For routers based on the Broadcom chipset, the OpenWrt brcm-2.4 target supports bridged client mode through the
proprietary wl.o driver.
This configuration will not work for routers that are on other platforms, such as Atheros chipsets - see Bridged Client Mode Issues. The UI will not display any warnings if this is attempted on a non-compatible chipset; it will silently fail in the fashion described in the "Issues" article. Some possible alternatives include Routed Client with relayd (Pseudobridge) or WDS (Atheros).
An advantage of this operation mode is the possibility to extend an existing wireless network without changing the existing setup.
In contrast to the routed client mode all broadcasts are forwarded via the wireless connection allowing all connected hosts to see each other as if they're connected to the same ethernet switch.
The changes below assume an OpenWrt Kamikaze or Backfire version, the relevant files are:
In order to enable the bridged client mode, the mode of the existing wireless network is changed to
sta and channel, SSID and encryption are changed to correspond to the wireless network we connect to.
Since the default configuration already bridges the wireless to the lan interface, no further changes are necessary.
Before doing any actual configuration, the wifi interface must be enabled in order to be able to scan for networks in the vincinity:
uci del wireless.wl0.disabled uci commit wireless uci set wireless.wl0.country=DE wifi
- Remove the disable 1 option from the wireless configuration
- Save changed configuration file
- Select your country, this is important because some countries don't support wifi channels 12,13,etc
- Start wireless using the wifi command
Now we can issue the
iwlist scan command to list networks in range, the required information is highlighted:
- ESSID is the name of the network
- Channel specifies at which frequency the corresponding network is operating on
- The lines starting with IE: report which encryption capabilities are supported by the access point:
- IEEE 802.11i/WPA2 Version 1 indicates WPA2
- WPA Version 1 indicates WPA
- If both WPA and WPA2 are present, the network is most likely operating in WPA/WPA2 mixed mode
- If no IE: appears after the scanning like in Cell 03 network from the example, the wireless could be using WEP mode.
Supposed we want to connect to the network called "Vodafone-0E0301", the previous scan result revealed the following information:
- ESSID is
- Channel is
- The network uses WPA/WPA2 mixed mode
/etc/config/wireless and change the mode of the existing wireless network to
sta, the channel to
9 and the ESSID to
- encryption psk2 requests WPA2-PSK for the client connection (see WPA modes)
- key secret-key specifies the secret encryption key used on this wireless network
Proceed with calling wifi to apply the new wireless configuration and check the result using iwconfig:
wifi iw dev wl0 link Connected to 00:1D:19:0E:03:8F (on wl0) SSID: tesla-5g-bcm freq: 2432 RX: 49716623 bytes (211199 packets) TX: 22865049 bytes (98041 packets) signal: -43 dBm tx bitrate: 300.0 MBit/s MCS 15 40MHz short GI bss flags: short-slot-time dtim period: 0 beacon int: 100 * //Access Point: 00:1D:19:0E:03:8F// indicates a successful connection * //Access Point: Not-Associated// would indicate a connection or authentication problem\\
|If the target network uses the 192.168.1.0/24 subnet, you must change the default LAN IP address to the same subnet, e.g. to 192.168.1.10
At this point hosts connected to the LAN ports of the OpenWrt router should be able to receive DHCP directly from the remote access point.
Since the device is operating as client in another network and relays all communication from the associated Access Point to its LAN hosts, the local DHCP server should be disabled to avoid collisions.
/etc/config/dhcp and set the predefined LAN DHCP pool to ignore:
Apply the change by restarting dnsmasq:
This step is not strictly required but disabling the firewall saves resources when operating as a dumb bridge - there is no need to filter traffic running from wifi to ethernet and back.
Stop and disable the firewall by using the init script:
/etc/init.d/firewall stop /etc/init.d/firewall disable
In my case, after following this recipe through all three steps, the network was working fine, but internet was not accessible. To make internet work I needed to additionally add a gateway route (in my case 192.168.1.1) and to make domains resolve I needed to add a dns server address (for example 22.214.171.124) for the lan interface in /etc/config/network:
For more on wireless client mode see clientmode
doc/recipes/bridgedclient.txt · Last modified: 2014/03/22 23:41 by tl