Hi--

I live on a sailboat, and am constantly moving and using various WiFi AP's. 

I want my Linksys WRT54GL (it has the latest release version of Kamikaze on it) to:

1) Connect to a specific AP in Client mode (call this AP "Shore" for this discussion)
2) Create a AP for boat use (Call this AP "Boat")
3) Link the "Shore" AP to the "Boat" AP, as well as route all data from Shore to the LAN ports.  NAT is fine, as the internal network devices should be able to talk to each other, but don't need to talk to the LAN on the other side of the Shore AP- just the internet.  Also, I want the internal devices to DHCP if at all possible.

The reason I want to do this is so that all my local devices associate to the "Boat" AP, and I simply change the "Shore" AP stuff when I move around.

I was thinking I would have to have two routers, but OpenWRT looks like it can do that- I was able to get both an AP and Client mode going last night, but couldn't figure out exactly what bridge settings I needed and whatnot.

I looked around online, and see lots of partial answers, but the oldwiki vs newwiki appears to be hiding the magic bullet I'm looking for.

Is this possible? 

I apologize if this is a stupid question!

Thanks,
-Ryan

To have a WRT54GL, WRT54GS or WRT54-TM box (may work with others, but THIS WILL NOT WORK ON A WRT54G) connect to a wireless network (Shore) and rebroadcast it as another network (Boat) do the following

The following variables are assumed:
**************
Shore SSID: Shore
Shore Channel: 5
Shore Encryption: None
**************
Boat SSID: Boad
Boat Encryption: None
**************

1. Login to the WAP website
2. Go to Network>WiFi>WL0
3. Check the Enable box
4. Select a channel (This MUST match the channel used by the Shore network)
5. To setup wireless network Shore:
     a. Go to the Interfaces section
     b. Set ESSID to Shore
     c. Set Network to WAN
     d. Set Mode to Client
     e. Set Encryption to None
6. To setup wireless network Boat:
     a. Click on "Add Entry" at the bottom of the Interfaces section
     b. Set ESSID to Boat
     c. Set Network to LAN
     d. Set Mode to Access Point
     e. Set Encryption to None
7. Click on "Save", check your data
8. Go to Network > Interfaces > WAN and check the "Bridge interfaces" box
9. Click on "Save"
10. Go to Unsaved Changes > Save & Apply from the upper menu (a restart may be needed after this to make everything work properly)

That SHOULD work on your WRT54GL. The critical part is getting the channel to match the Shore network channel and getting the other info to match.
Edit: Something that might help find the channel for Shore is to run a network scan to detect channel numbers. This can be going to  Network > WIFI and clicking on "scan" on the right side of the page (If you are using SSH, the command iwlist wl0 scanning works well for me to scan for networks from the command line)

As a reminder,  THIS WILL NOT WORK ON A WRT54G IIRC the reason for this not working on a WRT54G is that it cannot handle multiple wireless networks

Let me now how it goes.

Aaron Z

(Last edited by aczlan on 18 Feb 2010, 03:01)

More info (you may have already seen this) is available at: http://wiki.openwrt.org/doc/howto/clientmode

Aaron Z

Thanks Aaron, but this doesn't seem to be working for me.

Using the scan tool built into the web interface, I determined that the channel was 8.  So I set it up as you suggested:

device wl0
enabled
broadcomm
channel 8
transmit power (blank)

interfaces:
essid: shore
network: wan
mode: client
encryption: none

essid: boat
network: lan
mode: access point
encryption: none

Using my PC, I can connect to Boat.  It gets an IP address (192.168.1.237), a subnet mask of 255.255.255.0, and shows it's unencrypted.  However, when I try to connect to a site, the connection times out.  Trying to ping from the PC also times out.  Setting the DNS to 4.4.4.4 (Googles Nameserver), still times out.  Now the Shore AP does require a login, but traditionally what happens is that on my first connection, it returns the login page regardless of what URL I am trying to connect to.

I question the network's above- How does it know to bridge the wan network from shore to the lan?  Or am I missing something else fundamental?

If I change the boat network to wan, when I go to a page (http://www.woot.com), on the PC, the address in the bar changes to http:///, and then says that it's an invalid address.

If I change the boat network to lan and the shore network to lan, I still can't connect.

I did look over the client mode page; and I'm pretty sure that I could setup my router to be a client, and server the pages over the LAN ports.  It's the LAN AND AP that's got me stumped.

Thanks!
-Ryan

I think I missed a critical step, go to the WAP website and go to Network > Interfaces > WAN and check the "Bridge interfaces" box, I tried it on my 54G here and it wouldn't work as a client until I checked that box.

With "Bridge interfaces" enabled and the "Shore" network terminating the the wan, it acts like it would if you had an Ethernet cable from the "Shore" network plugged info the "internet" port of the WAP. Thus you have a firewall between the "Shore" and "Boat" networks (which can be managed from the website if you install luci-app-firewall

Edit: If you need to have something be outside of the firewall you can create another network called Shore2 and have it terminate in the WAN as well. Then anything on it will be as if it were connected to the Shore network

Aaron Z

(Last edited by aczlan on 18 Feb 2010, 03:13)

Still no joy. 

I reset the router to factory defaults.  Logged in and changed the password, then followed the instructions above.  Now, although I can see Boat, I can't connect with anything- it's like the DHCP isn't happening or something.

By the way, for some stupid reason, I was associated WAN with Wireless Network.  Doh.  All these settings are starting to make more sense now. ;-)

My config settings:

/etc/config/network

onfig 'switch' 'eth0'
    option 'vlan0' '0 1 2 3 5*'
    option 'vlan1' '4 5'

config 'interface' 'loopback'
    option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'

config 'interface' 'lan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.0'
    option 'proto' 'static'
    option 'ipaddr' '192.168.1.1'
    option 'netmask' '255.255.255.0'

config 'interface' 'wan'
    option 'ifname' 'eth0.1'
    option 'proto' 'dhcp'
    option 'type' 'bridge'
    option 'defaultroute' '0'
    option 'peerdns' '0'

/etc/config/wireless

config 'wifi-device' 'wl0'
    option 'type' 'broadcom'
    option 'channel' '8'
    option 'disabled' '0'

config 'wifi-iface'
    option 'device' 'wl0'
    option 'encryption' 'none'
    option 'ssid' 'Shore'
    option 'network' 'wan'
    option 'mode' 'sta'

config 'wifi-iface'
    option 'device' 'wl0'
    option 'ssid' 'Boat'
    option 'network' 'lan'
    option 'mode' 'ap'
    option 'encryption' 'none'

Thanks for any suggestions!
-Ryan

Hope this isn't a stupid question but you are using the real ssid of the access point on land and not literally "Shore" right? And that AP is open with no encryption on Channel 8? Can you successfully connect to it directly with a laptop wifi? The config looks right as I have also done this on a GL about a month back.

Note: I am testing this on a WRT54G (thus the lack of the Boat SSID, my "client" computer is connected to the LAN via the switch and the vlan ports are different due to changes in how Linksys numbered their ports) but these differences should not affect it working for you as long as all other settings are the same.

Config files:
/etc/config/network
config 'switch' 'eth0'
    option 'vlan0' '1 2 3 4 5*'
    option 'vlan1' '0 5'

config 'interface' 'loopback'
    option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'

config 'interface' 'lan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.0'
    option 'proto' 'static'
    option 'ipaddr' '192.168.1.1'
    option 'netmask' '255.255.255.0'

config 'interface' 'wan'
    option 'proto' 'dhcp'
    option 'type' 'bridge'
    option 'defaultroute' '0'
    option 'peerdns' '0'
    option 'ifname' 'eth0.1'

/etc/config/wireless
config 'wifi-device' 'wl0'
    option 'type' 'broadcom'
    option 'disabled' '0'
    option 'channel' '6'

config 'wifi-iface'
    option 'device' 'wl0'
    option 'network' 'wan'
    option 'mode' 'sta'
    option 'ssid' 'Shore'
    option 'encryption' 'none'

If you go to the WAN interface picking up a IP address?
When you run the wireless scan, does the "Shore" BSSID on your router match the BSSID of the "Shore" wireless network that it is connecting to? If the BSSIDs do not match, you probably have a setting wrong somewhere.

Aaron Z

(Last edited by aczlan on 18 Feb 2010, 04:59)

@Void Main-  I've done tech support before, so I think that's a great question, but no, I am using the correct SSID for shore. ;-)  It has no encryption, on channel 8.  I am connected to it right now, with my Mac posting this.

@aczlan- Still no joy.  I backed up a bit, and tried just joining the AP as a client, and bridging to the LAN.  That worked, with these settings:

network:

config 'switch' 'eth0'
    option 'vlan0' '0 1 2 3 5*'
    option 'vlan1' '4 5'

config 'interface' 'loopback'
    option 'ifname' 'lo'
    option 'proto' 'static'
    option 'ipaddr' '127.0.0.1'
    option 'netmask' '255.0.0.0'

config 'interface' 'lan'
    option 'type' 'bridge'
    option 'ifname' 'eth0.0'
    option 'proto' 'static'
    option 'ipaddr' '192.168.1.1'
    option 'netmask' '255.255.255.0'

config 'interface' 'wan'
    option 'ifname' 'eth0.1'
    option 'proto' 'dhcp'
    option 'type' 'bridge'
    option 'defaultroute' '0'
    option 'peerdns' '0'

wireless:

config 'wifi-device' 'wl0'
    option 'type' 'broadcom'
    option 'disabled' '0'
    option 'channel' '8'

config 'wifi-iface'
    option 'device' 'wl0'
    option 'encryption' 'none'
    option 'ssid' 'Shore'
    option 'network' 'wan'
    option 'mode' 'sta'

Since that worked, I added the AP back.  Now I can see the AP ("Boat") on my iPhone, but it says "Unable to join the network "Boat"".  Selecting the AP "Boat" on this MacBook Pro causes it to enter the mode where it is trying to connect, but it eventually fails.

Looking at the console log on the MBP shows:

2/18/10 6:47:02 PM    airportd[13245]    Apple80211Associate() failed -3905 (Timeout)
2/18/10 6:47:02 PM    Apple80211 framework[226]    airportd MIG failed (Associate Event) = -3905 (Timeout)  (port = 66739)

So it's not associating.

The settings, after I added the AP back are the same as above, except that wireless also has this after the "option mode 'sta'" from above:

config 'wifi-iface'
    option 'device' 'wl0'
    option 'ssid' 'Boat'
    option 'network' 'lan'
    option 'mode' 'ap'
    option 'encryption' 'none'

Maybe this isn't possible?  I had thought it would require two routers, one for AP and one for client, but was excited that OpenWRT supported multiple interfaces over the wireless.

Thanks again, guys. 
-Ryan

What is the status of the wireless connection (IIRC, it is at Network > WiFi from the website)? Do both networks have a BSSID? Is the WAN (eth0.1) getting an IP address?

This sounds a lot like the issues I was seeing when I was trying to do this on a WRT54G... On that I could create two networks, but only one would let you connect, the other would do almost the same thing you are seeing. That is why we went to WRT54GLs at work, we needed to have 2 SSIDs on each WAP.

Aaron Z

Interface Status:

Bridge br-lan
Device: br-lan (MAC 00:25:9C:54:XX:XX)
Type: Ethernet Bridge
  ? ID: 8000.00259c54xxxx
  ? STP: disabled
Transfer
  ? RX: 1233 Pkts. (194.71 KB)
  ? TX: 846 Pkts. (417.94 KB)
IP Configuration
  ? Primary: 192.168.1.1/255.255.255.0
Bridge Port 1
  ? Device: eth0.0 (MAC 00:25:9C:54:XX:XX)
  ? Type: Ethernet Switch (bcm53xx)
      ? VLAN: 0 (Ports 0, 1, 2, 3, 5*)
Bridge Port 2
  ? Device: wl0.1 (MAC 02:25:9C:54:XX:XX)
  ? Type: Wireless Adapter (Broadcom)
      ? Mode: Master
      ? SSID: Boat
      ? Channel: 8

Bridge br-wan
Device: br-wan (MAC 00:25:9C:54:XX:XX)
Type: Ethernet Bridge
  ? ID: 8000.00259c54xxxx
  ? STP: disabled
Transfer
  ? RX: 483 Pkts. (117.39 KB)
  ? TX: 411 Pkts. (120.47 KB)
IP Configuration
  ? Primary: 10.0.2.142/255.255.255.0 (DHCP assigned)
Bridge Port 1
  ? Device: eth0.1 (MAC 00:25:9C:54:XX:XX)
  ? Type: Ethernet Switch (bcm53xx)
      ? VLAN: 1 (Ports 4, 5)
Bridge Port 2
  ? Device: wl0 (MAC 00:25:9C:54:AD:XX)
  ? Type: Wireless Adapter (Broadcom)
      ? Mode: Client
      ? SSID: Shore
      ? Channel: 8

And looking at Network/Wifi:

Link  ESSID  BSSID Channel Protocol Mode
5       Shore   00:03:52:DC:3A:A0 8 - sta none 32dBm
-       Boat     02:25:9C:54:AD:AD 8 - ap none -

It's a WRT54GL v1.1.

On a related note, I have a high gain antenna to attach to this router- which antenna port should I use, if you happen to know?  I know on some routers, one is a dummy...

Thanks again,
-R

For antenna info, this looks like a good thread: http://www.wirelessforums.org/alt-inter … 39665.html in short: only use one antenna and use the RH (as looking from the front) connection

On your problem: it looks like the boat link is not doing something right (as seen by the lack of a link number). I will try to setup a WRT54GL on my lunch break at work tomorrow and see if I can replicate your setup, I know it can be done as I have done it with a WRT54GL connecting to a WRT160N (I think that is what it was anyways) and re-broadcasting a WPA-PSK2 network.

Aaron Z

(Last edited by aczlan on 19 Feb 2010, 01:50)

Okay, I pulled out my spare WRT54GL v1.1 to make sure I wasn't losing my mind. Here's what I did and it worked straight away:

1) Uploaded fresh 8.09.2 firmware wiping out old configs
2) Clicked Network->Wifi->WL0
2a) Click "enable" and selected same channel as my wifi in my house
3) Click "Add Entry" to add an additional virtual wireless interface
3a) On new wireless interface entered ESSID to match my existing WIFI SSID
3b) Selected "wan" network
3c) Select "client" mode
3d) Selected WPA-PSK and entered passphrase to match existing network
4) On original wifi entry I went ahead and set up WPA-PSK and set a key just because I wanted encryption

Here are the configs I ended up with:

root@OpenWrt:/etc/config# cat network 
#### VLAN configuration 
config switch eth0
        option vlan0    "0 1 2 3 5*"
        option vlan1    "4 5"


#### Loopback configuration
config interface loopback
        option ifname   "lo"
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0


#### LAN configuration
config interface lan
        option type     bridge
        option ifname   "eth0.0"
        option proto    static
        option ipaddr   192.168.1.1
        option netmask  255.255.255.0


#### WAN configuration
config interface        wan
        option ifname   "eth0.1"
        option proto    dhcp

root@OpenWrt:/etc/config# cat wireless 

config 'wifi-device' 'wl0'
        option 'type' 'broadcom'
        option 'channel' '5'
        option 'disabled' '0'

config 'wifi-iface'
        option 'device' 'wl0'
        option 'network' 'lan'
        option 'mode' 'ap'
        option 'ssid' 'OpenWrt'
        option 'encryption' 'psk'
        option 'key' 'MyNewTestSSID'

config 'wifi-iface'
        option 'device' 'wl0'
        option 'ssid' 'MyHomeSSID'
        option 'network' 'wan'
        option 'mode' 'sta'
        option 'encryption' 'psk'
        option 'key' 'MySecretHomeWifiKey'

I was able to connect with my laptop and pull an address from the GL and pass traffic just as if I was connected with a wire. What I am wondering is maybe you have a network clash? That is, you aren't trying to run the same subnet (192.168.1.0/24) that the shore network is running are you? If so that will not work (for routed mode) and you'll need to specify a different subnet for your LAN.

Oh, my existing home network is on 192.168.0.0/24 so there is no clash with the default lan network of 192.168.1.0/24.

I've been slammed the last couple of days; I'll have to check your settings.  In looking at them, I don't see much different from what I was trying before (as far as I can tell).  I did just check though, and the Shore SSID is assigning the Linksys client interface an IP address of 10.0.2.142, which is bridging to the LAN at 192.168.1.0/24.  Currently, I then have an Apple Airport Express plugged into the LAN port, and it's my AP until I can sort this out. (which then gives my laptop 10.0.1.2, which is irrelevant). 

Anyway, I definitely will try your settings in the morning.  It's been great the last few days having the Boat SSID for my internal gadgets and testing, and it would be even better to remove the Airport Express from the mix...

Thanks again,
-Ryan

Ooops, I noticed that after I posted and according to your output. One thing I see different is your wan configuration in your network config. You have this set:

    option 'type' 'bridge'
    option 'defaultroute' '0'
    option 'peerdns' '0

and I do not. If that's doing what I think it's doing I believe that is your problem. I will check that out today as I have a little time to work with it. I would comment those 3 lines out and reboot and see if that fixes it.

Here's what my interface status shows after configuring with the steps I used in the previous message that work for me:

Interface wan
Device: wl0 (MAC 00:25:9C:54:12:36)
Type: Wireless Adapter (Broadcom)
  ? Mode: Client
  ? SSID: MyHomeSSID
  ? Channel: 5 
Transfer
  ? RX: 734 Pkts. (73.14 KB)
  ? TX: 739 Pkts. (588.75 KB)
IP Configuration
  ? Primary: 192.168.0.139/255.255.255.0 (DHCP assigned) 


Bridge br-lan
Device: br-lan (MAC 00:25:9C:54:12:34)
Type: Ethernet Bridge
  ? ID: 8000.00259c541234
  ? STP: disabled
Transfer
  ? RX: 774 Pkts. (67.19 KB)
  ? TX: 790 Pkts. (608.38 KB)
IP Configuration
  ? Primary: 192.168.1.1/255.255.255.0 
Bridge Port 1
  ? Device: eth0.0 (MAC 00:25:9C:54:12:34)
  ? Type: Ethernet Switch (bcm53xx)
      ? VLAN: 0 (Ports 0, 1, 2, 3, 5*) 
Bridge Port 2
  ? Device: wl0.1 (MAC 02:25:9C:54:12:37)
  ? Type: Wireless Adapter (Broadcom)
      ? Mode: Master
      ? SSID: OpenWrt
      ? Channel: 5

Yep, just what I thought. Here's the bridge configuration with your config:

bridge name     bridge id               STP enabled     interfaces
br-lan          8000.00259c541234       no              eth0.0
                                                        wl0.1
br-wan          8000.00259c541234       no              eth0.1
                                                        wl0

Here's the bridge configuration with my config:

bridge name     bridge id               STP enabled     interfaces
br-lan          8000.00259c541234       no              eth0.0
                                                        wl0.1

Notice you have a LAN bridge *and* a WAN bridge, and they are both the same bridge id which I don't think is good. You only need the lan bridge because you are not going to use your wan ethernet port. My guess is if you want the bridge between the wan port and your second wireless interface the MAC addresses between eth0.0 and eth0.1 have to be unique (mine are the same, and the same as the bridge id). I'm not 100% on that. The other thing that is different between your config and mine is that I have the wireless interfaces swapped. I'm using wl0.1 for lan, you are using it for wan but I don't think that should matter.

Sweet!

That's got it all working.  I'm not sure why it was doing the double bridge; I was using the web admin tool initially, and not looking directly at the config files. 

I understand everything you did, and it's all working great.  The only thing I added was turning off the SSID broadcast on my machine, as I don't want it that obvious. 

Thanks alot, Void Main.  Hopefully this thread will help anyone else with a similiar issue. (or maybe I'm the only one with this much difficulty!)

-R

Cool! I was beginning to wonder if you had given up.