OpenWrt Forum Archive

Topic: Repeater configurations here! Both ways, bridged and simple repeater

The content of this topic has been archived between 5 Oct 2014 and 6 May 2018. Unfortunately there are posts – most likely complete pages – missing.

dabyd64 wrote:

Have you installed igmpproxy?

Yes, i did ...

I think using homegroups with Windows 10 ist in the relayd configuration not possible !
The pc connected to the repeater via relayd gets the same IPV4 subnet. Using IPV6 the subnet is different, because relayd only handle IPV4.
I believe using a transparent layer 2 bridge like WDS is the way for future. Disadvantage, you neet two openwrt routers...
In order to verify, it would be nice, if anybody here in the forum could test the homegroup functionality with W10 over relayd.

Rampler wrote:

In order to verify, it would be nice, if anybody here in the forum could test the homegroup functionality with W10 over relayd.

It seems, that i am the only one, who have Windows 10 and relayd using homegroups ..

When I do #1 method for Wireless Bridging, I always get an error when I enter this code

config 'interface' 'stabridge' 
    option 'proto' 'relay' 
    option 'network' 'lan wwan' 
    option ipaddr '192.168.1.254'

It's said Unknown Protocol

So I do more search and it need one more packet and it's call Luci-Proto-Relay

And viola.... the protocol now recognized

Thx.

@dabyd64, thanks for the walk-thru, I'm working on getting the repeater working on my DIR-505 and your post is great help.

A few questions:
1. With the repeater, mode 2 (non-bridged), do I need to delete dnsmasq part of the dhcp config or do I leave it there? Your post doesn't have it listed, made me wonder.
2. Same mode, what else do I need to do in addition to your OP instructions to make sure that the only ethernet port (eth1) of my router is on the same network as my WiFi clients? Add 'option ifname 'eth1'' to the lan interface section of network config?
3. I swear I've seen the script for STA+AP before, but I can't recall where and googling didn't yield specific results I was looking for. If you can link to an existing script -- that'd be great, otherwise -- how do I detect if STA is connected or not? And if not, I was thinking of switching it to either monitor or ad-hoc mode, so I'd be able to make the edits via luci. Are there other options for temporarily disabling it?

Thanks!

(Last edited by stangri on 21 Mar 2016, 22:24)

I've tried MODE 1 configuration and have 3 problems with it:

1. Wired configuration doesn't work, I can connect to WiFi created on my router and all works fine, but when I try to connect using ethernet I don't receive IP address and can't work to internet.
2. When I'm connected to OpenWrt router via WiFi (and probably wired but this doesn't work now) I can't connect to OpenWrt via ssh or anything else, even luci web page doesn't work. I'm trying to connect to all IP addresses but nothing work. If I wan't to connect to OpenWrt via ssh i need to first connect to Master router (the one from ISP) and then I can do ssh but only on relay IP address (in my situation it's 192.168.0.3)
3. When I'm connected to OpenWrt via ssh I can't ping outside, the solution for this is to change DNS settings to for example OpenDNS and then all works fine, but when I switch back to Master router as DNS server it doesn't work.

Here is my /etc/config/network:

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd5e:f30c:d349::/48'

config interface 'lan'
option ifname 'eth0.1'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.0.2'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.0.1' 
option dns     '192.168.0.1'

config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'

config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 5t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 5t'

config interface 'wwan'
option proto 'static'
option ipaddr '192.168.0.3'
option netmask '255.255.255.0' 
option gateway '192.168.0.1'   

config interface 'stabridge' 
option proto 'relay' 
option network 'lan wwan' 
option ipaddr '192.168.0.3' #Same IP as in WWAN

DHCP  is turned off, firewall also. Do you have any idea what could be wrong?

Try this

config interface 'lan'
.
.
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option ip6assign '60'
option gateway '192.168.0.1'
option dns     '192.168.0.1'

Follow-up question -- is it possible to have the device fetch gateway/dns from the upstream router automatically in Hotspot/Repeater 1 mode instead of hardcoding it like above?

Hi @dabyd64,
I've try both methods (I am using TPLINK MR3420). The results are:

1. Method 1 --> RepeaterAP shows in my wireless AP lists, I can connect to the repeaterAP, but only have 'Limited' connection. I did not get the IP address network as the same as the router.

2. Method 2 --> It works

However, i need method 1 working, but i can't figure out what i am doing wrong. I think i have followed the instructions carefully.

Anyway thanks for the tutorial.

Hey guys,

first of all thanks for the tutorial! However I have the following problem and hope you can help:

I used method 2 as I couldn't get method 1 to work. Everything works well, but clients in the main network are not visible from the client network (e.g. I can't access the time capsule or my apple tv from the client network; accessing the main router (192.168.0.1) from the client network works).

I started from a vanilla openwrt installation and followed the routed client recipe (https://wiki.openwrt.org/doc/recipes/routedclient).

My setup:

Main router (provided by ISP): CBN CH6640E (192.168.0.1)
connected via ethernet to an Apple Airport Time Capsule 802.11ac (192.168.0.2)
bridged client is a d-link dir-300 rev B running cc 15.05 (192.168.1.1)

My config files:

network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd20:96dc:2d98::/48'

config interface 'lan'
    option ifname 'eth0.1'
    option force_link '1'
    option macaddr '00:26:5a:a4:68:18'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.1'
    option netmask '255.255.255.0'
    option ip6assign '60'

config interface 'wan'
    option proto 'dhcp'

config interface 'wan6'
    option ifname 'eth0.2'
    option proto 'dhcpv6'

config switch
    option name 'rt305x'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'rt305x'
    option vlan '1'
    option ports '0 1 2 3 5 6t'

config switch_vlan
    option device 'rt305x'
    option vlan '2'
    option ports '4 6t'

wireless

config wifi-device 'radio0'
    option type 'mac80211'
    option channel '11'
    option hwmode '11g'
    option path '10180000.wmac'
    option htmode 'HT20'

config wifi-iface
    option device 'radio0'
    option ssid 'wombat'
    option encryption 'psk2'
    option key 'iloveopenwrt'
    option mode 'sta'
    option network 'wan'

config wifi-iface
    option device 'radio0'
    option mode 'ap'
    option ssid 'koala'
    option encryption 'psk2'
    option key 'iloveopenwrt'
    option network 'lan'

firewall

config defaults
    option syn_flood    1
    option input        ACCEPT
    option output        ACCEPT
    option forward        REJECT
# Uncomment this line to disable ipv6 rules
#    option disable_ipv6    1

config zone
    option name        lan
    list   network        'lan'
    option input        ACCEPT
    option output        ACCEPT
    option forward        ACCEPT

config zone
    option name        wan
    list   network        'wan'
    list   network        'wan6'
    option input        REJECT
    option output        ACCEPT
    option forward        REJECT
    option masq        1
    option mtu_fix        1

config forwarding
    option src        lan
    option dest        wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
    option name        Allow-DHCP-Renew
    option src        wan
    option proto        udp
    option dest_port    68
    option target        ACCEPT
    option family        ipv4

# Allow IPv4 ping
config rule
    option name        Allow-Ping
    option src        wan
    option proto        icmp
    option icmp_type    echo-request
    option family        ipv4
    option target        ACCEPT

config rule
    option name        Allow-IGMP
    option src        wan
    option proto        igmp
    option family        ipv4
    option target        ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
    option name        Allow-DHCPv6
    option src        wan
    option proto        udp
    option src_ip        fe80::/10
    option src_port        547
    option dest_ip        fe80::/10
    option dest_port    546
    option family        ipv6
    option target        ACCEPT

config rule
    option name        Allow-MLD
    option src        wan
    option proto        icmp
    option src_ip        fe80::/10
    list icmp_type        '130/0'
    list icmp_type        '131/0'
    list icmp_type        '132/0'
    list icmp_type        '143/0'
    option family        ipv6
    option target        ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
    option name        Allow-ICMPv6-Input
    option src        wan
    option proto    icmp
    list icmp_type        echo-request
    list icmp_type        echo-reply
    list icmp_type        destination-unreachable
    list icmp_type        packet-too-big
    list icmp_type        time-exceeded
    list icmp_type        bad-header
    list icmp_type        unknown-header-type
    list icmp_type        router-solicitation
    list icmp_type        neighbour-solicitation
    list icmp_type        router-advertisement
    list icmp_type        neighbour-advertisement
    option limit        1000/sec
    option family        ipv6
    option target        ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
    option name        Allow-ICMPv6-Forward
    option src        wan
    option dest        *
    option proto        icmp
    list icmp_type        echo-request
    list icmp_type        echo-reply
    list icmp_type        destination-unreachable
    list icmp_type        packet-too-big
    list icmp_type        time-exceeded
    list icmp_type        bad-header
    list icmp_type        unknown-header-type
    option limit        1000/sec
    option family        ipv6
    option target        ACCEPT

# include a file with users custom iptables rules
config include
    option path /etc/firewall.user


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#    option src        lan
#    option src_ip    192.168.45.2
#    option dest        wan
#    option proto    tcp
#    option target    REJECT

# block a specific mac on wan
#config rule
#    option dest        wan
#    option src_mac    00:11:22:33:44:66
#    option target    REJECT

# block incoming ICMP traffic on a zone
#config rule
#    option src        lan
#    option proto    ICMP
#    option target    DROP

# port redirect port coming in on wan to lan
#config redirect
#    option src            wan
#    option src_dport    80
#    option dest            lan
#    option dest_ip        192.168.16.235
#    option dest_port    80
#    option proto        tcp

# port redirect of remapped ssh port (22001) on wan
#config redirect
#    option src        wan
#    option src_dport    22001
#    option dest        lan
#    option dest_port    22
#    option proto        tcp

# allow IPsec/ESP and ISAKMP passthrough
config rule
    option src        wan
    option dest        lan
    option proto        esp
    option target        ACCEPT

config rule
    option src        wan
    option dest        lan
    option dest_port    500
    option proto        udp
    option target        ACCEPT

### FULL CONFIG SECTIONS
#config rule
#    option src        lan
#    option src_ip    192.168.45.2
#    option src_mac    00:11:22:33:44:55
#    option src_port    80
#    option dest        wan
#    option dest_ip    194.25.2.129
#    option dest_port    120
#    option proto    tcp
#    option target    REJECT

#config redirect
#    option src        lan
#    option src_ip    192.168.45.2
#    option src_mac    00:11:22:33:44:55
#    option src_port        1024
#    option src_dport    80
#    option dest_ip    194.25.2.129
#    option dest_port    120
#    option proto    tcp

dhcp

config dnsmasq
    option domainneeded '1'
    option boguspriv '1'
    option filterwin2k '0'
    option localise_queries '1'
    option rebind_protection '1'
    option rebind_localhost '1'
    option local '/lan/'
    option domain 'lan'
    option expandhosts '1'
    option nonegcache '0'
    option authoritative '1'
    option readethers '1'
    option leasefile '/tmp/dhcp.leases'
    option resolvfile '/tmp/resolv.conf.auto'
    option localservice '1'

config dhcp 'lan'
    option interface 'lan'
    option start '100'
    option limit '199'
    option leasetime '12h'
    option dhcpv6 'server'
    option ra 'server'

config dhcp 'wan'
    option interface 'wan'
    option ignore '1'

config odhcpd 'odhcpd'
    option maindhcp '0'
    option leasefile '/tmp/hosts/odhcpd'
    option leasetrigger '/usr/sbin/odhcpd-update'

Any idea how to get access to the main network from the client network?
When I replace my firewall configuration with the code from this tutorial the client network does not have internet access anymore. I also installed igmpproxy on the dir-300 and enabled igmp on the time capsule without any result.

Thanks for any help and be aware I am rather a n00b.

Simon

Not sure if this thread is still active or not, but figured I would give it a try.

We are using method 1.

We have router "A" (main router) running BB.
We have router "B" (repeater) running AA with the config as shown in method 1.

For periods of time (24-36 hours), everything works OK.  Clients all see each other, and all have access to the internet.  Wireless devices can move from "A" to "B" and back to "A" and all works fine.  Wired devices on "B" are also able to access all clients, and the internet.

Issue at times, router "B" will lose the connection to "A", and then obviously everything on "B" is in essence disconnected.  DHCP stops working, and then nothing can see anything on "B".

I have logs, both from "A" and "B", and "B" is attempting to re-connect to "A", but keeps failing.  If we reboot "B", it connects right back up and all is fine.  We do not touch "A".

Both "A" and "B" are Atheros based hardware, and we are pretty confident the issue is not on router "A" as we have many clients connected to "A" for a year and never saw any issues.

Log from "A":  02:c0 is the MAC for "B"

Thu Apr 21 16:46:23 2016 daemon.info hostapd: wlan0: STA 02:c0:ca:7d:ff:96 IEEE 802.11: authenticated
Thu Apr 21 16:46:24 2016 daemon.info hostapd: wlan0: STA 02:c0:ca:7d:ff:96 IEEE 802.11: authenticated
Thu Apr 21 16:46:24 2016 daemon.info hostapd: wlan0: STA 02:c0:ca:7d:ff:96 IEEE 802.11: associated (aid 2)
Thu Apr 21 16:46:25 2016 daemon.info hostapd: wlan0: STA 02:c0:ca:7d:ff:96 IEEE 802.11: associated (aid 2)
Thu Apr 21 16:46:26 2016 daemon.info hostapd: wlan0: STA 02:c0:ca:7d:ff:96 IEEE 802.11: associated (aid 2)
Thu Apr 21 16:46:35 2016 daemon.info hostapd: wlan0: STA 02:c0:ca:7d:ff:96 IEEE 802.11: deauthenticated due to local deauth request
Thu Apr 21 16:48:43 2016 daemon.info hostapd: wlan0: STA 68:a3:c4:58:1f:52 WPA: group key handshake completed (RSN)
Thu Apr 21 16:48:43 2016 daemon.info hostapd: wlan0: STA 2c:54:cf:c0:89:81 WPA: group key handshake completed (RSN)

Log from "B":  04:f0 MAC is router "A"

Apr 21 16:46:23 kern.info kernel: [17703.880000] wlan0-1: authenticate with 04:f0:21:18:1e:38
Apr 21 16:46:23 kern.info kernel: [17704.080000] wlan0-1: send auth to 04:f0:21:18:1e:38 (try 1/3)
Apr 21 16:46:24 kern.info kernel: [17705.010000] wlan0-1: send auth to 04:f0:21:18:1e:38 (try 2/3)
Apr 21 16:46:24 kern.info kernel: [17705.090000] wlan0-1: authenticated
Apr 21 16:46:24 kern.info kernel: [17705.120000] wlan0-1: associate with 04:f0:21:18:1e:38 (try 1/3)
Apr 21 16:46:25 kern.info kernel: [17706.010000] wlan0-1: associate with 04:f0:21:18:1e:38 (try 2/3)
Apr 21 16:46:26 kern.info kernel: [17707.010000] wlan0-1: associate with 04:f0:21:18:1e:38 (try 3/3)
Apr 21 16:46:26 kern.info kernel: [17707.110000] wlan0-1: RX AssocResp from 04:f0:21:18:1e:38 (capab=0x431 status=0 aid=2)
Apr 21 16:46:26 kern.info kernel: [17707.120000] wlan0-1: associated

These logs simply repeat over and over again about every 5 minutes according to the log, and "B" is never able to re-establish its connection with "A".

This line from "A":

Thu Apr 21 16:46:35 2016 daemon.info hostapd: wlan0: STA 02:c0:ca:7d:ff:96 IEEE 802.11: deauthenticated due to local deauth request

Always appears 9 seconds after "B" appears to be associated with "A".

I assume this is generated from "A"?  And if so, what prompts "A" to do this?

Any ideas are greatly appreciated.

Another question/issue.

Router A is main router, router B is repeater.  Used relayd.

I have a wireless printer connected to router B via WiFi.

Devices on router "B" can see and print to the printer.

Devices on router "A" cannot see the printer.

I can ping the printer from a device on "A", but the printer does not come up in the list of available devices when trying to print from "A".

What am I missing?  Or is this not possible?


I have igmpproxy installed on router "B"
Firewall and dnsmasq are both disabled on router "B"


edit:  I switched to using WDS and everything is more stable and working fine.  I apologize for posting to the howto thread, my mistake.  Feel free to move or delete as required.

(Last edited by JohnV on 1 May 2016, 12:01)

JohnV wrote:

I have a wireless printer connected to router B via WiFi.

Is the printer a DHCP client?

JohnV wrote:

Any ideas are greatly appreciated.

Post dmesg buffer from B at time of disconnect.

N.B. move this support question to the General Discussion forum (obey the rules)

Hi there,

Just a quick question. Is it possible to setup a wireless repeating between a Netgear R6250 (broadcom-based) running Advanced Tomato as the main router AND a Netgear WNDR3800 (Atheros-based) running Openwrt Chaos Calmer 15.05.1 as the repeating router?

main router = R6250 on Advanced Tomato <<<<>>>> repeating router = WNDR3800 on Chaos Calmer 15.05.1?

I tried both of your setups but failed.

Any ideas/suggestions?

Thanks!

Just a quick answer... this post is better served in the General Discussion forum.

This is offered as-is, sorry, I did use this for myself few years ago while I didn't had internet.
Apart of that, I can't help on any other setup, firmwares or devices. I tested on Atheros and worked great, once I tried on a Broadcom and Ralink device, both worked well as clients, until I enabled the second wireless network, it would just die.

(Last edited by dabyd64 on 4 May 2016, 21:39)

I have a AP TL 901ND. Could you help me how to config Bridged mode? Thank you!

Stupid question - what do I need to change so that also ipv6 works ? I implemented bridged version two years ago, it works beautifully. I started to play with IPv6 and I realized I cannot access link-local addresses between my main and bridged network. It works perfectly within each network.
I am no expert in any shape or form in this...
Thank you

(Last edited by marosg on 15 Jul 2016, 11:36)

Hello,
       I tried this on the ramips RT5350 - some observations:

If the ap mode is kept as open relayd always forwarded dhcp request to all clients connected to the wireless repeater, However, if the ap encryption mode is kept psk or psk2, I could see the router reply over wireshark but the wireless repeater did not relay the dhcp offer.

Static IP address worked flawlessly in either of the case above.

Can daby help on the same.

thanks,

Hello, I am facing the same issue. Any solution to this issue ?

Hi peeps, first many thanks to dabyd64 for posting these guides.

Have a strange issue that no one else has posted anything similar.

Am using the bridged/routed method (mode:1)

Everything is working as I would expect, but have some strange happenings when doing things via the GUI.

If I am connected via wireless/ethernet from main AP or Station certain things in Luci dont work, for example if I click on Network --> Wifi and click to edit any of the wireless networks will get a  "Bad Gateway The process did not produce any response" error.

The same message also occurs if I go System --> Software --> Update Lists

To make things even more stranger, if I connect via ethernet, but via the static assigned IP address on the LAN adapter, I can edit the wireless netorks but when I attempt to 'Update Lists' I get a

"opkg_conf_load: Could not lock /var/lock/opkg.lock: Resource temporarily unavailable."

message.

This is on a WA801ND v2 using the latest version of OpenWRT, Chaos Calmer 15.05.1 / LuCI 15.05-149-g0d8bbd2 Release (git-15.363.78009-956be55)

Have tried with two WA801ND v2, one of them connecting to a WR841N and the other connecting to a Mikrotik AP, both configs are displaying the same issues via GUI.

Also tried using https, issue still remains.

Hope someone has an idea with what is causing this, have not tired an earlier build

(Last edited by mongoled on 11 Aug 2016, 08:39)

If dns does not work and your gateway/dns is 192.168.1.1, consider:

rm /etc/resolv.conf
echo "nameserver 127.0.0.1">>/etc/resolv.conf
echo "nameserver 192.168.1.1" >>/etc/resolv.conf

R/
Mike

(Last edited by mwCT on 20 Sep 2016, 21:09)

Hi, I should repeat a wifi network with wpa enterprise security, can i do it? With any openwrt router?

Hello I followed the configuration being said in this thread, for the second option with 2 networks.

It almost works. The repeater is able to accesss the mainAP having himself internet connection, and is able to serve connection via the ethernet ports to connected hosts. However the secondary AP although visible, I am unable to connect to it.

This is the dmesg of a Linux host machine trying to connect to this AP:

[ 3467.212499] wlan1: authenticate with 02:1f:e2:bb:19:91
[ 3467.212578] wlan1: send auth to 02:1f:e2:bb:19:91 (try 1/3)
[ 3467.320027] wlan1: send auth to 02:1f:e2:bb:19:91 (try 2/3)
[ 3467.424021] wlan1: send auth to 02:1f:e2:bb:19:91 (try 3/3)
[ 3467.532016] wlan1: authentication with 02:1f:e2:bb:19:91 timed out

Although as can be seen in the configuration:

gist.github.com/anonymous/123215dc372f5012e463a05abca607e7

I even disabled the encryption for the SecondaryAP, What could be wrong?

The device is a bcrm63xx based one with AA, How can I be sure that this device is capable of this functionality?

The discussion might have continued from here.