Howto kmod-trelay

Currently using a "routed client" setup to connect a few wired devices to my main network. It works fine but I'd like to have a more transparrent setup if possible using kmod-trelay. However I cannot find any guides how it's supposed to be setup correctly. So any help / links is appreciated.

My setup is:
"internet" -> x86 OpenWrt router (192.168.0.x) -> tp-link EAP225 APs (stock sw) -> TP-Link Archer C5 OpenWrt "routed client" (192.168.3.x) -> some wired devices

I understand that my Archer C5 should be connected in "client mode" to the EAP225 APs but should it (wwan) be as "dhcp client", "static address" or "unmanaged". And should the lan (eth1.1) be configured as "dhcp client", "static address" or "unmanaged" ?

As far as I understand kmod-trelay also requires me to do mac spoofing. But I don't understand which two mac addresses that needs to be the same.

I'll answer my own question here as it may be of use to others. After a lot of experimentation and learning how to analyze output of tcpdump I figured out how kmod-trelay needs to be setup to work.

I tried to use it as this page suggested https://openwrt.org/docs/guide-user/network/wifi/relay_configuration that it could be used as a replacement for "relayd" - that's only partly true in my opinion.

Basically kmod-trelay is very simple. It copies everything from one interface to another without doing any translations. I believe it might be very useful in some scenarios like setting up a wifi repeater (linking a wifi client with an ap), but for connecting multiple wired devices to wifi using a spare router it has it's limitations (compared to "relayd").
It can however easily connect one wired device to wifi.

Here is my setup that achieved this (on an TP-Link Archer C5) ...

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'aaaa:bbbb:1111::/48'

config interface 'rescue'
	option ifname 'eth0.2'
	option proto 'static'
	option ipaddr '192.168.42.1'
	option netmask '255.255.255.0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 2 3 4 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '6t 1'
	option vid '2'

config interface 'lan'
	option ifname 'eth1.1'
	option proto 'none'

config interface 'wwan'
	option proto 'none'

/etc/config/wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0'
	option htmode 'VHT80'
	option country 'US'
	option legacy_rates '1'

config wifi-device 'radio1'
	option disabled '1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option htmode 'HT20'
	option path 'platform/ahb/18100000.wmac'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option network 'wwan'
	option ifname 'wwan'
	option ssid 'thewifi'
	option mode 'sta'
	option encryption 'psk2'
	option bssid '0C:80:63:FB:XX:XX'
	option key 'keykeykey'
	option macaddr 'FC:AA:14:0D:XX:XX' # macaddr of the wired device

/etc/config/trelay

config trelay
	option enabled	1
	option dev1	eth1.1
	option dev2	wwan

The "rescue" network is put on the WAN port of the router to be able to easily connect and debug.

The very import configuration is the "option macaddr" - this has to be (a clone) of the wired device's mac address that you are trying to transparently connect to wifi. But as you can see you can only connect one device for each wireless client (sta).

I tried to connect multiple devices by creating multiple wireless clients and linking them to different VLANs (the /etc/config/trelay can have multiple "config trelay" sections) on the switch but after many attempts I gave up. Maybe I lack the skills to do so or there could be some limitations in the Archer C5 that prevented me from getting it to work. The output on tcpdump was at least not as I expected and the packets where not appearing on the right outputs.

Anyway I'm now using "relayd" to create the transparent bridge to the network and it seems to work without issues in my setup and I have not experienced any issues about DHCP packages not being relayed as long as I'm using static IP for my wired devices. But at least it was a fun learning experience to try to understand and use kmod-trelay :slight_smile:

2 Likes