Routed client configuration

Hi all,

I am building a small project for me RV. I am planning to travel very soon and I am looking to create a small AP to access internet either via a WIFI dongle or an LTE dongle.

I am very new to OpenWRT and to networking in general. So before getting there, I would like to test at home with a small routed client. Here is the idea:

Baisc1010×332 111 KB

From the default, when connecting to the integrated wifi (radio0), I get the IP from my local network DHCP. So I wanted to find the right config in order to get the DHCP working on the radio0 side.
So far, I have no luck: when connecting to WIFI, my device don't get any IP, and therefore no internet.

Here is my config:

config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd7e:b294:1f39::/48'

config interface 'lan'
	option ifname 'eth0'
	option proto 'dhcp'

config interface 'wlan0'
	option ifname 'wlan0'
	option proto 'dhcp'
	option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'

config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'wlan0'
        option interface 'wlan0'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

~

config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan lte'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option mtu_fix '1'
	option masq '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'
config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config zone
	option network 'wlan0'
	option name 'wlan'
	option mtu_fix '1'
	option input 'ACCEPT'
	option forward 'ACCEPT'
	option masq '1'
	option output 'ACCEPT'

config forwarding
	option dest 'wan'
	option src 'wlan'

It anyone could help, it would be awsome. Once I have this simple setup done, I should be able to find out the rest by myself (hopefully)...

This is the important part of a routed client. The default firewall expects two networks named 'lan' and 'wan', with 'wan' being the one more directly connected to the Internet.

To do a wifi to wired client, start with a default configuration. First set up a wifi AP attached to the existing lan network. Disconnect the Ethernet cable from your PC, and log in by wifi for the next steps.

On a device with one Ethernet port, the 'wan' network is not automatically created, so create it as a DHCP client. Move the eth port from lan to wan. Then connect the Ethernet to your upstream network.

This is a basic router that routes multiple wifi users to one wired connection. In your RV you probably want the opposite, where there is one wifi uplink to a service, and one or more wired users on the Ethernet. So you'd make a wifi client and attach it to wan, and put the Ethernet port back into lan.

I don't think the Pi3 built-in wifi supports client and AP at the same time. On other hardware that is possible, though the AP will go off the air if the client is unable to connect to its AP. You will want something with better RF performance for this application anyway, either a USB radio to be the client, or a whole different router likely of the CPE form.

I did just that, to test.
Problem is I don't seem to get an IP address when connecting to the WIFI... It seems the DHCP server is not serving any new IP throuhg the WIFI...

A am a bit lost here, and I cannot connect to the rapsberry 3 anymore...

I have a separate WIFI USB dongle for that. Right now I am only trying to get the RaspPI to have a proper DHCP service via its integrated WIFI, and being able to access whatever network is on the wired connection...

I actually solved my problem.

The first thing was my WIFI interface wasn't leasing IPs. This was due to the network definition having:

	option proto 'dhcp'

Defining it this way (with static proto), solved it:

config interface 'wlan0'
	option ifname 'wlan0'
	option proto 'static'
	option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'

The second problem was the firewall configuration, as reported by @mk24.
I actually added my lte (my LTE dongle) and wwan (my USB Wifi adapter) to the WAN, and voila!

General822×389 31.8 KB

In this use case there is no need to create a new network for the wifi AP and its users. Add the AP to the existing "lan" network. It then has a defined IP range (with the router at .1) and a DHCP server.

Attach wifi devices to their network with option network in the wifi-iface sections in /etc/config/wireless. Do not refer to wifi devices in /etc/config/network. This is because the names like wlan0 are not guaranteed to stay the same.

Why is everything so complicated xD
Thanks for the tip! I'll write something down and post it somewhere. I have seen many people looking for those kind of answers...

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

Somehow the edit button only let me see the history, but not edit anything...

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.