On my network I have 3 routers. I have the ISPs modem/router in router mode (they dont allow bridge mode for some reason) 192.168.0.x lan, connected to that I have a tp link router in router mode as well 192.168.1.x lan and connected to that I have a xiaomi mi router 4a with OpenWrt installed. The OpenWrt router is on default settings (I only changed the static ip from 192.168.1.1 to 192.168.2.1 so I can access devices on connected to the tp link router). I want to be able to access devices connected to the OpenWrt router from devices connected to the tp link router. From what I've seen the best way to do this is to set up the OpenWrt router as a client device like this. But the problem is when I try to do the setup like that the OpenWrt router is inaccessable and it doesn't provide internet access.
What I've tried:
Setting the lan protocol to DHCP client and trying to connect to the ip the tplink router assigns to it, but I can neither connect to the router nor I have internet access.
Following the static ip instructions and setting the ip to 192.168.1.2 (I also tried 192.168.1.127 which is the ip the tp-link router assigned to it) and disabling the DHCP server for the lan interface but I get the same problem.
With both of these I was connected to the OpenWrt router via ethernet but I also tried connecting over wifi with my phone, but when I change settings I am unable to connect to wifi anymore (it gets stuck on obtaining ip address)
I also tried changing settings over command line instead of over Luci but with no luck
Here is a diagram of what I want to do if I didn't expain it properly:
Unfortunately I cant get this to work. I am having the same problem I wrote about above, I am unable to connect to the router and I have no internet access. It stops working after the first step when I click apply:
Your TP link should be set at 192.168.1.1, no gateway set!
Your xiaomi is the AP and should be set at 192.168.1.2
and you should set the gateway at 192.168.1.1 (to point to your primary router = tplink)
(You should also set the DNS to point to 192.168.1.1 if you want to upgrade your routers firmware later on)
The top one is probably the ISP router - please confirm.
The next one is presumably the TP-Link router - please confirm.
also please confirm if this is running OpenWrt
The bottom one appears to be the Xiaomi with OpenWrt - please confirm.
What is the purpose of the middle and bottom routers? Do you want them to route (i.e. create their own networks), or is your intent to use them as bridged APs so that they can provide more physical wifi coverage while on the same network?
yes the middle one it is the TP-Link router and it's on stock firmware, OpenWrt is not available for that model
yes the bottom one is the Xiaomi router with OpenWrt
The Isp router has very bad wifi and horrible security so I got the TP-link for faster wifi, the isp router doesn't support bridge mode and some features (like guest network and isolating devices) are disabled when the TP-link is in AP mode so I want it to create it's own network seperate from the isp router. As for the Xiaomi one I want it to be bridged AP so I have better wifi covrage while on the same network as the TP-link. But I'm having trouble setting that up
I'd like to suggest switching the positions of the TP-Link and Xiaomi routers...
OpenWrt is an excellent option as a router/firewall and will give you the ability to make a guest network as well as a trusted main lan.
The TP-Link probably doesn't support guest networks, but it should be relatively easy to set it up as a bridged AP to extend at least your main network.
Unfortunatelly I don't think I will be able to swap them because the TP-link router has to cover a much larger wifi area that I am not sure the relativlly cheap xiaomi router would be able to reach with good speeds. I got the xiaomi router for 1 wired and 1 or 2 wifi devices in 20m2, while the tp-link router has to cover over 80m2 with at least 10 wireless and 4 wired devices. I would also need to get a switch because the xiaomi router only has 2 ethernet ports
Ok... well, if you're going to leave the physical setup intact, then here's what I'd suggest:
Make sure that the TP-Link router's wan port is connected to the ISP lan port.
Verify that the TP-Link's lan IP address is 192.168.1.1.
Reset your Xiaomi router to defaults.
Configure Your Xiamoi router as a bridged AP -- the lan IP address of 192.168.1.2 should work here (verify thatthe TP-Link's DHCP server doesn't include this address in its pool).
Connect the Xiaomi router's lan port to the lan port of your TP-Link router.
This time I was able to follow the guide and change the settings on the router and I am able to access it from 192.168.1.2 but I am now unable to access devices on the TP-link network and vice versa. I rebooted all the devices as well
The wan port on xiaomi is connected to the lan port on the TP-link via ethernet. When I connect the pc to the TP-link I get the 192.168.1.183 ip but I'm not sure thats relevant because my pc nealy allways gets .183 ip. I had the 192.168.0.183 on the isp router and it was 192.168.2.183 on xiaomi before I tried changing settings.
Another problem also apeared after I tried to reconect the pc to the xiaomi router after I had it connected to the tp-link, I was unable to connect at all with the xiaomi router again. I didn't get the ip on pc and had the no internet icon with no access to even the Luci configuration, and on my phone it was stuck on Obtaining IP address. I tried restarting all the routers again but the only thing that fixed it was reseting the xiaomi router to deafaults with the button on the router.
It is absolutely relevant -- that's 3 different subnets. We need to make sure that the computer is on the same subnet when it is connected to the Xiaomi as it gets when directly connected to the TP-Link. As long as it is 192.168.1.183, for both, we're good.
Let's see the following from the Xiaomi:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
# port redirect of remapped ssh port (22001) on wan
#config redirect
# option src wan
# option src_dport 22001
# option dest lan
# option dest_port 22
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
