Sorry, I was under the impression your clients also need to understand to 802.11s to be able to authenticate and roam from one AP to another effectively.
The simplest setup is to bridge both the mesh interface and the wifi AP into the lan network at each dumb AP. The dumb APs would not run a DHCP server, all DHCP requests are handled by the main router.
This kind of setup has some issues with scaleability and security, but it is the simplest way to get started and is entirely workable for having a few nodes around a house that are not accessible by the public.
It works much like having the APs connected to the main router by a network of Ethernet cables, except that you can't run VLANs on an 802.11s native mesh. You can run VLANs on a BATMAN mesh and use raw 802.11s as the radio link. This is how most "mesh" commercial products work.
1 Like
I already have wpad installed and it does not work.
See if this discussion or one of the discussions linked there can help you with encryption
I already commented on that thread and it is with the wpad-mesh package, not wpad.
Are you trying to run the mesh point and the AP on the same radio? The suggestion here is running them on different radios. Does that make a difference for you?
I'm just testing the Mesh network. I do not have another interface. Use ath9k in Archer C60.
The encryption "option" settings changed several times in early 2018. I have both key and sae_passphrase in one of my configs, and just sae_passphrase in the other. Build on my mesh-enabled Archer C7 v2 units is from master as of 2018-08-31, with local patches rebased on commit dc9388ac55.
config wifi-iface 'mesh1'
option device 'radio5'
option ifname 'mesh1'
option network 'nwi_mesh1'
option mode 'mesh'
option mesh_id '<redacted>'
option mesh_fwding '0'
option encryption 'psk2+ccmp'
# option sae_passphrase '<redacted>' -- not with OpenWrt 18.06, use 'key'
option key '<redacted>'
Edit: As highlighted by @mjs in Encryption in 802.11s, the current (18.06) option is "key"
1 Like
I did not know that you had to put sae_passphrase. I had sae_password in my configuration. I'm going to try again.
Thanks guys, I've bridged the mesh and client AP to the LAN network on each AP and it seems to be working a treat. (Can send configs if anyone is interested in them).
I'm running unsecured at the moment so will try to add some encryption to the link - might be back with questions at some stage!
Also, was wondering if it would be possible to have multiple WAN connections in this configuration? IE: if two APs in the mesh have their own WAN connections? Will clients that are connected to arbitrary APs in the mesh be smart enough to figure out which WAN enabled AP they should route traffic to?
3 Likes
Doing that is simple. The tricky thing is to have security in the mesh link.
Seemed to be fairly straight-forward to me 
Unless I'm missing something, all I needed to do was install wpad-mesh rather than wpad-mini, and add option encryption 'psk2+ccmp' and option sae_passphrase '<password> to the wireless config of my mesh.
Seems to be secure now, afaik (both my laptop and my phone can see the network and see that it has wpa2-ps-ccmp).
You did not know the easiest. Now I want to see you trying to establish a link of two routers with 802.11s and with cefrado or encryption, or whatever you call it.
How to verify that WPA2 + PSK2 + CCMP is being used?
I have configured it as jeff and according to WiFi Analyzer and WirelessNetView in Windows 10 the security of WEP is changed to WPA2 or vice versa every few seconds.
In another router with OpenWRT when scanning the available networks shows as open in Encryption.
Can you please show us your config? Thank you in advance.
Is wpad-full a package or is it to indicate the wpad package? Is it in stable OpenWRT or Snapshots?
Yeah it's just wpad which has everything including mesh I think.
Ok, I will try with wpad and not with wpad-mesh.
I already tried a compilation for my router with the wpad package in version 18.06.2 and Snapshots and only in the latter I could see that in the encryption section in Luci SAE option appeared and then says that the network is not associated.
what is the issue on scalability?
will you send me configs or tutorials to solve your case. I would really appreciate it, thankyou