Howto kmod-trelay

Currently using a "routed client" setup to connect a few wired devices to my main network. It works fine but I'd like to have a more transparrent setup if possible using kmod-trelay. However I cannot find any guides how it's supposed to be setup correctly. So any help / links is appreciated.

My setup is:
"internet" -> x86 OpenWrt router (192.168.0.x) -> tp-link EAP225 APs (stock sw) -> TP-Link Archer C5 OpenWrt "routed client" (192.168.3.x) -> some wired devices

I understand that my Archer C5 should be connected in "client mode" to the EAP225 APs but should it (wwan) be as "dhcp client", "static address" or "unmanaged". And should the lan (eth1.1) be configured as "dhcp client", "static address" or "unmanaged" ?

As far as I understand kmod-trelay also requires me to do mac spoofing. But I don't understand which two mac addresses that needs to be the same.

I'll answer my own question here as it may be of use to others. After a lot of experimentation and learning how to analyze output of tcpdump I figured out how kmod-trelay needs to be setup to work.

I tried to use it as this page suggested https://openwrt.org/docs/guide-user/network/wifi/relay_configuration that it could be used as a replacement for "relayd" - that's only partly true in my opinion.

Basically kmod-trelay is very simple. It copies everything from one interface to another without doing any translations. I believe it might be very useful in some scenarios like setting up a wifi repeater (linking a wifi client with an ap), but for connecting multiple wired devices to wifi using a spare router it has it's limitations (compared to "relayd").
It can however easily connect one wired device to wifi.

Here is my setup that achieved this (on an TP-Link Archer C5) ...

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'aaaa:bbbb:1111::/48'

config interface 'rescue'
	option ifname 'eth0.2'
	option proto 'static'
	option ipaddr '192.168.42.1'
	option netmask '255.255.255.0'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '0t 2 3 4 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '6t 1'
	option vid '2'

config interface 'lan'
	option ifname 'eth1.1'
	option proto 'none'

config interface 'wwan'
	option proto 'none'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0'
	option htmode 'VHT80'
	option country 'US'
	option legacy_rates '1'

config wifi-device 'radio1'
	option disabled '1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option htmode 'HT20'
	option path 'platform/ahb/18100000.wmac'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option network 'wwan'
	option ifname 'wwan'
	option ssid 'thewifi'
	option mode 'sta'
	option encryption 'psk2'
	option bssid '0C:80:63:FB:XX:XX'
	option key 'keykeykey'
	option macaddr 'FC:AA:14:0D:XX:XX' # macaddr of the wired device

/etc/config/trelay

config trelay
	option enabled	1
	option dev1	eth1.1
	option dev2	wwan

The "rescue" network is put on the WAN port of the router to be able to easily connect and debug.

The very import configuration is the "option macaddr" - this has to be (a clone) of the wired device's mac address that you are trying to transparently connect to wifi. But as you can see you can only connect one device for each wireless client (sta).

I tried to connect multiple devices by creating multiple wireless clients and linking them to different VLANs (the /etc/config/trelay can have multiple "config trelay" sections) on the switch but after many attempts I gave up. Maybe I lack the skills to do so or there could be some limitations in the Archer C5 that prevented me from getting it to work. The output on tcpdump was at least not as I expected and the packets where not appearing on the right outputs.

Anyway I'm now using "relayd" to create the transparent bridge to the network and it seems to work without issues in my setup and I have not experienced any issues about DHCP packages not being relayed as long as I'm using static IP for my wired devices. But at least it was a fun learning experience to try to understand and use kmod-trelay

This is great thanks for creating the how-to. I'm just curious to know what would happen if you cloned the AP lan mac address in config wifi-iface 'wifinet0' instead of a peripheral device. Would that then behave the same as how relayd works?

Hello, sorry if i reply to this old thread, but i need help to configure a wifi-to-wifi bridge with kmod-trelay.

Were you able to set up a working configuration for this use case?

Thanks

I'm not sure what you mean by a wifi-to-wifi bridge.

If you want to transparently repeat the wifi signal (like one of those wifi repeaters you can buy) then you may be able to use WDS https://openwrt.org/docs/guide-user/network/wifi/atheroswds but WDS requires that both the "upstream access point" and the "repeater" have openwrt installed.
If you only have openwrt on the "repeater" I assume you should be able to setup similar functionality with kmod-trelay but I could be wrong... as I did not try this.

Hello. Yep, exactly this.

What I can't figure out is which macaddr to insert in place of this in your example, since I have to use a wifi-device (which can have multiple mac addresses) instead of the ethernet one.

I think if you are trying to pseudo-bridge a wireless client interface (non-WDS), you must ensure that all traffic going through the client interface to the AP must use the source address of the client interface (including the traffic coming from other devices connected to it)
For such manipulation of MAC addresses, you would probably need something like ebtables.

Moreover, simply changing MAC addresses in the frames isn't enough and won't get the network working because protocols like ARP (IPv4) and NDP (IPv6) contain the MAC address inside the packet data - which has to be altered accordingly when it flows to/from a wireless client interface.

There are some suggestions on how to configure this with ebtables for IPv4 (assuming that the interfaces are already added to a bridge) in the Debian wiki: https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC

When you use relayd (IPv4) or odhcpd ndp-relay (IPv6), it does something similar by dynamically maintaining host routes to individual devices on both networks and "proxy"-ing the ARP/NDP.
In this setup, on the wireless client network, the router appears as a single device with multiple IP addresses (those of the devices connected to it) and it routes incoming traffic to the devices based on the individual host routes.