My main router has the IP 192.168.10.1. With my wlan relay I connected to my main router and my wlan relay becomes the IP 192.168.10.10. Thats OK. When I connected to my wlan relay, I get the correct Ip from my main router for my laptop ( 192.168.10.3 ). But when I do this, I cant access to any service from the wlan relay, like ssh, luci ect... and pinging doesnt work, too.
I only can access the services when I connected my laptop to my main router.
Anbody know, why I only use the services from my wlan relay ( 192.168.10.10 ), when I connected to the main router?
Your relayd router is either misconfigured, or there is 'possibly' an incompatibility issue with your main router. If you post your /etc/config/network and /etc/config/firewall config files, someone more knowledgeable may be able to help.
It's been a long time since I last used Relayd.
However, I did write up a guide for HH5a (vrx268/atheros device) a several years ago, describing in a lot of detail how to configure Relayd for LEDE 17 and OpenWrt 18. See section 9.10 of:
1-OpenWrt-LEDE Installation Guide for HH5A.pdf
I very quickly run through the above steps for a spare HH5A running OpenWrt 21.02.3, taking into account the changes to LuCI. Relayd works fine here. The relayd owrt router can be managed from the static IP assigned to the wwan interface. Ethernet PC wired to relayd device can access LuCI on relayd device, Asus main router and access point (Both running OEM firmwares), and of course the internet.
Your other posts 'suggest' you have a Fritzbox vrx288/atheros device so should be 'similar' to the HH5A vdsl modem router?
fwiw, you could save your current settings, then factory reset it, and follow above guide to see if it resolves all your relayd issues?
I haven't tried to use the current instructions in Relayd wiki page. I recall the wiki was rewritten in 2017, after I originally published my guide which was derived from the original flawed '2016 era' wiki instructions for Relayd.
Good luck
Sorry for my long delay ...
Here is my /etc/config/network
root@dach:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdd4:0d16:ce7f::/48'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'b'
option firmware '/lib/firmware/adsl.bin'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'dsl0'
option proto 'pppoe'
option username 'username'
option password 'password'
option ipv6 '1'
config device 'wan_dsl0_dev'
option name 'dsl0'
option macaddr '24:65:11:b8:17:8f'
config interface 'wwan'
option proto 'dhcp'
config interface 'bridge'
option proto 'relay'
list network 'lan'
list network 'wwan'
root@dach:~#
and my /etc/config/firewall
root@dach:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wwan'
option input 'ACCEPT'
option forward 'REJECT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
root@dach:~#
is something wrong there?
At first glance, the 'wwan' entry is missing?
fwiw, if you follow my guide, here is contents of entire firewall file for working relayd
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wwan'
config include
option path '/etc/firewall.user'
now, my /etc/config/firewall is looking like this:
root@dach:/etc/config# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wwan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
root@dach:/etc/config#
but its the same like before. I cant connect to the webinterface of luci or other services on the relay, like nfs when I connect to the relay with wlan.
I only have access to the internet and to the services of my main router ...
I don't quite understand your problem.
if you wish to access the luci web ui on the owrt relayd router, use the WWAN IP address assigned to the owrt relayd router? eg. is wwan ip 192.168.10.10 from your original post?
I can only suggest you back up the settings via LuCI, factory reset and follow my guide. If it still does not resolve your issue, you can restore your settings via LuCI
Yes, the wwan IP of the relay is 192.168.10.10. the reason is, when I connect to the relay with my laptop, I get the right IP from my main router ( 192.168.10.3 ) and then I cant use my NFS server on 192.168.10.10 ( relay ).
I only can use it when I connect to my main router. By the way, I cant ping 192.168.10.10, too when I connected to the relay. In the moment, there is no way, to get the router back, cause the relay stands in an other apartment.
I have ethernet wired computers. One connected to my 'HH5a test' relayd owrt router LAN port, and 2nd computer to LAN port of my main AsusWrt router. I can ping the WWAN IP of my relayd owrt router from both computers.
When laptop is connected to relayd owrt router, I presume you are using ethernet connection.
No, I only use wireless ... I cant use wired to the relay, cause its an other apartment. We share my internet connection over the relay. But we want have access to the NFS Server, too. And it looks like, thats impossible?
I don't know. Your relayd owrt router may be misconfigured or relayd is not compatible with your main router/setup as I originally suggested. (I recall there has been dhcp issues with a Zyxel router using OEM firmware)
See if any other forum member can offer any suggestions.
If you can't resolve the relayd issue, you could investigate other wireless bridging solutions, such as FreshTomato on certain Broadcom AC routers, or Padavan on supported routers (eg. Xiaomi 4A Giga/Gigabit).
https://openwrt.org/inbox/toh/xiaomi/xiaomi_mi_router_4a_gigabit_edition#alternative_firmwares_for_4a_gigabit
I think TPlink sell Pharos wifi point to point links.
Or look at other products? eg. pair of Asus compatible routers offering wireless bridging etc.
the relay and main router are the same devices ( AVM fritzbox 7362SL ). what about mesh? is it better to configure than relayd?
Errrr, sorry you have me totally confused?
Yes, mesh should work provided the node(s) has the range you require.
I am sorry that u r confused. Me, too 
From the beginning ...
In my apartment I have a wlan router ( DSL ). This router is connected to the internet. Router IP 192.168.10.1 ( this ist my main router, with wlan, too )
In my apartment, I connect to the router with my laptop. All gets fine ...
In the next apartment, there is my relay ( wlan ) with IP 192.168.10.10. The IP is getting from my main router. The relay is also connected to my main router over wlan ( relay ). actually, the relay should make my wlan range better. My neighbor wants to connect with wlan to my relay. I want to share my internet connection. Thats works well !!! My neighbor have access to the internet over my relay.
But on the relay, there is a NFS server, too. He, cant access them. He cant ping the relay, he cant connect to the NFS server on the relay.
I have tested this, by myself. I connected with wlan to my relay, too. I can access the internet over the relay, all good. But we cant connect to the NFS server on relay. We cant ping it.
When I connected with wlan to my main router ( in my apaprtment), I can access the NFS server on the relay and I can ping it.
Why we cant ping the relay when we are connected to the relay over wlan?
Sorry, for my bad english ...
That is much clearer.
Is NFS server using ethernet connection to the relayd router?
If yes, perhaps the wifi AP interface (used by your neighbour) is misconfigured on the relayd router?
eg. perhaps it cannot see devices on the LAN ports?
Does your neighbour's computer acquire 192.168.10.x IP address from your main router?
Can you connect a computer direct to relayd router LAN port to verify NFS server is accessible as a simple test?
The NFS server is directly on the relay ( usb ). IP 192.168.10.10.
Yes, getting 192.168.10.X from my main router over the wlan relay.
Sorry, not yet, cause hollidays ... I only connect for testing with my wlan on laptop ...
I posted the configs above in this thread.
There are no wireless configs posted btw.
There is a client isolation setting in one of the wifi settings tabs. It is disabled by default.
fwiw, if you discover you can access the relayd owrt router and NFS server by direct ethernet connection, you could perhaps connect a separate wifi access point to the owrt router for your neighbour to use, if the issue can't be fixed on the owrt router.
7362 is a single band wifi router. Your settings look fine.
I created a new wifi interface on same 5 GHz radio as used the relayd wireless link on my hh5a, and bridged it to LAN interface.
My laptop connected to the new wifi AP and I could access internet and access relayd owrt router through its WWAN IP address.
but that, doesnt matter ...