Multiple gateways

Hello guys,
I have a Silvercrest extender with OpenWRT installed and configured as a wifi to lan bridge (I used the relayd library).

In my home network I have several gateways connected all under the same subnet with one gateway as dhcp and dns server (we have several independent internet connections).

The problem is the following:
a client connected through the Silvercrest can access the internet only through the gateway set by relayd even if I have set an ip and gateway as static address on the client.

So, my question is:
How can I configure relayd so that requests that go through the Silvercrest and have different gateway are not forced to go through the default gateway?

I've already tried setting "promiscous mode" on all devices, but it didn't work.

Thanks for you help.

Unless I misunderstood something, relayd is not limiting which addresses the wlan clients of the repeater can reach. There is not much to configure, because it is (kind of) bridging its lan side with the wwan.

1 Like

Hello trendy.
I haven't this problem with other fritzbox extenders (with avm firmware).
For some reason it only happens with the OpenWRT extender.

This is confirmed by the fact that if I change gateway in the OpenWRT wifi interface settings, then I can reach the internet node to another gateway, but only that one (see image below).

So, is there any way to bypass this setting, and let the client decide which gateway to connect to to access the internet?

Have you ever had this type of scenario working in the past? If so, how did the clients decide and what was your physical topology?

Typically, this is something that is handled by a centralized system and has nothing to do with your wireless/repeater systems. It might be achieved with the use of VLANs and multiple SSIDs, or a multi-wan capable router with policy routing, or something like RADIUS or other techniques that can help authenticate devices and steer them to the correct network.

If you have a single wifi network with a DHCP server, a client will connect and ask for a lease. The lease will be whatever the DHCP server provides. Typically, the client doesn't know that there are other gateways available. If those gateways are in the same subnet, the client can use other gateways by means of setting the routing tables on the clients themselves (this is not always exposed to the user, of course). Otherwise, it will use the gateway address that is provided by the DHCP server.

1 Like

This is a setting for the OpenWrt only. If clients are indeed using relayd then their packets heading to the internet will not use OpenWrt as a router hop.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

Also post the ipconfig /all from a windows client, or ip -4 ad; ip -4 ro from a linux client.

1 Like

First of all, I apologize for the delay in answering you.

A picture is worth a thousand words:

@trendy Here are the data you asked me:

root@OpenWrt:~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.*
/tmp/resolv.* /tmp/resolv.*/*
{
        "kernel": "5.10.96",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7628AN ver:1 eco:2",
        "model": "Wavlink WL-WN578A2",
        "board_name": "wavlink,wl-wn578a2",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "revision": "r18785-8072bf3322",
                "target": "ramips/mt76x8",
                "description": "OpenWrt SNAPSHOT r18785-8072bf3322"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'xxxx:xxxx:xxxx::/48'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option delegate '0'
        option device 'eth0'
        option ipaddr '10.0.1.222'
        option defaultroute '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '0'

config device
        option name 'eth0'
        option ipv6 '0'
        option promisc '1'
        option multicast_router '1'

config interface 'nbridge'
        option proto 'relay'
        option ipaddr '10.0.0.222'
        option delegate '0'
        option defaultroute '0'
        option peerdns '0'
        option force_link '1'
        list network 'lan'
        list network 'wifi0'

config device
        option name 'wlan1'
        option promisc '1'
        option ipv6 '0'

config interface 'wifi0'
        option proto 'static'
        option device 'wlan1'
        option ipaddr '10.0.0.222'
        option netmask '255.255.255.0'
        option gateway '10.0.0.1'
        list dns '10.0.0.1'
        option delegate '0'

package wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/10300000.wmac'
        option band '2g'
        option htmode 'HT40'
        option channel 'auto'
        option cell_density '0'
        option country 'IT'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option country 'IT'
        option cell_density '0'

config wifi-iface 'wifinet0'
        option device 'radio1'
        option mode 'sta'
        option ssid 'TIM_ROBY'
        option bssid 'xx:xx:xx:xx:xx:xx'
        option encryption 'sae'
        option key 'Spxh5qbm7&'
        option network 'wifi0'

package dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq_allow_invalid '1'
        list network 'lan'
        list network 'nbridge'
        list network 'wifi0'

head: /etc/firewall.user: No such file or directory
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qdisc fq_codel state UP qlen 1000
    inet 10.0.1.222/24 brd 10.0.1.255 scope global eth0
       valid_lft forever preferred_lft forever
6: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP100> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 10.0.0.222/24 brd 10.0.0.255 scope global wlan1
       valid_lft forever preferred_lft forever
10.0.0.1 dev wlan1 table 16800 scope link  src 10.0.0.222
10.0.0.2 dev wlan1 table 16800 scope link  src 10.0.0.222
10.0.0.64 dev wlan1 table 16800 scope link  src 10.0.0.222
10.0.0.88 dev wlan1 table 16800 scope link  src 10.0.0.222
10.0.0.96 dev eth0 table 16800 scope link  src 10.0.0.222
10.0.0.203 dev wlan1 table 16800 scope link  src 10.0.0.222
10.0.0.206 dev wlan1 table 16800 scope link  src 10.0.0.222
10.0.0.210 dev wlan1 table 16800 scope link  src 10.0.0.222
10.0.0.220 dev wlan1 table 16800 scope link  src 10.0.0.222
10.0.0.96 dev eth0 table 16801 scope link
10.0.0.1 dev wlan1 table 16802 scope link
10.0.0.2 dev wlan1 table 16802 scope link
10.0.0.64 dev wlan1 table 16802 scope link
10.0.0.88 dev wlan1 table 16802 scope link
10.0.0.203 dev wlan1 table 16802 scope link
10.0.0.206 dev wlan1 table 16802 scope link
10.0.0.210 dev wlan1 table 16802 scope link
10.0.0.220 dev wlan1 table 16802 scope link
default via 10.0.0.1 dev wlan1
10.0.0.0/24 dev wlan1 scope link  src 10.0.0.222
10.0.1.0/24 dev eth0 scope link  src 10.0.1.222
broadcast 10.0.0.0 dev wlan1 table local scope link  src 10.0.0.222
local 10.0.0.222 dev wlan1 table local scope host  src 10.0.0.222
broadcast 10.0.0.255 dev wlan1 table local scope link  src 10.0.0.222
broadcast 10.0.1.0 dev eth0 table local scope link  src 10.0.1.222
local 10.0.1.222 dev eth0 table local scope host  src 10.0.1.222
broadcast 10.0.1.255 dev eth0 table local scope link  src 10.0.1.222
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
0:      from all lookup local
2:      from all iif lo lookup 16800
2:      from all iif wlan1 lookup 16801
2:      from all iif eth0 lookup 16802
32766:  from all lookup main
32767:  from all lookup default
lrwxrwxrwx    1 root     root            16 Feb 10 20:08 /etc/resolv.conf -> /tmp/resolv.conf
lrwxrwxrwx    1 root     root            35 May  9 05:33 /tmp/resolv.conf -> /tmp/resolv.conf.d/resolv.conf.auto
-rw-r--r--    1 root     root            38 May  9 05:34 /tmp/resolv.conf.d/resolv.conf.auto

/tmp/resolv.conf.d:
-rw-r--r--    1 root     root            38 May  9 05:34 resolv.conf.auto
==> /etc/resolv.conf <==
# Interface wifi0
nameserver 10.0.0.1

==> /tmp/resolv.conf <==
# Interface wifi0
nameserver 10.0.0.1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wifi0
nameserver 10.0.0.1
Microsoft Windows [Version 10.0.19044.1706]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : TLVALLY
   Primary Dns Suffix  . . . . . . . : xx:xx:xx:xx:xx:xx
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TunnelBear Adapter V9
   Physical Address. . . . . . . . . : xx:xx:xx:xx:xx:xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Fast Eth:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek USB FE Family Controller
   Physical Address. . . . . . . . . : xx:xx:xx:xx:xx:xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom 802.11abgn Wireless SDIO Adapter
   Physical Address. . . . . . . . . : xx:xx:xx:xx:xx:xx
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Connessione alla rete locale (LAN)* 14:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #20
   Physical Address. . . . . . . . . : xx:xx:xx:xx:xx:xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Connessione alla rete locale (LAN)* 15:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #21
   Physical Address. . . . . . . . . : xx:xx:xx:xx:xx:xx
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Gigabit Eth:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : ASIX AX88179 USB 3.0 to Gigabit Ethernet Adapter
   Physical Address. . . . . . . . . : xx:xx:xx:xx:xx:xx
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.0.0.96Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.210
   DNS Servers . . . . . . . . . . . : 10.0.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TunnelBear Adapter V9 #2
   Physical Address. . . . . . . . . : xx:xx:xx:xx:xx:xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 5:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TunnelBear Adapter V9 #3
   Physical Address. . . . . . . . . : xx:xx:xx:xx:xx:xx
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

In addition, I noticed that if I uncheck use default gateway, the internet doesn't work for the connected clients.

As a noob I have tried every configuration I know of, but it didn't work.

Any solution?
Thanks

Even with your drawing, how exactly would your clients know what gateways are available (aside from the DHCP supplied default gateway)?

It would seem to me that the issue is not so much about OpenWrt, but rather about telling the clients about the alternate gateways and a providing a metric or cost so that they can prioritize which gateway to use.

IIRC, there is a DHCP option to advertise additional gateways, but not all client OSs will use that, and it still doesn't really provide a mechanism for the clients to decide which one to use unless they know why they should use a different gateway.

Why do you need the clients to decide? Why not use the mwan packages and then policy based routing on the main router to then direct the traffic according to the client, type of traffic, or other criteria like up/down status?

2 Likes

With manually setup static IP address and default gateways for each client.

Basically each of these clients in the network scheme above:
client01
client

are setup like this
Client01
tcpip01

Client07
tcpip

... and so on.

Some of that Clients are smartphones and are setup via the equivalent functionality for Android devices, but the problem when connected to Silvercrest (OpenWRT OS) is the same.

Yes this is true, but as you stated, it's more complicated to setup and, in addition not needed for Fritzboxes.

Because this scheme works well with Fritzbox routers/extenders. The problem is with OpenWRT and I don't think OpenWRT has less functionality than AVM's. Or am I wrong?

For example, if a friend of mine comes to my house and connects to the wifi network, he does not need to manually set the ip address and the gateways, as the DHCP router will automatically assign him an ip and can still surf with family internet.
Otherwise, if I want him to surf with my personal internet access, i just need to set the IP address and gateway IP manually on friend smartphone.

This is obviously a solution -- manually configuring each device allows you to explicitly specify the desired gateway.

I'm not sure what you mean here about "not needed for Fritzboxes" -- are you saying that the Fritzboxes already do what you want?

Again, not understanding this. All of your clients are on a single subnet. If you have a DHCP server, it will issue a default gateway that is the same for all clients.

If you want to have different gateways advertised by the DHCP server, there are two ways to do this:

  1. use different subnets, and on each subnet have a different DHCP server with the appropriate gateway specified. You can setup your routing such that all subnets can talk to each other (if desired) or use the firewall to selectively allow/prohibit inter-network connections.
  2. Use a RADIUS server and authenticate devices to the network. This is probably overkill, but will provide a mechanism for a per-device gateway assignment.

It sounds like what you're talking about here is the idea of a guest network vs your own LAN, as an example. This is typically done by setting up different subnets and configuring the DHCP server appropriately for each subnet.

Is there a non-OpenWrt platform that you have used in the past that did exactly what you're tying to achieve? If so, how did it work? Were all your clients on a single subnet, or were they on different networks? And if a solution exists, why not use that?

"relayd" does not care about gateways, just network nodes. The question is whether it is working properly, and you can reach any node in the 10.0.0.0 network.

Yes, exactly as you said.

Yes, i can reach any LAN node on my network (i can ping any Client or routers or extenders) and transfer files on all Clients.
The problem is when i need to access the internet through OpenWRT extender.

Check the network scheme in my above post:
Client 01 internet packets reach the router 10.0.0.210 (and has 10.0.0.210 gateway set), but Client 02 (under Openwrt extender) reach 10.0.0.1 router (and have 10.0.0.210 set) instead.

This seems to be "re-encapsulated" by the OpenWRT extender which has 10.0.0.1 as its IPv4 gateway.
If i change IPv4 gateway on the OpenWRT with 10.0.0.220 instead, the internet packets seem to be forcibly redirected to 10.0.0.220 (as Client 06 and Client 07 in the same scheme)

The only one that i used is the FritzOS, and do exactly what i trying to achieve without any particular configuration. That's why I only use one subnet.

Because i need at least another fritzbox or fritz extender, and since I have some Silvercrest extenders that are compatible with OpenWRT, I used them. I thought it was easy to set them up to work this way.

I do not need to advertised more than one DHCP server in this configuration. The other gateways have DHCP disabled.

Let's look at this more simply:
--> What is the gateway in the client network settings? (as provided by DHCP)

Yes, the packets may physically pass through 10.0.0.210, but if the client is trying send packets to the internet, it will send the packets to the gateway defined in its network settings. Because of this, 10.0.0.210 is simply passing the data through at L2 (switching) -- 10.0.0.210 cannot make routing decisions because the traffic is directed to another device on the same network.

1 Like

DHCP server do not provide gateway or ip address for Client 01 and Client 02.
They are manually setup like this:
Client01

and

Client02
tcpip02

Is exactly this what i expected, but not work as you stated.
Client 02 internet packets reach Internet Node A instead of Internet Node B (check the tiny blue dots path from Client 02 in the scheme).
I have confirmation of this because the Internet IP address I see by checking https://www.myip.com/ on Client02 come from the Internet Node A Instead of Internet node B (they are 2 different Internet Providers, so have different IP address).

If you are manually setting the IP address, you must obviously set your gateway, too.

Are you saying that it does not work when you set the gateway to .210?

I did.

I think "does not work" it's not entirely correct. The packets are routed wrong when pass throught OpenWRT extender if I set .210 as "default gateway" in Client 02 settings.

If you set .210 as the gateway, where does the traffic actually go?

If I set .210 as the gateway for Client 02,internet traffic is routed to 10.0.0.1

ok... let's see the config files for the .210 device

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Did you mean Client 02?

.210 is an openwrt device, right? Post those configs.