Learn about offgrid routing

Hello, I'm posting this message here because I can't find an answer.
My project is to use my router as a wifi and wired access point to set up an offgrid-network .

I'd like to be able to connect this offgrid-network set-up to the internet via 4g access using a shared smartphone connection. The project is to be possible to use different smartphones depending on who's on site, to be able to share internet access, as it were.

It is important to guard access to the router in order to manage LAN addressing.
I've tried several solutions, with bridge solution, I lose access to the router, via the wps solution, via the wifi network client access, but I can't get it to work, or determine the right solution.
Could I ask you for your opinion?

cheers
Alex

Typically, a setup like this would start with the default configuration in router mode. The lan will be mostly pre-configured (aside from needing to enable wifi and set the appropriate wifi configs).

Then, for the uplink, you can either use USB tethering or a wireless client via the method you already linked.

When you tried the wifi client, what happened?

Let's see your current configuration:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

When I tried the wifi client, I couldn't access the web.

Here the answers :

ubus call system board

{
        "kernel": "5.15.162",
        "hostname": "OpenWrt",
        "system": "Ralink RT3052 id:1 rev:2",
        "model": "La Fonera 2.0N",
        "board_name": "fon,fonera-20n",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "ramips/rt305x",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
        }
}

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '****.***.***.***'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '*****:*****:*****::/**'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.2'
        option netmask '255.255.255.0'
        option ip6assign '60'
        list dns '8.8.8.8'

config device
        option name 'eth0.2'
        option macaddr '**:**:**:**:**:**'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

config interface 'wwan'
        option proto 'dhcp'


cat /etc/config/wireless


config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/101800**.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'sta'
        option network 'wwan'
        option ssid '*********_****'
        option encryption 'psk2'
        option key '***********'
        option wds '1'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid '*********'
        option encryption 'sae-mixed'
        option key '***********'
        option network 'lan'
        option wds '1'


cat /etc/config/dhcp


config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

cat /etc/config/firewall


config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

Thx a lot

Is the upstream device expecting this as a WDS client? If not, remove that line.

And WDS should certianly be disabled here:

Why is the lan dhcp server set to ignore?

What is the output of:

ifstatus wwan | grep address
1 Like

I've read that keeping dhcp can cause conflicts.

Another parameter is that my smartphone's sending IP is 192.168.1.1

I can't change it on my old smartphone.

The output of: ifstatus wwan | grep address

            "addresses",
        "ipv4-address": [
                        "address": "192.168.1.241",
        "ipv6-address": [
                "ipv4-address": [
                "ipv6-address": [

Not in a routed configuration.

This means that there is a subnet conflict.

and it is confirmed here.

Change your lan IP to something on a different subnet. For example, 192.168.5.1 will do the trick.

https://openwrt.org/faq/change_lan_ip

1 Like

Once you get it to work with one phone, the travelmate package will allow you to configure multiple wifi connections to phones rate them by priority. Only the one with best priority will connect, when that phone is in range.

2 Likes

Kind of internet connection sets you 101% ongrid

1 Like

brada4 Sure, but it's a normally offgrid network

@mk24 Thank's for the tip, I'm sure it will be very efficient

@psherman Hi Peter, I've made a backup, to probe on a clean way.

I've just try connect to a wifi client procedure, but I don't have access to web with wired connection.
edit now I have webaccess with wired connection, it's possible that I'm not patient enough

I don't know Where I need to go to to emit wireless lan

I past the outputs of current configuration :

ubus call system board

     "kernel": "5.15.162",
        "hostname": "OpenWrt",
        "system": "Ralink RT3052 id:1 rev:2",
        "model": "La Fonera 2.0N",
        "board_name": "fon,fonera-20n",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "ramips/rt305x",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
        }

cat /etc/config/network


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '***.***.***.***'
        option netmask '***.***.****.0'

config globals 'globals'
        option ula_prefix '*****:*****:*****::/**'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth0.2'
        option macaddr '**:**:**:**:**:**'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

config interface 'wwan'
        option proto 'dhcp'

cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/10180000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'sta'
        option network 'wwan'
        option ssid '****************'
        option encryption 'psk2'
        option key '************'

cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

cat /etc/config/firewall


config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

I think travelmate is the solution,

It permit to keep the AP always ON whenever the hotspot is lost.

travelmate doc :

A logical combination of AP+STA mode on one physical radio allows most of OpenWrt supported router devices to connect to a wireless hotspot/station (STA) and provide a wireless access point (AP) from that hotspot at the same time. Downside of this solution: whenever the STA interface loses the connection it will go into an active scan cycle which renders the radio unusable for AP mode operation, therefore the AP is taken down if the STA loses its association.
To avoid these kind of deadlocks, travelmate will set all station interfaces to an β€œalways off” mode and connects automatically to available/configured hotspots

I have web connectivity on the wireless AP ! :hugs: with multiple hotspot, it's really good news !
But I lost web connectivity on the wired connection .. :face_with_monocle:

I can't solved this connectivity issue.

All is under same network 192.168.10.*

Would anyone know why i am unable to connect to the router (via 192.168.10.1) in my wired connection ?

If I enable dhcp, it sets this address for me: 169.254.152.109 ..

Address that doesn't allow me to connect to the network either.

actually outputs :

root@OpenWrt:~# /etc/init.d/travelmate status
::: travelmate runtime information
  + travelmate_status  : connected (net ok/100)
  + travelmate_version : 2.1.2-6
  + station_id         : radio0/MOVISTAR_404B/-
  + station_mac        : 00:18:84:88:92:27
  + station_interfaces : trm_wwan, -
  + wpa_flags          : sae: βœ”, owe: βœ”, eap: ✘, suiteb192: ✘
  + run_flags          : captive: βœ”, proactive: βœ”, netcheck: ✘, autoadd: ✘, randomize: ✘
  + ext_hooks          : ntp: βœ”, vpn: ✘, mail: ✘
  + last_run           : 2024.08.31-14:23:14
  + system             : La Fonera 2.0N, OpenWrt 23.05.4 r24012-d8dd03c46f

ubus call system board

      "kernel": "5.15.162",
        "hostname": "OpenWrt",
        "system": "Ralink RT3052 id:1 rev:2",
        "model": "La Fonera 2.0N",
        "board_name": "fon,fonera-20n",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "ramips/rt305x",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"

cat /etc/config/network


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '***.***.***.***'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '*****:*****:*****::/**'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'eth0.2'
        option macaddr '**:**:**:**:**:**'
        option acceptlocal '1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

config interface 'trm_wwan'
        option proto 'dhcp'
        option metric '100'

config interface 'trm_wwan6'
        option device '@trm_wwan'
        option proto 'dhcpv6'

cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/10180000.wmac'
        option channel 'auto'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'ap'
        option ssid '************'
        option encryption 'sae-mixed'
        option key '************'
        option network 'lan'

config wifi-iface 'trm_uplink2'
        option device 'radio0'
        option mode 'sta'
        option network 'trm_wwan'
        option ssid '*****************'
        option encryption 'psk2+ccmp'
        option key '*************'
        option disabled '0'

config wifi-iface 'trm_uplink3'
        option device 'radio0'
        option mode 'sta'
        option network 'trm_wwan'
        option ssid '**********'
        option encryption 'psk2+ccmp'
        option key '**********'
        option disabled '1'

cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '0'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option force '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

cat /etc/config/firewall


config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'trm_wwan'
        list network 'trm_wwan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

Thank's

How did you end up connecting to get this output?

Did you edit br-lan at all? I believe that the port listed above should be eth0.1.

1 Like

I connect using ssh via the wifi connection to get the outputs.

I don't think I modified br.lan I'll try with these parameters

Once /etc/config/network edited like you said, its working ! many thanks @psherman !!

:sweat_smile: :partying_face: :partying_face:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.