Howto kmod-trelay

Currently using a "routed client" setup to connect a few wired devices to my main network. It works fine but I'd like to have a more transparrent setup if possible using kmod-trelay. However I cannot find any guides how it's supposed to be setup correctly. So any help / links is appreciated.

My setup is:
"internet" -> x86 OpenWrt router (192.168.0.x) -> tp-link EAP225 APs (stock sw) -> TP-Link Archer C5 OpenWrt "routed client" (192.168.3.x) -> some wired devices

I understand that my Archer C5 should be connected in "client mode" to the EAP225 APs but should it (wwan) be as "dhcp client", "static address" or "unmanaged". And should the lan (eth1.1) be configured as "dhcp client", "static address" or "unmanaged" ?

As far as I understand kmod-trelay also requires me to do mac spoofing. But I don't understand which two mac addresses that needs to be the same.

1 Like

I'll answer my own question here as it may be of use to others. After a lot of experimentation and learning how to analyze output of tcpdump I figured out how kmod-trelay needs to be setup to work.

I tried to use it as this page suggested that it could be used as a replacement for "relayd" - that's only partly true in my opinion.

Basically kmod-trelay is very simple. It copies everything from one interface to another without doing any translations. I believe it might be very useful in some scenarios like setting up a wifi repeater (linking a wifi client with an ap), but for connecting multiple wired devices to wifi using a spare router it has it's limitations (compared to "relayd").
It can however easily connect one wired device to wifi.

Here is my setup that achieved this (on an TP-Link Archer C5) ...


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr ''
	option netmask ''

config globals 'globals'
	option ula_prefix 'aaaa:bbbb:1111::/48'

config interface 'rescue'
	option ifname 'eth0.2'
	option proto 'static'
	option ipaddr ''
	option netmask ''

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 2 3 4 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '6t 1'
	option vid '2'

config interface 'lan'
	option ifname 'eth1.1'
	option proto 'none'

config interface 'wwan'
	option proto 'none'


config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0'
	option htmode 'VHT80'
	option country 'US'
	option legacy_rates '1'

config wifi-device 'radio1'
	option disabled '1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option htmode 'HT20'
	option path 'platform/ahb/18100000.wmac'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option network 'wwan'
	option ifname 'wwan'
	option ssid 'thewifi'
	option mode 'sta'
	option encryption 'psk2'
	option bssid '0C:80:63:FB:XX:XX'
	option key 'keykeykey'
	option macaddr 'FC:AA:14:0D:XX:XX' # macaddr of the wired device


config trelay
	option enabled	1
	option dev1	eth1.1
	option dev2	wwan

The "rescue" network is put on the WAN port of the router to be able to easily connect and debug.

The very import configuration is the "option macaddr" - this has to be (a clone) of the wired device's mac address that you are trying to transparently connect to wifi. But as you can see you can only connect one device for each wireless client (sta).

I tried to connect multiple devices by creating multiple wireless clients and linking them to different VLANs (the /etc/config/trelay can have multiple "config trelay" sections) on the switch but after many attempts I gave up. Maybe I lack the skills to do so or there could be some limitations in the Archer C5 that prevented me from getting it to work. The output on tcpdump was at least not as I expected and the packets where not appearing on the right outputs.

Anyway I'm now using "relayd" to create the transparent bridge to the network and it seems to work without issues in my setup and I have not experienced any issues about DHCP packages not being relayed as long as I'm using static IP for my wired devices. But at least it was a fun learning experience to try to understand and use kmod-trelay :slight_smile:


This is great thanks for creating the how-to. I'm just curious to know what would happen if you cloned the AP lan mac address in config wifi-iface 'wifinet0' instead of a peripheral device. Would that then behave the same as how relayd works?

1 Like

Hello, sorry if i reply to this old thread, but i need help to configure a wifi-to-wifi bridge with kmod-trelay.

Were you able to set up a working configuration for this use case?


I'm not sure what you mean by a wifi-to-wifi bridge.

If you want to transparently repeat the wifi signal (like one of those wifi repeaters you can buy) then you may be able to use WDS but WDS requires that both the "upstream access point" and the "repeater" have openwrt installed.
If you only have openwrt on the "repeater" I assume you should be able to setup similar functionality with kmod-trelay but I could be wrong... as I did not try this.

1 Like

Hello. Yep, exactly this.

What I can't figure out is which macaddr to insert in place of this in your example, since I have to use a wifi-device (which can have multiple mac addresses) instead of the ethernet one.