Wireless AP setup

Newbie here setting LEDE up as a wireless router. I installed LEDE on Raspberry Pi 3 B and the config below is what I currently have. I am connecting RPi with campus Ethernet via cable.

When I tried to connect my phone to it, IP address couldn't be obtained. Anybody help me have a look what I cam doing wrong / not doing?

# /etc/config/network
config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdc4:a71a:d9fa::/48'

config interface 'lan'
	option type 'bridge'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option proto 'dhcp'
	option _orig_ifname 'eth0 wlan0'
	option _orig_bridge 'true'
	option ifname 'eth0'

config interface 'wan'
	option proto 'dhcp'
	option ifname 'eth0'
# /etc/config/wireless
config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option htmode 'HT20'
	option disabled '0'
	option country 'HK'
	option distance '5'
	option log_level '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'LEDE'
	option encryption 'psk2'
	option key 'password'

Result of ifconfig

br-lan    Link encap:Ethernet  HWaddr B8:27:EB:1A:0A:6E  
          inet addr:143.89.95.215  Bcast:143.89.95.255  Mask:255.255.254.0
          inet6 addr: fe80::ba27:ebff:fe1a:a6e/64 Scope:Link
          inet6 addr: fdc4:a71a:d9fa::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:33474 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23824 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4904977 (4.6 MiB)  TX bytes:6177452 (5.8 MiB)

eth0      Link encap:Ethernet  HWaddr B8:27:EB:1A:0A:6E  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:235144 errors:0 dropped:1198 overruns:0 frame:0
          TX packets:152910 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:28398459 (27.0 MiB)  TX bytes:80667847 (76.9 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:362 errors:0 dropped:0 overruns:0 frame:0
          TX packets:362 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:33705 (32.9 KiB)  TX bytes:33705 (32.9 KiB)

wlan0     Link encap:Ethernet  HWaddr B8:27:EB:4F:5F:3B  
          inet6 addr: fe80::ba27:ebff:fe4f:5f3b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:517 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10915 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:66031 (64.4 KiB)  TX bytes:1798685 (1.7 MiB)

In your '/etc/config/wireless' file under section 'config wifi-iface 'default_radio0' try adding:

option network 'lan'

or in LUCI check the box in your Wireless -> General Setup under Network for lan.

Thanks for your help. Doing so allows me connecting to the network and this was actually what I did at the beginning. My confusion is that with this setting the AP acts like a bridge as if I am connecting my phone to the wall's outlet but without a wire. What I want is make the RPi a router that assigns IP addresses to mobile devices.

To explain this clearer, the campus Ethernet requires a registration before establishing connection. My RPi's MAC address should have been registered, yet when I connect my phone through it (after adding option network 'lan') it asks me to register my phone again. I am not expecting this step because the WLAN should be created by the router. I have successfully made what I want to achieve before with the help of some tuto online but couldn't remember how to repeat.

1 Like

You want a setup that is like a conventional router then. There are two networks, lan and wan in that.

The default configuration should be close to what you need. So I would suggest you re-flash your SD card back to the distributed image and start over.

The lan will be a static private IP range with a DHCP server. Create a wifi AP and attach it to the lan network as you did before.

Log into the router via wifi, since you will need to remove the ethernet port from lan and make a wan network to connect it to the ISP.

Create a wan network with proto dhcp (a dhcp client) and attach the ethernet port to it.

Firewall rules should already be in place to route from lan to wan. Be sure to use lowercase for all your network names.

The first time you connect a device it will have to log in. But now the college only sees one MAC address (the router's wan interface), and has issued only one IP, so once it has been authorized you can connect additional devices to your lan network and the college will treat them all as one user that is already authorized.

1 Like

Thanks. Your answer sounds what i want. Unfortunately these are what I tried myself before making this post here and ended up with the two config files at the top XD.

Can you explain with a bit more details? e.g. how to do this:

Thank you a lot.

Start at the default configuration-- reflash your card. The LAN will already be set up how you need it.

Try getting rid of or comment these 3 lines in your /etc/config/network file under "config interface 'lan'":

option _orig_ifname 'eth0 wlan0'
option _orig_bridge 'true'
option ifname 'eth0'

You don't want the lan interface associated with eth0. The lan will essentially not have any interfaces associated with it since your device only has 1 ethernet port (eth0), which will be associated with your wan interface. Only your wireless interface will be accessing lan, so it is not required to have 'option ifname' in this case for the lan interface. The wireless is associated with the lan interface in your /etc/config/wireless.

Essentialy, you want br-lan when your run an 'ifconfig' to have a static IP of 192.168.1.1. The lan interface will act as a DHCP server to your wireless since it is associated with the wlan0 in your '/etc/config/wireless'. It will assign your devices that connect to it over WIFI an internal IP address of 192.168.1.x. The only MAC address your campus ethernet should see is that of eth0 at that point. From there you should only have to just log in one time, initially, from a connected device to associate the wan MAC address with the campus network.

I am trying to do as you have instructed, but without success. ifconfig now has output address 192.168.1.1 for br-lan, but my phone still cannot connect because cannot obtain IP. Is the LAN supposed to act as a DHCP server once the wlan interface is associated with it? Anything wrong with the following configs? These two files are the only ones I have been changing but please tell me if there is any other file that matters.

# /etc/config/network
config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdc4:a71a:d9fa::/48'

config interface 'lan'
	option type 'bridge'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option proto 'static'
	option ipaddr '192.168.1.1'

config interface 'wan'
	option ifname 'eth0'
	option proto 'dhcp'
# /etc/config/wireless
config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/soc/3f300000.mmc/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option htmode 'HT20'
	option disabled '0'
	option country 'HK'
	option distance '5'
	option log_level '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'LEDE'
	option encryption 'psk2'
	option key 'password'
	option network 'lan'

SSH in and run the command 'brctl'

Check to see that under the interface for 'br-lan' that 'wlan0' is there. If it is then it is a DHCP configuration problem on the LAN interface most likely. Post the contents of '/etc/config/dhcp' if it is there. If it is not there then run the command:

brctl addif br-lan wlan0

You may have to add that command in /etc/rc.local so that it is executed each time after a reboot if it that solves the issue.

Hi @mj5030. First of all I cannot SSH to it with this configuration (am I supposed to be able to? I tried many times and could only SSH to it when I set lan's protocol dhcp).

I ran brctl directly inside RPi's through keyboard, and found no wlan0 under interface br-lan from the output of ifconfig (if this is what you mean). Then I ran brctl addif br-lan wlan0 and see the following:

brctl: bridge br-lan: Resource busy

And thank you for your kind help!

Try adding this under /etc/config/network for the lan section:

option ifname 'wlan0'

Then reboot your router. (Put the proto back to static with an ipaddr of 192.168.1.1 as well)

1 Like

Thanks. Just tried. My phone can connect to this AP now, but no Internet, sadly.

What's the output of 'ifconfig' and 'brctl show' at this point?

Oh god. I am sorry. The Internet is there. This is working as a charm. Thank you so much.

My phone can connect to this RPi's AP now. I still got question though: how to SSH to the AP now? ssh root@192.168.1.1 doesn't work

Is the dropbear instance set to lan? If you have LUCI installed check System->Administration.

The dropbear config:

config dropbear
    option PasswordAuth 'on'
    option RootPasswordAuth 'on'
    option Port '22'
    option Interface 'lan'  # <- i just added this line

SSH still fails. Is it possible to be related to firewall?

The result of SSH is

ssh: connect to host 143.89.95.253 port 22: Connection refused

the address came from ifconfig of eth0 interfce.

Was that a result of 'ssh root@192.168.1.1'? From a device connected through the Wireless AP?

Oh you remind me of that: I was trying to SSH to the router from my laptop that wasn't connected to the AP --- it was still connected to campus WiFi. Now that I joined the router's network I can ssh to 192.168.1.1.

You really gave me great help here. Thank you very much!


At the beginning when the interface lan has

option ifname 'eth0'
option proto 'dhcp'

I was able to SSH to the RPi via the inet address on eth0 interface. Why can't I do the same now?

You really don't want SSH access enabled for the address on eth0. It's more secure to have it behind the lan. You can put it on the wan interface vs. the lan, or unspecified, and be able to access it through that address. But it exposes the SSH service to EVERYONE at that point. The reason you were able to access it before is because you had eth0 assigned to lan via DHCP. At that point, the lan got a Class A network address assigned to it. Your lan now has a Class C (internal) network address assigned to it and the wan a Class A (external), and now uses Network Address Translation (NAT) between the WAN and LAN. Only devices on your lan can connect to it now.

1 Like

Learnt a lot and I will spend some time study more of all these. Thank you again for your answers and help.