OpenWrt router as dumb AP - succeeded but with many doubts

Hi all.
First post here and first days using Openwrt, so definitely a newby... bear with me :wink:
I've been reading quite a few posts here in the forum and all the guides in the website User guides section in order to set my old Alice Gate router running openwrt as a dumb switch/AP. After many tests and resets I managed to get it working; my configuration is as follows:

LAN:

  • Static IP 192.168.2.1, subnet 255.255.255.0, gateway & DNS 192.168.1.1 (main modem/router)
  • DHCP disabled, all IPv6 options disabled

SWITCH

  • All ports untagged under the same VLAN1

WIFI

  • Access point with same SSID/key as primary modem, in the LAN network

That's it.

My doubts are now:

  1. following the DumbAP guide it is clearly stated to disable firewall, dnsmasq and odhcpd in the startup page, but following these instructions I wasn't able to reach neither LuCi interface nor to connect via SSH, and a reset was needed... my understanding is that IPv4 and IPv6 are now provided by the main router, and in fact I cannot connect to Openwrt without a static IP, and that Openwrt is on a separate subnet (.2.x), thus not "interfering" with my router DHSC. I'd love to understand if what I've done is correct, if having the firewall and the other services running while acting as AP is ok, and if openwrt is "playing a role" in the network now or if it's an invisible switch.
  2. reading the Bridge guide seems like realyd is needed to access devices connected to the main router from ones under the openwrt, and viceversa, but I've found that I can still see and exchange files even without that package. Would like to understand why is that possible.
  3. moreover - and this could be a pretty stupid question, I know - I'm wondering if having the router on a different subnet will prevent me from using the USB port to run a print server - or whatever.

Thanks, for the help and the pacience!

Device infos: Alice Pirelli AGPF running Chaos Calmer 15.05.1

Well, I'm not entirely sure why do you have the LAN IP of the OpenWrt router on a different subnet. If you want the device to act as an AP then normally you would want it to be on the same subnet. The DumpAP guide mentions making at as DHCP client, but it's probably best to set it to a static IP outside the main router's DHCP range. For example, if your main router's IP is 192.168.1.1, then you could make this AP as 192.168.1.10 and have the DHCP range for the main router starting from 192.168.1.100.

Having them won't harm. They are running but doing nothing. The device is certainly playing a role, which is the role of AP (and switch if you have wired clients), but it's not doing any routing. That's all presuming that you are connecting the main router to a LAN port not a WAN port.

You are confusing things here. The bridge/relay configuration is for when you want to connect the secondary router/AP to the main router wireless, in which case typically you would have the routers on separate subnets, and the relayd is used as a work around to make the clients of the secondary router on the same network as the main router.

Not totally, but you would need to handle that in the firewall.

Finally, things are certainly easier if all devices are on the same subnet. So if you already have a cable in place between the router and the AP, forget about the bridge scenario, and set the IP of the AP on the same subnet as main router as explained--everybody is happy!

If you prefer not using a cable, then relayd (and the likes) can be your way, but they can be tricky to setup sometimes.

This firmware version is ancient, no longer supported for updates, and is considered vulnerable. It's not as critical as if you were using it as your main router, but you should consider updating it to the recent version https://openwrt.org/toh/hwdata/pirelli/pirelli_alicegateagpf

1 Like

Thanks @Hegabo, could't ask for a more exhaustive and fast answer!

Just tried that; the router still works as a switch, I've internet access from ethernet and wifi, but now it's unaccessible at its IP (192.168.1.2, main router pool counter starts at .1.10), both with static or dynamic IP on my PC. I've to figure that out now.

Using the same subnet is what I was looking for, but as I said these things confuse me a bit, I'm completely new to the network management world.

Great to know! Looking at the device page it seems like the last supported version is 15.05. Upgraded and working fine.
Once able to reach the router again I'll try the USB.

I've been running DD-WRT / OpenWRT / LEDE / OpenWRT as a dumb AP for several years. It's very straightforward to do.

The current dumb AP is an ancient Buffalo WZR-HP-G300NH, running OpenWRT 18.06.4. It has a single Ethernet cable, plugged into one of the LAN ports. The WAN port is empty. The wireless interface and LAN interfaces are bridged.

Its IP address is in the same subnet as the rest of the network. The firewall doesn't do anything, and the AP does not provide any services to wireless clients beyond L1/L2 connectivity. All IP address allocation, DNS, NTP, routing, and firewalling is handled by other devices on the network.

Here are the configuration files which you may use as reference. Bear in mind there may have been changes between 15.05 and 18.06 which mean that some of the configuration syntax may have changed, but the underlying principles remain the same.

/etc/config/system:

config system
        option hostname 'wap'
        option ttylogin '0'
        option log_size '64'
        option urandom_seed '0'
        option log_proto 'udp'
        option cronloglevel '8'
        option zonename 'UTC'
        option timezone 'GMT0'
        option log_ip '192.168.251.251'
        option log_port '514'
        option conloglevel '7'

config timeserver 'ntp'
        option enabled '1'
        list server '192.168.251.251'

config led 'led_wlan'
        option name 'Wireless'
        option sysfs 'buffalo:green:wireless'
        option trigger 'phy0tpt'

config led 'led_router'
        option name 'Router'
        option sysfs 'buffalo:green:router'
        option trigger 'netdev'
        option mode 'link tx rx'
        option dev 'eth1'

config led 'led_usb'
        option name 'USB'
        option sysfs 'buffalo:blue:usb'
        option trigger 'usbdev'
        option interval '50'
        option dev '1-1'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

/etc/config/firewall:


config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option drop_invalid '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config include
        option path '/etc/firewall.user'

/etc/config/network:


config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.69.5'
        option netmask '255.255.255.0'
        option broadcast '192.168.69.255'
        option gateway '192.168.69.1'
        option dns '192.168.251.251'
        option delegate '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5t'

/etc/config/wireless:

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'platform/ath9k'
        option channel 'auto'
        option htmode 'HT40'
        option country 'GB'
        option legacy_rates '1'

config wifi-iface
        option device 'radio0'
        option mode 'ap'
        option ssid 'This is my test wireless network'
        option network 'lan'
        option encryption 'psk2+ccmp'
        option key 'This is my test wireless PSK'
        option wpa_disable_eapol_key_retries '1'
2 Likes

It's very possibly that the router didn't apply the changes and that it's still on the old IP. Search the forum for "Apply unchecked" to see info about that.

@tomasz Don't https://openwrt.org/toh/hwdata/pirelli/pirelli_alicegateagpf and https://openwrt.org/toh/pirelli/agpf seem to be for the same device?

Try with 192.168.2.1 and see how to change the IP successfully by "Apply unchecked".

@Hegabo turns out that Chrome is caching page redirects/unavailability... the router was perfectly accessible, I only needed to wipe the cache. Using a browser that never visited the page (ehm, Edge) works fine too.
edit: incognito mode works too

@iplaywithtoys thanks for all the infos, will have a look later on as I'll have more time.

4 Likes

The IP of the DumbAP must be in the same subnet as the main router. So in your case you either have to let it acquire Ip from DHCP, or assign a static IP in the 192.168.1.X range. It could be 192.168.1.2, if you don't use it on another host.

1 Like

Ehi @iplaywithtoys, may I ask you if you have some problems with hostnames resolution?
I've a raspberry nas and connect to it using it's hostname; windows PC can resolve it properly, my android phone cannot. Googling seems that Android has a doesn't like IPv6.
However ping raspberrypi from a PC spits out the correct IP, from an Android Phone I receive a public IP (35.x.x.x). Before adding the Openwrt switch it used to work.
Thanks!

None at all. My DHCP server issues option 6 correctly, and my firewall blocks all outbound DNS queries from all hosts on my LAN, apart from those from my DNS server. It forces all of my network devices to use the DNS I tell them to use, instead of them trying to be clever (my firewall's logs are full of entries from my Android devices trying to use Google's DNS instead of the correct one).

To clarify, the AP has no layer 3 networking at all, except for its own management. It merely acts as a layer 1/layer 2 bridge to the wired LAN. It's functionally no different than using an Ethernet cable.

Ok, thanks. I'll try to figure it out, and will eventually open a new thread if I don't manage to solve it.

This works for me to set up additional OpenWRT routers as dumb AP: 1) determine an unused IP address that is not assigned via DHCP on your local network. For example, say you will use 192.168.8.200, now 2)Connect the "about to be AP" router LAN port directly into a laptop or computer, go to Luci at 192.168.1.1 and 3) navigate to Network and for the LAN settings, set the IP from 192.168.1.1 to the unused IP you plan to set up on your network (e.g. 192.168.8.200) (realizing you are not yet on your subject local network and are configuring with the direct "about to be AP" connected to your laptop. Next 4) apply the settings and force the roll-back to not roll back. 5) with LAN port of new router still direct connected only to laptop, navigate to 192.168.8.200 or whatever address you selected on your local network 6) now navigate to Network Wifi and set up your SSID and password as normal, then 7) save and aply. Now navigate back to Network, LAN settings and find the DHCP server option and turn off DHCP server and 8) save and apply. (You cannot go back to communicate with this "about to be AP" router that is configured while direct-connected to a laptop because it has a DHCP server not working so the only way to proceed is, it's time to move the "about to be AP" to your local network so 9) hook the LAN port of this new "about to be AP" router to the LAN cable anywhere in existing network and you now have a broadcasting AP.

In the future navigate to (e.g.) 192.168.8.200 if you need to change this AP's SSID, security type or password. Also double check that the DHCP server is still turned off in this "AP router" because sometimes I have found that doesn't "take". If you find it on, turn it off, save and apply again and then recheck again. If it was on and you experience problems, you may have to recycle all devices on the local LAN if there were more than one DHCP server online when one of them was initializing.

Good luck!