OpenWrt Forum Archive

Topic: Guest wifi on router configured as a WDS client AP

The content of this topic has been archived on 10 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Hi. I've recently moved from DD-WRT to OpenWRT for a variety of reasons and I'm quite enjoying the change.

I have a TP-Link TL-WR1043ND v2.1 as my main router, this is running Chaos Calmer 15.05.01, it's hosting my internet connection (ADSL) and also works as a WDS AP + main AP for the entire house. This is 192.168.1.1

My secondary router is a TP-Link TL-WR1043ND v1.8 that is also running Chaos Calmer 15.05.01, and is configured as a WDS client. Here I've configured an AP with a different SSID on the same subnet as the main router as I don't want AP hopping but to extend wifi range to select devices, and it also provides wired connection to a PC and a laser printer flawlessly. This is 192.168.1.2

The 1043ND v1.x is particularly known for having unstable wifi and being prone to crashes, no problems so far. Delighted. This would occassionally crash (every week or so) on DD-WRT.

Both routers have been configured as per the "Atheros and MAC80211 WDS to implement a wireless network bridge (wireless repeater)" guide (I'd post it as a link if I could, forum rules I suppose) and are working flawlessly in this setup. This is because I can't connect both routers with a cable and I need the bridge to be transparent as if it were a wired connection.


Back when using DD-WRT the main router was running as an AP and the secondary router was configured in client bridge (routed) mode which worked more or less fine but presented problems when trying to find devices like printers on the main router's side of the network. I'd point them to the specific device's IP address and it'd work, but well, I got tired of doing that. So this problem is solved thanks to WDS.

---------

Here comes my problem, I've been trying to set up a guest wifi on the secondary WDS station router (apart from the existing vAP) as per the

Configure a guest WLAN
Configure a guest WLAN using the Luci web-interface

guides but sadly I can't get connectivity on the guest wifi. I've tried both manual and Luci ways to do it.


I configure the new wireless controller, set its SSID up with WPA2 security, then configure the new guest interface as 192.168.2.1 with DHCP, and then set up a special firewall zone (guest) for it with the required rules for DHCP and DNS traffic. Connected devices get 192.168.2.x IP addresses from DHCP, but that's it. No internet connection.


After reading some more on the manual guide, near the end there's a part that talks about bridging vLANs when you have more than a router on the same network but I'm not quite following it.


What am I missing? Is this combination even possible? I could always set another vAP as the existing one with a different password and that would work for the ocassional guest, but I'd really like to have an isolated wifi network for devices I don't trust.

(Last edited by juanchotazo999 on 23 Feb 2017, 03:15)

Oh, so I've stumbled upon an OpenWRT issue or bugged feature. Explains why so much googling didn't really help. Is this issue by chance solved in the latest builds? CC 15.05.1 is dated March 2016, it's almost been a year from that stable release and lots of things could have changed...


I'll google translate that article you've found and give it a try, maybe it solves the issue. Thanks!!

(Last edited by juanchotazo999 on 22 Feb 2017, 23:53)

Just because we are technically challenged in the application ov VLANs does not make this an issue or bug. 

I will agree that not having a guest solution that works stand alone makes this a functional gap.  There is no OpenWrt wiki on how to build a OpenWrt (or LEDE) Guest LAN on an AP to stand behind a ISP supplied Modem-Router where one has no control of VLANs.  The above is intended to fill this gap.

Last night I set up the scenario described in Michi's Blog https://blog.doenselmann.com/gaeste-wla … ess-point/ and was able to make this work.  I am able to get internet access, but unable to access either routers web interface (primary or AP), access LAN resources or SSH to the devices. 

When setting up the AP https://wiki.openwrt.org/doc/recipes/dumbap, do not disable the firewall, but do disable (uncheck) in Firewall all the individual delivered rules.

I got it working, too, now I have a perfectly working guest AP + main AP all on the same secondary WDS AP router. Makes for a lot of peace of mind.

I should've worded that other post better and not call this a bug or issue. It's just that the other guides on the wiki don't seem to cover this use case, that prompted me to call it as such. But thankfully it was just a matter of using another approach to all this.

I'm very grateful, thank you very much!



edit: Tried this guide in LEDE 17.01... it's working, too.

(Last edited by juanchotazo999 on 28 Feb 2017, 02:54)

The discussion might have continued from here.