Setting up authenticated mesh with wpad-mesh

Can you ping mesh nodes and clients?

Keep up the great work, I will call you whatever you want! Franco!

But can you ping mesh nodes and clients?

1 Like

I have not yet done tests because the netbook does not support Mesh + AP, I mean, interface combination. Then, I'm going to try the CPE210 and the Archer C60 to see how they behave. I just tried the wireless connection, not the network. I still do not know how to configure the network.

Another thing I noticed is that in Windows and Linux (KDE Neon), identify the mesh network with WEP security and not with WPA2 as in a router with OpenWRT.

The 802.11S mesh I set up also shows as "wpa2 -" on a scan from the web UI when not connected, but that changes to "open" when the mesh connects.

I'd guess the UI is using the output from iwinfo?
When the mesh link is up and running:

root@Router:~# iwinfo mesh0 scan

reports "Encryption: none"

But,

root@Router:~# iwinfo phy0 scan

Reports:-
Encryption: WPA2 NONE (CCMP)

Yet:-

root@Router:~# iwinfo mesh0 info

Encryption: unknown

An app on a mobile running android 8 reports the encryption as WPA2-EAP

Other devices show the mesh network as open.

These are the relevant settings I'm using.

/etc/config/wireless:-

config wifi-iface 'mesh0'
       option disabled '0'
       option device 'radio0'
       option ifname 'mesh0'
       option mode 'mesh'
       option mesh_fwding '1'
       option mesh_id 'My Mesh'
       option encryption 'psk2+ccmp'
       option sae_password 'MyPassword'
       option key 'MyPassword'          
       option network 'lan'

/etc/config/network:-

config interface 'lan'
      option ifname 'eth0.1 mesh0'

I also found that the generated wpa_supplicant-mesh0.conf uses the password from option key in the wireless file not from "option sae_password". If I omit "option key" in the wireless file, even though I set a password in "sae_password", sae_password" in wpa_supplicant is blank, so I don't think option sae_password in /etc/config/wireless is used.

Apart from encryption which I'm not sure if it is working right the mesh connection works fine and I also have an access point running on the same radio (phy0)

This is on a bt hub 5a running 18.06.1

Got mine working with with these settings. I had to activate hwnocrypt=1 for my ath9k device (wzr-hp-g300nh), connected with a mt7621 device (xiaomi router 3g) on 2.4Ghz network.
Like mjs said, Web Ui tells me encryption is "none" when the mesh is conected otherwise WPA2.

/etc/config/wireless:-

config wifi-iface 'mesh0'
       option device 'radio0'
       option mode 'mesh'
       option mesh_fwding '1'
       option mesh_id 'My Mesh'
       option encryption 'psk2/aes' (psk2+ccmp works too)
       option key 'MyPassword'          
       option network 'lan'
/etc/config/network:-

config interface 'lan'
        option ifname 'eth0.1'

but

I wouldn't think mesh0 needs to be in there. In any event, the wifi device would be 'radio0' or similar.

My mesh link worked perfectly fine on a windows machine without that, but when I tried it on a linux box, for some reason I couldn't get a connection, so I added mesh0 to the lan ifname and that fixed it.

I thought the problem might be IPv4 / IPv6 related, or possibly dhcp, I guess there's probably something wrong elsewhere in my config.

I finally got it to work with wpad-mesh-openssl

Details here: https://github.com/openwrt/mt76/issues/72#issuecomment-462600670

2 Likes

On 18.06.x or Snapshots?

On 18.06.2

Can you please post your final network/wireless config as an example? Thank you in advance.

802.11s appears to be broken on master

I'll post here, as well as here. No BATMAN, no OLSR, just pure 802.11s.

/etc/config/network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'some ula_prefix'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.0.151'
	option netmask '255.255.255.0'
	option gateway '192.168.0.1'
	list dns '200.12.232.4'
	list dns '200.12.229.1'
	list dns '8.8.8.8'
	option ip6assign '60'

config device 'lan_dev'
	option name 'eth0.1'
	option macaddr 'macaddrX'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'

config device 'wan_dev'
	option name 'eth0.2'
	option macaddr 'macaddrY'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

/etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '6'
	option hwmode '11g'
	option path 'platform/10300000.wmac'
	option htmode 'HT20'
	option disabled '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'ssid_name'
	option encryption 'psk2'
	option key 'ssid_password'

config wifi-iface 'mesh'
	option device 'radio0'
	option network 'lan'
	option mode 'mesh'
	option mesh_id 'mesh_name'
	option mesh_fwding '1'
	option encryption 'psk2/aes'
	option key 'mesh_password'

I hope this helps others.

Now that I got it working on very cheap ZBT WE1226 AP's, I'd like to try it on dual radio AP's, having the mesh on one frequency, and the AP's on the other.

1 Like

So this on both sides should be enough to run the mesh like a wds ap + client before, since youre not using batman/olsr?

802.11s mesh routing only routes mesh participants, not clients connected to the APs. To route those clients you likely need to:

  • Provide a additional or different routing protocol using the 802.11s mesh, such as
    • batman-adv
    • OLSR
    • gretap tunneling
  • Increase the MTU of the wireless to support the overhead of the routing / tunneling protocol
1 Like

I think I'm acheiving routing by bridging the 'mesh' network into the lan. I'll test it under load later today.

1 Like

I would think so. I haven't found any proper documentation on option mesh_fwding, but this here seems to be a good hint:

option mesh_fwding '0' # Disables the 802.11s own routing! IMPORTANT! Because we currently use OLSR !

So, conversely, if you want the "802.11s own routing", you need to set option mesh_fwding '1'

1 Like

Are you saying that if I add the AP and Mesh on the "lan" bridge, can not the clients connect?