Dear all - I've followed many youtube guides now and can do one of two things:
1. Use it as a pure Wifi repeater but different subnet - ethernet ports dead
2. Use as Wifi access point on same subnet (with relayd / bridge) that allows same subnet but only ethernet ports work... (youtube.com/watch?v=-Vi91fTqsEU)

the second one gets closest to what i want: Repeater for wifi and ethernet for devices to all see each other on same subnet as primary, but isnt repeating the wifi.
I suspect its a really simple add to include Wifi repeating but so far failed to get it working...

any guidance please?

I use a Kimax box in relayd mode and no problem

my configuration

network :

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd6c:739e:cff3::/48' < ???

config interface 'lan'
    option type 'bridge'
    option ifname 'eth0'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option gateway '192.168.1.1'   < - my lan router SRX5308
    option dns '8.8.8.8 192.168.1.1'
    option ipaddr '192.168.2.242' < lan box ip not used

config device 'lan_dev'
    option name 'eth0'
    option macaddr '12:34:56:78:9a:bc '  <- change for the good MAC adress value

config interface 'wwan'
    option _orig_ifname 'wlan0'
    option _orig_bridge 'false'
    option proto 'static'
    option netmask '255.255.255.0'
    option gateway '192.168.1.1'
    option dns '8.8.8.8 192.168.1.1'
    option ipaddr '192.168.1.242' < wwan ip box 

config interface 'stabridge'
    option proto 'relay'
    list network 'lan'
    list network 'wwan'

wireless:

config wifi-device 'radio0'
    option type 'mac80211'
    option channel '10'
    option hwmode '11g'
    option path 'platform/10180000.wmac'
    option htmode 'HT20'
    option disabled '0'
    option country 'FR'

config wifi-iface 'default_radio0'
    option device 'radio0'
    option network 'lan'
    option mode 'ap'
    option encryption 'psk-mixed'
    option key '1234567890'   < - my password
    option wpa_disable_eapol_key_retries '1'
    option ssid 'U25AWF-H1-242' < my box separate name for WIFI

config wifi-iface
    option network 'wwan'
    option encryption 'psk2'
    option device 'radio0'
    option mode 'sta'
    option bssid 'E0:12:34:56:78:90' <- TOMATO MAC change this
    option key '1234567890' < - TOMATO password
   option ssid 'TOMATO' < - TOMATO SSID

dhcp:

config dnsmasq
    option domainneeded '1'
    option boguspriv '1'
    option filterwin2k '0'
    option localise_queries '1'
    option rebind_protection '1'
    option rebind_localhost '1'
    option local '/lan/'
    option domain 'lan'
    option expandhosts '1'
    option nonegcache '0'
    option authoritative '1'
    option readethers '1'
    option leasefile '/tmp/dhcp.leases'
    option resolvfile '/tmp/resolv.conf.auto'
    option nonwildcard '1'
    option localservice '1'

config dhcp 'lan'
    option interface 'lan'
    option dhcpv6 'server'
    option ra 'server'
    option ignore '1'
    option ra_management '1'

config dhcp 'wan'
    option interface 'wan'
    option ignore '1'

config odhcpd 'odhcpd'
    option maindhcp '0'
    option leasefile '/tmp/hosts/odhcpd'
    option leasetrigger '/usr/sbin/odhcpd-update'
    option loglevel '4'

firewall:

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'
    option network 'lan wwan'

config zone
    option name 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option network 'wan wan6'

config forwarding
    option src 'lan'
    option dest 'wan'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-IGMP'
    option src 'wan'
    option proto 'igmp'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fc00::/6'
    option dest_ip 'fc00::/6'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-MLD'
    option src 'wan'
    option proto 'icmp'
    option src_ip 'fe80::/10'
    list icmp_type '130/0'
    list icmp_type '131/0'
    list icmp_type '132/0'
    list icmp_type '143/0'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-IPSec-ESP'
    option src 'wan'
    option dest 'lan'
    option proto 'esp'
    option target 'ACCEPT'

config rule
    option name 'Allow-ISAKMP'
    option src 'wan'
    option dest 'lan'
    option dest_port '500'
    option proto 'udp'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

config include 'miniupnpd'
    option type 'script'
    option path '/usr/share/miniupnpd/firewall.include'
    option family 'any'
    option reload '1'

samba:

config samba
    option workgroup 'WORKGROUP'
    option homes '1'
    option friendly_name 'LEDE-242 Server'
    option interface 'br-lan,eth0,wlan0'
    option description 'KIMAX-BS-U25AWF-H1-242'
    option name 'U25-AWF-H1-242'

config sambashare
    option browseable 'yes'
    option name 'A'
    option path '/mnt/sda1'
    option read_only 'no'
    option guest_ok 'yes'

(Last edited by F5BJR on 5 Jan 2018, 16:47)

For a NEXX WT3020F ( i use this for 2 * LAN printers and another in USB  )

network

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd32:0bff:1495::/48   '>--- ???           

config interface 'lan'
    option type 'bridge'
    option ifname 'eth0'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option gateway '192.168.1.1'
    option dns '8.8.8.8 192.168.1.1'
    option ipaddr '192.168.2.232'
    option macaddr '00:11:22:33:44:55'

config device 'lan_dev'
    option name 'eth0'
    option macaddr '00:11:22:33:44:55'

config interface 'wwan'
    option _orig_ifname 'wlan0'
    option _orig_bridge 'false'
    option proto 'static'
    option netmask '255.255.255.0'
    option gateway '192.168.1.1'
    option dns '8.8.8.8 192.168.1.1'
    option ipaddr '192.168.1.232'

config interface 'stabridge'
    option proto 'relay'
    list network 'lan'
    list network 'wwan'

Wireless

config wifi-device 'radio0'
    option type 'mac80211'
    option channel '10'
    option hwmode '11g'
    option path 'platform/10180000.wmac'
    option htmode 'HT20'
    option disabled '0'
    option country 'FR'

config wifi-iface 'default_radio0'
    option device 'radio0'
    option network 'lan'
    option mode 'ap'
    option encryption 'psk-mixed'
    option key '1234567890'
    option wpa_disable_eapol_key_retries '1'
    option ssid 'NEXX-WT3020-232'

config wifi-iface
    option network 'wwan'
    option ssid 'TOMATO'
    option encryption 'psk2'
    option device 'radio0'
    option mode 'sta'
    option bssid 'E0:91:F5:D8:11:22'
    option key '1234567890'

(Last edited by F5BJR on 5 Jan 2018, 17:05)

If you have control of the wifi router you're repeating, and it can run OpenWrt, make it an AP(WDS) for a true wifi bridge instead of relayd.  If you have an Ethernet or WDS connection back to the main router, you do not need relayd.  Use a simple bridge.

(Last edited by mk24 on 5 Jan 2018, 18:27)

brilliant - will give these all a shot - thank you! - main router is a crappy Talktalk device - no WDS on it and cant install OpenWrt sadely - but like the idea:

(Last edited by rupert.abbott on 6 Jan 2018, 00:16)

mk24 : I am like you, I do not have a WDS

F5BJR - I tried your config matched against mine; but no success; still cannot ping devices in the main router subnet (eg: NAS on 192.168.1.16). the good news is no harm done, but no change either: see below:

DHCP:
config dnsmasq
    option domainneeded '1'
    option boguspriv '1'
    option filterwin2k '0'
    option localise_queries '1'
    option rebind_protection '1'
    option rebind_localhost '1'
    option local '/lan/'
    option domain 'lan'
    option expandhosts '1'
    option nonegcache '0'
    option authoritative '1'
    option readethers '1'
    option leasefile '/tmp/dhcp.leases'
    option resolvfile '/tmp/resolv.conf.auto'
    option nonwildcard '1'
    option localservice '1'

config dhcp 'lan'
    option interface 'lan'
    option dhcpv6 'server'
    option ra 'server'
    option ignore '1'
    option ra_management '1'

config dhcp 'wan'
    option interface 'wan'
    option ignore '1'

config odhcpd 'odhcpd'
    option maindhcp '0'
    option leasefile '/tmp/hosts/odhcpd'
    option leasetrigger '/usr/sbin/odhcpd-update'
    option loglevel '4'

Firewall:

config defaults
    option syn_flood '1'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'REJECT'

config zone
    option name 'lan'
    option input 'ACCEPT'
    option output 'ACCEPT'
    option forward 'ACCEPT'
    option network 'lan wwan'

config zone
    option name 'wan'
    option input 'REJECT'
    option output 'ACCEPT'
    option forward 'REJECT'
    option masq '1'
    option mtu_fix '1'
    option network 'wan wan6'

config forwarding
    option src 'lan'
    option dest 'wan'

config rule
    option name 'Allow-DHCP-Renew'
    option src 'wan'
    option proto 'udp'
    option dest_port '68'
    option target 'ACCEPT'
    option family 'ipv4'

config rule
    option name 'Allow-Ping'
    option src 'wan'
    option proto 'icmp'
    option icmp_type 'echo-request'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-IGMP'
    option src 'wan'
    option proto 'igmp'
    option family 'ipv4'
    option target 'ACCEPT'

config rule
    option name 'Allow-DHCPv6'
    option src 'wan'
    option proto 'udp'
    option src_ip 'fc00::/6'
    option dest_ip 'fc00::/6'
    option dest_port '546'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-MLD'
    option src 'wan'
    option proto 'icmp'
    option src_ip 'fe80::/10'
    list icmp_type '130/0'
    list icmp_type '131/0'
    list icmp_type '132/0'
    list icmp_type '143/0'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Input'
    option src 'wan'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    list icmp_type 'router-solicitation'
    list icmp_type 'neighbour-solicitation'
    list icmp_type 'router-advertisement'
    list icmp_type 'neighbour-advertisement'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-ICMPv6-Forward'
    option src 'wan'
    option dest '*'
    option proto 'icmp'
    list icmp_type 'echo-request'
    list icmp_type 'echo-reply'
    list icmp_type 'destination-unreachable'
    list icmp_type 'packet-too-big'
    list icmp_type 'time-exceeded'
    list icmp_type 'bad-header'
    list icmp_type 'unknown-header-type'
    option limit '1000/sec'
    option family 'ipv6'
    option target 'ACCEPT'

config rule
    option name 'Allow-IPSec-ESP'
    option src 'wan'
    option dest 'lan'
    option proto 'esp'
    option target 'ACCEPT'

config rule
    option name 'Allow-ISAKMP'
    option src 'wan'
    option dest 'lan'
    option dest_port '500'
    option proto 'udp'
    option target 'ACCEPT'

config include
    option path '/etc/firewall.user'

Wireless:

config wifi-device 'radio0'
    option type 'mac80211'
    option channel '10'
    option hwmode '11g'
    option path 'platform/10180000.wmac'
    option htmode 'HT20'
    option disabled '0'
    option country '00'

config wifi-iface
    option network 'wwan'
    option ssid 'TALKTALK96AFB5'
    option encryption 'psk2'
    option device 'radio0'
    option mode 'sta'
    option bssid '80:13:82:96:AF:BC'
    option key 'XXXXXXXX'

config wifi-iface
    option device 'radio0'
    option mode 'ap'
    option ssid 'OpenWrt'
    option network 'lan'
    option encryption 'psk2'
    option wpa_disable_eapol_key_retries '1'
    option key 'XXXXXXXX'

Network:

config interface 'loopback'
    option ifname 'lo'
    option proto 'static'
    option ipaddr '127.0.0.1'
    option netmask '255.0.0.0'

config globals 'globals'
    option ula_prefix 'fd47:53b8:59f5::/48'

config interface 'lan'
    option ifname 'eth0'
    option force_link '1'
    option macaddr '20:28:18:a0:ed:22'
    option type 'bridge'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option dns '8.8.8.8 192.168.1.1'   
    option ipaddr '192.168.1.1'

config device 'lan_dev'
    option name 'eth0'
    option macaddr '20:28:18:a0:ed:22'

config interface 'wwan'
    option _orig_ifname 'wlan0'
    option _orig_bridge 'false'
    option proto 'static'
    option netmask '255.255.255.0'
    option gateway '192.168.1.1'
    option dns '8.8.8.8 192.168.1.1'
    option ipaddr '192.168.1.1'

config interface 'stabridge'
    option proto 'relay'
    list network 'lan'
    list network 'wwan'

rupert.abbot , you have errors change 192.168.1.1

config interface 'lan'
    option type 'bridge'
    option ifname 'eth0'
    option proto 'static'
    option netmask '255.255.255.0'
    option ip6assign '60'
    option gateway '192.168.1.1'   < - my lan router SRX5308
    option dns '8.8.8.8 192.168.1.1'
    option ipaddr '192.168.2.242' < lan box ip not used not 192.168.1.1
...
config interface 'wwan'
    option _orig_ifname 'wlan0'
    option _orig_bridge 'false'
    option proto 'static'
    option netmask '255.255.255.0'
    option gateway '192.168.1.1'
    option dns '8.8.8.8 192.168.1.1'
    option ipaddr '192.168.1.242' < wwan ip box  not 192.168.1.1

192.168.1.1 is for me the IP address of my router
192.168.1.242 is the WT3020 IP adress
192.168.2.242 is a fictive address not used

for information :
My ap connected to the LAN router is a WNR3500 ( firmware Tomato ) IP address is 192.168.1.235 not used in the network configuration file

Router SRX5308 192.168.1.1 <-- LAN --> WNR3500 192.168.1.235 <-- WIFI --> WT3020  192.168.1.242

I have 1 * WAN + 1 * LAN + 1 USB printers connected to the WT3020

Computers in LAN can use the printers
Computers in WIFI can also use the printers and internet

I  have a similar configuration with KIMAX U25AWF-H1 box ( with internal HDD ) and all computers in  LAN or WIFI can see the HDD files shared

(Last edited by F5BJR on 6 Jan 2018, 02:57)

thank you very much: I tried the above a couple of times (reset router when it failed) - changed the Network file in WinScp to those settings but each time i rebooted i could no longer access the device either via static on 192.168.2.66 or 192.168.1.66 (local laptop connected over ethernet) - and couldnt see wifi.
i was trying to access is on 192.168.1.1 then 192.168.1.242 then (hence the 2 subnet on local laptop) on 192.168.2.242 - no ping or access

i noticed after reboot i needed to re-install 2 packages - relayd and luci-relay - did that in winscp console first which fixed the dependencies error i saw on stabridge - but once i reboot the little unit I'm dead out until i reset.

feels WT3020 isnt stable, but once i apply the above I cannot access it either.

rupert.abbott

Please : Give your router IP adress

sure - i set it to 192.168.1.2 -  though where we have 192.168.1.1 above i did change it to .2 and that didnt help.

btw - any ideas why i cannot log onto the router once rebooted pls? is it 192.168.2.242 (in which can i need to set ethernet on laptop to 192.168.2.2 for example)?

thanks again for your help - at a guess on your config (language FR) vous etres francais - donc je vous remercie d'avance

rupert.abbott , donc en français :

Je ne comprend pas car 192.168.1.1 c'est l' adresse de votre routeur , du gateway, dns ainsi que de votre boitier WT3020

Ainsi cela ne peut pas fonctionner

Qu' avez vous comme routeur / box et passerelle WIFI ?

--
I do not understand because 192.168.1.1 is the address of your router, the gateway, dns and your box WT3020

Since this can not work at all

What do you have as router / box and gateway WIFI ?

(Last edited by F5BJR on 1 Apr 2018, 10:45)

merci encore: et bien mon router principe s'ajit d'une boit Huawai de TalkTalk - je l'ai mis une address 192.168.1.2, car le repeter WT3020 a pris 192.168.1.1.

si ca aide je peux remetre a jour 192.168.1.1 au router d'internet principal (Huawai)?

évidemment cela ne peut pas fonctionner ainsi

1 - A quoi sert le routeur Huawai de TalkTalk à part avoir du WIFI ?

2 - Si son IP était effeciivement par défaut 192.168.1.1 il faut donc remettre cette adresss IP
puisque cela correspond à l' adresse IP décrite plus haut pour le DNS , la passerelle

3 - Pour le boitier il suffit de mettre une adresse inutilisée dans le même groupe

Comme j' ai aussi une configuration avec le routeur en 192.168.1.1 cela correspond donc à ma configuration
sauf pour l' IP du WT3020 qui doit être" obligatoirement "  autre chose que l' adresse 192.168.1.1 qui est celle du routeur

Vous pouvez 192.168.1.242 pour le WT3020 si l' adresse n' est pas utilisée

Une fois que le boitier est connecté en WIFI et que si vous êtes connecté en LAN sur votre réseau vous devriez pouvoir "PING" l' adresse 192.168.1.242 du WT3020

Si vous vous connectez en WIFI sur le WT3020 Huawai relayd -> TALKTALK96AFB5 une fois associé vous devriez pouvoir aussi exécuter le "PING"

Pour résumer si vous prenez telle que ma propre configuration en changeant dans le fichier Wireless TOMATO par TALKTALK96AFB5 et votre mot de passe cela devrait fonctionner

Inspirez vous de ce que j' ai mis plus haut : network , wireless , DHCP , firewall et samba
Il n'y a pas grand chose à modifier

J' ai 6 boitiers programmés en relais 2 * KIMAX U25CWF - 2 * KIMAX U25-AWF-H1 et 2 * WT3020 et je n' ai aucun souci particulier

Tout à l' heure j' ai commande le grand-frère du WT3020 https://fr.aliexpress.com/item/GL-iNet- … 0.0.j99ss9

Dans environ 3 semaines je pourrai conitinuer à jouer ...

---

obviously this can not work well

1 - What is the TalkTalk Huawai Router except for WIFI?

2 - If its IP was 192.168.1.1 by default, then it must be reset
since this corresponds to the IP address described above for the DNS, the gateway

3 - For the box just put an unused address in the same group

As I also have a configuration with the router in 192.168.1.1 this corresponds to my configuration
except for the IP of the WT3020 which must be "obligatorily" other than the address 192.168.1.1 which is that of the router

You can 192.168.1.242 for the WT3020 if the address is not used

Once the box is connected in WIFI and if you are connected in LAN on your network you should be able to "PING" the address 192.168.1.242 of WT3020

If you connect in WIFI on the Huawai WT3020 relayd -> TALKTALK96AFB5 once associated you should be able to also perform the "PING"

To summarize if you take such as my own configuration by changing in the file Wireless TOMATO by TALKTALK96AFB5 and your password it should work

Inspire you from what I put above: network, wireless, DHCP, firewall and samba
There is not much to change

I have 6 boxes programmed in relay 2 * KIMAX U25CWF - 2 * KIMAX U25-AWF-H1 and 2 * WT3020 and I have no particular problem

Earlier I ordered the big brother of the WT3020 https://fr.aliexpress.com/item/GL-iNet- … 0.0.j99ss9

In about 3 weeks I can coninince to play ...

(Last edited by F5BJR on 8 Jan 2018, 22:42)

When writing in non-english language, please also provide a translation in english, so the rest of the world can benefit from your postings.

Thank you - and apologies will offer a translated version in future - my bad.

Ok - will reset router to .1 and try again tomorrow: