My setup: OpenWRT "Access Points" are wired to the Main Router. "Access Points" means that I disabled dnsmasq
, odhcpd
and firewall
, and bridged SSIDs as well as dedicated LAN ports to VLANS.
My objective is to have one of the APs provide the connectivity of a USB tethered Android to the Main Router via a new VLAN. The Main Router would use that connection as a failover and / or load balancing uplink.
Since I don't want to handle a dynamic IP address for the tethered uplink in the Main Router, I set up the following.
At he Main Router:
- Create new interface with VLAN 99 and static IP in new subnet 192.168.99 on top of existing LAN port group
- Include VLAN 99 interface in the WAN interface group of the firewall
- Create secondary default route for the new interface with the "Access Point's" static IP address as the gateway
At the "Access Point", I was following Smartphone USB Tethering to an OpenWrt router as far as it led me:
- Configure
switch0
for VLAN 99 (CPU and uplink tagged) (yes my uplink LAN port belongs toeth0
) - Configure interface for
eth0.99
with static IP address - Configure interface for
usb0
with DHCP (yes my Droid is detected and in my case it'susb0
) - Run all services including
dnsmasq
,odhcpd
andfirewall
- Configure firewall to only have the
eth0.99
based interface in the LAN group and only theusb0
based interface in the WAN group - Configure firewall to accept in, out and forward; full WAN to LAN as well as full LAN to WAN forwarding; no port forwardings; unchanged traffic rules; masquerade to WAN; no custom rules
Here's what I get:
- When I force the primary uplink down, Main Router tries secondary uplink via VLAN 99
-
traceroute
clearly shows that there is a secondary route via the tethered Droid - Access Point has an internal default route via the tethered Droid, which is not what I want (for maintenance, it had a route via Main Router before and that makes more sense)
- The Access Point's internal route via the tethered Droid appears to be functional (e.g. ssh)
-
traceroute
(and maybe also DNS) work from Main Router and LAN client - Data requests from Main Router seem to reach the eth0.99 interface
- There is traffic on the usb0 interface
- However, data connections from LAN client via USB tethered Droid are not possible
Tethering is supposed to be allowed and also, it seems that I can use the connection from the Access Point. One reason why I'm searching for a mistake in my configuration is because I have no clear idea where the VLAN tagging is ending in this scenario. I am suspecting that the packets received from the Main Router are still tagged when they enter the router and there is no mechanism to strip that. Or something similar.
I've tried some variations such as no CPU tagging at the switch etc but I've run out of ideas and can't seem to find new information on the Web. What / where should I search (for)?
Some configuration artefacts:
config interface 'wan_99utth'
option ifname 'eth0.99'
option proto 'static'
option ipaddr '192.168.99.1'
option netmask '255.255.255.0'
config interface 'usb_99utth'
option proto 'dhcp'
option ifname 'usb0'
config switch_vlan 'switch0_99utth'
option device 'switch0'
option ports '0t 4t'
option vlan '99'
option vid '99'