Setting up authenticated mesh with wpad-mesh


I cant find it specifically documented

I found it out the hard way

Only my Atheros/Qualcom devices can reliably mesh and ap at same time

you will notice as @jeff has posted the output differ from wifi chipset to wifi chipset for

iw phy phy0 info
iw phy phy1 info


Here is an example of such a encrypted OLSR mesh i setup for testing/evaluation

Im connected to the mesh from my pc via wifi to the GL-iNet 6416A v1 (which is connected to the internet) (Device has LAN and WAN Port)


FriendlyARM NanoPi NEO (512mb Ram, 2Gb sdcard, quad-core arm, 100Mbps Lan)
RT3070 USB Wifi Dongle
Only Mesh


FriendlyARM NanoPi NEO (256mb Ram, 2 Gb sdcard, quad-core arm, 100Mbps Lan)
RT3070 USB Wifi Dongle
Only Mesh


FriendlyARM NanoPi NEO2 (1024mb Ram, 8gb sdcard, quad-core arm, 1Gbit Lan)
RT3070 USB Wifi Dongle
Only Mesh

Device (Gateway)

Model GL-iNet 6416A v1 (64mb Ram, 16mb flash, Atheros AR9330 rev 1, single core)
Access Point and Mesh same time


The Mesh is in fact encrypted with WPA-PSK2 (CCMP)

config wifi-iface
	option device 'radio0'
	option key 'thepassword'
	option ssid 'penguinfarm'
	option mode 'adhoc'
	option network 'mesh'
	option encryption 'psk2'


iw list on my ZBT WE1226s shows

        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
                 * mesh point
        valid interface combinations:
                 * #{ IBSS } <= 1, #{ managed, AP, mesh point } <= 4,
                   total <= 4, #channels <= 1, STA/AP BI must match

So it should be possible to have both AP and mesh. The combination does come up, but without encryption on the mesh. It's when I try to encrypt it that the combination fails.


Yes, now i remember.

True what you saying.

I wanted a encrypted mesh and password for my wifi AP


I also tried the Onion Omaga 2 and LinkIt Smart 7688 for Mesh, which use that same MediaTek 7688 but they both had lots of issues when I last tried them


Hello! I come to tell you that I tried this configuration and it worked.


config wifi-iface
        option device 'radio0'
        option ifname 'mesh0'
        option network 'lan'
        option mode 'mesh'
        option mesh_id 'meshdeprueba'
        option mesh_fwding '1'
        option encryption 'psk2+ccmp'
        option key 'meshdeprueba'
        option sae_password 'meshdeprueba'

And looking for the network available with another router with OpenWRT the following appears:


Before it appeared without encryption.


How many mesh nodes you have ?


I have a netbook and a CPE210. With the same Wireless configuration, they connect. It's just for tests and see if I could connect them with code.


You rock, Castillo!


Castillo is my last name :joy::joy:. My names are Franco Damian :smiley: :smiley:.


I'll try it over the weekend, since I'm away on a business trip.


Can you ping mesh nodes and clients?


Keep up the great work, I will call you whatever you want! Franco!


But can you ping mesh nodes and clients?


I have not yet done tests because the netbook does not support Mesh + AP, I mean, interface combination. Then, I'm going to try the CPE210 and the Archer C60 to see how they behave. I just tried the wireless connection, not the network. I still do not know how to configure the network.


Another thing I noticed is that in Windows and Linux (KDE Neon), identify the mesh network with WEP security and not with WPA2 as in a router with OpenWRT.


The 802.11S mesh I set up also shows as "wpa2 -" on a scan from the web UI when not connected, but that changes to "open" when the mesh connects.

I'd guess the UI is using the output from iwinfo?
When the mesh link is up and running:

root@Router:~# iwinfo mesh0 scan

reports "Encryption: none"


root@Router:~# iwinfo phy0 scan

Encryption: WPA2 NONE (CCMP)


root@Router:~# iwinfo mesh0 info

Encryption: unknown

An app on a mobile running android 8 reports the encryption as WPA2-EAP

Other devices show the mesh network as open.

These are the relevant settings I'm using.


config wifi-iface 'mesh0'
       option disabled '0'
       option device 'radio0'
       option ifname 'mesh0'
       option mode 'mesh'
       option mesh_fwding '1'
       option mesh_id 'My Mesh'
       option encryption 'psk2+ccmp'
       option sae_password 'MyPassword'
       option key 'MyPassword'          
       option network 'lan'


config interface 'lan'
      option ifname 'eth0.1 mesh0'

I also found that the generated wpa_supplicant-mesh0.conf uses the password from option key in the wireless file not from "option sae_password". If I omit "option key" in the wireless file, even though I set a password in "sae_password", sae_password" in wpa_supplicant is blank, so I don't think option sae_password in /etc/config/wireless is used.

Apart from encryption which I'm not sure if it is working right the mesh connection works fine and I also have an access point running on the same radio (phy0)

This is on a bt hub 5a running 18.06.1

Batman-adv Wireless Encryption Problem

Got mine working with with these settings. I had to activate hwnocrypt=1 for my ath9k device (wzr-hp-g300nh), connected with a mt7621 device (xiaomi router 3g) on 2.4Ghz network.
Like mjs said, Web Ui tells me encryption is "none" when the mesh is conected otherwise WPA2.


config wifi-iface 'mesh0'
       option device 'radio0'
       option mode 'mesh'
       option mesh_fwding '1'
       option mesh_id 'My Mesh'
       option encryption 'psk2/aes' (psk2+ccmp works too)
       option key 'MyPassword'          
       option network 'lan'

config interface 'lan'
        option ifname 'eth0.1'



I wouldn't think mesh0 needs to be in there. In any event, the wifi device would be 'radio0' or similar.


My mesh link worked perfectly fine on a windows machine without that, but when I tried it on a linux box, for some reason I couldn't get a connection, so I added mesh0 to the lan ifname and that fixed it.

I thought the problem might be IPv4 / IPv6 related, or possibly dhcp, I guess there's probably something wrong elsewhere in my config.