming out of the box

links should be fine. but thanks for the pointer. I'm glad if they're using fast roaming now. a couple years ago it was very frustrating.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.