I would think so. I haven't found any proper documentation on option mesh_fwding, but this here seems to be a good hint:
option mesh_fwding '0' # Disables the 802.11s own routing! IMPORTANT! Because we currently use OLSR !
So, conversely, if you want the "802.11s own routing", you need to set option mesh_fwding '1'
Are you saying that if I add the AP and Mesh on the "lan" bridge, can not the clients connect?
I've tested it with about 10 devices connecting to the remote AP's, streamed videos and movies on a Fire Stick and a Chromecast, and everything works fine.
I've read somewhere about disabling the Spanning Tree protocol on the bridge, but I'm not sure how to do that on my configuration, or if it's even necessary.
So the routing of the 802.11s protocol can also with the traffic of the AP and the clients?
It's working for me!
Here is some Freifunk notes on the topic ```
mesh_fwding='0'
https://jenkins.kbu.freifunk.net/files/node-config/doc/
It is from a script. Node-Config
6.2. Using IEEE 802.11s
You can use the new IEEE 802.11s mesh mode instead of the new ad-hoc. To do so, you need to modify wireless.sh .
Modication to wireless.sh - example for radio0 (first radio, 2.4 Ghz usually).
# ...
set wireless.wifi_mesh='wifi-iface'
set wireless.wifi_mesh.device='radio0'
set wireless.wifi_mesh.network='mesh babel_mesh'
set wireless.wifi_mesh.mode='mesh'
set wireless.wifi_mesh.mesh_id='42:42:42:42:42:42'
set wireless.wifi_mesh_fwding='0'
set wireless.wifi_mesh.mcast_rate='12000'
# ...
When modifying the 5 Ghz network, use wifi_mesh5 instead of wifi_mesh .
Setting mesh_fwding='0' disables forwarding in the IEEE 802.11s mesh network. Forwarding is disabled , because Babel and batman-adv need to see the topology on their own. Forwarding would hide the structure of network from both babel and batman-adv. In addition, it is redundant to batman-adv.
If experimenting with IEEE 802.11s mesh forwarding:
Hello has anyone tested wpad-full ? Id like to use full so that I can attempt to configure roaming. In a mesh configuration.
You would have to create two networks: one with 802.11s and another as a simple AP. With the wpad package, the 802.11r option is enabled in the AP, not in the mesh.
Thanks castillofrancodamian . To further clarify my question in order to use 802.11r do I need to have wpad-full installed ? or can I use it with wpad-mesh ? I ask because I created a secure mesh using wpad-mesh but have been unable to using wpad-full, and I want both 802.11s and 802.11r
Yes, you can use wpad-mesh. It also allows to activate the 802.11r protocol for roaming. Ideally, you should use the 802.11s network in 5GHz and the AP in 2GHz if you have a dual band router.
I'm still not sure that the mesh network really is secure because it was mentioned previously (It appears with WEP security).
I've seen a recommendation somewhere in the forum to add this to /etc/config/network:
config device
option name 'wlan0'
option mtu '1532'
However, I still have this message in the log:
batman_adv: bat0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
Then I do not have traffic flowing between the two systems if encryption is configured, I see no errors related to encryption/authentication. Without encryption everything works.
I'm running SNAPSHOT, 801.11s + Batman-adv
I've tried everything what coherent with 802.11s in this topic provided by wpad-mesh on LEDE 17.01.6 , unfortunately it does not work for me. Only works the open mesh variation. Otherwise devices cannot associate with each other.
I've tried it with hardware AP147, TP-LINK WR841-V9, WR841-V11, CPE210-V2 (last one freezes and down after attempt to restart wifi with encryption options) .
Update the OpenWrt version and try again.
# cat /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='18.06.0'
DISTRIB_REVISION='r7188-b0b5c64c22'
DISTRIB_TARGET='ar71xx/generic'
DISTRIB_ARCH='mips_24kc'
DISTRIB_DESCRIPTION='OpenWrt 18.06.0 r7188-b0b5c64c22'
DISTRIB_TAINTS=''
Is it proper version? I use it on CPE210-V2
18.06.4 is the latest release.
I've tried with 18.06.4 again and fail:
Wed Sep 4 22:32:11 2019 daemon.notice netifd: Interface 'wlan0_12_ad' is now down
Wed Sep 4 22:32:11 2019 daemon.err bmx6[1106]: WARN dev_deactivate(): deactivating dev=wlan0_12 llocal=fe80::a2f3:c1ff:fe72:8e97 global=fd66:66:66:17:a2f3:c1ff:fe72:8e97
Wed Sep 4 22:32:11 2019 daemon.notice netifd: Interface 'wlan0_12_ad' is disabled
Wed Sep 4 22:32:11 2019 daemon.notice netifd: Network alias '' link is down
Wed Sep 4 22:32:11 2019 daemon.notice netifd: Interface 'mesh_w0' is now down
Wed Sep 4 22:32:11 2019 daemon.err bmx6[1106]: ERROR rtnl_rcv(): ROUTE_HNA error=No such process
Wed Sep 4 22:32:11 2019 daemon.notice netifd: Interface 'mesh_w0' is disabled
Wed Sep 4 22:32:11 2019 daemon.notice netifd: Interface 'mesh_w0' has link connectivity loss
Wed Sep 4 22:32:11 2019 daemon.err bmx6[1106]: ERROR rtnl_rcv(): ROUTE_HNA error=No such process
Wed Sep 4 22:32:11 2019 daemon.err bmx6[1106]: ERROR rtnl_rcv(): ADDRESS_SET error=No such device
Wed Sep 4 22:32:11 2019 daemon.notice netifd: 8021q 'wlan0_12' link is down
Wed Sep 4 22:32:11 2019 daemon.notice netifd: Interface 'wlan0_12_ad' has link connectivity loss
Wed Sep 4 22:32:12 2019 user.notice mac80211: Failed command: iw phy phy0 set antenna all all
Wed Sep 4 22:32:12 2019 kern.info kernel: [ 732.176349] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
Wed Sep 4 22:32:13 2019 daemon.notice netifd: radio0 (6973): Successfully initialized wpa_supplicant
Wed Sep 4 22:32:14 2019 daemon.notice netifd: radio0 (6973): command failed: Link has been severed (-67)
Wed Sep 4 22:32:14 2019 user.notice mac80211: Failed command: iw dev wlan0 set mesh_param mesh_fwding 0
Wed Sep 4 22:32:14 2019 daemon.notice netifd: Interface 'mesh_w0' is enabled
Wed Sep 4 22:32:14 2019 daemon.notice netifd: Interface 'mesh_w0' is setting up now
Wed Sep 4 22:32:14 2019 kern.info kernel: [ 733.677549] IPv6: ADDRCONF(NETDEV_UP): wlan0_12: link is not ready
Wed Sep 4 22:32:14 2019 daemon.err bmx6[1106]: INFO dev_if_fix(): Autoconfiguring dev=wlan0_12 idx=25 ip=fd66:66:66:19:a2f3:c1ff:fe72:8e97/64
Wed Sep 4 22:32:14 2019 daemon.notice netifd: Interface 'wlan0_12_ad' is enabled
Wed Sep 4 22:32:14 2019 daemon.notice netifd: Interface 'mesh_w0' is now up
Wed Sep 4 22:32:14 2019 daemon.err bmx6[1106]: WARN dev_if_fix(): No link-local IP for dev=wlan0_12 !
That's last what I see before the soft watchdog reboot the device when it freezes. It happens on CPE210-V2:
config wifi-device 'radio0'
option type 'mac80211'
option macaddr 'deleted'
option channel '6'
option country 'US'
option hwmode '11ng'
option htmode 'HT40+'
option txpower '20'
option noscan '1'
option distance '300'
option disabled '0'
list ht_capab 'SHORT-GI-40'
list ht_capab 'RX-STBC1'
list ht_capab 'DSSS_CCK-40'
config wifi-iface 'wlan0'
option device 'radio0'
option mode 'mesh'
option mesh_id 'MyMesh'
option network 'mesh_w0'
option ifname 'wlan0'
option mesh_fwding '0'
option encryption 'psk2/aes'
option key 'MyPassword'
# cat /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='18.06.4'
DISTRIB_REVISION='r7808-ef686b7292'
DISTRIB_TARGET='ar71xx/generic'
DISTRIB_ARCH='mips_24kc'
DISTRIB_DESCRIPTION='OpenWrt 18.06.4 r7808-ef686b7292'
DISTRIB_TAINTS=''
I confirm It works on TP-LINK WR841-V9 (with 8Mb ROM and latest OpenWrt) but the only mesh mode without AP. Otherwise mesh interface crashes on start.
Sun Sep 8 13:11:13 2019 daemon.notice netifd: radio0 (29764): Line 6: invalid key_mgmt 'SAE'
Sun Sep 8 13:11:13 2019 daemon.notice netifd: radio0 (29764): Line 6: no key_mgmt values configured.
Sun Sep 8 13:11:13 2019 daemon.notice netifd: radio0 (29764): Line 6: failed to parse key_mgmt 'SAE'.
Sun Sep 8 13:11:13 2019 daemon.notice netifd: radio0 (29764): Line 7: too large mode (value=5 max_value=4)
Sun Sep 8 13:11:13 2019 daemon.notice netifd: radio0 (29764): Line 7: failed to parse mode '5'.
Sun Sep 8 13:11:13 2019 daemon.notice netifd: radio0 (29764): Line 8: unknown network field 'mesh_fwding'.
Sun Sep 8 13:11:13 2019 daemon.notice netifd: radio0 (29764): Line 16: failed to parse network block.
Oh God, I forgot to install wpad-mesh on node with AP 
It really works on WR841-V9, I will test it.
I got it recently working with the newest snapshot on my 2x Archer C2600, fully encrypted together with APs on 5 ghz. You only need wpad-mesh-openssl and bridge the mesh (with option mesh_fwding '1') into your LAN. Meanwhile my APs are running with WPA3/WPA2 mixed.
Oh well: you can only use channel 36-48 on 5ghz for 802.11s.
Beware: Luci in the snapshot is for today a bit buggy, so you should set this up manually.
Here is my config:
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
option country 'DE'
option txpower '23'
option channel '48'
config wifi-iface 'mesh'
option device 'radio0'
option network 'lan'
option mode 'mesh'
option mesh_id 'yourmeshid'
option mesh_fwding '1'
option key 'yourpw'
option mesh_rssi_threshold '0'
option encryption 'sae'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option htmode 'HT40'
option txpower '20'
option country 'DE'
option legacy_rates '0'
option channel '13'
config wifi-iface 'wifinet1'
option device 'radio0'
option key 'yourpw'
option network 'lan'
option mode 'ap'
option ssid 'yourssid'
option encryption 'sae-mixed'
option ieee80211w '1'
config wifi-iface 'wifinet2'
option encryption 'sae-mixed'
option device 'radio1'
option key 'yourpw'
option network 'lan'
option mode 'ap'
option ssid 'yourssid'
option ieee80211w '1'
Edit 1: Checked WPA3 on Mesh again. Its really working! Deleted the wrong assumption of WPA2 fallback.
Edit 2: Added option ieee80211w '1' on both APs since its a requirement for WPA3, but only optional for WPA2 because of compatibility.
It might be an "illusion" of how the utilities report it. As far as I know, 802.11s should report "SAE" or the like for authentication.