[Solved] Relayd and a routed wifi on the same device

Installing and Using OpenWrt
1

Hello all!
I'm seeing some weird behavior in the setup that I'm trying to build.

Here's some context:

My main router is the ISP provided one: a fiber GPON with VoIP and stuff. The ISP allows some control of it (SSIDs and firewall). I configured 3 SSIDs: one for me on 5Ghz, another one for me on 2.4Ghz and one for guests on the 2.4Ghz band with client isolation. Works pretty well.

I also have a linksys MR8300 (tri-band) which I configured as repeater with relayd using one of the 5Ghz radios to connect to the main router and the other two radios (another 5Ghz and a 2.4Ghz) for my clients using the same SSIDs I use for my devices on the main router (no guest SSID yet). That works great too and I can get full speed at least in half of the backyard and decent speeds everywhere else.

So far so good... but I don't have a guest's wifi in the repeater so my guests can't use wifi in the backyard.

For the guest wifi I don't want to use a bridge so I tried to create a regular guest wifi with NAT in the repeater.

Here's where it became weird.

I created the guest SSID, attached it to a guest network, configured a static IP for that interface, enabled DHCP, created the "guest" zone in the firewall, configured firewall forwarding, rules and NAT for anything coming from the guest IP range.

But it didn't work...

After a lot of troubleshooting I noticed this:

  1. client connects OK and get's an IP.
  2. If I try to access an IP the packet reaches the other end and it's properly NAT'ed.
  3. client sends DNS requests to the router.
  4. router responds to those DNS requests... but looking with tcpdump I see those response packets are going out on the uplink interface instead of going back to the guest interface!

If at that point I restart relayd then everything starts to work as expected at least for a while.
It looks like relayd is messing with my guest network packets for some reason even though that network is not listed in the "relay between networks" configuration.

And that's where I got stuck.

I'm starting to read relayd's source code but it's been more than 20 years since I've done anything network related in C :sweat_smile:

Any quick tip on how to make routing+nat and relayd work seamlessly on the same router?
(Note: I can't use WDS or anything like that since I can't control the OS on the main router)

Thanks!

2

Well, I'll answer my own question.
It was all about relayd and its "ip rule" and routing table usage.
Everything in my guest setup was working ok but relayd configured a rule to use a different routing table for traffic coming from "lo" which was making it send everything to the wireless bridge side by default.
The fix was to add a higher priority rule (1, since relayd uses 2) to use the "main" table for all traffic destined to the guest subnet:

Adding this to /etc/config/network fixed everything.

config rule
	option priority '1'
	option dest '192.168.2.0/24'
	option lookup 'main'

The result was this set of rules:

# ip rule list
0:	from all lookup local
1:	from all to 192.168.2.0/24 lookup main
2:	from all iif lo lookup 16800
2:	from all iif wlan0 lookup 16801
2:	from all iif br-lan lookup 16802
32766:	from all lookup main
32767:	from all lookup default
3

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.