Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
zh:docs:guide-user:network:wifi:relay_configuration [2019/08/22 01:32] – [支持NAT的Wifi扩展器(如果别的方法都不行)] biajizh:docs:guide-user:network:wifi:relay_configuration [2021/07/01 09:13] – keep up to the last version biaji
Line 4: Line 4:
  
 <WRAP center round important 80%> <WRAP center round important 80%>
-本文中以relayd为基础的实现不保证一定能用。\\+If supported by both devices, consider using [[docs:guide-user:network:wifi:atheroswds|WDS]], Layer 2 GRE tunnels ("gretap"), or [[docs:guide-user:network:wifi:mesh:start|mesh networking]]. 
 + 
 +本文中以relayd为基础的实现不保证一定能用且只适用于IPv4。\\
 最常见的问题是,作为客户端的路由无法在主路由和连接至客户端路由的客户端(设备)之间正常传递DHCP消息。目前看来,问题在于硬件/SOC的限制(或许与MAC地址克隆相关?)\\ 最常见的问题是,作为客户端的路由无法在主路由和连接至客户端路由的客户端(设备)之间正常传递DHCP消息。目前看来,问题在于硬件/SOC的限制(或许与MAC地址克隆相关?)\\
 您可以考虑使用[[docs:guide-user:network:wifi:atheroswds|WDS]]或[[docs:guide-user:network:wifi:mesh:start|mesh networking]]。\\ 您可以考虑使用[[docs:guide-user:network:wifi:atheroswds|WDS]]或[[docs:guide-user:network:wifi:mesh:start|mesh networking]]。\\
Line 13: Line 15:
 在本文中,您将看到如何将您的设备配置为WiFi扩展器/中继器/桥接。\\ 在本文中,您将看到如何将您的设备配置为WiFi扩展器/中继器/桥接。\\
  
-因为OpenWrt所用的开源无线驱动不支持客户端模式下的桥接,所以LAN和无线客户端之间的流量只能用路由来合并到一起。\\ **relayd**包借由DHCP和广播中继实现了类似桥接的行为。此配置可以通过SSH(远程终端)和Luci图形界面完成。\\ 简单起见,我们将把配置的设备称为“wifi扩展器”。+在某些情况下,因为OpenWrt所用的开源无线驱动不支持"链路层(2层)"客户端模式下的桥接,所以LAN和无线客户端之间的流量只能用路由的方式来合并到一起,然后在其中广播比如DHCP和mDNS等本链路上的不可路由的消息。\\ 
 + 
 +**relayd**包借由DHCP和广播中继在仅IPv4的环境下实现了类似桥接的行为。此配置可以通过SSH(远程终端)和Luci图形界面完成。 
 + 
 +\\ 简单起见,我们将把配置的设备称为“wifi扩展器”。
  
 \\ {{ docs:guide-user:wifirepeater_802.11-routed-relay.png |}} \\  \\ {{ docs:guide-user:wifirepeater_802.11-routed-relay.png |}} \\ 
  
-上图展示了一个示例配置。wifi扩展器的**LAN**接口**必须**配置为不同的子网,否则realyd无法正常工作(因为它需要两个不同的子网来进行路由)。+上图展示了一个示例配置。Wi-Fi扩展器的**LAN**接口**必须**配置为不同的子网,否则realyd无法正常工作(因为它需要两个不同的子网来进行路由)。 
 + 
 +因为有线端口和无线网络均属于同一个**LAN**接口,所有连接至Wi-Fi扩展器有线端口和无线网络的客户端将由**relayd**进行路由,进而连接到您的主网
  
-因为有线端口和无线网络均属于同一个**LAN**接口连接至WiFi扩展器有线端口和无线客户端将由**relayd**路由至您的主网。+**LAN**接口所配置的子网将只被用作“管理”网段,而连接到Wi-Fi扩展器的设备则会被分配到主段。您必须给您PC设置一个和**LAN**接口同段的静态IP地址(比如192.168.2.10)以便再次连接到Wi-Fi扩展器的管理界面或SSH\\
  
-The **LAN** interface subnet will be used only as a "management" interface, as devices connecting to the wifi repeater will be on the main network's subnet instead. You will have to set your PC with a static address in the same subnet as the **LAN** interface (like 192.168.2.10 for our example) to connect again to the wifi repeater's Luci GUI or SSH.\\+===== 使用relayd =====  
 +==== 需要安装的包 ====  
 +**relayd**包当然是必装的。如果您想使用Luci图形界面来配置您的wifi扩展器,还需要安装**luci-proto-relay**包。
  
-===== 必须安装的包 ===== 
-You must install **relayd** package if you want to do what is discussed in this article. 
-If you want to use Luci GUI to set up your wifi extender, install **luci-proto-relay** package too. 
  
-===== 使用Luci图形界面进行设置 ===== +==== 使用Luci Web界面进行设置 ==== 
-As shown in the image above, the **LAN** interface must be set in a different subnet than the wifi network you are connecting to.+=== LAN接口 === 
 +As shown in the image above, the **LAN** interface must be set in a different subnet than the Wi-Fi network you are connecting to.
  
-Begin by configuring and enabling the normal WiFi network and configure it as you want it.\\ +Begin by configuring and enabling the normal Wi-Fi network and configure it as you want it.\\ 
-If you are making a simple WiFi Repeater (a device that extends the same wifi network's coverage) it's a good choice to set this WiFi network to be the same as the one of your main router, same name, encryption, password, and so on. This way, devices connected to your (wider) network will automatically stay connected to the best WiFi network.\\+If you are making a simple Wi-Fi repeater (a device that extends the same Wi-Fi network's coverage) it's a good choice to set this Wi-Fi network to be the same as the one of your main router, same name, encryption, password, and so on. This way, devices connected to your (wider) network will automatically stay connected to the best Wi-Fi network.\\
 But you can also choose to have a different name/encryption/password if you prefer to.\\ But you can also choose to have a different name/encryption/password if you prefer to.\\
-Setting up a WiFi network at this stage is not necessary if you want a "WiFi bridge", a device designed to connect ethernet-only devices to your existing WiFi network.+Setting up a Wi-Fi network at this stage is not necessary if you want a "Wi-Fi bridge", a device designed to connect ethernet-only devices to your existing Wi-Fi network.
  
 \\ {{ :docs:guide-user:wifirepeater_interfaces_lan.png |}} \\  \\ {{ :docs:guide-user:wifirepeater_interfaces_lan.png |}} \\ 
  
-Set LAN as static address 192.168.2.1 and disable DHCP for the **LAN** interface (as it does prevent **relayd** from working). Apply the setting change.\\+  * Set **LAN protocol** as **static address**  
 +  * Assign an IP address in a different subnet (e.g. 192.168.2.1
 +  * Disable DHCP for the **LAN** interface (as it does prevent **relayd** from working).  
 +  * (May be required in certain case) set **Gateway address** and **Use custom DNS servers** using IP address of the primary router (e.g. 192.168.1.1)  
 +  * Save and Apply.
  
 ---- ----
 +Set your PC's ethernet or Wi-Fi settings at static IP 192.168.2.10 and default gateway 192.168.2.1, then connect again to the wifi repeater (through ethernet or wifi). When you finish all of the following steps, remember to reset your PC's IP address back to the original address (or DHCP), otherwise you won't have Internet access. The repeater won't route traffic from the 192.168.2.0/24 subnet.
  
-Set your PC's ethernet or wifi settings at static IP 192.168.2.10 and default gateway 192.168.2.1, then connect again to the wifi repeater (through ethernet or wifi). When you finish all of the following steps, remember to reset your PC's IP address back to the original address (or DHCP), otherwise you won't have Internet access. The repeater won't route traffic from the 192.168.2.0/24 subnet. +=== Wi-Fi === 
- +We will now set up the client Wi-Fi network, the configuration needed to connect to another Wi-Fi network.\\ Once you are connected again to the Wi-Fi extender, go in the wireless networks page, and click on **Scan** button.\\
-We will now set up the client wifi network, the configuration needed to connect to another wifi network.\\ Once you are connected again to the wifi extender, go in the wireless networks page, and click on **Scan** button.\\+
  
 \\ {{ :docs:guide-user:wifirepeater_joinnetwork_wifi_scan.png |}} \\  \\ {{ :docs:guide-user:wifirepeater_joinnetwork_wifi_scan.png |}} \\ 
  
-Choose the wifi network you want to connect to from the page and click "Join Network".\\ +Choose the Wi-Fi network you want to connect to from the page and click "Join Network".\\ 
  
 ---- ----
- 
 \\ {{ :docs:guide-user:wifirepeater_joinnetwork_settings.png |}} \\  \\ {{ :docs:guide-user:wifirepeater_joinnetwork_settings.png |}} \\ 
  
-Enter the wifi password, leave the "name of new network" as "wwan" and select **lan** firewall zone. Click Save.\\+Enter the Wi-Fi password, leave the "name of new network" as "wwan" and select **lan** firewall zone. Click Save.\\
  
 ---- ----
- 
----- 
- 
 \\ {{ :docs:guide-user:wifirepeater_clientwifi_settings.png |}} \\  \\ {{ :docs:guide-user:wifirepeater_clientwifi_settings.png |}} \\ 
  
-You will land in the client wifi settings page, set other things as needed.\\ The most important settings are on the **Operating Frequency** line.\\ Set the **Mode** to **Legacy** if you are connecting to a wifi g network (like in my example) or **N** if you are connecting to a wifi n (and so on).\\ Set the **Width** to the same value that you set on the wifi you are connecting to (to avoid bottlenecking the connection for no reason). +You will land in the client Wi-Fi settings page, set other things as needed.\\ The most important settings are on the **Operating Frequency** line.\\ Set the **Mode** to **Legacy** if you are connecting to a Wi-Fi g network (like in my example) or **N** if you are connecting to a Wi-Fi n (and so on).\\ Set the **Width** to the same value that you set on the Wi-Fi you are connecting to (to avoid bottlenecking the connection for no reason).
- +
----- +
- +
-----+
  
 +=== 扩展器接口 ===
 Go in the **Interfaces** page, we will now add the relayd interface that will join the **lan** and **wwan** interfaces.\\ Go in the **Interfaces** page, we will now add the relayd interface that will join the **lan** and **wwan** interfaces.\\
 Click on **Add New Interface**.\\ Click on **Add New Interface**.\\
Line 72: Line 77:
 \\ {{ :docs:guide-user:wifirepeater_newinterface.png |}} \\  \\ {{ :docs:guide-user:wifirepeater_newinterface.png |}} \\ 
  
- Write a name for it (**repeater_bridge** is the name I used in the example), and then choose **Relay bridge** in the **Protocol of the new interface** field. Click **Submit**.+Write a name for it (**repeater_bridge** is the name I used in the example), and then choose **Relay bridge** in the **Protocol of the new interface** field. Click **Submit**
 + 
 +You may need to reboot your device before the **Relay bridge** option appears.
  
 ---- ----
- 
 \\ {{ :docs:guide-user:wifirepeater_relaybridge1.png |}} \\  \\ {{ :docs:guide-user:wifirepeater_relaybridge1.png |}} \\ 
  
 In this new interface's setting page, select both **lan** and **wwan** in the **Relay between networks** list. In this new interface's setting page, select both **lan** and **wwan** in the **Relay between networks** list.
  
-This interface needs to have an IP address from 192.168.1.0/24 zone otherwise this bridge will not be accessible from the clients connected directly to the primary router.+This "Local IPv4 address" (empty in above screen shot, sorry, I don't have enough rights to upload a new screen shot) needs to match the IP address assigned by the Wifi-network (eg. from 192.168.1.0/24 range, but do not enter the netmask here!) otherwise this bridge will not be accessible from the clients connected directly to the primary router and the relayd-daemon will not start. It makes sense to either fix the IP in the DHCP servers MAC-IP mapping table or configure then WWAN interface of OpenWRT to a fix IP which is not being used in Wifi-networks DHCP-range (I used 192.168.1.2, as my DHCP server only serves IP addresses higher than 192.168.1.100).
 ---- ----
  
Line 92: Line 98:
 ---- ----
  
-After you have done this, it might be necessary to reboot the wifi extender.+After you have done this, it might be necessary to reboot the Wi-Fi extender.
  
 \\ {{ :docs:guide-user:wifirepeater_final_result.png |}} \\  \\ {{ :docs:guide-user:wifirepeater_final_result.png |}} \\ 
Line 98: Line 104:
 This is the final result. Note how the client network has a ? instead of a IP address. This is the final result. Note how the client network has a ? instead of a IP address.
  
----- +=== 防火墙 ===
- +
-----+
  
 :!: The following part of the configuration should not be necessary (already default options or changed automatically), in case something isn't working check this too.  :!: The following part of the configuration should not be necessary (already default options or changed automatically), in case something isn't working check this too. 
Line 108: Line 112:
  
 ---- ----
 +:!: if you are doing this with a device that has a single radio, both Wi-Fi networks will stay on the same channel, and total bandwidth will be halved as the same radio is used for 2 different Wi-Fi networks.
  
-----+==== 用命令行进行设置 ====
  
-:!: if you are doing this with a device that has a single radioboth wifi networks will stay on the same channel, and total bandwith will be halved as the same radio is used for 2 different wifi networks.+Before doing any actual configuration, the Wi-Fi interface must be enabled in order to scan for networks in the vicinity:
  
- +<code bash> 
- +uci set wireless.@wifi-device[0].disabled="0"
-===== 用命令行进行设置 ===== +
- +
-Before doing any actual configuration, the wifi interface must be enabled in order to be able to scan for networks in the vincinity: +
- +
-<code>uci set wireless.@wifi-device[0].disabled=0+
 uci commit wireless uci commit wireless
-wifi</code>+wifi 
 +</code>
  
   * Set the disabled option to 0 (to enable wireless)   * Set the disabled option to 0 (to enable wireless)
Line 131: Line 132:
 ''iw dev wlan0 scan'' output example:\\ ''iw dev wlan0 scan'' output example:\\
  
-<code>root@OpenWrt:/# iw dev wlan0 scan+<code bash> 
 +# iw dev wlan0 scan
 BSS c8:d5:fe:c8:61:b0(on wlan0) -- associated BSS c8:d5:fe:c8:61:b0(on wlan0) -- associated
         TSF: 24324848870 usec (0d, 06:45:24)         TSF: 24324848870 usec (0d, 06:45:24)
Line 177: Line 179:
                  * Pairwise ciphers: TKIP CCMP                  * Pairwise ciphers: TKIP CCMP
                  * Authentication suites: PSK                  * Authentication suites: PSK
-                 * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000) </code>+                 * Capabilities: 1-PTKSA-RC 1-GTKSA-RC (0x0000) 
 +</code>
  
-In the example, there are two networks, a Wifi g one called Violetta and a Wifi n one called GOinternet_EB20FB.+In the example, there are two networks, a Wi-Fi g one called Violetta and a Wi-Fi n one called GOinternet_EB20FB.
 The device was configured to connect to the one called Violetta. The device was configured to connect to the one called Violetta.
  
 These are the uci values that were added or changed by the configuration procedure.\\ These are the uci values that were added or changed by the configuration procedure.\\
-For SSID, BSSID, and encryption you must use the info you got from the wifi scan above.\\+For SSID, BSSID, and encryption you must use the info you got from the Wi-Fi scan above.\\
 For an explanation of why these values were changed, please read the luci tutorial above.\\ For an explanation of why these values were changed, please read the luci tutorial above.\\
  
-<code>network.lan.ipaddr='192.168.2.1'+<code bash> 
 +network.lan.ipaddr='192.168.2.1'
 network.repeater_bridge=interface network.repeater_bridge=interface
 network.repeater_bridge.proto='relay' network.repeater_bridge.proto='relay'
Line 214: Line 218:
 </code> </code>
  
-Please note that the wifi network generated by the device in this example (the one called OpenWrt) has no password nor encryption.\\+Please note that the Wi-Fi network generated by the device in this example (the one called OpenWrt) has no password nor encryption.\\
 This was done because the focus of this article was getting the relay bridge up and running.\\ This was done because the focus of this article was getting the relay bridge up and running.\\
-You will likely want to set up your device'wifi network in a more secure way, as explained in the WiFi setup page [[docs:guide-user:network:wifi:basic|here]].+You will likely want to set up your device'Wi-Fi network in a more secure way, as explained in the Wi-Fi setup page [[docs:guide-user:network:wifi:basic|here]].
  
-===== 访问OpenWrt设备 =====+==== 访问OpenWrt设备 ==== 
 +If you find the OpenWrt device itself is only accessible from those computers directly connected to the W-LAN AP, not from the ones connected to the OpenWrt W-LAN client, when in the 192.168.1.0 subnet, Make sure the ''Local IPv4 address'' setting in the ''Relay bridge'' interface matches the ip address of the wireless uplink. 
 +(The alternative is tedious: It is possible to access the OpenWrt box via its ''192.168.2.1'' address if you manually configure your computer to that subnet.)
  
-With this setup your OpenWrt device itself may only be accessible from those computers directly connected to the W-LAN AP, not from the ones connected to the OpenWrt W-LAN client only, when in the 192.168.1.0 subnet. It is however still possible to access the OpenWrt box via its ''192.168.2.1'' address, when you are in that subnet. One way of being in both subnets at the same time with a Linux client is by adding a second, a virtual network interface to /etc/network/interfaces: +==== Adding IPv6 support ==== 
- +Activate IPv6 support on your Internet box, this will get you a public IPv6 prefix. We will now activate IPv6 on our Wi-Fi extender to allow for [[https://en.wikipedia.org/wiki/IPv6_address#Stateless_address_autoconfiguration|Stateless Address Autoconfiguration (SLAAC)]] of your public IPv6 addresses and IPv6 traffic.
-<code> +
-iface eth0 inet dhcp +
-  gateway 192.168.1.1 +
- +
-auto eth0:1 +
-iface eth0:1 inet static +
-    address 192.168.2.102 +
-    netmask 255.255.255.0 +
-    broadcast 192.168.2.255 +
-</code> +
- +
-//[If someone can describe a solution without modifications to the client network configuration that would be appreciated!]// +
- +
-===== Adding IPv6 support ====+
- +
-Activate IPv6 support on your Internet box, this will get you a public IPv6 prefix. We will now activate IPv6 on our WiFi Extender to allow for [[https://en.wikipedia.org/wiki/IPv6_address#Stateless_address_autoconfiguration|Stateless Address Autoconfiguration (SLAAC)]] of your public IPv6 addresses and IPv6 traffic.+
  
 1. Go to Network / Interfaces and create a new interface. Name it ''WWAN6'', using protocol DHCPv6, cover the WWAN interface. In the Common Configuration of the new interface, configure: Request IPv6 address: disabled. In the Firewall settings: check that the "lan / repeater bridge…" line is selected. Leave the other settings by default, especially, leave the "Custom delegated IPv6-prefix" field empty. On the Interfaces / overwiew page check that the WWAN interface gets a public IPv6 address.\\ 1. Go to Network / Interfaces and create a new interface. Name it ''WWAN6'', using protocol DHCPv6, cover the WWAN interface. In the Common Configuration of the new interface, configure: Request IPv6 address: disabled. In the Firewall settings: check that the "lan / repeater bridge…" line is selected. Leave the other settings by default, especially, leave the "Custom delegated IPv6-prefix" field empty. On the Interfaces / overwiew page check that the WWAN interface gets a public IPv6 address.\\
Line 244: Line 234:
  
 3. Open a SSH session on your OpenWrt device. Issue the following commands:\\ 3. Open a SSH session on your OpenWrt device. Issue the following commands:\\
-<code>+<code bash>
 uci set dhcp.wan.interface=wwan uci set dhcp.wan.interface=wwan
 uci set dhcp.wan.ra=relay uci set dhcp.wan.ra=relay
Line 251: Line 241:
 uci commit uci commit
 </code> </code>
-We suppose that you created a ''wwan'' interface when you joined to the other wifi network as suggested earlier in this guide; otherwise, change the ''dhcp.wan.interface=…'' line accordingly.\\+We suppose that you created a ''wwan'' interface when you joined to the other Wi-Fi network as suggested earlier in this guide; otherwise, change the ''dhcp.wan.interface=…'' line accordingly.\\ 
 + 
 +That's it. Restart ''ophcpd'' (LuCI System/Starup page, or ''/etc/init.d/odhcpd restart'') and your IPv6-network should begin to configure itself. Connected IPv6-enabled devices should get their public IPv6 addresses, derived from your public IPv6 prefix, and IPv6 traffic should go through your Wi-Fi extender.  
 + 
 +==== Known Issues ==== 
 + 
 +Here are a list of some recently reported issues: 
 + 
 +  - DHCP issue caused by Access Point. [[https://forum.openwrt.org/t/relayd-not-forwarding-broadcast-bootp-dhcp-responses/53607/15|OWrt forum]] 
 +  - Extremely poor upstream transfer speeds with some MT762x devices. [[https://forum.openwrt.org/t/question-xiaomi-mi-r3g-mir3g-5ghz-relayd-19-07-upload-performance/50248|Owrt forum]] [[https://bugs.openwrt.org/index.php?do=details&task_id=2816|Bug Report FS#2816]] 
 +  - Need additional instruction for backdoor to router since once dhcp is disabled on LAN, the router become unreachable
  
-That's it. Restart ''ophcpd'' (LuCI System/Starup page, or ''/etc/init.d/odhcpd restart'') and your IPv6-network should begin to configure itself. Connected IPv6-enabled devices should get their public IPv6 addresses, derived from your public IPv6 prefix, and IPv6 traffic should go through your WiFi Extender.  
  
-===== 用NAT实现Wifi扩展器(如果别的方法都不行)=====+===== 使用NAT =====
  
 这个方法就是单纯的将第二个无线路由配置在第一个的层级之下。\\ 这个方法就是单纯的将第二个无线路由配置在第一个的层级之下。\\
Line 267: Line 266:
   * 设置LAN的静态IPv4地址为192.168.x.1。(x取决于您通过wifi连入的网络的配置)   * 设置LAN的静态IPv4地址为192.168.x.1。(x取决于您通过wifi连入的网络的配置)
   * 至网络 -> Wifi界面, 点击扫描,并选择对应的网络连接,点击“加入网络”。   * 至网络 -> Wifi界面, 点击扫描,并选择对应的网络连接,点击“加入网络”。
-  * Enter the wifi password, leave the "name of new network" as "wwan" and select wwan (or wan) firewall zone. Click Save, +  * 输入wifi密码,保留“新网络名称”为"wwan"并选择wwan(wan)防火墙区域,点击保存, 
-  * Go in the Network -> Interfaces page, click on edit wwan interface, +  * 至网络 -> 接口页面,点击wwan接口的编辑按钮, 
-  * Move to the Firewall tab. Click on Save and Apply. +  * 至防火墙标签页,点击保存并应用。 
-  * Go in the Network -> Firewallclick edit in wan zone and check wan and wwan in "covered networks", click save and apply,+  * 至网络 -> 防火墙页面点击wan区域的编辑按钮,在"covered networks"中勾选wan和wwan。点击保存并应用。
  
-now you've correctly bounded wwan with wan, and consequently wwan with lan+至此,您已经正确的将wwan绑定至wan,也就是建立了wwanlan的通路
  • Last modified: 2021/07/01 09:15
  • by biaji