Recently I have been working on creating a point-to-point link over two AP's, which will allow me to tunnel VLANs across the link. Having previously tried to implement batman-adv and failing, I decided to try to use GRETAP tunnel over IPv4 for this purpose.
At the moment, I have not had success. The two devices are linked wirelessly and I can access both devices, but I have not been successful in allowing guest or IoT interfaces to function on the second.
The two devices in question are:
"HouseDish" - A wireless AP that will be connected in a more-or-less "Dumb AP" configuration to my main router/internet gateway. I want this device to form a mesh link with the second.
"YardDish" - A wireless mesh device that will receive the mesh signal. In addition, it will be connected by ethernet to a number of devices that I wish to place in my IoT zone.
Here are the /etc/config/network outputs.
My VLAN for lan interface is .3, untrustedlan is .9, and publiciot is .99.
HouseDish
root@HouseDish:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd4b:417c:3eb2::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option proto 'dhcp'
option device 'br-lan.3'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'eth0:t'
config interface 'UNTRUSTEDLAN'
option proto 'none'
option device 'br-lan.9'
config bridge-vlan
option device 'br-lan'
option vlan '99'
list ports 'eth0:t'
config interface 'PUBLICIOT'
option proto 'none'
option device 'br-lan.99'
config interface 'trunk'
option proto 'gretap'
option force_link '1'
option peeraddr '192.168.2.208'
option ipaddr '192.168.2.124'
option tunlink 'lan'
option df '0'
option defaultroute '0'
config device
option type 'bridge'
option name 'br-untrustedlan'
list ports '@trunk.9'
config device
option type 'bridge'
option name 'br-publiciot'
list ports '@trunk.99'
YardDish
root@YardDish:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0c:1026:e3b5::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports '@trunk.3'
config interface 'lan'
option proto 'dhcp'
option device 'br-lan.3'
config bridge-vlan
option device 'br-lan'
option vlan '3'
config bridge-vlan
option device 'br-lan'
option vlan '9'
config interface 'UNTRUSTEDLAN'
option device 'br-untrustedlan'
option proto 'dhcp'
config bridge-vlan
option device 'br-lan'
option vlan '99'
config interface 'PUBLICIOT'
option proto 'none'
option device 'br-publiciot'
config interface 'trunk'
option proto 'gretap'
option force_link '1'
option peeraddr '192.168.2.124'
option ipaddr '192.168.2.208'
option tunlink 'lan'
option df '0'
option defaultroute '0'
config device
option type 'bridge'
option name 'br-untrustedlan'
list ports '@trunk.9'
config device
option type 'bridge'
option name 'br-publiciot'
list ports 'eth0'
list ports '@trunk.99'
config bridge-vlan
option device 'br-publiciot'
option vlan '99'
list ports '@trunk.99:t'
list ports 'eth0'
In short, what I wish to achieve is to have these three existing VLANS function on the YardDish as it does in my wired section.
Thanks, I made the changes suggested on HouseDish but it has not seemed to solve the core problem. I still cannot get access the internet on the wireless associated with untrustedlan, even though I have bridged @trunk.9 and vlan 99 on Housedish.
The lan has to be entirely outside the tunnel since it is carrying the tunneled packets. Then you should try pings lan-lan to confirm that the wireless link is up. It isn't necessary to use mesh mode here, a simple AP-STA link will work.
It helps for troubleshooting to temporarily set up an IP on the AP tunnel end so then you can ping through the tunnel. Either use a static IP or set as DHCP client with no default route, it should get an IP through the tunnel.
The lan has to be entirely outside the tunnel since it is carrying the tunneled packets.
I'm confused as to what way that the lan is inside the tunnel in my config, apologies. I have removed the Software VLANs from the br-publiciot and br-untrustedlan interfaces on HouseDish, is that what you meant?
Then you should try pings lan-lan to confirm that the wireless link is up.
Wireless link is definitely up for the lan-lan link, and the Mesh end is getting an IP from my router.
Also remove the @ from @trunk.99
Removing the @ shows Error: Network device is not present on the interfaces the bridges are bound to.
I'll post my current configs if someone can help.
root@HouseDish:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd4b:417c:3eb2::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option proto 'dhcp'
option device 'br-lan.3'
config bridge-vlan
option device 'br-lan'
option vlan '3'
list ports 'eth0:t'
config bridge-vlan
option device 'br-lan'
option vlan '9'
list ports 'eth0:t'
config interface 'UNTRUSTEDLAN'
option device 'br-untrustedlan'
option proto 'none'
config bridge-vlan
option device 'br-lan'
option vlan '99'
list ports 'eth0:t'
config interface 'PUBLICIOT'
option device 'br-publiciot'
option proto 'dhcp'
config interface 'trunk'
option proto 'gretap'
option force_link '1'
option peeraddr '192.168.2.208'
option ipaddr '192.168.2.124'
option tunlink 'lan'
option df '0'
option defaultroute '0'
config device
option type 'bridge'
option name 'br-untrustedlan'
list ports 'trunk.9'
config device
option type 'bridge'
option name 'br-publiciot'
list ports 'trunk.99'
root@YardDish:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0c:1026:e3b5::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports '@trunk.3'
config interface 'lan'
option proto 'dhcp'
option device 'br-lan.3'
config bridge-vlan
option device 'br-lan'
option vlan '3'
config bridge-vlan
option device 'br-lan'
option vlan '9'
config interface 'UNTRUSTEDLAN'
option device 'br-untrustedlan'
option proto 'none'
config bridge-vlan
option device 'br-lan'
option vlan '99'
config interface 'PUBLICIOT'
option proto 'dhcp'
option device 'br-publiciot'
config interface 'trunk'
option proto 'gretap'
option force_link '1'
option peeraddr '192.168.2.124'
option ipaddr '192.168.2.208'
option tunlink 'lan'
option df '0'
option defaultroute '0'
config device
option type 'bridge'
option name 'br-untrustedlan'
list ports 'trunk.9'
config device
option type 'bridge'
option name 'br-publiciot'
list ports 'trunk.99'
config bridge-vlan
option device 'br-publiciot'
option vlan '99'
config device
option type 'bridge'
option name 'br-pubiciot-eth'
list ports 'br-publiciot.99'
list ports 'eth0'