[SOLVED] Relayd configuration not working with 2 wlan

Hello,

I've been spending a lot of time trying to get this to work but I can't figure out what is wrong with it.

I'm trying to have my router connect to a wifi access point as a client and then share that connection on a secondary master wifi.

While wwan2 is connect to internet and I get the packages list in openwrt (so it works) a device using the access point doesn't have internet.

Here's my current configuration: https://send.firefox.com/download/d7367cd71c/#VTgdtgbRe0KhUZfFzqn63w

And some screenshots of it (wwan2 bridge and lan are in the same firewall zone)

The Ip address was previously set to 192.168.1.88 on the bridge:

23%20pm 32%20pm

That won't work. The wwan needs to be in WAN zone, so that it masquerade your internal network.
I am not sure about the relay bridge, as I have never used it. Could you post the output of the following commands to help us understand better the configuration, rather than posting screenshots?
cat /etc/config/network; cat /etc/config/wireless; cat /etc/config/firewall; ip -4 addr; ip -4 ro; ip -4 ru
All the above in one line.

1 Like
config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd44:77e3:6d6c::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'
	option delegate '0'

config interface 'Bridge'
	option proto 'relay'
	option ipaddr '192.168.2.88'
	list network 'lan'
	list network 'wwan2'

config interface 'wwan2'
	option proto 'dhcp'


config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'pci0000:00/0000:00:00.0'
	option htmode 'HT20'
	option legacy_rates '1'
	option country 'AU'
	option noscan '1'
	option txpower '22'
	option channel '11'
	option disabled '0'

config wifi-iface
	option device 'radio0'
	option mode 'ap'
	option ssid 'Warfi'
	option encryption 'psk2'
	option key 'password'
	option network 'lan'

config wifi-iface
	option network 'wwan2'
	option ssid 'Tribute'
	option encryption 'psk2'
	option device 'radio0'
	option mode 'sta'
	option bssid 'AC:84:C6:17:09:21'
	option key 'password'
	option disassoc_low_ack '0'


config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan Bridge wwan wwan2'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
4: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
       valid_lft forever preferred_lft forever
5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.43.73/24 brd 192.168.43.255 scope global wlan0
       valid_lft forever preferred_lft forever
default via 192.168.43.1 dev wlan0  src 192.168.43.73
192.168.2.0/24 dev br-lan scope link  src 192.168.2.1
192.168.43.0/24 dev wlan0 scope link  src 192.168.43.73
0:	from all lookup local
2:	from all iif lo lookup 16800
2:	from all iif wlan0 lookup 16801
2:	from all iif br-lan lookup 16802
32766:	from all lookup main
32767:	from all lookup default

That won't work, you need to move at least the wwan2 to WAN firewall zone.

What are these routing tables here?
ip -4 ro ls ta 16800; ip -4 ro ls ta 16801; ip -4 ro ls ta 16802

It seems to be done by the bridge, the command you've given me doesn't work ip doesn't know ls and ta.
But if I list all the routes:

root@OpenWrt:~# ip route show table all
192.168.2.56 dev br-lan table 16801 scope link
192.168.43.1 dev wlan0 table 16802 scope link
192.168.43.49 dev wlan0 table 16802 scope link
192.168.43.75 dev wlan0 table 16802 scope link

I followed this guide:

https://openwrt.org/docs/guide-user/network/wifi/relay_configuration

I was trying to do exactly the same before yesterday. wwan is in LAN zone as per the document. I got internet on client router as well as on some of it's AP client devices, but it appears that DHCP and/or DNS don't get relayed so I had to set them manually on the PC.

I am currently working on Achieving the same using trelay, but it's not well documented

1 Like

Here is my topic

@trendy Would you have any suggestion?

I think that since the router itself is working and everything else not, it might be because the packets sourcing from the router use routing table 16800, while the others use different ones. But I need to see the contents of the routing table 16800 (the command I specified before, which doesn't work for you).
In your summary ip route show table all I don't see table 16800 at all, as well as no default gateway.

16800 seem to be the loopback device
The default is 16802

192.168.2.56 dev br-lan table 16801 scope link
default via 192.168.43.1 dev wlan0 table 16802
192.168.43.1 dev wlan0 table 16802 scope link
192.168.43.70 dev wlan0 table 16802 scope link
192.168.43.102 dev wlan0 table 16802 scope link
default via 192.168.43.1 dev wlan0  src 192.168.43.73
192.168.2.0/24 dev br-lan scope link  src 192.168.2.1
192.168.43.0/24 dev wlan0 scope link  src 192.168.43.73
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 192.168.2.0 dev br-lan table local scope link  src 192.168.2.1
local 192.168.2.1 dev br-lan table local scope host  src 192.168.2.1
broadcast 192.168.2.255 dev br-lan table local scope link  src 192.168.2.1
broadcast 192.168.43.0 dev wlan0 table local scope link  src 192.168.43.73
local 192.168.43.73 dev wlan0 table local scope host  src 192.168.43.73
broadcast 192.168.43.255 dev wlan0 table local scope link  src 192.168.43.73
fd44:77e3:6d6c::/64 dev br-lan  metric 1024
unreachable fd44:77e3:6d6c::/48 dev lo  metric 2147483647  error -148
fe80::/64 dev br-lan  metric 256
fe80::/64 dev wlan0  metric 256
fe80::/64 dev wlan0-1  metric 256
unreachable default dev lo  metric -1  error -128
local ::1 dev lo table local  metric 0
local fd44:77e3:6d6c:: dev lo table local  metric 0
local fd44:77e3:6d6c::1 dev lo table local  metric 0
local fe80:: dev lo table local  metric 0
local fe80:: dev lo table local  metric 0
local fe80::418:d6ff:fead:9aa7 dev lo table local  metric 0
local fe80::618:d6ff:feac:9aa7 dev lo table local  metric 0
ff00::/8 dev br-lan table local  metric 256
ff00::/8 dev wlan0 table local  metric 256
ff00::/8 dev wlan0-1 table local  metric 256
unreachable default dev lo  metric -1  error -128

I am not sure if this guide is still relevant but I have always run the relayd setup this way in the past and it works pretty much fine without a problem. At least it was working on 17.01.

The device that connects on the WLAN of the relay, does it get DHCP settings or not?
Can you try to manually assign IP/Mask/Gw/NS and test again if it works?

I deleted all the interfaces and followed your guide and it works!!
I think that the issue was with the dhcp config because I only edited it at first and then when I replaced it completely it worked.

Thank you!

Thanks also @trendy for your help!

3 Likes

If your problem is solved, feel free to mark the relevant post as the solution; and edit the title to add "[SOLVED]" to the beginning (click the pencil behind the topic).

grafik

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.