Understanding how OpenWrt performs 'bridging' between its interfaces

GASB0 · August 17, 2023, 11:51pm

Router in use: Linksys EA6350 v4
OpenWrt version: OpenWrt SNAPSHOT r23685-7e7eb5312d / LuCI Master git-23.223.85458-f7583b6
Kernel version: 5.15.123

Hi there,
I have my router bridging wifi to rj45, my setup is like so :
[laptop]---wifi---[openwrt router]---rj45---[home lan]

I would like to understand how the wifi to rj45 bridging works. Ultimately I would like to get the same setup working on a Debian based system.

How can I interrogate the setup to understand it? What are some relevant sections in the documentation that could put me closer to understanding how OpenWrt forwards packages between the router interfaces?

I can see the following network interfaces :

root@OpenWrt:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc mq state UP qlen 1000
    link/ether 5e:f9:a9:56:98:8c brd ff:ff:ff:ff:ff:ff
3: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether d8:ec:5e:b7:8f:aa brd ff:ff:ff:ff:ff:ff
4: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether d8:ec:5e:b7:8f:aa brd ff:ff:ff:ff:ff:ff
5: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether d8:ec:5e:b7:8f:aa brd ff:ff:ff:ff:ff:ff
6: lan3@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether d8:ec:5e:b7:8f:aa brd ff:ff:ff:ff:ff:ff
7: lan4@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether d8:ec:5e:b7:8f:aa brd ff:ff:ff:ff:ff:ff
8: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:11:22:01:20:9b brd ff:ff:ff:ff:ff:ff
10: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether d8:ec:5e:b7:8f:aa brd ff:ff:ff:ff:ff:ff
11: phy1-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether d8:ec:5e:b7:8f:ac brd ff:ff:ff:ff:ff:ff

I am not sure what firewall is running and how it is set up.
I am not sure of the mechanism for implementing the wifi to rj45 bridge.

Any pointers on how to understand the system setup?

thanks
Gabriel

zekica · August 18, 2023, 5:57am

Assuming for now that no VLAN filtering is configured on the bridge, the way to replicate this setup on a ordinary linux box is:

create a network bridge: ip link add br-lan type bridge
add ethernet interfaces to it: ip link set enXXXX master br-lan
bring them up: ip link set br-lan up and ip link set enXXXX up

Then for wifi:

copy the file /var/run/hostapd-phy0.conf to your pc and modify it:
- it has to match your hardware capabilities
- remove openwrt specific hostapd config lines - ones that your hostapd on your linux device doesn't recognize

Run hostapd with that configuration and it will automatically add the wifi interface to the bridge if it is correctly set up in the config.

Then if the wifi config contains ap_isolation and you want wifi - to - wifi station communication you can either disable it or enable hairpin mode on the wifi interface port for the bridge: bridge link set wlXXXX hairpin on

This is how netifd and it's helper scripts do it without digging too deep.

GASB0 · August 20, 2023, 10:37pm

What about the wireless "bridge"? I mean, I've managed on LUCI to connect my home router via wifi with one of the radios on my OpenWrt router and use it as a wifi extender by using the other radio on this router as AP. How is the forwarding of the traffic done in this case?

zekica · August 21, 2023, 7:59am

This only works when y/ou have enabled 4address aka wds mode. Then, the AP has only one additional field set in the config: wds_sta=1 the client uses wpa_dupplicant - see /var/run/wpa* files for it's configuration.

GASB0 · August 22, 2023, 3:27am

I now have this setup workihg in OpenWrt:

[laptop]--rj45--[openwrt router]--wifi--[home lan]

I want to make this work on a Debian system, I have tried to set it up by (unsuccessfully) trying to bridge the wlan0 and usb0 interface through systemd-networkd as in

systemctl mask dhcpcd.service
systemctl stop dhcpcd.service
systemctl mask networking.service
systemctl stop networking.service

cat << EOF | tee /etc/systemd/network/mybridge.netdev
[NetDev]
Name=br0
Kind=bridge

[Bridge]
STP=true
EOF

cat << EOF | tee /etc/systemd/network/10_bind.network
[Match]
Name=usb0 wlan0

[Network]
Bridge=br0
EOF

cat << EOF | tee /etc/systemd/network/mybridge.network
[Match]
Name=br0

[Network]
DHCP=ipv4
EOF

expecting that systemd-networkd was going to do the low level stuff for me in order to bridge a wired and wireless interface.

Is there a way to achive this OpenWrt setup on a Debian system?

psherman · August 22, 2023, 5:39am

This would be a question to ask in Debian focused forums rather than here where we support OpenWrt specifically.

zekica · August 22, 2023, 6:00am

You cannot add an ordinary client wifi interface to a bridge.

You can add the following wifi interface types to a bridge:

ordinary AP
mesh point
static WDS (afaik not supported in OpenWrt) as it doesn't support WPA/WPA2/WPA3 at all
4-addr AP (called AP WDS in OpenWrt, enabled by specifying wds_sta=1 in hostapd.conf)
4-addr Client (called Client WDS in OpenWrt, enabled by manually setting iw dev wlan0 set 4addr on before running wpa_supplicant)

You cannot add to a bridge:

ordinary Client (one without setting 4addr on)
IBSS (Ad-Hoc)