Starting with mesh networks

So looks like some major hardware vendors are all jumping on the mesh bandwagon and I'd like to explore this subject.

AFAIK there are a few packages in LEDE which all fall under the "mesh" umbrella: alfred, batman, freifunk, olsrd. I don't know how/which to choose. I'm wondering if people with the hands-on experience with some/all of them would recommend either of the packages and starting point on mesh network specific to that package.

The goal would be to create a small private self-forming and self-healing network (and educate myself in the process). Ideally I'd like to be able to test all nodes are working while actually being in close proximity (ie good WiFi signal) to all of them. :wink:


I'm on it too, I want the same as you.


I'm sure there're people on the forum with the hands-on experience. Maybe I should just list the things which are confusing in the current documentation:

  1. I gather there're two aspects of the mesh network -- the radio level and the networking/firewall level. Is that (in a nutshell) correct?
  2. With the radio config I found conflicting information, some pages suggest to set up the radio in the "adhoc" mode, other pages to set up in the "mesh" mode. Is that because not all radios support "mesh" mode? Do most of the modern radios (as in -- found in routers shipped within last 2 years) support "mesh"? Is any mode preferable to another mode? When the "mesh" mode is set, would the "mesh_id" be visible as an SSID to regular WiFi clients?
  3. For the networking level -- I gather there're two competing solutions: batman and olsr. Is that correct, are they two projects for achieving the same? Is one being more actively developed than the other? Is one more preferable for small (in-house) private networks? Are there any significant differences between the two?

There's surprisingly little OpenWrt/LEDE-specific information on the subject and what there is, I'm not sure how up to date it is.



I've tried using the Automatic Homenet protocol before, it works pretty great until I tried setting up a VPN along with your openvpn-policy-routing package. I used there official page's wiki for the setup instructions ( but I just feel the two dont play well together as I would hope. maybe you could give it a go and see if you can get OPR to work with it?

Edit: Not really sure this app falls under the category of mesh networking, as it doesn't exactly state anything about mesh network on the wiki. It does seem to use babel which i believe to be a mesh protocol, so sorry if im incorrect on this.

1 Like

So I've read somewhere that babel requires each device in the mesh network to have a unique IPv4 address, which makes bringing random new devices to the network problematic.

Out of the rest of the solutions, which is still under continuing development:

  • B.A.T.M.A.N
  • batman-adv
  • cjdns
  • 80211s
  • anything else?

I've had a play with 80211s. Works ok unencrypted and eventually I managed to get it working with authsae. It's layer 2 so networking is a non issue.
I wrote up some info here
and here

Start with a simple config ie unencrypted and just get a link going.
DO NOT USE THE GUI, you must use the cli to configure the mesh
Have had this working on openwrt 15.05 and lede current release.

I have only played with it setting up the mesh and was trying to get it squeezed into a wr703 without luci as a simple mesh member for a repeater and had trouble with getting an image small enough. when encryption is enabled. (I wanted encryption on the link)

If it's just for a repeater then this setup has caught me interest

1 Like

@greybeard -- Ron, thank you for your post and the links. Can you elaborate why did you pick 802.11s over alternatives and have you tried any of them (other alternatives)?

I tried the 802.11s as it was part of the spec rather than an add on, I was after a layer 2 solution and I wanted encryption. And the config is pretty trivial once you get past the LUCI/cli issues
I transitioned to LEDE during this and then had issues with the amount of flash on the devices I had available. In the end it worked in a test setup but I have only a simple one repeater setup in production so just went with WDS.
The other solutions were just complicating things for what I was after.
I expect I'll revisit it again when I update my production devices.

Can elaborate more on your setup, how many devices, steps you follow to get it working, any problems on speed, etc ?

read the links I've posted, setup details are there. I have had 3 devices meshed in a lab setup. No speed testing done, just functionality.

Apologies for delayed reply. I've checked the link, but unless I'm mistaken your approach requires each devices to have hardcoded unique IP address, which breaks the self-forming requirement.

Is there an OpenWrt/LEDE solution for mesh networks which doesn't require unique hardcoded IP for each device?

Meshing (802.11s or batman-adv) occurs at layer 2 based on MAC address. You can use the same approaches to layer 3 as are used in wired networks.

Hi all,
Thanks @greybeard for your previous posts and explanations... I've managed to setup my mesh network unencrypted successfully! Unfortunately I haven't been able to find an authsae explanation to encrypt the mesh backhaul... Can anyone point me in the right direction?

Many Thanks!

Install the authsae package on top of wpad-mini, or there are "mesh" versions of wpad. Then as I remember, put option encryption authsae and your secret key as option key 'my-secret-key' in the mesh wifi interface definition. I could never get this to work on ath10k though. It works great on ath9k.

@greybeard, @alxscott It's exciting to hear that you have some kind of mesh network up and running.

Would you consider creating a page on the wiki that provides a "quick start" for people who want to follow in your footsteps? (There are many seemingly competing / different packages and protocols out there. It would be great to have a simple guide to a setup that actually works... I would be tempted to put it with other quick-start docs, say, at

At this stage, that Quick Start doesn't have to be definitive. Anything that you can write that provides a brief overview of what you've accomplished, and clarifies the packages you installed along with basic configuration would be enormously appreciated. Thanks.

1 Like

Oh!! I figured I’d have to modify the authsae conf file? I’ll try this tonight thanks!


Once I’m happy everything is as it should be I can certainly look at putting some time to the wiki! :slight_smile:

I was trying my hand at this 802.11s meshing as well to replace the WDS setup I am normally using. WDS works great but adding AP's is more hassle.

I got the Mesh working, but I am still failing in getting it encrypted.

If have "full" wpad and authsae installed. I tried every combination of " option encryption 'xx' " I could find, but no success. With 'none' I can mix even chipsets/drivers: ath9k and mt76 and I seem to have better throughput using 802.11s compared to WDS (I did a very short, basic iperf3 test between 2 nodes).

How do I get encryption to work??

I used the full wpad and simply added ‘authsae’ and key as above.... my nodes successfully connected but I noticed a significant performance loss. Using iperf between my nodes it was about 42Mbit/s unencrypted throughtput vs 17Mbit/s encrypted.

I’ve just decided to lock down each node best I can and just leave he mesh unencrypted!

If it was only that simple :frowning:

config wifi-iface
        option device 'radio1'
        option network 'lan'
        option mode 'mesh'
        option mesh_id 'mymesh'
        option encryption 'authsae'
        option key 'supersecret'

additional information:
ps shows:
/usr/bin/meshd-nl80211 -i wlan1 -s mymesh -c /var/run/authsae-wlan1.cfg

and /var/run/authsae-wlan1.cfg:

    debug = 0;
    password = "supersecret";
    group = [19, 26, 21, 25, 20];
    blacklist = 5;
    thresh = 5;
    lifetime = 3600;
    meshid = "mymesh";
    interface = "wlan1";
    passive = 0;
    debug = 0;
    mediaopt = 1;
    band = "11a";
    channel = 149;
    htmode = "none";
    mcast-rate = 12;

installed packages (related):

authsae - 2014-06-09-8531ab15-1
wpad - 2017-08-24-c2d4f2eb-5

Both routers the same config and same chipset. Without encryption it works.