Table of Contents

无线客户端模式

本文概述了以ClientStation模式以无线连接设备的几种方法。

这种能力的用途很广泛,比如:

OpenWrt支持多种客户端模式,包括使用WDS (Wireless Distribution System)的桥接模式, 客户端路由模式和仅在(老的)brcm-2.4硬件上实现的客户端桥接模式

WDS - 无线分布系统

WDS模式是无线802.11标准的一个非标扩展。它使用了4-address-format以允许基站之间透明网络桥接,实现了无线网络客户端在不同接入点之间漫游的无缝交接

由于其非标的本性,WDS在不同的无线驱动和制造商固件采用了不同的实现,以至于它们经常互不兼容。为使用WDS,所有部署的设备应当使用同样的软硬件以保证兼容性。

OpenWrt支持两种类型的WDS,根据无线芯片和驱动分类如下:

WDS的最大优势是数据链路层支持的透明桥接以及跨无线连接的广播 - 网络连接的所有设备组成一个统一的广播域.

Broadcom WDS

The setup of Broadcom WDS is explained in the recipe article WDS (Broadcom).

AP-to-Sta WDS (Madwifi, mac80211)

The setup of Madwifi or mac80211 WDS is explained in the recipe article WDS (atheros).

This option is the preferred approach for wireless chipsets that support the Linux mac80211 wireless drivers (e.g. Atheros wireless chipsets). If the file /etc/config/wireless looks like the following, then mac80211 drivers are in use. 

config wifi-device 'radio0'
        option type 'mac80211'
        ...

路由客户端模式

The routed client mode is the most generic wireless option. It is supported by all chipsets and drivers and requires no special modifications. The downside of routed client mode is the inability to bridge network segments or relay broadcast traffic. This affects for example the Windows Network Neighbourhood where hosts from two network segments cannot “see” each other without a domain controller. Connection by IP address or host name is still possible.

With routed client mode there are two possibilities to implement the network topology, depending on the specific requirements.

伪装

Using masquerading (NAT) on a client router connects a network segment behind the client to an existing wireless network without further modifications to the access point. The downside is that hosts on the AP side cannot access hosts behind the client router. Masqueraded

Hosts from the client network (red) are able to reach hosts in the AP network (blue), the client router masquerades outgoing traffic. Hosts on the AP side only see the client router, all traffic originating from client hosts uses 192.168.1.30 as source address. No direct connection from LAN Host 1 or 2 to Client Host 1 or 2 is possible.

See the Routed Client (Using MASQUERADE) article for configuration instructions.

路由

This option requires a static route on the AP pointing to the subnet behind the client router using the client router's IP on the AP network as a gateway. This allows hosts on both segments to reach each other directly, but it requires administrative access to the AP in order to configure the static route.

Routed network topology

Hosts from the client network (red) are able to directly communicate with hosts in the AP network (blue) and vice versa. The rectangles represent static route entries. See the Routed Client (Using Routing) article for configuration instructions.

客户端桥接模式 (仅适用brcm-2.4)

The bridged client mode is a proprietary Broadcom extension called WET (Wireless Ethernet Transceiver) mode. It is mostly Layer 2 transparent but has some disadvantages that may hinder network connectivity under certain circumstances (see technical background section).

WET Mode

All hosts are within the same subnet, W-LAN and LAN are bridged on both the AP and the client router. For a configuration example of bridged client mode, read the Bridged Client (Broadcom) article.

客户端桥接模式 (使用relayd)

It is possible to achieve a bridge-like client mode setup with the help of relayd.

Relayd Topology

The setup is explained in the Routed Client with relayd (Pseudobridge) article.

客户端桥接模式引发的问题

Transparent client bridging or bridged client mode is not possible with vanilla OpenWrt on all platforms except brcm-2.4 with the proprietary Broadcom driver. It is possible to achieve this goal by using WDS, the background is explained below.

There are 3rd-party patches to implement ARP-NAT for platforms other than brcm-2.4 but those are not part of OpenWrt. The Kamikaze based Gargoyle firmware has support for it but is not officially supported by the OpenWrt developers.

使用标准客户端模式引发的问题

Problem with bridging in a plain AP-to-STA setup

The 802.11 standard only uses three MAC addresses for frames transmitted between the Access Point and the Station. Frames transmitted from the Station to the AP don't include the ethernet source MAC of the requesting host and response frames are missing the destination ethernet MAC to address the target host behind the client bridge.

  1. Bridged Host sends a packet to the Target host
  2. Frame is relayed via the W-LAN Client and the MAC address of the transmitting wireless adapter is used as source MAC, the sending ethernet MAC is discarded
  3. W-LAN AP receives the frame and redirects it to the Target
  4. Target receives the frame and generates a response
  5. Target responds to the received frame using the (wrong) source MAC as destination
  6. W-LAN AP relays the frame to the W-LAN Client with the given destination MAC
  7. W-LAN Client receives the frame and assumes it is the final destination since it's wireless MAC is used in the frame, the packet is not forwarded
  8. Bridged Host never sees a response frame since the W-LAN Client became the destination, no connection is possible

使用WDS的解决方案

Bridging possible by using WDS

If WDS is used, both the AP and the Station switch to the 4-address-mode which enables transparent bridging on the client side.

  1. Bridged Host sends a packet to the Target host
  2. Frame is relayed via the W-LAN Client, the sending ethernet MAC is preserved
  3. W-LAN AP receives the frame and redirects it to the Target using the second source MAC as sender address
  4. Target receives the frame and generates a response
  5. Target responds to the received frame using the given source MAC as destination
  6. W-LAN AP relays the frame to the W-LAN Client with the right MAC as second destination address
  7. W-LAN Client receives the frame and redirects it to the final destination using the second destination MAC as target
  8. Bridged Host receives the response frame, connection is established

为什么它能在brcm-2.4上工作

The proprietary wl.o Broadcom wireless driver implements an ARP-NAT (Layer 2 address translation) mechanism called WET mode. ARP-NAT is comparable to Masquerading used on Layer 3 to connect multiple hosts using only one globally routed public IP address.

However, the address translation used by the Broadcom driver is not fully transparent and can cause various hard to debug network issues:

桥接/路由客户端模式

:!: FIXME Bridged client mode only works on brcm-2.4 all other platforms need non-standard patches or other workarounds

桥接

There are no bridged and routed modes on Kamikaze, per se. Instead, multiple interfaces are bridged with an entry in /etc/config/network like this:

config 'interface' option 'type' 'bridge' option 'ifname' 'eth0.0' *..

Then in /etc/config/wireless, set the network to the same network specified in the bridge:

config 'wifi-device ' *.. config 'wifi-iface' *.. option 'network'

Alternatively, but a little less flexibly, you can use this line in /etc/config/network:

# athx for Atheros, or wl0 for Broadcom option 'ifname' 'eth0.0 ath0'

路由

For routed mode, the wireless device needs to be used in a normal network configuration in /etc/config/network. Then, iptables rules are used to forward packets between the networks. The default gateway on each network (this is routing; you're connecting two networks together) needs to forward packets destined for the other network to the wifi router, or each host on each network needs to know that the wifi router is the router for packets to the respective network.

网络发现

Both Broadcom and Atheros chipsets support scanning with the iwlist command. This command will scan all interfaces for networks: 

iwlist scanning

常用命令

小提示

wpa_supplicant对隐藏AP和虚拟AP(VAP)的处理

If you're having trouble connecting to either a hidden AP or a virtual AP (usually because wpa_supplicant doesn't list it in a scan), make sure these options are set correctly in the wpa_supplicant config file: