How to make a wifi network using the wan interface?

I have two routers with openwrt installed.

The first one is for wifi for everyone in the family. I call it the home-router. It has a subnet of 192.168.20.0/24

The second one is for my personal network, to host my own dns servers, file servers, etc. I call it the homelab-router. It has a subnet of 192.168.30.0/24

They are both connected by ethernet cable. From home-router (lan port) to homelab-router (wan port).

homelab-router has it's own 5G wifi network. It provides ips to clients like 192.168.30.xxx
I would like to use the homelab-router 2.4G wifi to extend home-router wifi network keeping the same ssid name, home-router dhcp server and dns server.

So if I connect a smartphone to homelab-router 2.4G wifi, It would obtain a home-router ip (192.168.20.xxx)

How can I connect wifi cients to homelab-router 2.4G wifi but let home-router do all the dhcp, dns, routing and everything else?

And If

Assign the 2.4GHz SSID to wan interface of the lab router.

I just tried and the client, a smartphone, never connects. In openwrt, Wireless section, you can see the mac address of the smartphone but ip is never assigned.

Seems like you really want to setup a dumb ap.

Let’s take a look at your config.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Should not be dumb, because it has an uplink to the internet.

But the op said they want to connect WiFi to the wan interface. If I’m not misinterpreting the request, it sounds like they want a bridge/dumb ap so that the wifi clients are on the upstream network.

yes


ubus call system board

{
	"kernel": "5.15.134",
	"hostname": "homelab-net",
	"system": "MediaTek MT7621 ver:1 eco:3",
	"model": "Linksys EA7300 v1",
	"board_name": "linksys,ea7300-v1",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "ramips/mt7621",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd5e:3c1e:0409::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config device
	option name 'lan1'
	option macaddr '60:38:e0:2d:92:34'

config device
	option name 'lan2'
	option macaddr '60:38:e0:2d:92:34'

config device
	option name 'lan3'
	option macaddr '60:38:e0:2d:92:34'

config device
	option name 'lan4'
	option macaddr '60:38:e0:2d:92:34'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.30.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns_search 'lan'

config device
	option name 'wan'
	option macaddr '60:38:e0:2d:92:34'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option type 'bridge'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option type 'bridge'


cat /etc/config/wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel 'auto'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option channel 'auto'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'homelab-net'
	option encryption 'sae'
	option key 'openwrt'

config wifi-iface 'wifinet3'
	option device 'radio0'
	option mode 'ap'
	option ssid 'home-net'
	option encryption 'sae-mixed'
	option network 'wan'
	option key 'openwrt'


cat /etc/config/dhcp


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

cat /etc/config/firewall


config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'home-net'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	list network 'wan'
	list network 'wan6'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config forwarding
	option src 'home-net'
	option dest 'lan'

config forwarding
	option src 'lan'
	option dest 'home-net'

config include 'pbr'
	option fw4_compatible '1'
	option type 'script'
	option path '/usr/share/pbr/pbr.firewall.include'

create a bridge device for the wan:

config device
	option name 'br-wan'
	option type 'bridge'
	list ports 'wan'

Edit the wan interfaces to use the new bridge (and remove the type bridge line). It will look like this:

config interface 'wan'
	option device 'br-wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'br-wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

That actually did it.

Can you explain it to me? (dump it down please)

Would it be possible to make roaming seamless? Without lossing connection going from homelab to home.

A bridge is a software equivalent of an unmanaged switch, necessary to connect a network to multiple physical interfaces. You had the bridge line in the network interface stanzas, which is no longer valid (it was in older versions of OpenWrt). Now you create a special bridge device for this purpose and then connect the network to that bridge device.

It can be nearly seamless when tuned properly (radio power and channel for each ap), but there will always be a very short dropout (almost unnoticeable at human scale when done well). You can try 802.11r (and k,v), but I find these don’t always work well and they still rely on the proper tuning of the APs.

Let's say I would like to do it in reverse.

I would like to create a wifi network in home router to extend homelab so I can connect and get the same dhcp, dns, etc from homelab

home router can't use vlans.

Why not? It’s running openwrt, isn’t it?

Yes, it is running OpenWrt 22.03.5

It can't use vlans. Something about hardware or driver limitations

It's a Linksys EA6350v3

Those limitations might be fixed in 23.05.0 which was just released. (honestly I haven't been following that particular thing, upgrading makes sense anyway.). We can try. I'd suggest upgrading and making sure your normal stuff is operating properly, then open a new thread and we'll see if we can get the VLANs to work.

Thank you!

I'll probably have to kick everyone out of the house to make an upgrade :joy:

btw, is vlans necesary to do the reverse? Can a usb ethernet adapter be used instead?

Generally speaking, yes, VLANs would be the way to do this. It might be possible without VLANs proper if you can run another ethernet cable between the two devices.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.