Hi all, Im trying to setup a kind of wifi bridge between two Turris Omnia so I can connect PCs to the switch on one connected to the other over WWAN which has access to the internet.
I followed the OpenWRT relay client recipe in this post. I used the same subnets in the recipe diagram for my setup and got it partially working,
On the client device I used radio0 to connect over WWAN to the main device AP and I created a regular AP on the client’s radio1. If I connect to the client’s radio1 AP, everything works fine and I can get internet access over the WWAN connection.
However, anything connected to the switch on the client cannot reach the internet or get proper DNS resolution (although DHCP works and I get a proper IP/gateway from the AP over the WWAN), which is primarily why I wanted this WWAN setup.
Networking isnt my thing so im at a loss as to where to look.
Any thoughts? If you need any configs let me know whst to post.
Thanks,
I switched over to using Atheros WDS per this OpenWRT recipe but im getting almost the same result as before.
The only difference with this method is the client’s web portal is much more responsive and devices connected to client switch LAN can now successfully resolve DNS through main AP but they still cant reach internet.
Adding an AP on client radio1 works fine as before.
I really need to get this switch working over the wifi bridge. Any thoughts would be appreciated.
Here are my config files in case someone see’s an obvious problem:
# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'platform/soc/soc:pcie-controller/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'VHT80'
option txpower '23'
option country 'US'
config wifi-iface
option device 'radio0'
option mode 'sta'
option wds '1'
option encryption 'psk2+ccmp'
option key 'main_ap_pw'
option bssid '03:D0:31:44:0A:02'
option ssid 'main_ap'
option network 'lan'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'platform/soc/soc:pcie-controller/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'HT40'
option txpower '19'
option country 'US'
option channel 'auto'
config wifi-iface
option device 'radio1'
option mode 'ap'
option ssid 'client_ap'
option encryption 'psk2+ccmp'
option key 'client_ap_pw'
option network 'lan'
# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option port '0'
option domain 'matrix'
list server '192.168.1.1'
option nonwildcard '0'
config dhcp 'lan'
option interface 'lan'
option ignore '1'
option dhcpv6 'disabled'
#config dhcp 'wan'
# option interface 'wan'
# option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
#config zone
# option name 'wan'
# list network 'wan'
# list network 'wan6'
# option input 'REJECT'
# option output 'ACCEPT'
# option forward 'REJECT'
# option masq '1'
# option mtu_fix '1'
#config forwarding
# option src 'lan'
# option dest 'wan'
#config rule
# option name 'Allow-DHCP-Renew'
# option src 'wan'
# option proto 'udp'
# option dest_port '68'
# option target 'ACCEPT'
# option family 'ipv4'
#config rule
# option name 'Allow-Ping'
# option src 'wan'
# option proto 'icmp'
# option icmp_type 'echo-request'
# option family 'ipv4'
# option target 'ACCEPT'
#config rule
# option name 'Allow-IGMP'
# option src 'wan'
# option proto 'igmp'
# option family 'ipv4'
# option target 'ACCEPT'
#config rule
# option name 'Allow-DHCPv6'
# option src 'wan'
# option proto 'udp'
# option src_ip 'fe80::/10'
# option src_port '547'
# option dest_ip 'fe80::/10'
# option dest_port '546'
# option family 'ipv6'
# option target 'ACCEPT'
#config rule
# option name 'Allow-MLD'
# option src 'wan'
# option proto 'icmp'
# option src_ip 'fe80::/10'
# list icmp_type '130/0'
# list icmp_type '131/0'
# list icmp_type '132/0'
# list icmp_type '143/0'
# option family 'ipv6'
# option target 'ACCEPT'
#config rule
# option name 'Allow-ICMPv6-Input'
# option src 'wan'
# option proto 'icmp'
# list icmp_type 'echo-request'
# list icmp_type 'echo-reply'
# list icmp_type 'destination-unreachable'
# list icmp_type 'packet-too-big'
# list icmp_type 'time-exceeded'
# list icmp_type 'bad-header'
# list icmp_type 'unknown-header-type'
# list icmp_type 'router-solicitation'
# list icmp_type 'neighbour-solicitation'
# list icmp_type 'router-advertisement'
# list icmp_type 'neighbour-advertisement'
# option limit '1000/sec'
# option family 'ipv6'
# option target 'ACCEPT'
#config rule
# option name 'Allow-ICMPv6-Forward'
# option src 'wan'
# option dest '*'
# option proto 'icmp'
# list icmp_type 'echo-request'
# list icmp_type 'echo-reply'
# list icmp_type 'destination-unreachable'
# list icmp_type 'packet-too-big'
# list icmp_type 'time-exceeded'
# list icmp_type 'bad-header'
# list icmp_type 'unknown-header-type'
# option limit '1000/sec'
# option family 'ipv6'
# option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include
option path '/usr/share/firewall/turris'
option reload '1'
config include
option path '/etc/firewall.d/with_reload/firewall.include.sh'
option reload '1'
config include
option path '/etc/firewall.d/without_reload/firewall.include.sh'
option reload '0'
#config rule
# option src 'wan'
# option dest 'lan'
# option proto 'esp'
# option target 'ACCEPT'
#config rule
# option src 'wan'
# option dest 'lan'
# option dest_port '500'
# option proto 'udp'
# option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd81:bda2:ef48::/48'
config interface 'lan'
option force_link '1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.30'
option _orig_ifname 'eth0 eth2 wlan0 wlan1'
option _orig_bridge 'true'
option ifname 'eth0 eth2'
option dns '192.168.1.1'
option gateway '192.168.1.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0 1 2 3 5'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '4 6'
# cat /etc/config/resolver
config resolver 'common'
list interface '0.0.0.0'
list interface '::0'
option port '53'
option keyfile '/etc/root.keys'
option verbose '0'
option msg_buffer_size '4096'
option msg_cache_size '20M'
option net_ipv6 '1'
option net_ipv4 '1'
option forward_upstream '1'
option prefered_resolver 'kresd'
option ignore_root_key '0'
option prefetch 'yes'
config resolver 'kresd'
option rundir '/tmp/kresd'
option log_stderr '0'
option log_stdout '0'
option forks '1'
config resolver 'unbound'
option outgoing_range '60'
option outgoing_num_tcp '1'
option incoming_num_tcp '1'
option msg_cache_slabs '1'
option num_queries_per_thread '30'
option rrset_cache_size '100K'
option rrset_cache_slabs '1'
option infra_cache_slabs '1'
option infra_cache_numhosts '200'
list access_control '0.0.0.0/0 allow'
list access_control '::0/0 allow'
option pidfile '/var/run/unbound.pid'
option root_hints '/etc/unbound/named.cache'
option target_fetch_policy '2 1 0 0 0'
option harden_short_bufsize 'yes'
option harden_large_queries 'yes'
option key_cache_size '100k'
option key_cache_slabs '1'
option neg_cache_size '10k'
option prefetch_key 'yes'
# config resolver 'unbound_python'
# list python_script "/etc/unbound/ubmodule-tst.py"
config resolver 'unbound_remote_control'
option control_enable 'no'
list control_interface '0.0.0.0'
list control_interface '::0'
# config resolver 'unbound_includes'
# list include_path "/etc/unbound/unbound-part.conf"
Connecting to client_ap gives me access to internet via main_ap, but for some reason the client switch LAN ports dont get internet access (although IP is assigned correctly by main_ap and DNS by main_ap as well).