Drop
March 25, 2025, 3:48am
1
Hello, I would like to set up an access point only on OpenWrt
and i use dawn
I've configured my OpenWrt router with the IP address 192.168.1.2 and disabled DHCP on br-lan.
In terms of network setup, there's no WAN (eth1), only LAN: from the LAN port of my main box downstairs to the LAN port of my OpenWrt router upstairs.
Here is my configuration — is it correct?
uci set dhcp.lan.ignore='1'
# /etc/config/wireless
uci set wireless.wifinet1.ieee80211r='1'
uci set wireless.wifinet1.mobility_domain='0000'
uci set wireless.wifinet1.ft_over_ds='0'
uci set wireless.wifinet1.ft_psk_generate_local='1'
uci set wireless.wifinet1.ieee80211k='1'
uci set wireless.wifinet1.bss_transition='1'
# /etc/config/wireless
uci set wireless.wifinet2.ieee80211r='1'
uci set wireless.wifinet2.mobility_domain='0000'
uci set wireless.wifinet2.ft_over_ds='0'
uci set wireless.wifinet2.ft_psk_generate_local='1'
uci set wireless.wifinet2.ieee80211k='1'
uci set wireless.wifinet2.bss_transition='1'
config local
option loglevel '0'
config network
option broadcast_ip '10.0.0.255'
option broadcast_port '1025'
option tcp_port '1026'
option network_option '2'
option shared_key 'Niiiiiiiiiiiiick'
option iv 'Niiiiiiiiiiiiick'
option use_symm_enc '0'
option collision_domain '-1'
option bandwidth '-1'
config hostapd
option hostapd_dir '/var/run/hostapd'
config times
option con_timeout '60'
option update_client '10'
option remove_client '15'
option remove_probe '30'
option remove_ap '460'
option update_hostapd '10'
option update_tcp_con '10'
option update_chan_util '5'
option update_beacon_reports '20'
config metric 'global'
option min_probe_count '3'
option bandwidth_threshold '6'
option max_station_diff '1'
option kicking '3'
option kicking_threshold '20'
option deny_auth_reason '1'
option deny_assoc_reason '17'
option min_number_to_kick '3'
option chan_util_avg_period '3'
option set_hostapd_nr '0'
option duration '0'
option rrm_mode 'pat'
config metric '802_11g'
option initial_score '80'
option ht_support '5'
option vht_support '5'
option no_ht_support '0'
option no_vht_support '0'
option rssi '15'
option rssi_val '-60'
option low_rssi_val '-80'
option low_rssi '-15'
option chan_util '0'
option chan_util_val '140'
option max_chan_util '-15'
option max_chan_util_val '170'
option rssi_weight '0'
option rssi_center '-70'
config metric '802_11a'
option initial_score '100'
option ht_support '5'
option vht_support '5'
option no_ht_support '0'
option no_vht_support '0'
option rssi '15'
option rssi_val '-60'
option low_rssi_val '-80'
option low_rssi '-15'
option chan_util '0'
option chan_util_val '140'
option max_chan_util '-15'
option max_chan_util_val '170'
option rssi_weight '0'
option rssi_center '-70'
Do the channels need to be different too? I'm not sure
example 6 20 mhz and 116 160 mhz my box and router 11 20 mhz and 36 160 mhz
ip of br-lan 192.168..1.2
thanks for all
These configs look very unusual.
Let’s see the basic configs:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like
Drop
March 25, 2025, 4:06am
3
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.0",
"revision": "r28427-6df0e3d02a",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
"builddate": "1738624177"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd2d:307a:f051::/48'
option packet_steering '2'
option steering_flows '128'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.2'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'vpn'
option proto 'none'
option device 'tun0'
config interface 'WIREGUARD'
option proto 'wireguard'
config interface 'wan'
option proto 'dhcp'
option device 'eth1'
config interface 'wan6'
option proto 'dhcpv6'
option device 'eth1'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option channel '11'
option htmode 'HE20'
option cell_density '0'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option band '5g'
option channel '36'
option htmode 'HE160'
option cell_density '0'
config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid 'BBOX'
option encryption 'psk2+ccmp'
option key 'password'
option network 'lan'
option ieee80211r '1'
option mobility_domain '0000'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211k '1'
option bss_transition '1'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option ssid 'BBOX'
option encryption 'psk2+ccmp'
option key 'password'
option network 'lan'
option ieee80211r '1'
option mobility_domain '0000'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option ieee80211k '1'
option bss_transition '1'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option noresolv '1'
option port '0'
option dnsforwardmax '1024'
list server '192.168.1.2'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '24h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '3'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Drop-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'DROP'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'vpn'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'vpn'
config forwarding
option src 'lan'
option dest 'vpn'
config zone
option name 'wireguard'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'WIREGUARD'
config forwarding
option src 'lan'
option dest 'wireguard'
root@OpenWrt:~#
like this ?
Drop
March 25, 2025, 4:08am
4
i'm note sure for my ap
I just want to move from the ground floor to the upper floor without having to reconnect, and for it to act as a relay between them
Drop
March 25, 2025, 7:57am
5
what is wrong in my config ??
I don't know dawn. Did you follow the how-to??
If that's in the dawn config, then you need to change the broadcast_ip to 192.168.1.255 to be correct for your lan subnet
Drop
March 25, 2025, 11:51am
8
I'm not idea just br lan in this vidéo, at start static ip
