Setting up authenticated mesh with wpad-mesh


I would think so. I haven't found any proper documentation on option mesh_fwding, but this here seems to be a good hint:

option mesh_fwding '0' # Disables the 802.11s own routing! IMPORTANT! Because we currently use OLSR !

So, conversely, if you want the "802.11s own routing", you need to set option mesh_fwding '1'


Are you saying that if I add the AP and Mesh on the "lan" bridge, can not the clients connect?


I've tested it with about 10 devices connecting to the remote AP's, streamed videos and movies on a Fire Stick and a Chromecast, and everything works fine.

I've read somewhere about disabling the Spanning Tree protocol on the bridge, but I'm not sure how to do that on my configuration, or if it's even necessary.


So the routing of the 802.11s protocol can also with the traffic of the AP and the clients?


It's working for me!


Here is some Freifunk notes on the topic ```

It is from a script. Node-Config

6.2. Using IEEE 802.11s

You can use the new IEEE 802.11s mesh mode instead of the new ad-hoc. To do so, you need to modify .

Modication to - example for radio0 (first radio, 2.4 Ghz usually).

# ...
        set wireless.wifi_mesh='wifi-iface'
        set wireless.wifi_mesh.device='radio0'
        set'mesh babel_mesh'
        set wireless.wifi_mesh.mode='mesh'
        set wireless.wifi_mesh.mesh_id='42:42:42:42:42:42'
        set wireless.wifi_mesh_fwding='0'
        set wireless.wifi_mesh.mcast_rate='12000'
# ...

When modifying the 5 Ghz network, use wifi_mesh5 instead of wifi_mesh .

Setting mesh_fwding='0' disables forwarding in the IEEE 802.11s mesh network. Forwarding is disabled , because Babel and batman-adv need to see the topology on their own. Forwarding would hide the structure of network from both babel and batman-adv. In addition, it is redundant to batman-adv.

If experimenting with IEEE 802.11s mesh forwarding:

  1. Disable batman-adv - directly attach the mesh interfaces to the Freifunk bridge
  2. Try to make babeld using the overlay metric
  3. Avoid re-transmitting babel messages - IEEE 802.11s will distribute them anyway.
  4. Happy hacking :-).


Hello has anyone tested wpad-full ? Id like to use full so that I can attempt to configure roaming. In a mesh configuration.


You would have to create two networks: one with 802.11s and another as a simple AP. With the wpad package, the 802.11r option is enabled in the AP, not in the mesh.


Thanks castillofrancodamian . To further clarify my question in order to use 802.11r do I need to have wpad-full installed ? or can I use it with wpad-mesh ? I ask because I created a secure mesh using wpad-mesh but have been unable to using wpad-full, and I want both 802.11s and 802.11r


Yes, you can use wpad-mesh. It also allows to activate the 802.11r protocol for roaming. Ideally, you should use the 802.11s network in 5GHz and the AP in 2GHz if you have a dual band router.
I'm still not sure that the mesh network really is secure because it was mentioned previously (It appears with WEP security).