Hello all, I wanted to set up a mesh wifi link between my routers to act as a backup if my hard wire ever goes down. The main requirement is that is needs to be able to support my multiple vlans/subnets in the same way that the hard wire does. There is some other discussion about this in other posts already but I had do piece together a lot of sources to come up with a concise solution so I thought I would share:
Setup
2 (or more) OpenWRT routers
Router 1 is the main router and firewall for the house
Router 2 is just a layer2 device to extend the vlans and wifi
Vlans:
- vlan 1 (LAN)
- vlan 99 (guest)
- vlan 53 (something else)
My “Normal” mode has a hardwire between the 2 routers configured as a trunk (802.1q)
Goal
To create a wifi link between to the routers to server as a backup trunk if there is a problem with the hardwire (manual failover here but automatic is possible)
Create wifi link
On each router, create a new wifi network:
(This requires the wpad-openssl package to be installed)
- Type 801.11s
- Mesh ID: (make sure it’s the same on both ends)
- Encryption: WPA3-SAE
- Password: (make sure it’s the same on both ends)
Set WIFI channel to be the same on both ends
Add wifi to a new network interface called ‘backbone’ (or whatever name)
IP addresses:
- Router 1: 10.10.10.1/24
- Router 2: 10.10.10.2/24
Set MTU to 1600 (advanced network options in Luci) (This may be different for you but this avoided MTU/fragemenation issues in my setup)
After saving make sure connection comes up and you can ping between both devices (recommend setting all firewalls to allow all when you are first getting this working
Create GRETAP interface (must have the gre package installed)
Edit /etc/config/network on router 1:
config interface 'tap'
option proto 'gretap'
option ipaddr '10.10.10.1'
option peeraddr '10.10.10.2'
option tunlink 'backbone'
option mtu '1500'
(note the option tunlink setting was required in order to prevent OpenWRT from adding an unnecessary route to the peeraddr via the default gateway)
Edit /etc/config/network on router 2
config interface 'tap'
option proto 'gretap'
option ipaddr '10.10.10.2'
option peeraddr '10.10.10.1'
option tunlink 'backbone'
option mtu '1500'
Run service network restart to bring up the new interfaces
The interfaces will be created with the name gre4t-tap
Testing at this point
You can create an alias interface (@tap) in Luci and set ip addresses to make sure you can ping through the new tunnel
Router1 @tap: 192.168.100.1/24
Router2 @tap: 192.168.100.2/24
Bridging VLANs across your new trunk
For each VLAN bridge you have add a new custom interface into the bridge. Ex:
- br-lan -> add custom:
gre4t-tap.1 - br-guest -> add custom:
gre4t-tap.99 - etc.
gre4t-tap.* interfaces will show as Not connected in Luci but that is OK
You can verify they are created correctly on the terminal with ip link and brctl show
Make sure to enable STP (spanning tree) on all bridges if there is a possibility you will have the wired trunk and wifi trunk up at the same time (otherwise you will cause a network loop)
Test final setup
At this point you should be able to disconnect the hardwire trunk and test that everything can be pinged across the new wifi trunk. It may take a few seconds for the new path to be learned
After all is working, you can leave everything as is and disable the wifi mesh network connection (leaving all other new interfaces as they are). You may also want to set your wifi channel of router 2 back to something different so there is less interference while the hardwire trunk is active
To do a manual failover to wifi, just set the wifi channels back to the same and re-enable the 801.11s wifi connection
You can also leave both up at the same time to have auto failover if desired, just make sure that STP is enable on all bridges/vlans
Reference