[sloved] Problem with repeater mode

mustafan · April 4, 2019, 2:56pm

hi there
i have tplink archer c50 v4 with custom openwrt image i need work as repeater mode but i have some problem inside router theirs connection and its ok
but when i connect to client ssid its connected but theirs no connection to my main router ( no any connection from router to my main gateway router and no internet connection )

my network config

config interface 'wwan'
        option proto 'static'
        option ipaddr '10.35.2.3'
        option netmask '255.255.240.0'
        option gateway '10.35.1.1'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.90.1'
        option netmask '255.255.255.0'
        option gateway '192.168.90.1'
        option dns '8.8.8.8 8.8.4.4'

wireless config

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/10300000.wmac'
        option htmode 'HT40'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'SKYWAVE'
        option encryption 'wpa2'
        option server '172.109.25.6'
        option port '1812'
        option key '112233'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel 'auto'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option htmode 'VHT80'
        option txpower '24'
        option disabled '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'wwan'
        option mode 'sta'
        option ssid 'skywave-network'
        option wds '1'
        option encryption 'psk2'
        option key 'maadar@112233'

dhcp config

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

NOTE: i disable firewall in each side .

thx

mk24 · April 4, 2019, 3:01pm

You're trying to run the STA on a 'wwan' network. A firewall config is needed to have forwarding between networks. If you've deleted the firewall the wan network is not of much use either, as the firewall config is what makes NAT and forwarding from lan to wan work.

If the AP supports WDS you can (and should) bridge the STA into the lan. This also means disable the DHCP server so it doesn't conflict with the one in the main router.

mustafan · April 4, 2019, 6:19pm

nice sound i didnt need to use the main router dhcp i need to use his dhcp server do u have some idea of firewall what should i do in it whats rule should i add

mk24 · April 4, 2019, 6:22pm

If you're running a WDS bridge you are fully bridged onto the main network at layer 2. There is no need for a firewall.

mustafan · April 4, 2019, 6:32pm

one things if i enable (wds) is it mean its should use my main dhcp server or its ok if i use my router dhcp , i enable wds because i install l2tp/ipsec server and give my client access to this server so i use wds for this purpose

i play with firewall and know i get connection with wds

config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wwan
        list   network          'wwan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wwan

mk24 · April 4, 2019, 6:37pm

WDS lets you have a bridge with multiple devices (different MAC addresses) on the client side.

It is not necessary to use WDS for IPsec. IPsec can be carried on a regular AP-STA link. It's another protocol like TCP and UDP.

Routed client has its own DHCP server on a separate independent lan network. Bridged client uses the main DHCP server because it is part of the main lan network. There should only be one DHCP server per network.

mustafan · April 4, 2019, 6:41pm

thank u your replay very helpful thanks

slh · April 4, 2019, 7:43pm

Your config suggests that you're using a wireless ISP, in which case using the firewall (the defaults will support this) and keeping masquerading would be required (as the ISP will only allow you to use a single IP (most likely even RFC1918) within their network).

system · April 14, 2019, 7:43pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.