Topic: Building a 802.11s-based mesh network with TPLink TL-WR1043ND v2

The content of this topic has been archived on 23 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

samettonyali29

25 Sep 2015, 17:55

Hello OpenWRT People,

I have been working on building a 802.11s based wireless mesh network by using two TP-Link TL-WR1043ND v2 routers running OpenWRT 14.07 Barrier Breaker. Finally, I succeeded to build it. It is a really easy task but if you are a newbie like me this post will help you build a 802.11s based wireless mesh network. I used TP-Link TL-WR1043ND v2 routers. Even if you have different routers I recommend you to give a chance to the configuration files below.

My network topology is very simple but can be enhanced and scaled. There are two Mesh Access Points (MAPs) in your backbone (You can configure one of these MAPS and make it a Mesh Portal Point (MPP) having access to the Internet). Any device around you, for example your smart phone, tablet PC or laptop. can connect to one of these MAPs and communicate over the mesh backbone. Assume that your smart phone and tablet are connected to MAP 1 (Router 1) and MAP 2 (Router 2) as stations (STAs), respectively. You may want to send a signal/message (in my tests I used "ping") to the tablet by using the smart phone. The phone sends the signal/message to MAP 1 over MAP 1's local area network (LAN). Note that the target IP address of the message belongs to the tablet which is in LAN of MAP 2. Then, MAP 1 sends the message to MAP 2 over the mesh network. Finally, MAP 2 conveys the message to the tablet. There are some IP address controls at each device and router but I am skipping these parts. You can refer a document that explains Kernel IP Routing table.

You can find configuration files (network, wireless and firewall) for this simple network:

Router 1

/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fddb:e092:8681::/48'

config interface 'lan'
    option ifname 'eth1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.1.11'
    option netmask '255.255.255.0'
    option ip6assign '60'

config route
    option interface 'mesh'
    option target '192.168.4.0'
    option gateway '10.1.1.44'
    option netmask '255.255.255.0'

config interface 'mesh'
    option ifname 'wlan0'
    option proto 'static'
    option ipaddr '10.1.1.11'
    option netmask '255.255.255.0'

config interface 'wan'
    option ifname 'eth0'
    option proto 'dhcp'

config interface 'wan6'
    option ifname '@wan'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0 1 2 3 4'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '5 6'

/etc/config/wireless

config wifi-device  radio0
    option type     mac80211
    option channel  11
    option hwmode    11g
    option path    'platform/qca955x_wmac'
    option htmode    HT20
    list ht_capab 'DSSS_CCK-40'
    # REMOVE THIS LINE TO ENABLE WIFI:
    option disabled 0 

config wifi-iface 'lan'
    option device   radio0
    option network  lan
    option mode     ap
    option ssid     OpenWRT1
    option encryption none

config wifi-iface 'mesh'
    option network 'mesh'
    option device 'radio0'
    option mode 'mesh'
    option mesh_id 'FIUMesh'
    option encryption 'none'

/etc/config/firewall

config defaults
    option syn_flood    1
    option input        ACCEPT
    option output        ACCEPT
    option forward        REJECT
# Uncomment this line to disable ipv6 rules
#    option disable_ipv6    1

#config zone
#    option name        lan
#    list   network        'lan'
#    option input        ACCEPT
#    option output        ACCEPT
#    option forward        ACCEPT

#config zone
#    option name        wan
#    list   network        'wan'
#    option network        'wan6'
#    option input        REJECT
#    option output        ACCEPT
#    option forward        REJECT
#    option masq        1
#    option mtu_fix        1

config forwarding
    option src        lan
    option dest        wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
    option name        Allow-DHCP-Renew
    option src        wan
    option proto        udp
    option dest_port    68
    option target        ACCEPT
    option family        ipv4

# Allow IPv4 ping
config rule
    option name        Allow-Ping
    list src        wan
    option src         lan
    option proto        icmp
    option icmp_type    echo-request
    option family        ipv4
    option target        ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
    option name        Allow-DHCPv6
    option src        wan
    option proto        udp
    option src_ip        fe80::/10
    option src_port        547
    option dest_ip        fe80::/10
    option dest_port    546
    option family        ipv6
    option target        ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
    option name        Allow-ICMPv6-Input
    option src        wan
    option proto    icmp
    list icmp_type        echo-request
    list icmp_type        echo-reply
    list icmp_type        destination-unreachable
    list icmp_type        packet-too-big
    list icmp_type        time-exceeded
    list icmp_type        bad-header
    list icmp_type        unknown-header-type
    list icmp_type        router-solicitation
    list icmp_type        neighbour-solicitation
    list icmp_type        router-advertisement
    list icmp_type        neighbour-advertisement
    option limit        1000/sec
    option family        ipv6
    option target        ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
    option name        Allow-ICMPv6-Forward
    option src        wan
    option dest        *
    option proto        icmp
    list icmp_type        echo-request
    list icmp_type        echo-reply
    list icmp_type        destination-unreachable
    list icmp_type        packet-too-big
    list icmp_type        time-exceeded
    list icmp_type        bad-header
    list icmp_type        unknown-header-type
    option limit        1000/sec
    option family        ipv6
    option target        ACCEPT

# include a file with users custom iptables rules
config include
    option path /etc/firewall.user

Router 2

/etc/config/network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fdfc:2411:750e::/48'

config interface 'lan'
    option ifname 'eth1'
    option force_link '1'
    option type 'bridge'
    option proto 'static'
    option ipaddr '192.168.4.44'
    option netmask '255.255.255.0'
    option ip6assign '60'

config route
    option interface 'mesh'
    option target '192.168.1.0'
    option gateway '10.1.1.11'
    option netmask '255.255.255.0'

config interface 'mesh'
    option ifname 'wlan0'
#    option type 'bridge'
    option proto 'static'
    option ipaddr '10.1.1.44'
    option netmask '255.255.255.0'

config interface 'wan'
    option ifname 'eth0'
    option proto 'dhcp'

config interface 'wan6'
    option ifname '@wan'
    option proto 'dhcpv6'

config switch
    option name 'switch0'
    option reset '1'
    option enable_vlan '1'

config switch_vlan
    option device 'switch0'
    option vlan '1'
    option ports '0 1 2 3 4'

config switch_vlan
    option device 'switch0'
    option vlan '2'
    option ports '5 6'

/etc/config/wireless

config wifi-device  radio0
    option type     mac80211
    option channel  11
    option hwmode    11g
    option path    'platform/qca955x_wmac'
    option htmode    HT20
    list ht_capab 'DSSS_CCK-40'
    # REMOVE THIS LINE TO ENABLE WIFI:
    option disabled 0 

config wifi-iface 'lan'
    option device   radio0
    option network  lan
    option mode     ap
    option ssid     OpenWRT4
    option encryption none

config wifi-iface 'mesh'
    option network 'mesh'
    option device 'radio0'
    option mode 'mesh'
    option mesh_id 'FIUMesh'
    option encryption 'none'

/etc/config/firewall

config defaults
    option syn_flood    1
    option input        ACCEPT
    option output        ACCEPT
    option forward        REJECT
# Uncomment this line to disable ipv6 rules
#    option disable_ipv6    1

#config zone
#    option name        lan
#    list   network        'lan'
#    option input        ACCEPT
#    option output        ACCEPT
#    option forward        ACCEPT

#config zone
#    option name        wan
#    list   network        'wan'
#    list   network        'wan6'
#    option input        REJECT
#    option output        ACCEPT
#    option forward        REJECT
#    option masq        1
#    option mtu_fix        1

config forwarding
    option src        lan
    option dest        wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
    option name        Allow-DHCP-Renew
    option src        wan
    option proto        udp
    option dest_port    68
    option target        ACCEPT
    option family        ipv4

# Allow IPv4 ping
config rule
    option name        Allow-Ping
    option src        wan
    option proto        icmp
    option icmp_type    echo-request
    option family        ipv4
    option target        ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
    option name        Allow-DHCPv6
    option src        wan
    option proto        udp
    option src_ip        fe80::/10
    option src_port        547
    option dest_ip        fe80::/10
    option dest_port    546
    option family        ipv6
    option target        ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
    option name        Allow-ICMPv6-Input
    option src        wan
    option proto    icmp
    list icmp_type        echo-request
    list icmp_type        echo-reply
    list icmp_type        destination-unreachable
    list icmp_type        packet-too-big
    list icmp_type        time-exceeded
    list icmp_type        bad-header
    list icmp_type        unknown-header-type
    list icmp_type        router-solicitation
    list icmp_type        neighbour-solicitation
    list icmp_type        router-advertisement
    list icmp_type        neighbour-advertisement
    option limit        1000/sec
    option family        ipv6
    option target        ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
    option name        Allow-ICMPv6-Forward
    option src        wan
    option dest        *
    option proto        icmp
    list icmp_type        echo-request
    list icmp_type        echo-reply
    list icmp_type        destination-unreachable
    list icmp_type        packet-too-big
    list icmp_type        time-exceeded
    list icmp_type        bad-header
    list icmp_type        unknown-header-type
    option limit        1000/sec
    option family        ipv6
    option target        ACCEPT

# include a file with users custom iptables rules
config include
    option path /etc/firewall.user

I think you realized "zone" entries in firewall files are commented out. They prevented to ping from a STA to another one. That's why I commented them out.

That's all! Please warn me if there is anything wrong or missing in this post. Moreover, please do not hesitate to ask a question. If I experienced the same problem I will try to answer your question.

Take care yourselves!

(Last edited by samettonyali29 on 25 Sep 2015, 18:18)

Post #2

etdk

9 Nov 2015, 11:50

Hi,

I'm newbee using openwrt.

I'm having issues in 802.11s mesh configuration tplink mr3020 running CC connecting to xiaomi mini wifi running CC.
I get ESTAB status using "IW wlan0 station dump" command. But unable to ping with each other.

Because I don't have any issues if all my hardware is Atheros (tested using mr3020 and cpe210).

Is 802.11s mesh solution is hardware dependent (not compatible)? xiaomi using ramips, and tplink using Atheros.
is it image/package issues (ramips image/package)? or is it a misconfiguration issues?

please help to identify or teach me how to trace it ?

appreciate any solution given to this message.
thank you.

----
Erik

Post #3

samettonyali29

14 Nov 2015, 07:15

Hi Erik,

To be honest, your case is too specific and I dont have enough experience on these devices. I have only one recommendation: Can you disable openwrt's firewall and try again? If it works you may need to reconfigure your firewall configuration as I indicated in this post.

I hope it works.

Post #4

etdk

16 Nov 2015, 17:03

Hi,

I have tried to disable the firewall. It doesnt work.
I will try to recompile the image. Maybe something went missing.

This 802.11s mesh thing.. I found it very inspiring..

Thank you, for your recomendation.

Post #5

PsychoMantis

4 Feb 2016, 18:19

I use for tests two of wr841n_v9.2. It works. My config:

root@OpenWrt1:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd45:194c:fe97::/48'

config interface 'lan'
        option ifname 'eth0'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.4.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

root@OpenWrt1:~# cat /etc/config/wireless
config wifi-device  radio0
        option type     mac80211
        option channel  11
        option hwmode   11g
        option path     'platform/qca953x_wmac'
        option htmode   HT20
        list ht_capab 'DSSS_CCK-40'

config wifi-iface 'lan'
        option device   radio0
        option network  lan
        option mode     ap
        option ssid     OpenWrt1
        option encryption psk2
        option key      geheim

config wifi-iface 'mesh'
    option network 'lan'
    option device 'radio0'
    option mode 'mesh'
    option mesh_id 'testmesh'
    option encryption authsae
    option key 'geheim'

root@OpenWrt1:~#

root@OpenWrt2:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd9d:e56c:bae9::/48'

config interface 'lan'
        option ifname 'eth0'
        option force_link '1'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.4.4'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'


root@OpenWrt2:~# cat /etc/config/wireless
config wifi-device  radio0
        option type     mac80211
        option channel  11
        option hwmode   11g
        option path     'platform/qca953x_wmac'
        option htmode   HT20
        list ht_capab 'DSSS_CCK-40'

config wifi-iface 'lan'
        option device   radio0
        option network  lan
        option mode     ap
        option ssid     OpenWrt2
        option encryption psk2
        option key      'geheim'

config wifi-iface 'mesh'
        option network 'lan'
        #option ssid    'myfirstmesh' i think ssid is here not on the right place
        option device 'radio0'
        option mode 'mesh'
        option mesh_id 'testmesh'
        option encryption 'authsae'
        option key 'geheim'

root@OpenWrt2:~#

I did not touch /etc/config/firewall on both routers. I installed packages authsae and wpad-mesh instead of wpad-mini and everything works fine: i can ping from one router to other over mesh.
I disabled dhcp on both routers:

root@OpenWrt1:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

#config dhcp 'lan'
#       option interface 'lan'
#       option start '100'
#       option limit '150'
#       option leasetime '12h'
#       option dhcpv6 'server'
#       option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

root@OpenWrt1:~#

If i put one of this routers to the internet (i simply connect my internet-router (fritzbox) with WAN-interface), it get one ip over dhcp and i can ping for example google.de
Now i want connect (over one of 4 lan-interfaces) a laptop with the second router and it should get a ip over dhcp from my fritzbox, but dhcp does not work.
Question: How i can get work dhcp? Why first router get an ip, but notebook not?

dhcp-request should: 
notebook --> lan-cable --> openwrt2 --> mesh --> openwrt1 --> fritzbox 
and the ip should back: 
fritzbox --> openwrt1 --> mesh --> openwrt2 --> lan-cable ---> notebook

EDIT: Now it works. Lan-cable from the fritzbox should in the yellow interface, not into the blue.

(Last edited by PsychoMantis on 4 Feb 2016, 21:14)

The discussion might have continued from here.

Page 1 of 1