Chaos Computer Club Lëtzebuerg

“Chaos in the world brings uneasiness, but it also allows the opportunity for creativity and growth.” -- Tom Barret

User Tools

Site Tools


projects:howtos:openwrt-repeater

openWRT (Wireless) Repeater

Walktrhough

  1. Network
  2. Interfaces
  3. LAN
  4. Generel Setup –> Alter the third byte to a number that is non-identical with the one of your host network you will connect to. (i.e.: FritzBox gives you 192.168.178.XXX, so you give 192.168.0.XXX)
  5. Save & Apply
  1. Network
  2. Wifi
  3. 'Wireless Overview' –> Hit 'Scan' button
  4. Choose your network and hit the 'Join network' button
  5. Enter all needed security parameters. Select the wan option.
  6. Save & Apply
  7. Underneath 'Device Configuration' on the right hand side you will see the channel your Host AP is using. Select the same value for the Channel option within the same tab.
  8. Under 'Interface Configuration' select the wwan port.
  9. Save & Apply
  10. Under 'Wireless Security' in the Interface configuration tab enter all necessary access details. (Choose exact crypto cipher if known)
  11. Save & Apply

Connect to your openWRT AP with a network cable and surf the Internet. To know how to extend this to a wireless repeater, read on.

  1. Network
  2. Wifi
  3. Underneath 'Wireless Overview' select 'Add' button
  4. Under 'Interface Configuration' rename the ESSIDE of your virtual openWRT AP (i.e. FritzBox Repeater)
  5. On the 'Network' option select 'lan' and the 'Mode' remains with 'Access Point'
  6. (Optionally you can still configure some security parameters in the 'Wirless Security' tab
  7. Save & Apply

Hit the roads of the Internet. If you encounter any troubles, read the Troubleshooting section or compare theconfigs.

configs

/etc/config/network

config 'switch' 'eth0'
        option 'enable' '1'
                           
config 'switch_vlan' 'eth0_0'
        option 'device' 'eth0'
        option 'vlan' '0'
        option 'ports' '0 1 2 3 5'
                                  
config 'switch_vlan' 'eth0_1'     
        option 'device' 'eth0'
        option 'vlan' '1'
        option 'ports' '4 5'
                            
config 'interface' 'loopback'
        option 'ifname' 'lo'
        option 'proto' 'static'
        option 'ipaddr' '127.0.0.1'
        option 'netmask' '255.0.0.0'
                                    
config 'interface' 'lan'            
        option 'type' 'bridge'
        option 'ifname' 'eth0.0'
        option 'proto' 'static'
        option 'netmask' '255.255.255.0'
        option 'ipaddr' '192.168.0.1'
                                     
config 'interface' 'wan'             
        option 'ifname' 'eth0.1'
        option 'proto' 'dhcp'
                             
config 'interface' 'wwan'    
        option 'proto' 'dhcp'

/etc/config/wireless

config 'wifi-device' 'wl0'
        option 'type' 'broadcom'
        option 'txpower' '18'
        option 'hwmode' '11bg'
        option 'channel' '11'
                             
config 'wifi-iface'          
        option 'ssid' 'f00b4r'
        option 'device' 'wl0'
        option 'mode' 'sta'
        option 'network' 'wwan'
        option 'key' '(4xx3ss-2-the-d0me)'
        option 'encryption' 'psk2+tkip+ccmp'
                                            
config 'wifi-iface'                         
        option 'device' 'wl0'
        option 'mode' 'ap'
        option 'encryption' 'none'
        option 'ssid' 'OpenWrt-Repeater'
        option 'network' 'lan'

/etc/config/dhcp

cconfig dnsmasq
        option domainneeded     1
        option boguspriv        1
        option filterwin2k      0  # enable for dial on demand
        option localise_queries 1
        option rebind_protection 1  # disable if upstream must serve RFC1918 addresses
        option rebind_localhost 1  # enable for RBL checking and similar services
        #list rebind_domain example.lan  # whitelist RFC1918 responses for domains
        option local    '/lan/'
        option domain   'lan'
        option expandhosts      1
        option nonegcache       0
        option authoritative    1
        option readethers       1
        option leasefile        '/tmp/dhcp.leases'
        option resolvfile       '/tmp/resolv.conf.auto'
        #list server            '/mycompany.local/1.2.3.4'
        #option nonwildcard     1
        #list interface         br-lan
        #list notinterface      lo
        #list bogusnxdomain     '64.94.110.11'
                                              
config dhcp lan                               
        option interface        lan
        option start    100
        option limit    150
        option leasetime        12h
                                   
config dhcp wan                    
        option interface        wan
        option ignore   1

/etc/config/firewall

config 'defaults'
        option 'syn_flood' '1'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'
                                 
config 'zone'                    
        option 'name' 'lan'
        option 'network' 'lan'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'
                                 
config 'zone'                    
        option 'name' 'wan'
        option 'input' 'REJECT'
        option 'output' 'ACCEPT'
        option 'forward' 'REJECT'
        option 'masq' '1'
        option 'mtu_fix' '1'
        option 'network' 'wan wwan'
                                   
config 'forwarding'                
        option 'src' 'lan'
        option 'dest' 'wan'
                           
config 'rule'              
        option 'name' 'Allow-DHCP-Renew'
        option 'src' 'wan'
        option 'proto' 'udp'
        option 'dest_port' '68'
        option 'target' 'ACCEPT'
        option 'family' 'ipv4'
                              
config 'rule'                 
        option 'name' 'Allow-Ping'
        option 'src' 'wan'
        option 'proto' 'icmp'
        option 'icmp_type' 'echo-request'
        option 'family' 'ipv4'
        option 'target' 'ACCEPT'
                                
config 'rule'                   
        option 'name' 'Allow-DHCPv6'
        option 'src' 'wan'
        option 'proto' 'udp'
        option 'src_ip' 'fe80::/10'
        option 'src_port' '547'
        option 'dest_ip' 'fe80::/10'
        option 'dest_port' '546'
        option 'family' 'ipv6'
        option 'target' 'ACCEPT'
                                
config 'rule'                   
        option 'name' 'Allow-ICMPv6-Input'
        option 'src' 'wan'                        
        option 'proto' 'icmp'                     
        list 'icmp_type' 'echo-request'           
        list 'icmp_type' 'destination-unreachable'
        list 'icmp_type' 'packet-too-big'        
        list 'icmp_type' 'time-exceeded'         
        list 'icmp_type' 'bad-header'            
        list 'icmp_type' 'unknown-header-type'   
        list 'icmp_type' 'router-solicitation'   
        list 'icmp_type' 'neighbour-solicitation'
        option 'limit' '1000/sec'           
        option 'family' 'ipv6'              
        option 'target' 'ACCEPT'            
                                            
config 'rule'                               
        option 'name' 'Allow-ICMPv6-Forward'      
        option 'src' 'wan'                        
        option 'dest' '*'                         
        option 'proto' 'icmp'                     
        list 'icmp_type' 'echo-request'           
        list 'icmp_type' 'destination-unreachable'
        list 'icmp_type' 'packet-too-big'     
        list 'icmp_type' 'time-exceeded'      
        list 'icmp_type' 'bad-header'         
        list 'icmp_type' 'unknown-header-type'
        option 'limit' '1000/sec'         
        option 'family' 'ipv6'            
        option 'target' 'ACCEPT'          
                                          
config 'include'                          
        option 'path' '/etc/firewall.user'

/etc/config/ucitrack

config network
        option init network
        list affects dhcp
        list affects radvd
                          
config wireless           
        list affects network
                            
config firewall             
        option init firewall
        list affects luci-splash
        list affects qos
        list affects miniupnpd
                              
config olsr                   
        option init olsrd
                         
config dhcp              
        option init dnsmasq
                           
config dropbear            
        option init dropbear
                            
config httpd                
        option init httpd
                         
config fstab             
        option init fstab
                         
config qos               
        option init qos
                       
config system          
        option init led
        list affects luci_statistics
                                    
config luci_splash                  
        option init luci_splash
                               
config upnpd                   
        option init miniupnpd
                             
config ntpclient             
        option init ntpclient
                             
config samba                 
        option init samba
                         
config tinyproxy         
        option init tinyproxy

Troubleshooting

  1. What if openWRT constantly disconnects from the host access point?

    This might be related to the fact, that your access points uses the same ESSID on the 2.4GHz as 5GHz channel. The fix is either to disable one of them on your host AP, reconnect 'til it works or check for another openWRT version for your device.

    It might also be that the openWRT wireless host is not on the same channel as the host AP.

  2. The 'Associated Stations' shows a '?' below the IP Address field of an entry.

    Looks like a bug in the openWRT GUI. Ignore it an verify it via ssh on the access point.
projects/howtos/openwrt-repeater.txt · Last modified: 2015/07/15 21:54 (external edit)