In this article you will see how to configure your device to become a WiFi Extender/Repeater/Bridge.
Since opensource wireless drivers used in LEDE do not support bridging in client mode, the traffic between LAN and the wireless client must be joined by routing it.
The relayd package implements a bridge-like behavior complete with DHCP and Broadcast relaying. This configuration can be done through SSH (remote terminal) or through Luci GUI.
For the sake of simplicity, I'll call the device we are working on “wifi extender” from now on.
This image shows an example setup. LAN interface of the wifi extender device MUST be on a different subnet for relayd to work (since it is routing traffic, it expects 2 different subnets).
Since both ethernet ports and Access Point WiFi network are on the same LAN interface, all clients connecting to the Ethernet ports and to the Access Point Wifi network of the WiFi extender device will be routed by relayd and will be connected to your main network.
The LAN interface subnet will be used only as a “management” interface, as devices connecting to the wifi repeater will be on the main network's subnet instead. You will have to set your PC with a static address in the same subnet as the LAN interface (like 192.168.2.10 for our example) to connect again to the wifi repeater's Luci GUI or SSH.
You must install relayd package if you want to do what is discussed in this article. If you want to use Luci GUI to set up your wifi extender, install luci-proto-relay package too.
As shown in the image above, the LAN interface must be set in a different subnet than the wifi network you are connecting to.
Begin by configuring and enabling the normal WiFi network and configure it as you want it.
If you are making a simple WiFi Repeater (a device that extends the same wifi network's coverage) it's a good choice to set this WiFi network to be the same as the one of your main router, same name, encryption, password, and so on. This way, devices connected to your (wider) network will automatically stay connected to the best WiFi network.
But you can also choose to have a different name/encryption/password if you prefer to.
Setting up a WiFi network at this stage is not necessary if you want a “WiFi bridge”, a device designed to connect ethernet-only devices to your existing WiFi network.
Set your PC's ethernet or wifi settings at static IP 192.168.2.10 and default gateway 192.168.2.1, then connect again to the wifi repeater (through ethernet or wifi). When you finish all of the following steps, remember to reset your PC's IP address back to the original address (or DHCP), otherwise you won't have Internet access. The repeater won't route traffic from the 192.168.2.0/24 subnet.
We will now set up the client wifi network, the configuration needed to connect to another wifi network.
Once you are connected again to the wifi extender, go in the wireless networks page, and click on Scan button.
You will land in the client wifi settings page, set other things as needed.
The most important settings are on the Operating Frequency line.
Set the Mode to Legacy if you are connecting to a wifi g network (like in my example) or N if you are connecting to a wifi n (and so on).
Set the Width to the same value that you set on the wifi you are connecting to (to avoid bottlenecking the connection for no reason).
Go in the Interfaces page, we will now add the relayd interface that will join the lan and wwan interfaces.
Click on Add New Interface.
This interface needs to have an IP address from 192.168.1.0/24 zone otherwise this bridge will not be accessible from the clients connected directly to the primary router.
After you have done this, it might be necessary to reboot the wifi extender.
The following part of the configuration should not be necessary (already default options or changed automatically), in case something isn't working check this too.
if you are doing this with a device that has a single radio, both wifi networks will stay on the same channel, and total bandwith will be halved as the same radio is used for 2 different wifi networks.
Before doing any actual configuration, the wifi interface must be enabled in order to be able to scan for networks in the vincinity:
uci set wireless.@wifi-device.disabled=0 uci commit wireless wifi
Now we can list networks in range using
iw dev wlan0 scan, substituting your actual wireless interface for wlan0 if different (
ifconfig lists all available interfaces to find how your wlan is called)
iw dev wlan0 scan output example:
root@LEDE:/# iw dev wlan0 scan BSS c8:d5:fe:c8:61:b0(on wlan0) -- associated TSF: 24324848870 usec (0d, 06:45:24) freq: 2412 beacon interval: 100 TUs capability: ESS (0x0411) signal: -72.00 dBm last seen: 140 ms ago Information elements from Probe Response frame: SSID: Violetta RSN: * Version: 1 * Group cipher: CCMP * Pairwise ciphers: CCMP * Authentication suites: PSK * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000) BSS f8:35:dd:eb:20:f8(on wlan0) TSF: 24225790925 usec (0d, 06:43:45) freq: 2457 beacon interval: 100 TUs capability: ESS (0x0431) signal: -90.00 dBm last seen: 1450 ms ago Information elements from Probe Response frame: SSID: GOinternet_EB20FB HT capabilities: Capabilities: 0x11ee HT20/HT40 SM Power Save disabled RX HT20 SGI RX HT40 SGI TX STBC RX STBC 1-stream Max AMSDU length: 3839 bytes DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 4 usec (0x05) HT RX MCS rate indexes supported: 0-15, 32 HT TX MCS rate indexes are undefined HT operation: * primary channel: 10 * secondary channel offset: below * STA channel width: any RSN: * Version: 1 * Group cipher: TKIP * Pairwise ciphers: TKIP CCMP * Authentication suites: PSK * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000)
In the example, there are two networks, a Wifi g one called Violetta and a Wifi n one called GOinternet_EB20FB. The device was configured to connect to the one called Violetta.
These are the uci values that were added or changed by the configuration procedure.
For SSID, BSSID, and encryption you must use the info you got from the wifi scan above.
For an explanation of why these values were changed, please read the luci tutorial above.
network.lan.ipaddr='192.168.2.1' network.repeater_bridge=interface network.repeater_bridge.proto='relay' network.repeater_bridge.network='lan wwan' network.wwan=interface network.wwan.proto='dhcp' firewall.@zone.network='lan repeater_bridge wwan' dhcp.lan.ignore='1' wireless.radio0.hwmode='11g' wireless.radio0.country='00' wireless.radio0.channel='1' wireless.radio0.disabled='0' wireless.@wifi-iface=wifi-iface wireless.@wifi-iface.device='radio0' wireless.@wifi-iface.mode='ap' wireless.@wifi-iface.encryption='none' wireless.@wifi-iface.ssid='LEDE' wireless.@wifi-iface.network='lan' wireless.@wifi-iface=wifi-iface wireless.@wifi-iface.network='wwan' wireless.@wifi-iface.ssid='Violetta' wireless.@wifi-iface.encryption='psk2' wireless.@wifi-iface.device='radio0' wireless.@wifi-iface.mode='sta' wireless.@wifi-iface.bssid='C8:D5:FE:C8:61:B0' wireless.@wifi-iface.key='myWifiPasswordHere'
Please note that the wifi network generated by the device in this example (the one called LEDE) has no password nor encryption.
This was done because the focus of this article was getting the relay bridge up and running.
You will likely want to set up your device's wifi network in a more secure way, as explained in the WiFi setup page here.
With this setup your LEDE device itself may only be accessible from those computers directly connected to the W-LAN AP, not from the ones connected to the LEDE W-LAN client only, when in the 192.168.1.0 subnet. It is however still possible to access the LEDE box via its 192.168.2.1 address, when you are in that subnet. One way of being in both subnets at the same time with a Linux client is by adding a second, a virtual network interface to /etc/network/interfaces:
iface eth0 inet dhcp gateway 192.168.1.1 auto eth0:1 iface eth0:1 inet static address 192.168.2.102 netmask 255.255.255.0 broadcast 192.168.2.255
[If someone can describe a solution without modifications to the client network configuration that would be appreciated!]
Activate IPv6 support on your Internet box, this will get you a public IPv6 prefix. We will now activate IPv6 on our WiFi Extender to allow for Stateless Address Autoconfiguration (SLAAC) of your public IPv6 addresses and IPv6 traffic.
1. Go to Network / Interfaces and create a new interface. Name it
WWAN6, using protocol DHCPv6, cover the WWAN interface. In the Common Configuration of the new interface, configure: Request IPv6 address: disabled. In the Firewall settings: check that the “lan / repeater bridge…” line is selected. Leave the other settings by default, especially, leave the “Custom delegated IPv6-prefix” field empty. On the Interfaces / overwiew page check that the WWAN interface gets a public IPv6 address.
2. Edit the
LAN interface settings, DHCP server / IPv6 settings: check/modify the following settings: Router Advertisement Service: relay mode, DHCPv6 service: disabled, NDP-Proxy: relay mode.
3. Open a SSH session on your OpenWrt device. Issue the following commands:
uci set dhcp.wan.interface=wwan uci set dhcp.wan.ra=relay uci set dhcp.wan.ndp=relay uci set dhcp.wan.master=1 uci commit
We suppose that you created a
wwan interface when you joined to the other wifi network as suggested earlier in this guide; otherwise, change the
dhcp.wan.interface=… line accordingly.
That's it. Restart
ophcpd (LuCI System/Starup page, or
/etc/init.d/odhcpd restart) and your IPv6-network should begin to configure itself. Connected IPv6-enabled devices should get their public IPv6 addresses, derived from your public IPv6 prefix, and IPv6 traffic should go through your WiFi Extender.