OpenWRT Mesh 802.11s
--
I have 3 WiFi routers at my place. Each one had it’s own 5GHz WiFi network. Well, I know this was not the best scenario, but since it’s working, you know, let it be.
WiFi Routers
My routers are:
- TP-Link Archer C7 v5
- TP-Link Archer C50 v4
- TP-Link TL-WDR4300 v1
The routers are in different places in my house.
The Problem
Things was kinda working. But something started to buging me out. When I was taking a call, walking around the house, sometimes the WiFi connection switched to another one of my routers, droping the call, wich had to be reconnected.
Why the hell don’t you just standed still? Well, some calls takes several minutes, and sometimes you have to go to the bathroom…
So I went looking for a mesh router on Aliexpress. I found a Xiaomi AX6000. Very good, but very expensive… Money is short in these pandemic times.
OpenWRT for the Rescue
As I already have OpenWRT running on my WiFi routers, I decided to investigate if it was possible to configure a mesh network, and thus prevent my calls from dropping when I needed to walk around the house.
I found that we can easily install the necessary software, and turn OpenWRT into a mesh power plant!
Why use OpenWrt?
People install OpenWrt because they believe it works better than the stock firmware from their vendor. They find it is more stable, offers more features, is more secure and has better support.
I personally use OpenWRT since 2012. All WiFi routers I’ve purchased were chosen based on OpenWRT compatibility.
I also want to use mesh in my network!
Very well. Good choice! From here on out, it’s the technical part. I will show you how I managed to achieve my goal and stabilize my calls and my IoT devices access to the internet.
Everything that was done was based on the official documentation. I recommend you take a look. I’ve also used this source for setup information. Before changing anything on your routers, use the links provided to find out if your equipment can support Mesh.
Let’s get our hands dirty!
Before moving forward, make sure you connect a network cable between your computer and your WiFi router, as during the setup process, the WiFi network may become unavailable.
Preparing OpenWRT for Mesh
First Router
I’ve started the setup by the TP-Link Archer C7 v5, which has ATH10 (5GHz) and ATH9 (2.4GHz) based radio chips. I don’t used to use 2.4GHz WiFi networks on this router, so this last one is disabled for now in my setup.
Note: Anything that starts with “#” are commands that must be executed via SSH in OpenWRT.
For home equipment, the frequencies of 2.4GHz radios are usually between 2412 and 2484 MHz, and the channels are usually from 1 to 14. For 5GHz radios, the frequencies are from 5180 to 5865 MHz, and the channels can be from 36 to 173. Use this information as a basis for finding which physical devices are yours.
In my TP-Link Archer C7, phy0 is related to 5GHz radio device. Use the commands below to check yours:
# iw list
# iw phy0 channels
# iw phy1 channels
This TP-Link Archer C7 router modules are Candela Tech (contain the suffix *-ct) based, wich must be replaced by non “ct” ones to enable Mesh support.
So I had to remove the “ct” packages and install mesh compatible ones. If you have a TP-Link Archer C7, for instance, you can replace the “ct” module as follows:
# opkg list-installed | grep ath10k | egrep “firmware|kmod”
ath10k-firmware-qca988x-ct — 20211216–1
kmod-ath10k-ct — 5.4.154+5.10.68–1–1
# opkg update
# opkg remove ath10k-firmware-qca988x-ct kmod-ath10k-ct
# opkg install ath10k-firmware-qca988x kmod-ath10k
Then reboot your router and check if the modules are loaded and working:
The wpad-basic package (OpenWRT default) does not support mesh. Then we will need to replace it with wpad-mesh.
Check the installed wpad version:
# opkg list-installed|grep -i wpad
wpad-basic-wolfssl — 2020–06–08–5a8b3662–35
Check the availability of the wpad-mesh package:
# opkg list | grep wpad-mesh
wpad-mesh-openssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
As our original package is “wolfssl”, we should use the same brand.
Remove the old wpad package:
# opkg remove wpad-basic-wolfssl
Install the new mesh wpad package:
# opkg install wpad-mesh-wolfssl
Installing wpad-mesh-wolfssl (2020–06–08–5a8b3662–40) to root…
Configuring libwolfssl5.2.0.99a5b54a.
Configuring wpad-mesh-wolfssl.
Also install B.A.T.M.A.N. packages for the mesh routing:
# opkg install kmod-batman-adv
# opkg install batctl-full
Check the installed packages:
# opkg list-installed | egrep “bat|wpad”
batctl-full — 2021.1–2
batctl-tiny — 2021.1–2
kmod-batman-adv — 5.4.154+2021.1–4
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40
Wireless Mesh
Now we have to add the mesh interface definition to radio0 (5GHz) device:
# vi /etc/config/wireless
config wifi-iface ‘wmesh5g’
option device ‘radio0’
option mode ‘mesh’
option mesh_id ‘MyAwesomeMesh’
option mesh_fwding ‘0’
option mesh_ttl ‘1’
option mcast_rate ‘24000’
option disabled ‘0’
option key ‘MyVeryLongInternalMeshPassword’
option mesh_rssi_threshold ‘0’
option encryption ‘sae’
- Be sure to use single quotes.
- The mesh network configuration must be identical on all your routers. Only the “radioX” part can be varied in order to accommodate the interfaces according to the operating frequency.
Mesh Device
Now we need to configure /etc/config/network to allow wmesh5g wifi interface to use batman-adv mesh protocol. To do so, edit the network file, and add at the bottom:
config interface ‘bat0’
option proto ‘batadv’
option routing_algo ‘BATMAN_V’
option aggregated_ogms ‘1’
option ap_isolation ‘0’
option bonding ‘0’
option bridge_loop_avoidance ‘1’
option distributed_arp_table ‘1’
option fragmentation ‘1’
option gw_mode ‘off’
option hop_penalty ‘30’
option isolation_mark ‘0x00000000/0x00000000’
option log_level ‘0’
option multicast_mode ‘1’
option multicast_fanout ‘16’
option network_coding ‘0’
option orig_interval ‘1000’
config interface ‘mesh5g’
option proto ‘batadv_hardif’
option master ‘bat0’
option mtu ‘1560’
- We also need to add “bat0” device to the existing bridge ports definition.
The bottom of /etc/config/network file should look like this:
Note: Access by client devices is achieved by bridging the ‘AP’ and the ‘Mesh’ interfaces, and therefor creating a wireless access point (WAP). The bridge will also allow the ethernet cabled clients to communicate through the mesh network.
- The maximum transmission unit (MTU) size should be anything between 1500 (usual size for Ethernet connections) and 2304 (usual size for WLAN connections). However, because batman-adv adds its own header to packets traveling through the wireless mesh network, it is suggested to set a minimum of 1528 instead. I’ve used 1560.
Now, reboot your device, and move on to the next part.
Mesh Interfaces
If the setup was done correctly, we can see the bat0 and wlan0 interfaces.
If you check your mesh neighbour, it may still be empty. It’s normal for now.
Now go to Luci and navigate to Network > Interfaces.
Pay attention to the messages about protocol extensions. This is because Luci does not have the necessary extensions to interact with the batman-adv mesh protocol by default. We will deal with this later.
Let’s check some logs!
For now, just reinitialize WiFi:
# wifi
See if mesh is working:
# logread -l 20 -f
There should be no errors in this part. In case you have any problems, I recommend that you do the throubleshooting before proceeding.
Since we reinitialized the wireless networks, open a new SSH session to your WiFi router, and run the following commands to check if the mesh related interfaces are up and running:
If there are no errors, we are fine. The radio device setup is complete. Let’s move on now to the mesh configuration on the next router.
So far so good!
Second Router
Now we’re going to setup the TP-Link N750 (WDR-4300). This router uses an ATH9 based radio chipset. I’ve also don’t used to use 2.4GHz WiFi networks on this router, so this last one is disabled for now in my setup.
In this router, phy1 is related to 5GHz radio device. Use the command below to check yours:
# iw list
Drivers
The configuration is practically the same, only changing details regarding the drivers.
In this router, we have to disable “hwcrypt” on the driver, because it will not work very well with mesh, thus making the network unstable.
Edit the /etc/modules.d/ath9k file and add nohwcrypt=1 to it. If there’s something in the file, use a whitespace to separate parameters. Save the file, and reboot your device. Once the device comes back, check if nohwcrypt is now enabled.
Packages
Check the installed wpad version:
# opkg list-installed|grep -i wpad
wpad-basic-wolfssl — 2020–06–08–5a8b3662–35
Check the availability of the wpad-mesh package:
# opkg update
# opkg list | grep wpad-mesh
wpad-mesh-openssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
As our original package is “wolfssl”, we should use the same brand.
Remove the old wpad package:
# opkg remove wpad-basic-wolfssl
Install the new mesh wpad package:
# opkg install wpad-mesh-wolfssl
Also install B.A.T.M.A.N. packages:
# opkg install kmod-batman-adv
# opkg install batctl-full
Check the installed packages:
# opkg list-installed | egrep “bat|wpad”
batctl-full — 2021.1–2
batctl-tiny — 2021.1–2
kmod-batman-adv — 5.4.154+2021.1–4
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40
Wireless Mesh
Now we have to add the mesh interface definition to “radio1” device (remember the phy1). The setup files are almost the same:
# vi /etc/config/wireless
config wifi-iface ‘wmesh5g’
option device ‘radio1’
option mode ‘mesh’
option mesh_id ‘MyAwesomeMesh’
option mesh_fwding ‘0’
option mesh_ttl ‘1’
option mcast_rate ‘24000’
option disabled ‘0’
option key ‘MyVeryLongInternalMeshPassword’
option mesh_rssi_threshold ‘0’
option encryption ‘sae’
- Be sure to use single quotes.
Mesh Device
Now we need to configure /etc/config/network to allow wmesh5g mesh device to use batman-adv mesh protocol. To do so, edit the network file, and add at the bottom:
config interface ‘bat0’
option proto ‘batadv’
option routing_algo ‘BATMAN_V’
option aggregated_ogms ‘1’
option ap_isolation ‘0’
option bonding ‘0’
option bridge_loop_avoidance ‘1’
option distributed_arp_table ‘1’
option fragmentation ‘1’
option gw_mode ‘off’
option hop_penalty ‘30’
option isolation_mark ‘0x00000000/0x00000000’
option log_level ‘0’
option multicast_mode ‘1’
option multicast_fanout ‘16’
option network_coding ‘0’
option orig_interval ‘1000’
config interface ‘mesh5g’
option proto ‘batadv_hardif’
option master ‘bat0’
option mtu ‘1560’
- We also need to bridge “bat0” with “br-lan”.
The bottom of /etc/config/network file should look like this:
Now, reboot your device, and move on to the next part.
- Remember that you must be connected by cable, not wifi!
Mesh Interfaces
If the setup was done correctly, we will see the bat0 and wlan1 interfaces.
Time to check the logs!
Reinitialize WiFi:
# wifi
See if mesh is working:
# logread -l 20 -f
You should see the Mesh Handshake messages, indicating that we have a working wireless mesh network.
Now, we should see some neighbours, as now there’s 2 mesh routers online.
Find the First Router mesh interface bat0 mac address:
# batctl n
[B.A.T.M.A.N. adv 2021.1-openwrt-4, MainIF/MAC: wlan0/68:ff:7b:47:9b:eb (bat0/ee:40:ca:f5:1a:c8 BATMAN_V)]
Try to ping the First Router bat0 mac address:
Now do the sabe, bur from the First Router to the Second Router:
- BTW: You can’t mac ping yourself on an mesh network.
Great! Our Mesh setup is fully working!
Now let’s collect some additional data:
Almost there! Now let’s go to the last router, and after that, we will setup our new mesh aware wireless network.
Third Router
Now we’re going to setup the TP-Archer C50. This router uses an MT76 based radio chips. I’ve also don’t used to use 2.4GHz WiFi networks on this router, so this last one is disabled for now in my setup.
Let’s check which WiFi modules are in use:
Well, the drivers of this router doesn’t need anything special. Just let them be.
You already know what to do:
Find the 5GHz radio:
# iw list
- In this router, phy1 is related to 5GHz radio device.
Packages
Check the installed wpad version:
# opkg list-installed|grep -i wpad
wpad-basic-wolfssl — 2020–06–08–5a8b3662–35
Check the availability of the wpad-mesh package:
# opkg update
# opkg list | grep wpad-mesh
wpad-mesh-openssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40 — This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support).
As our original package is “wolfssl”, we should use the same brand.
Remove the old wpad package:
# opkg remove wpad-basic-wolfssl
Install the new mesh wpad package:
# opkg install wpad-mesh-wolfssl
Also install B.A.T.M.A.N. packages:
# opkg install kmod-batman-adv
# opkg install batctl-full
Check the installed packages:
# opkg list-installed | egrep “bat|wpad”
batctl-full — 2021.1–2
batctl-tiny — 2021.1–2
kmod-batman-adv — 5.4.154+2021.1–4
wpad-mesh-wolfssl — 2020–06–08–5a8b3662–40
Wireless Mesh
Now we have to add the mesh interface definition to “radio1” device (remember the phy1). The setup files are almost the same:
# vi /etc/config/wireless
config wifi-iface ‘wmesh5g’
option device ‘radio1’
option mode ‘mesh’
option mesh_id ‘MyAwesomeMesh’
option mesh_fwding ‘0’
option mesh_ttl ‘1’
option mcast_rate ‘24000’
option disabled ‘0’
option key ‘MyVeryLongInternalMeshPassword’
option mesh_rssi_threshold ‘0’
option encryption ‘sae’
- Be sure to use single quotes.
Mesh Device
Now we need to configure /etc/config/network to allow wmesh5g mesh device to use batman-adv mesh protocol. To do so, edit the network file, and add at the bottom:
config interface ‘bat0’
option proto ‘batadv’
option routing_algo ‘BATMAN_V’
option aggregated_ogms ‘1’
option ap_isolation ‘0’
option bonding ‘0’
option bridge_loop_avoidance ‘1’
option distributed_arp_table ‘1’
option fragmentation ‘1’
option gw_mode ‘off’
option hop_penalty ‘30’
option isolation_mark ‘0x00000000/0x00000000’
option log_level ‘0’
option multicast_mode ‘1’
option multicast_fanout ‘16’
option network_coding ‘0’
option orig_interval ‘1000’
config interface ‘mesh5g’
option proto ‘batadv_hardif’
option master ‘bat0’
option mtu ‘1560’
- We also need to bridge “bat0” with “br-lan”.
The bottom of /etc/config/network file should look like this:
Now, reboot your device, and move on to the next part.
- Remember that you must be connected by cable, not wifi!
Mesh Interfaces
If the setup was done correctly, we will see the bat0 and wlan1 interfaces.
Check the Logs
Reinitialize WiFi:
# wifi
See if mesh is working:
# logread -l 20 -f
You should see the Mesh Handshake messages, indicating that we have a working wireless mesh network.
Now, we should see some neighbours, as now there’s 3 mesh routers online!
Find the all your routers bat0 mac address by using the command “batctl n”, to perform a full mesh communication test.
Cheking All Together
That’s it! Now we have 3 Mesh routers communicating with each other! Yeah!
Configure the Mesh Aware Wireless Network
For this last part, we will configure a wireless network that uses the mesh protocol internally, so that we can move freely between the APs without any connection drops.
To make things easier, let’s setup the wireless network through Luci (OpenWRT’s web interface).
On all routers, the WiFi network configuration must be identical, so that we have a single mesh aware wireless network.
From Luci, navigate to Network > Wireless.
Edit your configured Mesh Point, and add the “lan” port to it.
That’s it for the Mesh Point. Now do the same on the other 2 routers.
Now, for the next part we have 2 options:
- Create a new wireless network
- Edit an existing wireless network
Either way, the wireless network must be attached to “lan” interface, which is also bridged with the “bat0” interface through “br-lan”.
- Be sure to select the 5GHz device! In my scenario, the first router uses wlan0, and the others uses wlan1.
As well the ESSID, the Wireless Security Options must be identical on all routers. Use WPA2-PSK for encryption. It’s also ok to cipher TKIP/CCMP.
And we are done. Yep. The wireless setup is that simple. The secret are the bridged interfaces.
Now you have a single mesh aware wireless network! Go and check it out!
Final Words
Mesh networks have an extensive world of options. What has been presented here is just a simple setup, but good enough for home use. To learn more, see the 2 links provided at the beginning of this article.
Luci Mesh Protocol Extensions
I will cover this out on a further update to this post. Sorry for any inconvenience.
Bonus Tip
If you are new to OpenWRT, just installed it on you router and doesn’t now how to access it for the first time, do the following.
# ssh 192.168.1.1
Configure a basic network (be sure to use your LAN subnet and gateway):
Then install Luci to be able to web access your OpenWRT router:
# opkg update
# opkg install luci
That’s it.
