Starting with mesh networks

@greybeard -- Ron, thank you for your post and the links. Can you elaborate why did you pick 802.11s over alternatives and have you tried any of them (other alternatives)?

I tried the 802.11s as it was part of the spec rather than an add on, I was after a layer 2 solution and I wanted encryption. And the config is pretty trivial once you get past the LUCI/cli issues
I transitioned to LEDE during this and then had issues with the amount of flash on the devices I had available. In the end it worked in a test setup but I have only a simple one repeater setup in production so just went with WDS.
The other solutions were just complicating things for what I was after.
I expect I'll revisit it again when I update my production devices.

Can elaborate more on your setup, how many devices, steps you follow to get it working, any problems on speed, etc ?

read the links I've posted, setup details are there. I have had 3 devices meshed in a lab setup. No speed testing done, just functionality.

Apologies for delayed reply. I've checked the link, but unless I'm mistaken your approach requires each devices to have hardcoded unique IP address, which breaks the self-forming requirement.

Is there an OpenWrt/LEDE solution for mesh networks which doesn't require unique hardcoded IP for each device?

Meshing (802.11s or batman-adv) occurs at layer 2 based on MAC address. You can use the same approaches to layer 3 as are used in wired networks.

Hi all,
Thanks @greybeard for your previous posts and explanations... I've managed to setup my mesh network unencrypted successfully! Unfortunately I haven't been able to find an authsae explanation to encrypt the mesh backhaul... Can anyone point me in the right direction?

Many Thanks!

Install the authsae package on top of wpad-mini, or there are "mesh" versions of wpad. Then as I remember, put option encryption authsae and your secret key as option key 'my-secret-key' in the mesh wifi interface definition. I could never get this to work on ath10k though. It works great on ath9k.

@greybeard, @alxscott It's exciting to hear that you have some kind of mesh network up and running.

Would you consider creating a page on the wiki that provides a "quick start" for people who want to follow in your footsteps? (There are many seemingly competing / different packages and protocols out there. It would be great to have a simple guide to a setup that actually works... I would be tempted to put it with other quick-start docs, say, at

At this stage, that Quick Start doesn't have to be definitive. Anything that you can write that provides a brief overview of what you've accomplished, and clarifies the packages you installed along with basic configuration would be enormously appreciated. Thanks.

1 Like

Oh!! I figured I’d have to modify the authsae conf file? I’ll try this tonight thanks!


Once I’m happy everything is as it should be I can certainly look at putting some time to the wiki! :slight_smile:

I was trying my hand at this 802.11s meshing as well to replace the WDS setup I am normally using. WDS works great but adding AP's is more hassle.

I got the Mesh working, but I am still failing in getting it encrypted.

If have "full" wpad and authsae installed. I tried every combination of " option encryption 'xx' " I could find, but no success. With 'none' I can mix even chipsets/drivers: ath9k and mt76 and I seem to have better throughput using 802.11s compared to WDS (I did a very short, basic iperf3 test between 2 nodes).

How do I get encryption to work??

I used the full wpad and simply added ‘authsae’ and key as above.... my nodes successfully connected but I noticed a significant performance loss. Using iperf between my nodes it was about 42Mbit/s unencrypted throughtput vs 17Mbit/s encrypted.

I’ve just decided to lock down each node best I can and just leave he mesh unencrypted!

If it was only that simple :frowning:

config wifi-iface
        option device 'radio1'
        option network 'lan'
        option mode 'mesh'
        option mesh_id 'mymesh'
        option encryption 'authsae'
        option key 'supersecret'

additional information:
ps shows:
/usr/bin/meshd-nl80211 -i wlan1 -s mymesh -c /var/run/authsae-wlan1.cfg

and /var/run/authsae-wlan1.cfg:

    debug = 0;
    password = "supersecret";
    group = [19, 26, 21, 25, 20];
    blacklist = 5;
    thresh = 5;
    lifetime = 3600;
    meshid = "mymesh";
    interface = "wlan1";
    passive = 0;
    debug = 0;
    mediaopt = 1;
    band = "11a";
    channel = 149;
    htmode = "none";
    mcast-rate = 12;

installed packages (related):

authsae - 2014-06-09-8531ab15-1
wpad - 2017-08-24-c2d4f2eb-5

Both routers the same config and same chipset. Without encryption it works.

FYI: wlan1 is the 5Ghz Radio. I switched for testing purposes to wlan0 (2.4Ghz).

Using the 2.4band makes some difference. Now I get a station-dump, but still no "real" connection e.g. I can't ping the other router. This seems driver related and it looks like its not fixed, even it was closed by @nbd. I am using the latest trunk with MT76 driver:

kmod-mt76-core - 4.9.67+2017-12-08-e5046560-1
kmod-mt7603 - 4.9.67+2017-12-08-e5046560-1
kmod-mt76x2 - 4.9.67+2017-12-08-e5046560-1


Please use wpad-mesh instead of wpad and authsae

What is the difference? The full wpad package should be capable of everything?

1 Like

Replacing authsae and wpad for wpad-mesh made a difference. Now I'm connecting encrypted on the 2.4Ghz band (MT7603 to MT7628). On the 5Ghz still no joy (MT7612 to MT7612).

I did read somewhere that authsae was outdated (2014) and I did try wpad-mesh, but in combination with authsae still installed...oops.

I will try ath9k to ath9k later, maybe that still needs the nohwcrypt=1 flag during module loading??

802.11s with encryption on the atk9k (without the need to put any flags like in the past), works.
I didn't notice a significant performance hit on the atk9k chipset, so I'm really happy to have an encrypted mesh now. Thanks for pointing me to wpad-mesh (@nbd)

Since I didn't get the 5Ghz MT7612 to work yet I only have one ath10k device I couldn't test that.

1 Like

@drbrains -- super exciting that more people are interested in setting up mesh and most importantly got it working. :wink:

If you don't have time to create a proper wiki page, can you post sanitized changes made to relevant config files (network, wifi, firewall) here in this thread?

1 Like