Wireless Repeater/Extender with Relayd

RELAYD was developed in the early days when many wireless drivers did not support layer 2 point to point or point to multi-point communications.

Relayd may be used where the Access Point does not run OpenWrt, or does not support preferred Wireless Repeater/Extender with WDS or 802.11s Mesh Networking.

You may also wish to consider using simple wireless client where bridged network is not required.

Using relayd as instructed in this article isn't guaranteed to work with all Openwrt compatible devices or wifi networks - use only as a last resort.

If supported by both devices, consider using preferred Wireless Repeater/Extender with WDS or 802.11s Mesh Networking.

If vlan support is required you can use Layer 2 GRE tunnels (“gretap”).

The most common problem is that the client router cannot pass the DHCP message between the main router and the client connected to the client router. Currently it seems to be the hardware/SOC limitation (related to MAC cloning?)

Instead of relayd it should be possible to use kmod-trelay, the only information about using it can be seen in its source code, if you used it successfully please add a section for it in this article.

In this article you will see how to configure your device to become a Wi-Fi extender/repeater/bridge.

In some cases, the wireless drivers used in OpenWrt do not support “Layer 2” bridging in client mode with a specific “upstream” wireless system. When this occurs, one approach is to route the traffic between LAN and the upstream wireless system. Broadcast traffic, such as DHCP and link-local discovery like mDNS are generally not routable.

When other options don't work, the relayd package implements a bridge-like behavior for IPv4 (only), complete with DHCP and broadcast relaying. This configuration can be done through SSH (remote terminal) or through Luci GUI.

This image shows an example setup. LAN interface of the relayd device MUST be on a different subnet for relayd to work (since it is routing traffic, it expects 2 different subnets).

Since both ethernet ports and Access Point Wi-Fi network are on the same LAN interface, all clients connecting to the Ethernet ports and to the Access Point Wi-Fi network of the Wi-Fi extender device will be routed by relayd and will be connected to your main network.

The LAN interface subnet will be used only as a “management” interface, as devices connecting to the Wi-Fi repeater will be on the main network's subnet instead. If the relayd device becomes unreachable, you will have to configure a PC with a static address in the same subnet as the LAN interface (eg. for our example) to connect and be able to use LuCI GUI or SSH.

relayd package is of course needed, and luci-proto-relay is optional for the LuCI Web Interface.

Disconnect this router from your main network after successfully installing the above packages.

Alternatively, follow the steps described below to install the relayd packages over the new wwan wireless link.

Updated with new screenshots from OpenWrt 21.02.

To build a simple Wi-Fi repeater (a device that extends the same Wi-Fi network's coverage) it's a good choice to use the same Wi-Fi network name (SSID) as the one of your main router along with encryption, password, and so on. This ensure the wireless devices connected to your (wider) network will automatically stay connected to the best Wi-Fi network.

Alternatively, you can also choose to have a different SSID name/encryption/password.

Setting up a Wi-Fi network at this stage is not necessary if you just want a “Wifi bridge”. ie. a device designed to only connect ethernet devices to your existing Wi-Fi network.

For simplicity and best chance of success, the instructions below are only for setting up a Wifi bridge device. A computer with an ethernet connection is required.

LAN Interface

As shown in the above image, the LAN interface must be set in a different subnet than the Wi-Fi network you are connecting to.

  • Do NOT wire the router to your main router.
  • Reset the router to return to default openwrt settings.
  • Connect a computer to a LAN port and log into LuCI web UI at
  • Set LAN protocol as static address (default setting)
  • Assign an IP address in a different subnet (e.g. Click Save.

  • Click Save and Apply.

  • Reconnect to router at its new IP address (eg.
  • Disable DHCP for the LAN interface as shown below (Otherwise, it does prevent relayd from working). Click Save.
  • (May be required in certain case) set Gateway address and Use custom DNS servers using IP address of the primary router (e.g.

* Click Save and Apply.

  • Set your PC's ethernet port with a static IP and default gateway, then connect again to the router ethernet.

When you finish all of the following steps, remember to reset your PC's IP address back to the original address (or DHCP), otherwise you won't have Internet access! (note: The router won't route traffic from the subnet)


We will now set up the client Wi-Fi network, the configuration needed to connect to another Wi-Fi network.

  • Disconnect any ethernet cable between this router and the main router
  • Navigate to the wireless networks page, and click on Scan button for the desired radio.

  • Choose the Wi-Fi network you want to connect to from the page and click Join Network.

  • Enter the Wi-Fi password, leave the “name of new network” as “wwan” and select lan firewall zone.
  • Click Save.
  • Click Save & Apply.

You will land in the client Wi-Fi settings page. Edit as required.
The most important settings are on the Operating Frequency line.

  • Set the Mode to Legacy if you are connecting to a Wi-Fi g network, or N if you are connecting to a Wi-Fi n (and so on).
  • Set the Width to the same value that you set on the Wi-Fi you are connecting to (to avoid bottlenecking the connection for no reason).
  • Do NOT change the wifi channel number !

  • Click Save when finished.
  • Click Save & Apply.

Removing redundant WAN interface and firewall zones (Optional)

Although not absolutely necessary, it is recommended to delete the redundant WAN interfaces and firewall zones.

  • Go to Network Interfaces:

  • Go to Network Firewall:

Click Save & Apply button.

Warning: These actions will also automatically remove any redundant firewall traffic and port forwarding rules.

Configure static IP address on wwan interface

It is recommended to assign a static IP address to newly created wwan interface. (eg.
The main advantage is it will be possible to manage the router using this static IP address. This static IP address will also be used later when creating the Relay interface.

  • Go to Network Interfaces menu and click Edit

  • Change the protocol to 'Static Address'
  • Enter valid IP address (eg., subnet mask (eg., and gateway IP address (This is usually the LAN IP address of your main wifi router eg.

  • Press Save

  • Enter DNS server IP address (eg. LAN IP address of your main wifi router)
  • Click on green + button.

  • Press Save
  • Press Save & Apply.

Testing Connection

To verify the newly configured static IP address parameters are valid,

  • Go to Network Diagnostics and perform a ping test. It is assumed the main router is connected to the internet.

Installing relayd package

  • Go to System Software page.
  • Click Update List button.
  • Enter luci-proto-relay into the Filter box, and click Install.

  • Important: Reboot the router.

Creating Relay Interface

To add the relayd interface that will join/bridge the lan and wwan interfaces.

  • Go in the Interfaces page.
  • Click on Add New Interface.

  • Enter a name and select Relay bridge protocol as shown below. (Reboot your device if the Relay bridge option fails to appears.)
  • Click Create Interface

  • Enter the IP address assigned to the WWAN interface. (eg.
  • Select both lan and wwan in the Relay between networks list.

  • Click Save.
  • Click Save & Apply.

  • After you have completed above steps, reboot the router.

Reminder: Remove the static IP address from your computer. ie. change it back to DHCP client mode.

When the Wifi bridge is powered up, your computer should acquire DHCP IP address from your main router.
The Wifi bridge can be managed through its static wwan IP address (eg.

This is the final result. Note how the client network has a ? instead of a IP address.
The wwan IP address is only visible in the Network Interfaces page.

Enable the AP

Enable and configure the AP of the repeater.

  • Navigate to the wireless networks page
  • Click Edit button for the network with “Mode: Master”
  • Enable the wireless network in the Interface Configuration and make sure the Operating frequency matches your upstream router (the settings must be the same as for the Client network).
  • In the Interface Configuration section, configure SSID, security and other parameters of your repeater AP.
  • Click Save and Save & Apply.

Check Firewall zone settings

:!: The following part of the configuration should not be necessary (already default options or changed automatically), in case something isn't working check this too.


Before doing any actual configuration, the Wi-Fi interface must be enabled in order to scan for networks in the vicinity:

uci set wireless.@wifi-device[0].disabled="0"
uci commit wireless
  • Set the disabled option to 0 (to enable wireless)
  • Save changed configuration file
  • Start wireless using the wifi command

Now we can list networks in range using iw dev wlan0 scan, substituting your actual wireless interface for wlan0 if different (ifconfig lists all available interfaces to find how your wlan is called)

iw dev wlan0 scan output example:

# iw dev wlan0 scan
BSS c8:d5:fe:c8:61:b0(on wlan0) -- associated
        TSF: 24324848870 usec (0d, 06:45:24)
        freq: 2412
        beacon interval: 100 TUs
        capability: ESS (0x0411)
        signal: -72.00 dBm
        last seen: 140 ms ago
        Information elements from Probe Response frame:
        SSID: Violetta
        RSN:     * Version: 1
                 * Group cipher: CCMP
                 * Pairwise ciphers: CCMP
                 * Authentication suites: PSK
                 * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000)
BSS f8:35:dd:eb:20:f8(on wlan0)
        TSF: 24225790925 usec (0d, 06:43:45)
        freq: 2457
        beacon interval: 100 TUs
        capability: ESS (0x0431)
        signal: -90.00 dBm
        last seen: 1450 ms ago
        Information elements from Probe Response frame:
        SSID: GOinternet_EB20FB
        HT capabilities:
                Capabilities: 0x11ee
                        SM Power Save disabled
                        RX HT20 SGI
                        RX HT40 SGI
                        TX STBC
                        RX STBC 1-stream
                        Max AMSDU length: 3839 bytes
                        DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: 4 usec (0x05)
                HT RX MCS rate indexes supported: 0-15, 32
                HT TX MCS rate indexes are undefined
        HT operation:
                 * primary channel: 10
                 * secondary channel offset: below
                 * STA channel width: any
        RSN:     * Version: 1
                 * Group cipher: TKIP
                 * Pairwise ciphers: TKIP CCMP
                 * Authentication suites: PSK
                 * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000)

In the example, there are two networks, a Wi-Fi g one called Violetta and a Wi-Fi n one called GOinternet_EB20FB. The device was configured to connect to the one called Violetta.

These are the uci values that were added or changed by the configuration procedure.
For SSID, BSSID, and encryption you must use the info you got from the Wi-Fi scan above.
For an explanation of why these values were changed, please read the luci tutorial above.

network.repeater_bridge.network='lan wwan'
firewall.@zone[0].network='lan repeater_bridge wwan'

Please note that the Wi-Fi network generated by the device in this example (the one called OpenWrt) has no password nor encryption.
This was done because the focus of this article was getting the relay bridge up and running.
You will likely want to set up your device's Wi-Fi network in a more secure way, as explained in the Wi-Fi setup page here.

If you find the OpenWrt device itself is only accessible from those computers directly connected to the W-LAN AP, not from the ones connected to the OpenWrt W-LAN client, when in the subnet, Make sure the Local IPv4 address setting in the Relay bridge interface matches the ip address of the wireless uplink. (The alternative is tedious: It is possible to access the OpenWrt box via its address if you manually configure your computer to that subnet.)

Activate IPv6 support on your Internet box, this will get you a public IPv6 prefix. We will now activate IPv6 on our Wi-Fi extender to allow for Stateless Address Autoconfiguration (SLAAC) of your public IPv6 addresses and IPv6 traffic.

1. Go to Network / Interfaces and create a new interface. Name it WWAN6, using protocol DHCPv6, cover the WWAN interface. In the Common Configuration of the new interface, configure: Request IPv6 address: disabled. In the Firewall settings: check that the “lan / repeater bridge…” line is selected. Leave the other settings by default, especially, leave the “Custom delegated IPv6-prefix” field empty. On the Interfaces / overwiew page check that the WWAN interface gets a public IPv6 address.

2. Edit the LAN interface settings, DHCP server / IPv6 settings: check/modify the following settings: Router Advertisement Service: relay mode, DHCPv6 service: disabled, NDP-Proxy: relay mode.

3. Open a SSH session on your OpenWrt device. Issue the following commands:

uci set dhcp.wan.interface=wwan
uci set dhcp.wan.ra=relay
uci set dhcp.wan.ndp=relay
uci set dhcp.wan.master=1
uci commit

We suppose that you created a wwan interface when you joined to the other Wi-Fi network as suggested earlier in this guide; otherwise, change the dhcp.wan.interface=… line accordingly.

That's it. Restart ophcpd (LuCI System/Starup page, or service odhcpd restart) and your IPv6-network should begin to configure itself. Connected IPv6-enabled devices should get their public IPv6 addresses, derived from your public IPv6 prefix, and IPv6 traffic should go through your Wi-Fi extender.

Here are a list of some recently reported issues:

  1. DHCP issue caused by Access Point. OWrt forum
  2. Extremely poor upstream transfer speeds with some MT762x devices. Owrt forum Bug Report FS#2816
  3. Additional instruction for backdoor to router since once dhcp is disabled on LAN, the router become unreachable. This may occur if there are changes to the wireless access point. eg. wifi SSID, channel number or security passphrase has changed.
    1. Connect a computer using ethernet cable to LAN port of the Wifi bridge.
    2. Configure a static IP address on the computer. eg. if the Wifi bridge uses LAN IP address of in above example, use static IP address:
    3. Access LuCI at for above example.
  4. Alternative detailed Relayd setup instructions can also be found in section 9.10 of the 1-OpenWrt-LEDE Installation Guide for HH5A
  5. IPv6 on macOS 10.15+ does not work with a ULA prefix set on LAN https://github.com/openwrt/openwrt/issues/7561

Comment: This looks like the basic instructions for configuring a simple wireless client

This method basically puts a second Wi-Fi router in cascade on the first one; i.e. usually this means that the extender's clients will be behind double NAT.

It's like connecting with a cable the WAN port on the Wi-Fi extender to the LAN ports of the main router, the Wi-Fi extender creates a new network for itself and the devices connected to it, that can go on the Internet and reach devices in the LAN network of the main router. But in this case we are doing it with wireless networks instead.

prerequisites: - router with two initial interfaces (LAN, WAN)

Setup with WebUI:

  • Go in the Network → Interfaces page, click on edit lan interface,
  • Set LAN as static IPv4 address as 192.168.x.1 (with x different from the network to which you will connect via Wi-Fi),
  • Go in the Network → Wi-Fi, click on scan and choose the “network” link and click “Join Network”.
  • Enter the Wi-Fi password, leave the “name of new network” as “WWAN” and select WWAN (or WAN) firewall zone. Click Save,
  • Go in the Network → Interfaces page, click on edit wwan interface,
  • Move to the Firewall tab. Click on Save and Apply.
  • Go in the Network → Firewall, click edit in wan zone and check WAN and WWAN in “covered networks”, click save and apply,

Now you've correctly bounded WWAN with WAN, and consequently WWAN with LAN.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2024/04/21 13:33
  • by lonafox