Try to use OpenWrt as a dumb AP but routing is not working

I have a VM running OpenWRT which I'm trying to bridge my existing router to. The OpenWRT system ( has a better network card that I would like to use. My issue is once I'm connected to the OpenWRT AP I'm unable to access any devices beyond the OpenWRT system. I get an IP address from the main router ( once I connect but I cannot ping the main router. However I can ping the OpenWRT system.

I have been able to get internet access by manually adding a route to the client after connecting ip r add default via dev wlan0. However I still cannot access any local devices, including the main router. (Client) --> (OpenWRT) --> (Main Router) --> Internet/Other Devices

Once client is connected to OpenWRT, it can only ping OpenWRT, nothing else.


config wifi-device 'radio1'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:02.6/0000:08:00.0+1'
        option band '5g'
        option htmode 'HE160'
        option channel '100'
        option cell_density '0'
        option country 'US'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'sae'
        option key '[redacted]'
        option time_advertisement '2'
        option time_zone 'PST8PDT,M3.2.0,M11.1.0'
        option ieee80211k '1'


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        option acceptlocal '1'
        option igmp_snooping '1'
        option promisc '1'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

config device
        option name 'eth0'
        option acceptlocal '1'

config device
        option name 'wlan1'
        option acceptlocal '1'


config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ra 'hybrid'
        option dhcpv6 'hybrid'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config relay
        option interface 'lan'
        option local_addr ''
        option server_addr ''

To clarify here... this VM is the device that has the wireless radio that you're trying to use as a dumb AP? What is the host platform for this VM?

In most cases, the network cards (USB, PCI, etc.) that are used on regular x86 or other systems don't work all that well when compared to a proper, purpose-built AP. There are exceptions, of course. But, it's pretty tricky to get this hardware to work properly in the context of a VM because it is abstracted by the VM host... you usually want to run this bare metal.

Further, a dumb AP doesn't require (or do) any routing. It is purely an L2 device. I suspect if you're needing to do routing, it's because of the VM itself.

Yes, I pass through the mini pci-e card via vfio to the OpenWRT VM. The host platform is Arch Linux and using KVM.

In that case I might have to run OpenWRT off a USB on bare hardware and see if I get the same issue.

Hmm, that's something I haven't thought of. Maybe the issue is happening beyond OpenWRT's control.

Don't forget that you'll need the appropriate drivers for your wireless card (and possibly the wired ethernet, too, but this is often included in the x86 images).

I actually already did this earlier before setting up a VM on the same hardware but ended up only testing speeds and not whether I could access other devices.

I assume this is just a routing issue because the client can ping the OpenWRT VM and the OpenWRT VM can ping the router but the client can not ping the router...

A dumb AP has no routing. It is simply a bridge.

The idea is that you should have a bridge defined that includes the ethernet port(s). This should then be tied to a network... if you're using a single network (no VLANs), that bridge will usually br-lan and it is typically given an address using the lan network interface (the address must be either dhcp client or static IP with an address that is outside the DHCP pool and not being used by any other devices on your network).

The lan DHCP server should be set to ignore (disabled) if there is another DHCP server on the network -- leaving it enabled will cause problems.

Finally, the lan network is connected with the AP/SSID in the wireless file. That's it.

There is no routing (L3), simply L2 forwarding. So no static routes, no firewall functions... it's just a bridge.

Ah yes that's right, only L2. I think you're right, it must be some virtual machine issue. Outbound ARP messages aren't getting a reply.

I ended up just putting the wireless network in a different subnet and it seems to be working right now.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.