OpenWrt Forum Archive

Topic: [SUCCESS] tp-link wr1043nd as wireless repeater (routed client NAT)

The content of this topic has been archived on 24 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
usr
3 Jun 2011, 12:10

Dankeschön OpenWrt Team,
its work for me and here my feedback.

My goal was to setup a wireless repeater to extend operation range:
usr-client <---wireless--> client-router <---wireless--->  main-station
                                     (wr1043nd)                              (linux)
                                      (V1.0-de)                            (hostapd-0.7.3)
 
1) working wireless radio
- because tp-link wr1043nd has only one radio, client/station and AP must work on same freq/radio
- with dd-wrt (r14896 to r16994) I never get a parallel working client and AP environment. AP was never visible if client was defined
- with OpenWrt (10.03.1-RC5-testing) it was easy to setup and WORKING. (nice and intuitive webgui)
- usr-client STA  successful connect to client-router AP
- client-router STA  successful connect to main-station AP
- client-router STA use self-employed a different MAC than client-router AP, look at your main station log if using hostapd access lists, e.g.:
  original vendor client-router AP : 54:e6:xx:xx:xx:xx
  self-employed client-router STA: 5a:e6:xx:xx:xx:xx
  this circumstance need better clarification

2) working routing
- I never get working WDS with hostapd-0.7.3 AP
- I don't want to use relayd
- I tried routed client case, but main-router get never a ARP reply for usr-client MAC from client-router STA
- so I using NAT on client-router also because I don't need DHCP, don't want forward broadcast and want to keep main-station firewall rules simple
- a bridge(br-wan) with wan-port(eth0.2) and wlan(client-router STA) doesn't work for me, tcpdump shows traffic on wlan(client-router STA) interface but it was never send out on radio
- so I define own interface(wan_sta) for wlan(client-router STA) via webgui and following OpenWrt documentation (routed client using MASQUERADE)
- interface(lan) ACCEPT Forward and forward to interface(wan_sta)
- interface(wan_sta) with masquerading option on
- YEAH than its working for me

3) fine tuning
- client-router DNS server for faster DNS cache hits
- install iperf and tweak wireless parameter
- install tcpdump to hunt your problems with configuration and firewall rules
- if you need a tcp connection from main-station to usr-client define iptables DNAT rule

x)
usr-client                                 client-router                                   main-station
192.168.1.2/24 <---wireless--> 192.168.1.1/24
gw 192.168.1.1                         <MASQ/NAT>
                                              192.168.2.200/24 <---wireless--->  192.168.2.1/24
                                              gw 192.168.2.1
                                              dns 192.168.2.1

root@OpenWrt:~# cat /etc/config/network 

config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'

config 'interface' 'lan'
        option 'ifname' 'eth0.1'
        option 'type' 'bridge'
        option 'proto' 'static'
        option 'netmask' '255.255.255.0'
        option 'ipaddr' '192.168.1.1'

config 'interface' 'wan'
        option 'ifname' 'eth0.2'
        option 'type' 'bridge'
        option 'proto' 'dhcp'

config 'switch'
        option 'name' 'rtl8366rb'
        option 'reset' '1'
        option 'enable_vlan' '1'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '1'
        option 'ports' '1 2 3 4 5t'

config 'switch_vlan'
        option 'device' 'rtl8366rb'
        option 'vlan' '2'
        option 'ports' '0 5t'

config 'interface' 'wan_sta'
        option 'proto' 'static'
        option 'ipaddr' '192.168.2.2'
        option 'netmask' '255.255.255.0'
        option 'dns' '192.168.2.1'
        option 'gateway' '192.168.2.1'
root@OpenWrt:~# cat /etc/config/wireless

config 'wifi-device' 'radio0'
        option 'type' 'mac80211'
        option 'macaddr' '54:e6:xx:xx:xx:xx'
        option 'hwmode' '11ng'
        list 'ht_capab' 'SHORT-GI-40'
        list 'ht_capab' 'DSSS_CCK-40'
        option 'country' 'DE'
        option 'disabled' '0'
        option 'txpower' '20'
        option 'htmode' 'HT40+'
        option 'channel' '3'

config 'wifi-iface'
        option 'device' 'radio0'
        option 'mode' 'sta'
        option 'encryption' 'psk2'
        option 'key' '<yourkey used with main-station AP>'
        option 'ssid' '<your main-station AP name>'
        option 'network' 'wan_sta'

config 'wifi-iface'
        option 'device' 'radio0'
        option 'mode' 'ap'
        option 'ssid' '<your client-router AP name>'
        option 'network' 'lan'
        option 'encryption' 'psk2'
        option 'key' '<yourkey>'
root@OpenWrt:~# cat /etc/config/firewall 

config 'defaults'
        option 'syn_flood' '1'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'
        option 'drop_invalid' '1'

config 'zone'
        option 'name' 'lan'
        option 'network' 'lan'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'

config 'zone'
        option 'name' 'wan'
        option 'network' 'wan'
        option 'output' 'ACCEPT'
        option 'input' 'REJECT'
        option 'forward' 'REJECT'

config 'rule'
        option 'src' 'wan'
        option 'proto' 'udp'
        option 'dest_port' '68'
        option 'target' 'ACCEPT'
        option 'family' 'ipv4'

config 'rule'
        option 'src' 'wan'
        option 'proto' 'icmp'
        option 'icmp_type' 'echo-request'
        option 'target' 'ACCEPT'

config 'include'
        option 'path' '/etc/firewall.user'

config 'zone'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'name' 'wan_sta'
        option 'network' 'wan_sta'
        option 'masq' '1'
        option 'mtu_fix' '1'
        option 'forward' 'REJECT'

config 'forwarding'
        option 'dest' 'wan_sta'
        option 'src' 'lan'
root@OpenWrt:~# ifconfig | grep -e Link -e UP -e inet
br-lan    Link encap:Ethernet  HWaddr 5A:E6:xx:xx:xx:xx  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
br-wan    Link encap:Ethernet  HWaddr 5A:E6:xx:xx:xx:xx    
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
eth0      Link encap:Ethernet  HWaddr 5A:E6:xx:xx:xx:xx  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
eth0.1    Link encap:Ethernet  HWaddr 5A:E6:xx:xx:xx:xx   
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
eth0.2    Link encap:Ethernet  HWaddr 5A:E6:xx:xx:xx:xx  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
mon.wlan0 Link encap:UNSPEC  HWaddr 54-E6-XX-XX-XX-XX-00-00-00-00-00-00-00-00-00-00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
wlan0     Link encap:Ethernet  HWaddr 5A:E6:xx:xx:xx:xx  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
wlan1     Link encap:Ethernet  HWaddr 5A:E6:xx:xx:xx:xx  
          inet addr:192.168.2.200  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

root@OpenWrt:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br-lan          8000.54e6xxxxxxxx       no              eth0.1
                                                        wlan0
br-wan          8000.54e6xxxxxxxx       no              eth0.2

root@OpenWrt:~# iw wlan0 info ; iw wlan1 info
Interface wlan0
        ifindex 8
        type AP
Interface wlan1
        ifindex 9
        type managed

root@OpenWrt:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.2.0     *               255.255.255.0   U     0      0        0 wlan1
192.168.1.0     *               255.255.255.0   U     0      0        0 br-lan
default         192.168.2.1     0.0.0.0         UG    0      0        0 wlan1

root@OpenWrt:~# iptables -t nat -L POSTROUTING -vn
Chain POSTROUTING (policy ACCEPT 2 packets, 144 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   29  1796 postrouting_rule  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 zone_lan_nat  all  --  *      br-lan  0.0.0.0/0            0.0.0.0/0           
   27  1652 zone_wan_sta_nat  all  --  *      wlan1   0.0.0.0/0            0.0.0.0/0           

root@OpenWrt:~# iptables -t nat -L zone_wan_sta_nat -vn
Chain zone_wan_sta_nat (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   27  1652 MASQUERADE  all  --  *      *       0.0.0.0/0            0.0.0.0/0

ps. 'Wrt' stands for?

Post #2
sebelk
20 Jul 2011, 04:34

Thanks for your post. It is quite useful. What I'm trying to do is:

usr-client                           <---wireless-->            client-router                                    <---wireless--->  main-station
wpa Enterprise client                               sta (wpa Enterprise Client)                                                     ap (wpa enterprise)
                                                                 ***ap (wpa enterprise)***

I've tried your scheme and it works except when I set vap with wpa enterprise (I mean if I use none encryption or psk it works, but it isn't what I'm looking for) on Client Router.

When I run wifi it outputs:

Using interface wlan0 with hwaddr f4:ec:38:b3:xx:xx and ssid 'MySSID'
socket[PF_INET6,SOCK_DGRAM]: Address family not supported by protocol
wlan0: RADIUS Authentication server x.x.x.x:1812
connect[radius]: Network is unreachable

And logread it says:

RADIUS Send failed - maybe interface status changed - try to connect again

This is output of /var/run/hostapd-phy0.conf

ctrl_interface=/var/run/hostapd-phy0
driver=nl80211
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
tx_queue_data3_aifs=7
tx_queue_data3_cwmin=15
tx_queue_data3_cwmax=1023
tx_queue_data3_burst=0
tx_queue_data2_aifs=3
tx_queue_data2_cwmin=15
tx_queue_data2_cwmax=63
tx_queue_data2_burst=0
tx_queue_data1_aifs=1
tx_queue_data1_cwmin=7
tx_queue_data1_cwmax=15
tx_queue_data1_burst=3.0
tx_queue_data0_aifs=1
tx_queue_data0_cwmin=3
tx_queue_data0_cwmax=7
tx_queue_data0_burst=1.5
hw_mode=g
channel=10

country_code=AR


ieee80211n=1
ht_capab=[HT20][SHORT-GI-40][DSSS_CCK-40]
ieee80211d=1

interface=wlan0
ctrl_interface=/var/run/hostapd-phy0
auth_server_addr=x.x.x.x
auth_server_port=1812
auth_server_shared_secret=THESECRET
nas_identifier=
eapol_key_index_workaround=1
radius_acct_interim_interval=300
ieee8021x=1
wpa_key_mgmt=WPA-EAP
wpa_group_rekey=300
wpa_gmk_rekey=640
auth_algs=1
wpa=3
wpa_pairwise=CCMP TKIP
ssid=MySSID
bridge=br-lan
wmm_enabled=1
bssid=f4:ec:38:b3:xx:xx
ignore_broadcast_ssid=0

I'd want to know it I'm doing something wrong or it's impossible to do it.

Thanks in advance!

(Last edited by sebelk on 20 Jul 2011, 05:02)

The discussion might have continued from here.