OpenWRT Mesh 802.11s

I have 3 WiFi routers at my place. Each one had it’s own 5GHz WiFi network. Well, I know this was not the best scenario, but since it’s working, you know, let it be.

WiFi Routers

  • TP-Link Archer C7 v5
  • TP-Link Archer C50 v4
  • TP-Link TL-WDR4300 v1

The routers are in different places in my house.

Routers Location

The Problem

Mesh Network x Common Network

Why the hell don’t you just standed still? Well, some calls takes several minutes, and sometimes you have to go to the bathroom…

So I went looking for a mesh router on Aliexpress. I found a Xiaomi AX6000. Very good, but very expensive… Money is short in these pandemic times.

My Poor Wallet

OpenWRT for the Rescue

I found that we can easily install the necessary software, and turn OpenWRT into a mesh power plant!

Why use OpenWrt?

I personally use OpenWRT since 2012. All WiFi routers I’ve purchased were chosen based on OpenWRT compatibility.

I also want to use mesh in my network!

Everything that was done was based on the official documentation. I recommend you take a look. I’ve also used this source for setup information. Before changing anything on your routers, use the links provided to find out if your equipment can support Mesh.

Let’s get our hands dirty!

Before moving forward, make sure you connect a network cable between your computer and your WiFi router, as during the setup process, the WiFi network may become unavailable.

Preparing OpenWRT for Mesh

First Router

TP-Link Archer C7

Note: Anything that starts with “#” are commands that must be executed via SSH in OpenWRT.

For home equipment, the frequencies of 2.4GHz radios are usually between 2412 and 2484 MHz, and the channels are usually from 1 to 14. For 5GHz radios, the frequencies are from 5180 to 5865 MHz, and the channels can be from 36 to 173. Use this information as a basis for finding which physical devices are yours.

In my TP-Link Archer C7, phy0 is related to 5GHz radio device. Use the commands below to check yours:

# iw list

# iw phy0 channels

# iw phy1 channels

This TP-Link Archer C7 router modules are Candela Tech (contain the suffix *-ct) based, wich must be replaced by non “ct” ones to enable Mesh support.

So I had to remove the “ct” packages and install mesh compatible ones. If you have a TP-Link Archer C7, for instance, you can replace the “ct” module as follows:

# opkg list-installed | grep ath10k | egrep “firmware|kmod”
ath10k-firmware-qca988x-ct — 20211216–1
kmod-ath10k-ct — 5.4.154+5.10.68–1–1

# opkg update

# opkg remove ath10k-firmware-qca988x-ct kmod-ath10k-ct

# opkg install ath10k-firmware-qca988x kmod-ath10k

Then reboot your router and check if the modules are loaded and working:

ATH10 Non CT Modules Installed

The wpad-basic package (OpenWRT default) does not support mesh. Then we will need to replace it with wpad-mesh.

Check the installed wpad version:

# opkg list-installed|grep -i wpad
wpad-basic-wolfssl — 2020–06–08–5a8b3662–35

Check the availability of the wpad-mesh package:

# opkg list | grep wpad-mesh
wpad-mesh-openssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).

As our original package is “wolfssl”, we should use the same brand.

Remove the old wpad package:

# opkg remove wpad-basic-wolfssl

Install the new mesh wpad package:

# opkg install wpad-mesh-wolfssl
Installing wpad-mesh-wolfssl (2020–06–08–5a8b3662–40) to root…
Configuring libwolfssl5.2.0.99a5b54a.
Configuring wpad-mesh-wolfssl.

Also install B.A.T.M.A.N. packages for the mesh routing:

# opkg install kmod-batman-adv

# opkg install batctl-full

Check the installed packages:

# opkg list-installed | egrep “bat|wpad”
batctl-full — 2021.1–2
batctl-tiny — 2021.1–2
kmod-batman-adv — 5.4.154+2021.1–4
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40

Wireless Mesh

# vi /etc/config/wireless

config wifi-iface ‘wmesh5g’
option device ‘radio0’
option mode ‘mesh’
option mesh_id ‘MyAwesomeMesh’
option mesh_fwding ‘0’
option mesh_ttl ‘1’
option mcast_rate ‘24000’
option disabled ‘0’
option key ‘MyVeryLongInternalMeshPassword’
option mesh_rssi_threshold ‘0’
option encryption ‘sae’

  • Be sure to use single quotes.
WiFi 5GHz Mesh Interface Setup
  • The mesh network configuration must be identical on all your routers. Only the “radioX” part can be varied in order to accommodate the interfaces according to the operating frequency.

Mesh Device

config interface ‘bat0’
option proto ‘batadv’
option routing_algo ‘BATMAN_V’
option aggregated_ogms ‘1’
option ap_isolation ‘0’
option bonding ‘0’
option bridge_loop_avoidance ‘1’
option distributed_arp_table ‘1’
option fragmentation ‘1’
option gw_mode ‘off’
option hop_penalty ‘30’
option isolation_mark ‘0x00000000/0x00000000’
option log_level ‘0’
option multicast_mode ‘1’
option multicast_fanout ‘16’
option network_coding ‘0’
option orig_interval ‘1000’

config interface ‘mesh5g’
option proto ‘batadv_hardif’
option master ‘bat0’
option mtu ‘1560’

  • We also need to add “bat0” device to the existing bridge ports definition.

The bottom of /etc/config/network file should look like this:

/etc/config/network

Note: Access by client devices is achieved by bridging the ‘AP’ and the ‘Mesh’ interfaces, and therefor creating a wireless access point (WAP). The bridge will also allow the ethernet cabled clients to communicate through the mesh network.

  • The maximum transmission unit (MTU) size should be anything between 1500 (usual size for Ethernet connections) and 2304 (usual size for WLAN connections). However, because batman-adv adds its own header to packets traveling through the wireless mesh network, it is suggested to set a minimum of 1528 instead. I’ve used 1560.

Now, reboot your device, and move on to the next part.

Mesh Interfaces

Mesh 5GHz Device

If you check your mesh neighbour, it may still be empty. It’s normal for now.

Mesh Initial Neighbour

Now go to Luci and navigate to Network > Interfaces.

Missing Luci Protocol Extensions

Pay attention to the messages about protocol extensions. This is because Luci does not have the necessary extensions to interact with the batman-adv mesh protocol by default. We will deal with this later.

Let’s check some logs!

# wifi

See if mesh is working:

# logread -l 20 -f

Mesh Device Initialized

There should be no errors in this part. In case you have any problems, I recommend that you do the throubleshooting before proceeding.

Since we reinitialized the wireless networks, open a new SSH session to your WiFi router, and run the following commands to check if the mesh related interfaces are up and running:

Checking Mesh Devices

If there are no errors, we are fine. The radio device setup is complete. Let’s move on now to the mesh configuration on the next router.

So far so good!

Second Router

TP-Link WDR4300

In this router, phy1 is related to 5GHz radio device. Use the command below to check yours:

# iw list

Drivers

ATH9 Modules

In this router, we have to disable “hwcrypt” on the driver, because it will not work very well with mesh, thus making the network unstable.

Edit the /etc/modules.d/ath9k file and add nohwcrypt=1 to it. If there’s something in the file, use a whitespace to separate parameters. Save the file, and reboot your device. Once the device comes back, check if nohwcrypt is now enabled.

ATH9 hwcrypt disabled

Packages

# opkg list-installed|grep -i wpad
wpad-basic-wolfssl — 2020–06–08–5a8b3662–35

Check the availability of the wpad-mesh package:

# opkg update

# opkg list | grep wpad-mesh
wpad-mesh-openssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).

As our original package is “wolfssl”, we should use the same brand.

Remove the old wpad package:

# opkg remove wpad-basic-wolfssl

Install the new mesh wpad package:

# opkg install wpad-mesh-wolfssl

Also install B.A.T.M.A.N. packages:

# opkg install kmod-batman-adv

# opkg install batctl-full

Check the installed packages:

# opkg list-installed | egrep “bat|wpad”
batctl-full — 2021.1–2
batctl-tiny — 2021.1–2
kmod-batman-adv — 5.4.154+2021.1–4
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40

Wireless Mesh

# vi /etc/config/wireless

config wifi-iface ‘wmesh5g’
option device ‘radio1’
option mode ‘mesh’
option mesh_id ‘MyAwesomeMesh’
option mesh_fwding ‘0’
option mesh_ttl ‘1’
option mcast_rate ‘24000’
option disabled ‘0’
option key ‘MyVeryLongInternalMeshPassword’
option mesh_rssi_threshold ‘0’
option encryption ‘sae’

  • Be sure to use single quotes.

Mesh Device

config interface ‘bat0’
option proto ‘batadv’
option routing_algo ‘BATMAN_V’
option aggregated_ogms ‘1’
option ap_isolation ‘0’
option bonding ‘0’
option bridge_loop_avoidance ‘1’
option distributed_arp_table ‘1’
option fragmentation ‘1’
option gw_mode ‘off’
option hop_penalty ‘30’
option isolation_mark ‘0x00000000/0x00000000’
option log_level ‘0’
option multicast_mode ‘1’
option multicast_fanout ‘16’
option network_coding ‘0’
option orig_interval ‘1000’

config interface ‘mesh5g’
option proto ‘batadv_hardif’
option master ‘bat0’
option mtu ‘1560’

  • We also need to bridge “bat0” with “br-lan”.

The bottom of /etc/config/network file should look like this:

/etc/config/network

Now, reboot your device, and move on to the next part.

  • Remember that you must be connected by cable, not wifi!

Mesh Interfaces

Mesh 5GHz Device

Time to check the logs!

# wifi

See if mesh is working:

# logread -l 20 -f

Mesh Handshake Messages

You should see the Mesh Handshake messages, indicating that we have a working wireless mesh network.

Now, we should see some neighbours, as now there’s 2 mesh routers online.

Mesh Neighbours

Find the First Router mesh interface bat0 mac address:

# batctl n
[B.A.T.M.A.N. adv 2021.1-openwrt-4, MainIF/MAC: wlan0/68:ff:7b:47:9b:eb (bat0/ee:40:ca:f5:1a:c8 BATMAN_V)]

Try to ping the First Router bat0 mac address:

Mesh Mac Ping to the First Router

Now do the sabe, bur from the First Router to the Second Router:

Mesh Mac Ping to the Second Router
  • BTW: You can’t mac ping yourself on an mesh network.

Great! Our Mesh setup is fully working!

Now let’s collect some additional data:

Mpath Dump
Station Dump

Almost there! Now let’s go to the last router, and after that, we will setup our new mesh aware wireless network.

Third Router

TP-Link Archer C50

Let’s check which WiFi modules are in use:

MT76 WiFi Modules Loaded

Well, the drivers of this router doesn’t need anything special. Just let them be.

You already know what to do:

Find the 5GHz radio:

# iw list

  • In this router, phy1 is related to 5GHz radio device.

Packages

# opkg list-installed|grep -i wpad
wpad-basic-wolfssl — 2020–06–08–5a8b3662–35

Check the availability of the wpad-mesh package:

# opkg update

# opkg list | grep wpad-mesh
wpad-mesh-openssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).

As our original package is “wolfssl”, we should use the same brand.

Remove the old wpad package:

# opkg remove wpad-basic-wolfssl

Install the new mesh wpad package:

# opkg install wpad-mesh-wolfssl

Also install B.A.T.M.A.N. packages:

# opkg install kmod-batman-adv

# opkg install batctl-full

Check the installed packages:

# opkg list-installed | egrep “bat|wpad”
batctl-full — 2021.1–2
batctl-tiny — 2021.1–2
kmod-batman-adv — 5.4.154+2021.1–4
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40

Wireless Mesh

# vi /etc/config/wireless

config wifi-iface ‘wmesh5g’
option device ‘radio1’
option mode ‘mesh’
option mesh_id ‘MyAwesomeMesh’
option mesh_fwding ‘0’
option mesh_ttl ‘1’
option mcast_rate ‘24000’
option disabled ‘0’
option key ‘MyVeryLongInternalMeshPassword’
option mesh_rssi_threshold ‘0’
option encryption ‘sae’

  • Be sure to use single quotes.

Mesh Device

config interface ‘bat0’
option proto ‘batadv’
option routing_algo ‘BATMAN_V’
option aggregated_ogms ‘1’
option ap_isolation ‘0’
option bonding ‘0’
option bridge_loop_avoidance ‘1’
option distributed_arp_table ‘1’
option fragmentation ‘1’
option gw_mode ‘off’
option hop_penalty ‘30’
option isolation_mark ‘0x00000000/0x00000000’
option log_level ‘0’
option multicast_mode ‘1’
option multicast_fanout ‘16’
option network_coding ‘0’
option orig_interval ‘1000’

config interface ‘mesh5g’
option proto ‘batadv_hardif’
option master ‘bat0’
option mtu ‘1560’

  • We also need to bridge “bat0” with “br-lan”.

The bottom of /etc/config/network file should look like this:

/etc/config/network

Now, reboot your device, and move on to the next part.

  • Remember that you must be connected by cable, not wifi!

Mesh Interfaces

Mesh 5GHz Device

Check the Logs

# wifi

See if mesh is working:

# logread -l 20 -f

Mesh Handshake Messages

You should see the Mesh Handshake messages, indicating that we have a working wireless mesh network.

Now, we should see some neighbours, as now there’s 3 mesh routers online!

Mesh Neighbours

Find the all your routers bat0 mac address by using the command “batctl n”, to perform a full mesh communication test.

Cheking All Together

Mesh Peer Communication

That’s it! Now we have 3 Mesh routers communicating with each other! Yeah!

Configure the Mesh Aware Wireless Network

To make things easier, let’s setup the wireless network through Luci (OpenWRT’s web interface).

On all routers, the WiFi network configuration must be identical, so that we have a single mesh aware wireless network.

From Luci, navigate to Network > Wireless.

Edit your configured Mesh Point, and add the “lan” port to it.

Adding LAN to Mesh Point

That’s it for the Mesh Point. Now do the same on the other 2 routers.

Now, for the next part we have 2 options:

  • Create a new wireless network
  • Edit an existing wireless network

Either way, the wireless network must be attached to “lan” interface, which is also bridged with the “bat0” interface through “br-lan”.

Wireless Network Setup
  • Be sure to select the 5GHz device! In my scenario, the first router uses wlan0, and the others uses wlan1.

As well the ESSID, the Wireless Security Options must be identical on all routers. Use WPA2-PSK for encryption. It’s also ok to cipher TKIP/CCMP.

Wireless Security Options

And we are done. Yep. The wireless setup is that simple. The secret are the bridged interfaces.

Now you have a single mesh aware wireless network! Go and check it out!

Final Words

Luci Mesh Protocol Extensions

Bonus Tip

# ssh 192.168.1.1

Configure a basic network (be sure to use your LAN subnet and gateway):

Then install Luci to be able to web access your OpenWRT router:

# opkg update

# opkg install luci

Luci first access

That’s it.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andre Rocha

I'm just a SysAdmin with some experience in OpenSource, DevOps and Datacenter Services, who likes to share knowledge.