Hello guys,
I have a Silvercrest extender with OpenWRT installed and configured as a wifi to lan bridge (I used the relayd library).
In my home network I have several gateways connected all under the same subnet with one gateway as dhcp and dns server (we have several independent internet connections).
The problem is the following:
a client connected through the Silvercrest can access the internet only through the gateway set by relayd even if I have set an ip and gateway as static address on the client.
So, my question is:
How can I configure relayd so that requests that go through the Silvercrest and have different gateway are not forced to go through the default gateway?
I've already tried setting "promiscous mode" on all devices, but it didn't work.
Unless I misunderstood something, relayd is not limiting which addresses the wlan clients of the repeater can reach. There is not much to configure, because it is (kind of) bridging its lan side with the wwan.
Hello trendy.
I haven't this problem with other fritzbox extenders (with avm firmware).
For some reason it only happens with the OpenWRT extender.
This is confirmed by the fact that if I change gateway in the OpenWRT wifi interface settings, then I can reach the internet node to another gateway, but only that one (see image below).
Have you ever had this type of scenario working in the past? If so, how did the clients decide and what was your physical topology?
Typically, this is something that is handled by a centralized system and has nothing to do with your wireless/repeater systems. It might be achieved with the use of VLANs and multiple SSIDs, or a multi-wan capable router with policy routing, or something like RADIUS or other techniques that can help authenticate devices and steer them to the correct network.
If you have a single wifi network with a DHCP server, a client will connect and ask for a lease. The lease will be whatever the DHCP server provides. Typically, the client doesn't know that there are other gateways available. If those gateways are in the same subnet, the client can use other gateways by means of setting the routing tables on the clients themselves (this is not always exposed to the user, of course). Otherwise, it will use the gateway address that is provided by the DHCP server.
This is a setting for the OpenWrt only. If clients are indeed using relayd then their packets heading to the internet will not use OpenWrt as a router hop.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
Also post the ipconfig /all from a windows client, or ip -4 ad; ip -4 ro from a linux client.
Even with your drawing, how exactly would your clients know what gateways are available (aside from the DHCP supplied default gateway)?
It would seem to me that the issue is not so much about OpenWrt, but rather about telling the clients about the alternate gateways and a providing a metric or cost so that they can prioritize which gateway to use.
IIRC, there is a DHCP option to advertise additional gateways, but not all client OSs will use that, and it still doesn't really provide a mechanism for the clients to decide which one to use unless they know why they should use a different gateway.
Why do you need the clients to decide? Why not use the mwan packages and then policy based routing on the main router to then direct the traffic according to the client, type of traffic, or other criteria like up/down status?
With manually setup static IP address and default gateways for each client.
Basically each of these clients in the network scheme above:
are setup like this
Client01
Client07
... and so on.
Some of that Clients are smartphones and are setup via the equivalent functionality for Android devices, but the problem when connected to Silvercrest (OpenWRT OS) is the same.
Yes this is true, but as you stated, it's more complicated to setup and, in addition not needed for Fritzboxes.
Because this scheme works well with Fritzbox routers/extenders. The problem is with OpenWRT and I don't think OpenWRT has less functionality than AVM's. Or am I wrong?
For example, if a friend of mine comes to my house and connects to the wifi network, he does not need to manually set the ip address and the gateways, as the DHCP router will automatically assign him an ip and can still surf with family internet.
Otherwise, if I want him to surf with my personal internet access, i just need to set the IP address and gateway IP manually on friend smartphone.
This is obviously a solution -- manually configuring each device allows you to explicitly specify the desired gateway.
I'm not sure what you mean here about "not needed for Fritzboxes" -- are you saying that the Fritzboxes already do what you want?
Again, not understanding this. All of your clients are on a single subnet. If you have a DHCP server, it will issue a default gateway that is the same for all clients.
If you want to have different gateways advertised by the DHCP server, there are two ways to do this:
use different subnets, and on each subnet have a different DHCP server with the appropriate gateway specified. You can setup your routing such that all subnets can talk to each other (if desired) or use the firewall to selectively allow/prohibit inter-network connections.
Use a RADIUS server and authenticate devices to the network. This is probably overkill, but will provide a mechanism for a per-device gateway assignment.
It sounds like what you're talking about here is the idea of a guest network vs your own LAN, as an example. This is typically done by setting up different subnets and configuring the DHCP server appropriately for each subnet.
Is there a non-OpenWrt platform that you have used in the past that did exactly what you're tying to achieve? If so, how did it work? Were all your clients on a single subnet, or were they on different networks? And if a solution exists, why not use that?
"relayd" does not care about gateways, just network nodes. The question is whether it is working properly, and you can reach any node in the 10.0.0.0 network.
Yes, i can reach any LAN node on my network (i can ping any Client or routers or extenders) and transfer files on all Clients.
The problem is when i need to access the internet through OpenWRT extender.
Check the network scheme in my above post: Client 01 internet packets reach the router 10.0.0.210 (and has 10.0.0.210 gateway set), but Client 02 (under Openwrt extender) reach 10.0.0.1 router (and have 10.0.0.210 set) instead.
This seems to be "re-encapsulated" by the OpenWRT extender which has 10.0.0.1 as its IPv4 gateway.
If i change IPv4 gateway on the OpenWRT with 10.0.0.220 instead, the internet packets seem to be forcibly redirected to 10.0.0.220 (as Client 06 and Client 07 in the same scheme)
The only one that i used is the FritzOS, and do exactly what i trying to achieve without any particular configuration. That's why I only use one subnet.
Because i need at least another fritzbox or fritz extender, and since I have some Silvercrest extenders that are compatible with OpenWRT, I used them. I thought it was easy to set them up to work this way.
I do not need to advertised more than one DHCP server in this configuration. The other gateways have DHCP disabled.
Let's look at this more simply:
--> What is the gateway in the client network settings? (as provided by DHCP)
Yes, the packets may physically pass through 10.0.0.210, but if the client is trying send packets to the internet, it will send the packets to the gateway defined in its network settings. Because of this, 10.0.0.210 is simply passing the data through at L2 (switching) -- 10.0.0.210 cannot make routing decisions because the traffic is directed to another device on the same network.
DHCP server do not provide gateway or ip address for Client 01 and Client 02.
They are manually setup like this: Client01
and
Client02
Is exactly this what i expected, but not work as you stated. Client 02 internet packets reach Internet Node A instead of Internet Node B (check the tiny blue dots path from Client 02 in the scheme).
I have confirmation of this because the Internet IP address I see by checking https://www.myip.com/ on Client02 come from the Internet Node A Instead of Internet node B (they are 2 different Internet Providers, so have different IP address).
I think "does not work" it's not entirely correct. The packets are routed wrong when pass throught OpenWRT extender if I set .210 as "default gateway" in Client 02 settings.