OpenWrt - Mesh

Posted on October 2, 2012

Tags: hackhard

1 Overview

Why mesh? Why cant we just use the openwrt to wireless connect to the router as a dhcp client via WAN then share that internet to the LAN.
LAN must have a different IP subnet from WAN meaning WAN will connect as 192.168.1.51 but LAN must be 192.168.2.XX BUT we can use this configuration for temporary internet access on the router.

Mesh network consist of main AP and secondary AP
Main AP which we use a mi router, bridges it’s internet connected AP to the mesh wifi
- It needs both an accesspoint and a mesh
Secondary AP only needs to setup a mesh to work
- It doesnt even need to have it’s own AP but we setup an isolated AP because we may need to troubleshoot the router

2 MiRouter - main mesh

2.1 Summary

Setup “LAN” that has access to internet
Setup AP which uses network “LAN”
Setup mesh which uses network “LAN”

2.2 Enable Wi-fi

Network >> Wireless Overview >> Enable

2.3 Setup LAN to bridge mesh with AP

Network >> Interfaces >> LAN >> Edit
- General Settings
  - Protocol : Static Address
  - Device : br-lan
  - Bring up on boot : checked
  - IPv4 Address : 192.168.1.51
  - IPv4 Netmask : 255.255.255.0
  - IPv4 Gateway: 192.168.1.0
- DHCP Servers
  - Ignore Interface : Checked

3 TPlink - Secondary mesh

3.1 Summary

We will perform the two below

Setup solely for mesh use

3.2 Factory reset

Reset to default configurations which will reset and reboot your router.
YOu can also do this by holding the WPS reset button for 10s then wait for your router.

NOTE: You will lose access to the router’s wifi and there wont be any router SSID being broadcasted.

3.3 Enable Wi-fi

Network >> Wireless Overview >> Enable

3.4 Setup sole for mesh use

WARN: YOU MUST COPY THE SAME Operating Frequency as the Main Mesh router.

Network >> Wireless Overview >> Add >> Device Configuration
- Mode : 802.11s (this indicates this is a mesh)
- Mesh Id : test
- Network : lan
- Wireless Security >> Encryption : WPA3

4 Setup from commandline

If you dont have LUCI follow this

reset router
ssh to root@192.168.1.1

4.1 change static ip

we first change static ip because once we gain internet access via mesh to LAN, our 192.168.1.1 will interfere with the firewall ip

vi /etc/config/network

config interface 'lan'
        option type 'mac80211'
        option hwmode '11g'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.51'
        option gateway '192.168.1.0'
        list dns '192.168.1.1'
        option delegate '0'

service network reload

4.2 connect mesh to get internet

find the option band 2g which may not always be named radio1

less /etc/config/wireless
vi /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option cell_density '0'
        option channel '4'
        option band '2g'
        option htmode 'HT40'
        option country 'US'
        #option disabled '1'  <---comment this line out

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'mesh'
        option mesh_id 'test'
        option mesh_fwding '1'
        option mesh_rssi_threshold '0'
        option network 'lan'
        option key 'thisismysecretpassword'
        option encryption 'sae'

wifi

4.2.1 Temporarily add internet

The mesh option wont give you internet since you still need to install a package then REBOOT.
So how do we get internet?

Change the static IP of your LAN group interface to 192.168.2.XX along with the gateway.

LAN 192.168.2.XX must be different subnet from WAN 192.168.1.XX
Since the WAN is connecting to the internet router via 192.168.1.1, WAN must take the 192.168.1.XX static IP address.

Network >> Interfaces >> Radio1 >> Scan

Join Network
Choose LAN

Then click Save, a new form pre-filled will pop up, DO NOT MODIFY IT, just click Save again.
Then ssh into your openwrt, and run the commands below.

4.2.1.1 with terminal

vi /etc/config/network

config interface 'lan'
  #some options here...
  option ipaddr '192.168.2.1' #we changed from 192.168.1.1 to 192.168.2.1
  option gateway '192.168.2.0' #we changed from 192.168.1.0 to 192.168.2.0

vi /etc/config/wireless


config wifi-device 'radio0'
  #some default options...
  #option disabled '0' #MAKE SURE TO COMMENT/REMOVE THE LINE OUT, DONT JUST CHANGE VALUE
  option country 'US' #IMPORTANT TO ADD THIS LINE!

config wifi-iface 'default_radio0'
  option device 'radio0'
  option network 'wan'
  option mode 'sta'
  option encryption 'psk2'
  option key 'yourwifipassword'
  option ssid 'yourwifiname'

wifi

ip addr

# 1: lo : <LOOPBACK, UP, LOWER_UP> mtu 65536 ...
# 2: eth0: <BROADCAST, MULTICAST, UP_LOWERUP> mtu 1500 ...
# 3: eth1: ...
# 15: phy1-ap0: ...
# 16: phy0-sta0: ... #<-- THIS IS THE NAME YOU NEED FOR THE NEXT STEP, IT ENDS WITH 'sta'
# 17: br-lan: ...

vi /etc/config/network

config interface 'wan'
  option device 'phy0-sta0' #this is the name you got from the last step
  option proto 'dhcp'
  option type 'bridge'

opkg update --no-check-certificate
opkg install wpad-mesh-wolfssl --no-check-certificate

4.3 Getting back luci

https://openwrt.org/docs/guide-user/luci/luci.essentials

opkg update --no-check-certificate
opkg install luci

5 Setup emergency AP

Interfaces >> WAN
- Firewall Settings
  - firewall-zone: Unspecified
- General Settings
  - Protocol: Static address
  - Device: EmerAcc
  - Bring up on boot: checked
  - IPv4 Address: 192.168.2.1
  - IPv4 Netmask: 255.255.255.0
  - IPv4 Gateway: 192.168.2.0
  - IPv4 Broadcast: 192.168.2.255

In your wireless >> “OpenWrt5Ghz”, select Network: “wan” (this binds the wifi to the network).

6 Custom image

https://firmware-selector.openwrt.org/?version=23.05.2&target=ath79%2Fgeneric&id=tplink_archer-c7-v2

Below are Installed Packages you need to add in addition to whatever already is default

 openvpn-openssl luci-app-openvpn luci-ssl luci

6.1 Script to run on first boot (uci-defaults)

6.1.1 Option 1

#this turns on both radios 2.5ghz and 5ghz
uci set wireless.@wifi-device[0].disabled="0"
uci set wireless.@wifi-device[1].disabled="0"

6.1.2 Option 2

#this creates the network interface 
uci set network.altlan=interface
uci set network.altlan.proto='static'
uci set network.altlan.ipaddr='192.168.3.54'
uci set network.altlan.netmask='255.255.255.0'
uci set network.altlan.gateway='192.168.3.0'
uci set network.altlan.device='wlan0'
uci commit network
#this attaches a dhcp server to the network interface above
uci set dhcp.altlan=dhcp
uci set dhcp.altlan.interface='altlan'
uci set dhcp.altlan.start='4'
uci set dhcp.altlan.limit='200'
uci set dhcp.altlan.leasetime='12h'
uci set dhcp.altlan.dhcpv4='server'
uci set dhcp.altlan.ra='server'
uci set dhcp.altlan.ra_slaac='1'
uci set dhcp.altlan.ra_flags="managed-config other-config"
uci commit dhcp

#this turns on both radios 2.5ghz and 5ghz
uci set wireless.@wifi-device[0].disabled="0"
uci set wireless.@wifi-device[1].disabled="0"

#this creates a WiFi SSID and attaches to the network interface
uci set wireless.openwrt192168354="wifi-iface"
uci set wireless.openwrt192168354.mode="ap"
uci set wireless.openwrt192168354.ssid="openwrt192168354"
uci set wireless.openwrt192168354.key="changemeplox"
uci set wireless.openwrt192168354.encryption="psk2"
uci set wireless.openwrt192168354.device='radio0'
uci set wireless.openwrt192168354.network='altlan'
uci commit wireless

Add the below script for turning on 192.168.1.54, (you can use both the above and below script)

uci set network.lan.ipaddr="192.168.1.54"
uci commit network
uci set wireless.@wifi-device[0].disabled="0"
uci set wireless.@wifi-iface[0].disabled="0"
uci set wireless.@wifi-iface[0].ssid="OpenWrt"
uci set wireless.@wifi-iface[0].key="changemeplox"
uci set wireless.@wifi-iface[0].encryption="psk2"
uci commit wireless

Below is for diagnostic purposes and helping to build your own uci set .. commands via extrapolation

uci -N show network.lan
# network.lan=interface
# network.lan.device='br-lan'
# network.lan.proto='static'
# network.lan.netmask='255.255.255.0'
# network.lan.ip6assign='60'
# network.lan.ipaddr='192.168.1.51'
# network.lan.gateway='192.168.1.1'
# network.lan.dns='192.168.1.1'
# network.lan.delegate='0'
uci -N show dhcp.@dhcp[0]
# dhcp.lan=dhcp
# dhcp.lan.interface='lan'
# dhcp.lan.limit='150'
# dhcp.lan.leasetime='12h'
# dhcp.lan.dhcpv4='server'
# dhcp.lan.dhcpv6='server'
# dhcp.lan.ra='server'
# dhcp.lan.ra_slaac='1'
# dhcp.lan.ra_flags='managed-config' 'other-config'
# dhcp.lan.start='4'
uci -N show dhcp.@dhcp[1]
# dhcp.wan=dhcp
# dhcp.wan.interface='wan'
# dhcp.wan.ignore='1'

uci -N show wireless.@wifi-device[0]
# wireless.radio0=wifi-device
# wireless.radio0.type='mac80211'
# wireless.radio0.path='platform/soc/a000000.wifi'
# wireless.radio0.channel='4'
# wireless.radio0.hwmode='11g'
# wireless.radio0.band='2g'
# wireless.radio0.cell_density='0'
# wireless.radio0.htmode='HT40'
# wireless.radio0.country='US'

uci show wireless.@wifi-iface[1]
# wireless.default_radio1=wifi-iface
# wireless.default_radio1.device='radio1'
# wireless.default_radio1.network='lan'
# wireless.default_radio1.mode='ap'
# wireless.default_radio1.ssid='OpenWrt'
# wireless.default_radio1.encryption='none'

uci -N show wireless.@wifi-iface[0]
# wireless.wifinet3=wifi-iface
# wireless.wifinet3.device='radio0'
# wireless.wifinet3.mode='mesh'
# wireless.wifinet3.mesh_id='test'
# wireless.wifinet3.mesh_fwding='1'
# wireless.wifinet3.mesh_rssi_threshold='0'
# wireless.wifinet3.network='lan'
# wireless.wifinet3.key='blehblehblehbleh'
# wireless.wifinet3.encryption='sae'