Using relayd as instructed in this article isn't guaranteed to work and only supports IPv4
The most common problem is that the client router cannot pass the DHCP message between the main router and the client connected to the client router. Currently it seems to be the hardware/SOC limitation (related to MAC cloning?)
Instead of relayd it should be possible to use kmod-trelay, the only information about using it can be seen in its source code, if you used it successfully please add a section for it in this article.
In this article you will see how to configure your device to become a Wi-Fi extender/repeater/bridge.
In some cases, the wireless drivers used in OpenWrt do not support “Layer 2” bridging in client mode with a specific “upstream” wireless system. When this occurs, one approach is to route the traffic between LAN and the upstream wireless system. Broadcast traffic, such as DHCP and link-local discovery like mDNS are generally not routable.
When other options don't work or are too complex to implement, the relayd package implements a bridge-like behavior for IPv4 (only), complete with DHCP and broadcast relaying. This configuration can be done through SSH (remote terminal) or through Luci GUI.
For the sake of simplicity, I'll call the device we are working on “Wi-Fi extender” from now on.
This image shows an example setup. LAN interface of the Wi-Fi extender device MUST be on a different subnet for relayd to work (since it is routing traffic, it expects 2 different subnets).
Since both ethernet ports and Access Point Wi-Fi network are on the same LAN interface, all clients connecting to the Ethernet ports and to the Access Point Wi-Fi network of the Wi-Fi extender device will be routed by relayd and will be connected to your main network.
The LAN interface subnet will be used only as a “management” interface, as devices connecting to the Wi-Fi repeater will be on the main network's subnet instead. You will have to set your PC with a static address in the same subnet as the LAN interface (like 192.168.2.10 for our example) to connect again to the Wi-Fi repeater's Luci GUI or SSH.
luci-proto-relay - for LuCI Web Interface
As shown in the image above, the LAN interface must be set in a different subnet than the Wi-Fi network you are connecting to.
Begin by configuring and enabling the normal Wi-Fi network and configure it as you want it.
If you are making a simple Wi-Fi repeater (a device that extends the same Wi-Fi network's coverage) it's a good choice to set this Wi-Fi network to be the same as the one of your main router, same name, encryption, password, and so on. This way, devices connected to your (wider) network will automatically stay connected to the best Wi-Fi network.
But you can also choose to have a different name/encryption/password if you prefer to.
Setting up a Wi-Fi network at this stage is not necessary if you want a “Wi-Fi bridge”, a device designed to connect ethernet-only devices to your existing Wi-Fi network.
Set your PC's ethernet or Wi-Fi settings at static IP 192.168.2.10 and default gateway 192.168.2.1, then connect again to the wifi repeater (through ethernet or wifi). When you finish all of the following steps, remember to reset your PC's IP address back to the original address (or DHCP), otherwise you won't have Internet access. The repeater won't route traffic from the 192.168.2.0/24 subnet.
We will now set up the client Wi-Fi network, the configuration needed to connect to another Wi-Fi network.
Once you are connected again to the Wi-Fi extender, go in the wireless networks page, and click on Scan button.
Choose the Wi-Fi network you want to connect to from the page and click “Join Network”.
Enter the Wi-Fi password, leave the “name of new network” as “wwan” and select lan firewall zone. Click Save.
You will land in the client Wi-Fi settings page, set other things as needed.
The most important settings are on the Operating Frequency line.
Set the Mode to Legacy if you are connecting to a Wi-Fi g network (like in my example) or N if you are connecting to a Wi-Fi n (and so on).
Set the Width to the same value that you set on the Wi-Fi you are connecting to (to avoid bottlenecking the connection for no reason).
Go in the Interfaces page, we will now add the relayd interface that will join the lan and wwan interfaces.
Click on Add New Interface.
Write a name for it (repeater_bridge is the name I used in the example), and then choose Relay bridge in the Protocol of the new interface field. Click Submit.
In this new interface's setting page, select both lan and wwan in the Relay between networks list.
This “Local IPv4 address” (empty in above screen shot, sorry, I don't have enough rights to upload a new screen shot) needs to match the IP address assigned by the Wifi-network (eg. from 192.168.1.0/24 range, but do not enter the netmask here!) otherwise this bridge will not be accessible from the clients connected directly to the primary router and the relayd-daemon will not start. It makes sense to either fixate the IP in the DHCP servers MAC-IP mapping table or configure then WWAN interface of OpenWRT to a fix IP which is not being used in Wifi-networks DHCP-range (I used 192.168.1.2, as my DHCP server only serves IP addresses higher than 192.168.1.100).
After you have done this, it might be necessary to reboot the Wi-Fi extender.
This is the final result. Note how the client network has a ? instead of a IP address.
The following part of the configuration should not be necessary (already default options or changed automatically), in case something isn't working check this too.
if you are doing this with a device that has a single radio, both Wi-Fi networks will stay on the same channel, and total bandwidth will be halved as the same radio is used for 2 different Wi-Fi networks.
Before doing any actual configuration, the Wi-Fi interface must be enabled in order to be able to scan for networks in the vincinity:
uci set wireless.@wifi-device.disabled="0" uci commit wireless wifi
Now we can list networks in range using
iw dev wlan0 scan, substituting your actual wireless interface for wlan0 if different (
ifconfig lists all available interfaces to find how your wlan is called)
iw dev wlan0 scan output example:
# iw dev wlan0 scan BSS c8:d5:fe:c8:61:b0(on wlan0) -- associated TSF: 24324848870 usec (0d, 06:45:24) freq: 2412 beacon interval: 100 TUs capability: ESS (0x0411) signal: -72.00 dBm last seen: 140 ms ago Information elements from Probe Response frame: SSID: Violetta RSN: * Version: 1 * Group cipher: CCMP * Pairwise ciphers: CCMP * Authentication suites: PSK * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000) BSS f8:35:dd:eb:20:f8(on wlan0) TSF: 24225790925 usec (0d, 06:43:45) freq: 2457 beacon interval: 100 TUs capability: ESS (0x0431) signal: -90.00 dBm last seen: 1450 ms ago Information elements from Probe Response frame: SSID: GOinternet_EB20FB HT capabilities: Capabilities: 0x11ee HT20/HT40 SM Power Save disabled RX HT20 SGI RX HT40 SGI TX STBC RX STBC 1-stream Max AMSDU length: 3839 bytes DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 4 usec (0x05) HT RX MCS rate indexes supported: 0-15, 32 HT TX MCS rate indexes are undefined HT operation: * primary channel: 10 * secondary channel offset: below * STA channel width: any RSN: * Version: 1 * Group cipher: TKIP * Pairwise ciphers: TKIP CCMP * Authentication suites: PSK * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000)
In the example, there are two networks, a Wi-Fi g one called Violetta and a Wi-Fi n one called GOinternet_EB20FB. The device was configured to connect to the one called Violetta.
These are the uci values that were added or changed by the configuration procedure.
For SSID, BSSID, and encryption you must use the info you got from the Wi-Fi scan above.
For an explanation of why these values were changed, please read the luci tutorial above.
network.lan.ipaddr='192.168.2.1' network.repeater_bridge=interface network.repeater_bridge.proto='relay' network.repeater_bridge.network='lan wwan' network.wwan=interface network.wwan.proto='dhcp' firewall.@zone.network='lan repeater_bridge wwan' dhcp.lan.ignore='1' wireless.radio0.hwmode='11g' wireless.radio0.country='00' wireless.radio0.channel='1' wireless.radio0.disabled='0' wireless.@wifi-iface=wifi-iface wireless.@wifi-iface.device='radio0' wireless.@wifi-iface.mode='ap' wireless.@wifi-iface.encryption='none' wireless.@wifi-iface.ssid='OpenWrt' wireless.@wifi-iface.network='lan' wireless.@wifi-iface=wifi-iface wireless.@wifi-iface.network='wwan' wireless.@wifi-iface.ssid='Violetta' wireless.@wifi-iface.encryption='psk2' wireless.@wifi-iface.device='radio0' wireless.@wifi-iface.mode='sta' wireless.@wifi-iface.bssid='C8:D5:FE:C8:61:B0' wireless.@wifi-iface.key='myWifiPasswordHere'
Please note that the Wi-Fi network generated by the device in this example (the one called OpenWrt) has no password nor encryption.
This was done because the focus of this article was getting the relay bridge up and running.
You will likely want to set up your device's Wi-Fi network in a more secure way, as explained in the Wi-Fi setup page here.
With this setup your OpenWrt device itself may only be accessible from those computers directly connected to the W-LAN AP, not from the ones connected to the OpenWrt W-LAN client only, when in the 192.168.1.0 subnet. It is however still possible to access the OpenWrt box via its
192.168.2.1 address, when you are in that subnet. One way of being in both subnets at the same time with a Linux client is by adding a second, a virtual network interface to /etc/network/interfaces:
iface eth0 inet dhcp gateway 192.168.1.1 auto eth0:1 iface eth0:1 inet static address 192.168.2.102 netmask 255.255.255.0 broadcast 192.168.2.255
[If someone can describe a solution without modifications to the client network configuration that would be appreciated!]
Activate IPv6 support on your Internet box, this will get you a public IPv6 prefix. We will now activate IPv6 on our Wi-Fi extender to allow for Stateless Address Autoconfiguration (SLAAC) of your public IPv6 addresses and IPv6 traffic.
1. Go to Network / Interfaces and create a new interface. Name it
WWAN6, using protocol DHCPv6, cover the WWAN interface. In the Common Configuration of the new interface, configure: Request IPv6 address: disabled. In the Firewall settings: check that the “lan / repeater bridge…” line is selected. Leave the other settings by default, especially, leave the “Custom delegated IPv6-prefix” field empty. On the Interfaces / overwiew page check that the WWAN interface gets a public IPv6 address.
2. Edit the
LAN interface settings, DHCP server / IPv6 settings: check/modify the following settings: Router Advertisement Service: relay mode, DHCPv6 service: disabled, NDP-Proxy: relay mode.
3. Open a SSH session on your OpenWrt device. Issue the following commands:
uci set dhcp.wan.interface=wwan uci set dhcp.wan.ra=relay uci set dhcp.wan.ndp=relay uci set dhcp.wan.master=1 uci commit
We suppose that you created a
wwan interface when you joined to the other Wi-Fi network as suggested earlier in this guide; otherwise, change the
dhcp.wan.interface=… line accordingly.
That's it. Restart
ophcpd (LuCI System/Starup page, or
/etc/init.d/odhcpd restart) and your IPv6-network should begin to configure itself. Connected IPv6-enabled devices should get their public IPv6 addresses, derived from your public IPv6 prefix, and IPv6 traffic should go through your Wi-Fi extender.
This method basically puts a second Wi-Fi router in cascade on the first.
It's like connecting with a cable the WAN port on the Wi-Fi extender to the LAN ports of the main router, the Wi-Fi extender creates a new network for itself and the devices connected to it, that can go on the Internet and reach devices in the LAN network of the main router. But in this case we are doing it with wireless networks instead.
prerequisites: - router with two initial interfaces (LAN, WAN)
Setup with WebUI:
Now you've correctly bounded WWAN with WAN, and consequently WWAN with LAN.