How to give internet access to mesh nodes?

I have 4 TP-Link c20 v5 routers , I have created a mesh network using OLSR protocol and its working fine.
One of the 4 routers has a direct access to internet via ethernet cable , and rest of them are placed around the house .
I don't know to how to create a access point in rest of the routers which has access to internet.
Here is my configuration for the mesh router with ethernet cable :

ect/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/10300000.wmac'
	option htmode 'HT20'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option ssid 'OpenWrt'
	option mode 'ap'
	option network 'lan'
	option encryption 'psk'
	option key 'helloworld'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option htmode 'VHT80'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option encryption 'none'
	option mode 'adhoc'
	option ssid 'OLSR'
	option network 'mesh'

ect/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd6c:eb62:141c::/48'

config interface 'lan'
	option ifname 'eth0.1'
	option proto 'dhcp'
	option hostname 'MESH01'
	option type 'bridge'

config interface 'wan'
	option proto 'dhcp'

config device 'wan_dev'
	option name 'eth0.2'
	option macaddr 'd8:47:32:13:f2:03'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0 6t'

config interface 'mesh'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.10.10.1'
	list dns '8.8.8.8'

Configuration for my other mesh routers

etc/config/network


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd70:919b:2d09::/48'

config interface 'lan'
	option ifname 'eth0.1 eth0.2'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.200'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth0.1'
	option type 'bridge'

config device 'wan_dev'
	option name 'eth0.2'
	option macaddr 'd8:47:32:13:f4:31'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0 6t'

config interface 'mesh'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.10.10.2'
	list dns '8.8.8.8'

etc/config/wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/10300000.wmac'
	option htmode 'HT20'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option ssid 'OpenWrt'
	option mode 'ap'
	option network 'lan'
	option encryption 'psk'
	option key 'helloworld'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option htmode 'VHT80'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option encryption 'none'
	option network 'mesh'
	option mode 'adhoc'
	option ssid 'OLSR'

How do I give internet access to my other mesh nodes?

They will need a default gateway and DNS for a start. Assign that to the upstream interface (lan or mesh)

1 Like

Am a newbie.. just followed a few tutorials to get mesh working .
Can you simplify it by saying a few steps or something.
Thank you.

I would encourage you to use LibreMesh, that is a software based on OpenWRT that deals with the mesh automatically.

1 Like

For OLSR you need to set a HNA announcement of 0.0.0.0 to route traffic to the gateway node (for the one node that has internet access)

Refer to this other thread

2 Likes

all of that is set.
I do not know how to set up the access point of other routers to access internet from there.

Ok, it maybe the firewall setting ?

Either try accept or disable completely to test/check

That's my firewall setting for node which acts as internet gateway.

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone
	option network 'mesh'
	option input 'ACCEPT'
	option name 'mesh'
	option output 'ACCEPT'
	option forward 'ACCEPT'

and this is the setting i have in my other mesh nodes


config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option network 'lan wan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option mtu_fix '1'
	option network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone
	option network 'mesh'
	option input 'ACCEPT'
	option name 'mesh'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'mesh'

config forwarding
	option src 'mesh'
	option dest 'lan'


try

this is what was done in the past since olsr needed ports to communicate, but it would be best to open only what needed

The most basic way to run a mesh is to bridge the mesh interface and the user AP into the LAN of each node. It's good for a proof of concept to see that it works. Since there is basically no firewalling it is not secure against untrusted users though.

1 Like

Tried doing that ...no luck.

Is there anything similar for OLSR?

Any help on this same topic Im not getting the Internet on my Node1, Main Node connected with the internet

My Config are :
======= My Network config Node 1====

config interface 'lan'
option type 'bridge'
option ifname 'eth0.1 bat0'
option proto 'static'
option ipaddr '10.3.12.2'
option netmask '255.255.255.0'
#option ip6assign '60'

#config interface lan
 #    option type 'bridge'
   #   option ifname 'eth0.1 bat0' #ethX might be different for your device
   #   option proto 'static'
    # option ipaddr '192.168.10.10'
     # option netmask '255.255.255.0'
     # option gateway '192.168.10.1'
     # option dns '192.168.10.1'


config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr 'd4:5f:25:fc:c6:74'

config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'

config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr 'd4:5f:25:fc:c6:75'

config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 6t'

config interface 'bat0'
        option proto 'batadv'
        option routing_algo 'BATMAN_IV'
        option aggregated_ogms 1
        option ap_isolation 0
        option bonding 0
        option bridge_loop_avoidance 1
        option distributed_arp_table 1
        option fragmentation 1
        option gw_mode 'off'
        option hop_penalty 30
        option isolation_mark '0x00000000/0x00000000'
        option log_level 0
        option multicast_mode 1
        option multicast_fanout 16
        option network_coding 0
        option orig_interval 1000

config interface 'mesh'
        option proto 'batadv_hardif'
        option master 'bat0'
        option mtu 2304
        option throughput_override 0



Gateway Mesh 
 config interface 'lan'
  option type 'bridge'
  option ifname 'eth0.1'   // if i put bat0 here Node1 will never get ip addr
  option proto 'static'
  option ipaddr '10.3.12.1'
  option netmask '255.255.255.0'
  option ip6assign '60'
   option dns '8.8.8.8'

config device 'lan_eth0_1_dev'
   option name 'eth0.1'
   option macaddr 'd4:5f:25:fc:c6:74'

config interface 'wan'
   option ifname 'eth0.2'
   option proto 'dhcp'

config device 'wan_eth0_2_dev'
    option name 'eth0.2'
   option macaddr 'd4:5f:25:fc:c6:75'

config interface 'wan6'
   option ifname 'eth0.2'
    option proto 'dhcpv6'

config switch
   option name 'switch0'
   option reset '1'
   option enable_vlan '1'

config switch_vlan
    option device 'switch0'
   option vlan '1'
   option ports '1 2 3 4 6t'

config switch_vlan
    option device 'switch0'
    option vlan '2'
   option ports '0 6t'

config interface 'bat0'
        option proto 'batadv'
        option routing_algo 'BATMAN_IV'
        option aggregated_ogms 1
        option ap_isolation 0
        option bonding 0
        option bridge_loop_avoidance 1
        option distributed_arp_table 1
        option fragmentation 1
        option gw_mode 'off'
        option hop_penalty 30
        option isolation_mark '0x00000000/0x00000000'
        option log_level 0
        option multicast_mode 1
        option multicast_fanout 16
        option network_coding 0
        option orig_interval 1000
config interface 'mesh'
        option proto 'batadv_hardif'
        option master 'bat0'
        option mtu 2304
        option throughput_override 0

All nodes are C20 v5?
What firmware?
What wifi drivers?
What wpad?

I use 802.11s vanilla on EA8300. Not really a BATMAN guy but the C20 is an 8/64MB machine and I have heard of those running out of memory during operation. Look in the system logs for errors and post? HTOP?

Save memory by not using any AP's on the nodes other than the MESH.
Save memory by using the smallest packages and drivers.

Run 2.4 Ghz only as backhaul and see if that solves it. Trying to run 5Ghz uses more memory. You could probably do one or the other but not both?

HTH