User Tools

Site Tools


doc:recipes:bridgedclient

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
doc:recipes:bridgedclient [2013/05/01 18:55]
mcgrof
doc:recipes:bridgedclient [2014/12/01 13:36] (current)
jow alte Version wieder hergestellt (2014/03/22 23:41)
Line 1: Line 1:
 +====== Bridged Client ======
  
 +For routers based on the Broadcom chipset, the OpenWrt //​brcm-2.4//​ target supports //bridged client mode// through the ''​proprietary''​ //wl.o// driver.
 +
 +This configuration will not work for routers that are on other platforms, such as Atheros chipsets - see [[doc/​howto/​clientmode#​bridged.client.mode.issues|Bridged Client Mode Issues]]. ​ The UI will //not// display any warnings if this is attempted on a non-compatible chipset; it will silently fail in the fashion described in the "​Issues"​ article. ​ Some possible alternatives include [[doc:​recipes:​relayclient|Routed Client with relayd (Pseudobridge)]] or [[doc:​recipes:​atheroswds|WDS (Atheros)]].
 +
 +An advantage of this operation mode is the possibility to extend an existing wireless network without changing the existing setup.
 +
 +{{:​doc:​howto:​802.11-wet.png|WET Mode}}
 +
 +In contrast to the //routed client mode// all broadcasts are forwarded via the wireless connection allowing all connected hosts to see each other as if they'​re connected to the same ethernet switch.
 +
 +
 +===== Configuration =====
 +
 +The changes below assume an OpenWrt Kamikaze or Backfire version, the relevant files are:
 +
 +  * [[doc:​uci:​wireless|/​etc/​config/​wireless]]
 +  * [[doc:​uci:​wireless|/​etc/​config/​dhcp]]
 +
 +
 +In order to enable the bridged client mode, the mode of the existing wireless network is changed to ''​sta''​ and channel, SSID and encryption are changed to correspond to the wireless network we connect to.
 +
 +Since the default configuration already bridges the wireless to the lan interface, no further changes are necessary. ​
 +
 +Before doing any actual configuration,​ the wifi interface must be enabled in order to be able to scan for networks in the vincinity:
 +
 +<​code>​uci del wireless.wl0.disabled
 +uci commit wireless
 +uci set wireless.wl0.country=DE
 +wifi</​code>​
 +
 +  * Remove the //disable 1// option from the wireless configuration
 +  * Save changed configuration file
 +  * Select your country, this is important because some countries don't support wifi channels 12,13,etc
 +  * Start wireless using the //wifi// command
 +
 +
 +Now we can issue the ''​iwlist scan''​ command to list networks in range, the required information is highlighted:​
 +
 +| ''​iwlist wl0 scan
 +wl0       Scan completed :
 +          Cell 01 - Address: 00:​1D:​19:​0E:​03:​8F
 +                    ESSID:"​**Vodafone-0E0301**"​
 +                    Mode:​Managed
 +                    Channel:​**9**
 +                    Quality:​3/​5 ​ Signal level:-69 dBm  Noise level:-92 dBm
 +                    IE: **IEEE 802.11i/​WPA2 Version 1**
 +                        Group Cipher : TKIP
 +                        Pairwise Ciphers (2) : TKIP CCMP
 +                        Authentication Suites (1) : PSK
 +                       ​Preauthentication Supported
 +                    IE: **WPA Version 1**
 +                        Group Cipher : TKIP
 +                        Pairwise Ciphers (2) : TKIP CCMP
 +                        Authentication Suites (1) : PSK
 +                    Encryption key:on
 +                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
 +                              11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
 +                              48 Mb/s; 54 Mb/s
 +          Cell 02 - Address: 00:​1A:​4F:​8F:​48:​50
 +                    ESSID:"​**FRITZ!Box Fon WLAN 7141**"​
 +                    Mode:​Managed
 +                    Channel:​**4**
 +                    Quality:​1/​5 ​ Signal level:-83 dBm  Noise level:-92 dBm
 +                    IE: **WPA Version 1**
 +                        Group Cipher : TKIP
 +                        Pairwise Ciphers (1) : TKIP
 +                        Authentication Suites (1) : PSK
 +                    Encryption key:on
 +                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
 +                              9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
 +                              48 Mb/s; 54 Mb/s 
 +          Cell 03 - Address: 00:​22:​2D:​0E:​58:​F1
 +                    ESSID:"​**WLAN_SUHA**"​
 +                    Mode:​Managed
 +                    Channel:2
 +                    Quality:​4/​5 ​ Signal level:-61 dBm  Noise level:-92 dBm
 +                    Encryption key:on
 +                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 6 Mb/s; 9 Mb/s
 +                              11 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
 +                              48 Mb/s; 54 Mb/​s''​ |
 +
 +  * //ESSID// is the name of the network
 +  * //Channel// specifies at which frequency the corresponding network is operating on
 +  * The lines starting with //IE:// report which encryption capabilities are supported by the access point:
 +    * //IEEE 802.11i/​WPA2 Version 1// indicates WPA2
 +    * //WPA Version 1// indicates WPA
 +    * If both WPA and WPA2 are present, the network is most likely operating in WPA/WPA2 mixed mode
 +    * If no //IE:// appears after the scanning like in //Cell 03// network from the example, the wireless could be using WEP mode. 
 +
 +
 +==== Step 1: Configure wireless ====
 +
 +Supposed we want to connect to the network called "​Vodafone-0E0301",​ the previous scan result revealed the following information:​
 +
 +  * ESSID is ''​Vodafone-0E0301''​
 +  * Channel is ''​9''​
 +  * The network uses WPA/WPA2 mixed mode\\
 +\\
 +
 +Edit ''/​etc/​config/​wireless''​ and change the mode of the existing wireless network to ''​sta'',​ the channel to ''​9''​ and the ESSID to ''​Vodafone-0E0301'':​
 +
 +| ''​config '​wifi-device'​ '​wl0'​
 +        option '​type' ​      '​broadcom'​
 +        option '​country' ​   '​DE'​
 +        option '​channel' ​   '​**9**'​
 +
 +config '​wifi-iface'​
 +        option '​device' ​    '​wl0'​
 +        option '​network' ​   '​lan'​
 +        option '​mode' ​      '​**sta**'​
 +        option '​ssid' ​      '​**Vodafone-0E0301**'​
 +        option '​encryption'​ '​**psk2**'​
 +        option '​key' ​       '​**secret-key**'​ ''​ |
 +
 +  * //​encryption psk2// requests WPA2-PSK for the client connection (see [[doc:​uci:​wireless#​wpa.modes|WPA modes]])
 +  * //key secret-key//​ specifies the secret encryption key used on this wireless network\\
 +\\
 +
 +Proceed with calling //wifi// to apply the new wireless configuration and check the result using //​iwconfig//:​
 +
 +<​code>​wifi
 +iw dev wl0 link
 +Connected to 00:​1D:​19:​0E:​03:​8F (on wl0)
 + SSID: tesla-5g-bcm
 + freq: 2432
 + RX: 49716623 bytes (211199 packets)
 + TX: 22865049 bytes (98041 packets)
 + signal: -43 dBm
 + tx bitrate: 300.0 MBit/s MCS 15 40MHz short GI
 +
 + bss flags:​ short-slot-time
 + dtim period: 0
 + beacon int: 100
 +  * //Access Point: 00:​1D:​19:​0E:​03:​8F//​ indicates a successful connection
 +  * //Access Point: Not-Associated//​ would indicate a connection or authentication problem\\
 +</​code>​
 +| {{:​meta:​48px-dialog-warning.svg.png?​nolink}} | If the target network uses the 192.168.1.0/​24 subnet, you **must** change the default LAN IP address to the same subnet, e.g. to 192.168.1.**10**\\ |
 +
 +At this point hosts connected to the LAN ports of the OpenWrt router should be able to receive DHCP directly from the remote access point.
 +
 +
 +==== Step 2: Disable the DHCP server ====
 +
 +Since the device is operating as client in another network and relays all communication from the associated Access Point to its LAN hosts,
 +the local DHCP server should be disabled to avoid collisions.
 +
 +Edit ''/​etc/​config/​dhcp''​ and set the predefined LAN [[doc:​uci:​dhcp#​dhcp.pools|DHCP pool]] to ignore:
 +
 +| ''​config '​dhcp'​ '​lan'​
 +        option '​interface' ​ **'​lan'​**
 +        option '​start' ​     '​100'​
 +        option '​limit' ​     '​150'​
 +        option '​leasetime' ​ '​12h'​
 +        **option '​ignore' ​    '​1'​** ''​ |
 +
 +Apply the change by restarting //​dnsmasq//:​
 +
 +<​code>/​etc/​init.d/​dnsmasq restart</​code>​
 +
 +
 +==== Step 3: Disable the firewall ====
 +
 +This step is not strictly required but disabling the firewall saves resources when operating as a dumb bridge -
 +there is no need to filter traffic running from wifi to ethernet and back.
 +
 +Stop and disable the firewall by using the init script:
 +
 +<​code>/​etc/​init.d/​firewall stop
 +/​etc/​init.d/​firewall disable</​code>​
 +
 +==== Step 4: Specify gateway ====
 +
 +In my case, after following this recipe through all three steps, the network was working fine, but internet was not accessible. To make internet work I needed to additionally add a gateway route (in my case 192.168.1.1) and to make domains resolve I needed to add a dns server address (for example 8.8.8.8) for the lan interface in **/​etc/​config/​network**:​
 +
 +| ''​config '​interface'​ '​lan'​
 + ...
 + **option '​dns'​ '​8.8.8.8'​
 + option '​gateway'​ '​192.168.1.1'​ ** ''​ |
 +
 +===== See also =====
 +
 +For more on wireless client mode see [[doc/​howto/​clientmode]]