Setting up a wireless AP switch

I am using OpenWrt 23.05.0 (r23497-6637af95aa) on a Netgear WNDR3700 v2.

I have been fighting with some sort of a bug (potentially) for a couple of weeks now,
not being able to set up my OpenWRT Router (Netgear) as a wireless bridge in order to work with my main router (ASUS). Actually this should be a pretty simple task to accomplish.

My goal was to be able to use the Lan ports of the OpenWRT Router for other devices. I have tried creating a bridge, I have tried using the relay daemon (installed with opkg). I have tried 100 times. Now I am thinking about getting a big hammer and smashing the damn thing into small pieces. Can somebody please help me. Would really appreciate it!

My setup is the following. My main ASUS Router has an IP 192.168.0.1. The Netgear OpenWRT Router connects successfully with it and obtains an IP 192.168.0.2. I can access the OpenWRT Luci Interface via the later IP from the Wi-Fi network. This works good. When I connect however to one of the LAN ports of the OpenWRT Router per wire, I loose connectivity. Somehow the bridge is not working, or the DHCP/DNS requests don't get forwarded to the main router. Or else. I am out of ideas.

Showing the "Interfaces" screen:

and the "Devices" screen:

I have also configured the Relay:

1 Like

Use this opportunity to upgrade to 23.05.3

Is this connecting to the upstream network by ethernet or wifi? Were you previously using this with a wifi backhaul?

What main router are we talking about exactly, what firmware is it running. OpenWrt (and non-Broadcom) or not matters here, because it decides between:

  • WDS/ 4addr (best, but requires OpenWrt on the main router)
  • routed client (inconvenient, but o.k.)
  • relayd (not great, but compatible with 'any' router firmware)

Your screenshots only tell half of the story, please provide the textual config files instead (make sure to redact revealing personal data, as in MAC addresses, WAN passwords, wireless access credentials):

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Thank you so much, for the fast response!

I have just upgraded. Now I have version 23.05.3 :slight_smile:, thanks for that!

I am connecting to the OpenWRT router per IP 192.168.0.2 via the Luci interface while being connected per wifi to the main Asus router (192.168.0.1). The wireless connection between the 2 routers works. I am unsure if it was using wifi backhaul.

When I turn off (on my laptop) the wifi connection to the main router and connect my laptop per Lan cable to one of the 4 Lan ports of the OpenWRT router, then it stops working.

Thanks for the fast response!
The main router is Asus GT-AXE11000 with the Asus native OS. So it's a non OpenWRT router. It's an uptodate firmware Version: 3.0.0.4.388_23801
The fact, that the main router matters also is an interesting thought, I didn't think about that, thanks for that!

ubus call system board:

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.150",
        "hostname": "OpenWrt",
        "system": "Atheros AR7161 rev 2",
        "model": "Netgear WNDR3700 v2",
        "board_name": "netgear,wndr3700-v2",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.3",
                "revision": "r23809-234f1a2efa",
                "target": "ath79/generic",
                "description": "OpenWrt 23.05.3 r23809-234f1a2efa"
        }
}

/etc/config/network:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'xxxx:xxxx:xxxx::/48'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option auto '0'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'
        option auto '0'
        option reqaddress 'try'
        option reqprefix 'auto'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'phy1-sta0'

config device
        option name 'eth0'
        option macaddr 'xx:xx:xx:xx:xx:xx'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'
        option blinkrate '2'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 5'

config switch_port
        option device 'switch0'
        option port '1'
        option led '6'

config switch_port
        option device 'switch0'
        option port '2'
        option led '9'

config switch_port
        option device 'switch0'
        option port '5'
        option led '2'

config interface 'stabridge'
        option proto 'relay'
        option ipaddr '192.168.0.2'
        list network 'lan'
        list network 'wwan'
        option gateway '192.168.0.1'
        list dns '192.168.0.1'

config device
        option name 'phy1-sta0'

config interface 'wwan'
        option proto 'dhcp'
        option device 'phy1-sta0'

/etc/config/wireless:

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:11.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:12.0'
        option channel '36'
        option band '5g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'sta'
        option network 'wwan lan'
        option ssid 'XXXXXX'
        option bssid 'XX:XX:XX:XX:XX:XX'
        option encryption 'sae'
        option key 'XXXXXXXXXX'

/etc/config/dhcp:

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'
        option dynamicdhcp '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config relay
        option id '1'
        option interface 'stabridge'
        option local_addr '192.168.0.2'
        option server_addr '192.168.0.1'

I have disabled the firewall actually, through the Luci "Startup" menu.
The services dnsmasq and odhcpd are also disabled.

/etc/config/firewall:

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'wwan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

Are you using a usb-c docking hub with Ethernet?

No, I am using a usb-c to Ethernet dongle, basically a LAN card, which however has been tested in that very same setup and works flawlessly. Because I am using that very same setup when I factory reset the OpenWRT Router and start the initial setup up through its initial ip address (192.168.1.1.) via its LAN port.

The reason I ask, and something you should check, is that some USB-C ethernet adapters will actually produce a broadcast storm when the computer goes to sleep or is shut down. In the case of a docking hub, they usually have a power connection so they will remain active when the computer is disconnected from the USB-C cable, and they can cause all sorts of problems. Given that you describe a somewhat similar symptom, it would be worth unplugging the ethernet connection from the USB-C adapter to make sure that it isn't the actual culprit here.

I see your point, thanks for pointing that out, but I don't think that's the case here. The device is working perfectly fine. It's a USB-C to RJ45 LAN card/adapter. Single connector, no hub! There is some issue with the configuration.

I just want to clarify that it works fine until you power off/disconnect your computer, is that correct?

Wait, what do you mean it works fine? :slight_smile:

I am sorry perhaps I didn't clarify above correctly. It works fine while being connected to the main router (per wifi) and from there to the OpenWRT router. It works in a sense that I can connect to the luci interface of the OpenWRT router per IP 192.168.0.2.

When I disconnect from the main router and attempt to connect per cable to one of the 4 LAN ports of the OpenWRT Router - as I want to use the OpenWRT as a wireless switch - so I need these LAN ports - then they are not working. Then it stops working.

So you're disconnecting wifi and then using ethernet as the uplink instead of wifi?

What is a wireless switch in your definition?

Exactly!

Well it's basically a switch which connects wirelessly to the main router (uplink) and then forwards the LAN network (DHCP, DNS etc) to the LAN ports of the device.
Its has been described here:
https://openwrt.org/docs/guide-user/network/wifi/wifiextenders/bridgedap

And the diagram looks also correct:
image

I did everything described in that tutorial, but it still doesn't work :frowning:

Well, the primary issue is that you have relayd setup on your device which is designed for a wireless backhaul. Wireless vs wired backhaul approaches are entirely different.

Reset your router to defaults and then follow the bridged ap guide.

Ok... re-reading, I'm really confused...

You're asking about a "wireless switch" but you also said that you've got the uplink via ethernet (and not wireless).

For the purposes of clarity, the OpenWrt device in the diagram above is known as a "dumb AP" or "bridged AP" -- it's basically just a simple L2 bridge between ethernet (uplink) and a wireless access point. It operates purely as an AP (with respect to the wireless functions), and it also may contain multiple ethernet ports that operate as standard ethernet switch.

If you need a wireless uplink (the device uses sta mode to be a wireless client of an existing wifi network) and the downstream devices (wireless and/or ethernet) must be on the same L2 network as the upstream network, you use relayd (or wds or mesh/802.11s) for this. This typically is called a wireless repeater (or mesh if using the 802.11s standard).

I fear this was a misunderstanding! I meant uplink from the laptops perspective. The uplink for the OpenWRT router is the wireless link to the main router.

I came up with the idea of using relayd because all other ways were not working... This was somewhat a matter of last resort. If you can show me a way for this to work without relayd, I'd be more than happy! Will even buy you a beer! :smiley:

Did that way before installing relayd. Unfortunately it didn't work :frowning:

Let me try explain again!

Wanna be situation:
- 1. An Asus main Router connected to the internet with an ip 192.168.0.1. DHCP running here.
- 2. An OpenWRT Router, connected wirelessly to the main Asus router with an ip 192.168.0.2. No DHCP running here.
- 3. The wireless (uplink) connection works, as my OpenWRT router is connected to the internet.
- 4. A bunch of devices, which are connected per LAN cable to the OpenWRT LAN ports, which also have internet and receive per DHCP from the main Asus router ip addresses from the 192.168.0.* network.
-5. The devices connected to the OpenWRT LAN ports receive internet access from the main Asus router per DHCP/DNS.

Actual Situation (as of config files above)
- 1. works!
- 2. works!
- 3. works!
- 4. does NOT work!
- 5. does NOT work!

I hope this make it more clear now!

Ok... with that clarification, you need to use relayd, WDS, or mesh (802.11s).

If your Asus main router is running OpenWrt, you can likely one of the latter 2 options. If it's running the vendor firmware, you will have to use relayd.

Keep in mind that relayd is a kind of hack and it has some quirks (see the known issues). But this is what will be required if the following statements are true:

  1. The uplink from the OpenWrt router to the main router must be made wirelessly.
  2. The main router is not running OpenWrt
  3. The downstream connections from the OpenWrt router need to be on the same L2 subnet as the upstream connection.

OK, so far we have clarified this!
:slight_smile:

true!

true!

That's also my goal, making them part of the aforementioned network 192.168.0.*. However this is not working, as the DHCP protocol does not go through the OpenWRT router. It only assigns the OpenWRT router the defined address (192.168.0.2) and stops there.

I don't use relayd, so I cannot guide you through any of the specifics.

That said, I mentioned that it has known issues. Specifically:

  1. DHCP issue caused by Access Point. OWrt forum

You would probably be best served by resetting your device to defaults and exactly following the relayd guide.

But, in the end, the preferred solutions are:

  • Use ethernet (wire) instead of wireless. This is always easier and higher performance, and just works.
  • Make sure your main router (or your main AP) is using OpenWrt so that you can setup wds or 802.11s mesh.

I wrote a guide on setting up and automating provisioning and monitoring of mesh networks using OpenWrt and OpenWISP.

Even if you don't use OpenWISP, the concepts can be applied to configure your OpenWrt devices manually.

I hope this helps!