[PLUG] Question on OpenWRT and wireless bridging

Ted Mittelstaedt tedm at portlandia-it.com
Sun Dec 1 22:32:36 UTC 2024


Never had a problem with them using dd-wrt.  And I've used them for +/- 15 years or so.  But this is because dd-wrt forked off from OpenWRT many years ago - I'm NOT sure why (nor can I discover why in the archives) but I WILL point out that the original WRT54g which arguably kicked off the whole flash-your-router thing, was Broadcom-based.  However, that was back in the days that Men were Men and Programmers used to reverse engineer stuff and say "eff you, I'll write my own drivers" to the likes of Broadcom and Nvidia.   The original jtag used on the WRT54g was a hack that ran off the PC parallel port for God's sake.  And the devices's Broadcom chip has a FOSS driver that is still supported.

Today, jtag cables come with $200 worth of software and a USB connector, and probably only 20 people in the dd-wrt and OpenWRT communities have ever actually done it to their devices, and neither the OpenWRT devs or the dd-wrt devs reverse engineer anything, they just beg the chip manufacturers for FOSS drivers.  Sigh.

There's been 4 major developers in DD-wrt.  Brainslayer, who heads the project, Eko (no longer active) kong (no longer active) and egc.  That project has made missteps in the past but today, the binaries produced from it are absolutely solid, months/years of uptime, etc.  It is a serious mistake to just write off all Broadcom devices like that, just because the drivers are only available as binary blobs, as so many OpenWRT people do.

When DD-WRT began advancing beyond the WRT54g, brainslayer "did the deal with the devil" and signed an NDA that got him access to the source of Broadcom's binary drivers.  That is why that project is still going strong.  That brought access to using newer than the K2.2 kernel on the older Broadcom devices, and it brought access to the "hardware NAT" chips that are in Broadcom's Northstar line which allow nat and routing at gigE wire speeds, something that OpenWRT still does not have since none of the chips it runs on have hardware NAT.

Until recent kernels, Broadcom has supported client-bridging in it's wifi binary blob drivers.  THAT is why historically dd-wrt has been so solid with client bridging - since it happens in the driver layer, not in the kernel or userspace.  I can understand why, if you only have used OpenWRT, that you are so down on client wifi bridges.  But these things are only a hack because the code for them is in the wrong place.  Kernelspace and userspace is not where Layer 2 packets need to be handled.   You don't run packets traveling from port #1 to port #2 of a 4 port hub in a SOHO router through the kernel, because those are bridged and all you are doing is copying packets from one interface to another, and MAYBE dealing with spanning tree and some other low level stuff like that.  You shouldn't need to do that when running from the wifi interface to an ethernet interface because those are bridged and all you are doing is copying packets from one interface to another.

But all good things must come to an end, and like I mentioned, now that Broadcom no longer has client wifi bridging in their binary blob drivers, it turns what used to be simple, into a hack.  Since I don't fancy tearing into the drywall to run ethernet,  (at least at the moment) my choices are to either run old dd-wrt code, on older devices, or deal with the hack of running bridged packets through the kernel via relayd.

ANOTHER thing that DD-WRT has that OpenWRT USED to have - but has lost - is solid support for 4gb flash/32GB Atheros devices.  I mentioned 2 of them already but I just picked up - for $5 - from Goodwill this morning a Netgear WNR1000 v1.  This device - which is NOT supported by OpenWRT - is Atheros and 4/32, and _is_supported by DD-WRT and I can run DD-WRT code on it that was released last week.  If I can't figure out the WNR200v5's for client (station) bridging, then I'll probably just use that one.

As for batman-adv and meshing, my reading on this is that meshes are used when you don't have the ability to run ethernet to every single AP in the area.  However, while you have had terrible experience with client bridges, I've had terrible experience with WDS meshes which I believe was the predecessor to batman.  After getting burnt enough on WDS to not want to have anything more to do with it, since that time every "mesh" I've ever put in, either for myself or for clients or now for my employer, has been one where every single AP has an ethernet port that is connected to a switch.  I just set all of them to broadcast the same SSID/password, force encryption to AES, and allow the client devices to "float" from AP to AP.  Obviously, this isn't scalable if you have hundreds of AP's but I haven't ever had to put that in.   The largest one I have at the moment is 40 Aps.  And those are spread over 14 sites and at most there's 10 AP's in the largest building.

The problem with routing if you don't have control of both ends is you HAVE to have SOME control.  If your running off an ISP's wifi for example, you have to setup routes in it to the different subnets you have assigned to the different Aps that are client routed.  I'd definitely do that if I had multiple stations behind a client routed AP - but if I did do that I'd definitely use something more powerful than a WNR2000v5.

Ted

-----Original Message-----
From: PLUG <plug-bounces at lists.pdxlinux.org> On Behalf Of Russell Senior
Sent: Sunday, December 1, 2024 1:24 AM
To: Portland Linux/Unix Group <plug at lists.pdxlinux.org>
Subject: Re: [PLUG] Question on OpenWRT and wireless bridging

Client wifi bridges have always been a hack that, in my experience, randomly fail to do some thing that seems desirable. I gave up on them
20 years ago and have avoided them ever since (they used to call it "battle fatigue", but now it's called "post traumatic stress"). If you don't control both ends, my personal rule (ymmv) is Route. If I do control both ends, than I tend to use batman-adv, a layer 2 mesh routing protocol.. You can run batman-adv over ibss or mesh-point interfaces (have to be the same within the mesh). This gives you nice flat layer 2 network where everything just works.

If you are interested, I can share a recent configuration.

--
Russell Senior
russell at personaltelco.net

On Sat, Nov 30, 2024 at 9:44 PM Ted Mittelstaedt <tedm at portlandia-it.com> wrote:
>
> Hi All,
>
>
>
> So I have a network that (among other things) has several devices on 
> it that have ethernet only ports and are not conveniently located to 
> be able to run cable to them.
>
>
>
> So for a number of years I have made do with so-called "wifi-to-ethernet"
> bridges using DD-WRT.
>
>
>
> DD-WRT had a nice "client bridge" selection in it's GUI that with one 
> click would allow you to create a client bridge.
>
>
>
> Unfortunately, a few years ago Broadcom made some changes in their 
> binary blob wifi drivers and it damaged the house of cards that client 
> bridging was built on.
>
> (DD-WRT supports Broadcom devices you see, and these devices used to 
> be far more common on the used market)
>
>
>
> The 10/28/2021 release of DD-WRT is the last reliable release that 
> supports a client bridge on Broadcom gear.  In recent years the client 
> bridge
>
> Functionality has been completely eliminated in favor of "station bridge"
> from DD-WRT even on Broadcom gear.
>
>
>
> DD-WRTs "Station Bridge (routed)" configures the "relayd" daemon and 
> it works well on devices such as
>
> The TP-Link TL-WR940ND v4/v5 and the Linksys WRT400N which OpenWRT 
> USED to support but now turns up it's nose at.  OpenWRT also
>
> Supports relayd.  Unfortunately, "Station Bridge" is only reliable if 
> you have ONE device behind the wifi AP while the old "client bridge"
>
> That was in the Broadcom driver allowed more devices.  Fortunately, 
> these older AP's are cheap enough to use 1 per device.
>
>
>
> Anyhoo, I came into position of 2 little Netgear WNR2000v5 wifi 
> routers and decided it was time to see if I could duplicate this 
> functionality on
>
> OpenWRT.  (DD-WRT does not support these models, unfortunately)
>
>
>
> I loaded version 18 of OpenWRT onto these devices (there is a 
> user-contributed build of OpenWRT for this model out there that 
> thoughtfully includes the
>
> Relayd daemon) and dug up the instructions here to do this:
>
>
>
>  <https://gist.github.com/AzimsTech/fee582c7c5a89e9295e78f4c8bbda824>
> OpenWrt Wireless Network Bridge (With IPv6 Support) . GitHub
>
>
> <https://wiki.terrabase.info/wiki/WRT_Router_Series_Wireless_Client_Br
> idge_M ode_with_OpenWRT> WRT Router Series Wireless Client Bridge Mode 
> with OpenWRT
> - Wiki.TerraBase.info
>
>
> <https://www.nerd-quickies.net/2019/08/20/setup-lan-wlan-bridge-with-o
> penwrt -luci/> Setup LAN/WLAN Bridge with OpenWrt (LuCI) (updated) - 
> Nerd Quickies
>
>
>
> After sorting through the various misconceptions in these instructions 
> I came up with these instructions - and they work - with one small problem:
>
>
>
> 1) Factory Reset router (either from command interface or from hidden 
> reset button on bottom)
>
> 2) Make sure the 18. lede special build of OpenWRT is loaded on the 
> router
>
> 3) Configure PC with 192.168.1.80 and secondary IP of 172.16.100.80
>
> 4) Login to router and set password (system, Administraton)
>
> 5) Network, Interfaces set Ethernet interface to 172.16.100.8.   Clicking
> Apply, Unchecked never works here.
>
> 6) Once it takes, remove the secondary IP address
>
> 7) Put in Gateway and Custom DNS servers
>
> 8) Set Ignore DHCP for ethernet interface
>
> 9) Network Wireless, remove master interface
>
> 10) Wireless, Scan, Join Bit O Heaven network  (set encryption to AES)
>
> 11) Status, make sure it's associated, Diagnostics Ping 75.75.75.75  
> make sure it responds
>
> 12) System Startup , relayd  enabled
>
> 13) Network, Interfaces, Add Interface, name stabridge. Protocol Relay 
> Bridge, Submit
>
> 14) In Relay Between Networks that appears, dropdown  lan and wwan 
> check both save and apply
>
> 15) Network Firewall, Zones Add, name bridgezone change Forward to 
> Accept, in covered networks select Lan wwan, save & apply
>
> 16) Change static IP in PC back to DHCP and it should get an address, 
> should work
>
>
>
> The small problem is that even after saving the configuration - once 
> the router is rebooted - the client bridge does NOT work
>
> On restart.   Relayd is running, the firewall and additional interface is
> there, everything seems to be in order - it simply does not
>
> Pass packets.  I can telnet into the router and ping the Internet, it 
> does re-associate with the wifi network.
>
>
>
> I can factory reset the router and rebuild the config again - and it 
> works - passes packets and so on - until reboot.
>
>
>
> The DD-WRT routers configured as station bridges have no problems with 
> saving their config and restarting station bridging.
>
>
>
> I am wondering if POSSIBLY the problem might be in some kind of 
> startup ordering issue - that is, relayd has to be started after
>
> The AP has associated - or after the soft interfaces are created - or 
> something.
>
>
>
> Of course, it would also be cool to build a newer OpenWRT for these 
> devices
> - there ARE community built versions of OpenWRT 22
>
> For 4MB flash devices such as the Netgear WNR1000 and the WNR2000v3, - 
> so it is possible to do it (if you delete the non-essential stuff)  
> But,
>
> This is a basic networking function and I don't think the versions of 
> things are too old.
>
>
>
> Anyone have any suggestions?
>
>
>
> Ted
>



More information about the PLUG mailing list