In the default configuration, OpenWrt bridges the wireless network to the LAN of the device. Most wireless drivers do not support bridging in client mode (see Bridged Client Mode Issues), therfore the traffic between LAN and the wireless client must be routed. The relayd package helps to implement a bridge-like behaviour with DHCP and Broadcast relaying comparable to the proprietary Broadcom WET mode.

The steps outlined below cover the process of putting the radio into client mode and linking it with the LAN interface with the help of relayd.

In order to use this setup, you first must install the relayd package, if it is not present on the system yet. In trunk versions it is also required to enable the relayd init script to function properly: /etc/init.d/relayd enable.

Configuration with Luci When using Luci you also need to install the luci-proto-relay package.

The changes below assume an OpenWrt default configuration, the relevant files are:

• /etc/config/network
• /etc/config/wireless
• /etc/config/firewall
• /etc/config/dhcp

Before doing any actual configuration, the wifi interface must be enabled in order to be able to scan for networks in the vincinity:

uci set wireless.@wifi-device[0].disabled=0
uci commit wireless
wifi

• Set the disabled option to 0 (to enable wireless)
• Save changed configuration file
• Start wireless using the wifi command

Now we can issue the iwlist scan command to list networks in range, the required information is highlighted:

• ESSID is the name of the network
• Channel specifies at which frequency the corresponding network is operating on
• The lines starting with IE: report which encryption capabilities are supported by the access point:
  • IEEE 802.11i/WPA2 Version 1 indicates WPA2
  • WPA Version 1 indicates WPA
  • If both WPA and WPA2 are present, the network is most likely operating in WPA/WPA2 mixed mode

Edit /etc/config/network and add a new interface, for example wwan, with proto set to dhcp:

Note that no ifname is required here since the wireless network will reference this section later.

UCI CLI commands:

uci set network.wwan=interface
uci set network.wwan.proto=dhcp
uci commit network

Add another new interface to the network configuration, this time with the special protocol relay:

The existing lan network and the newly created wwan network are grouped together here.

UCI CLI commands:

uci set network.stabridge=interface
uci set network.stabridge.proto=relay
uci set network.stabridge.network="lan wwan"
uci commit network

Supposed we want to connect to the network called "xmff-relay", the previous scan result revealed the following information:

• ESSID is xmff-relay
• Channel is 11
• The network uses WPA(1) mode
  

In /etc/config/wireless, locate the existing wifi-iface section and change its network option to point to the newly created interface. Change the mode option to sta (Station) and alter the encryption options to match those of the target network.

UCI CLI commands:

uci set wireless.radio0.channel=11
uci set wireless.@wifi-iface[0].network=wwan
uci set wireless.@wifi-iface[0].mode=sta
uci set wireless.@wifi-iface[0].ssid=xmff-relay
uci set wireless.@wifi-iface[0].encryption=psk
uci set wireless.@wifi-iface[0].key=secret-key
uci commit wireless

Since DHCP requests from LAN will be answered by the wireless AP the router is connecting to, the local DHCP server must be disabled in order to avoid collisions later on.

Edit /etc/config/dhcp and locate the existing DHCP pool for LAN and mark it as ignored:

It also possible to simply remove or comment the whole section.

UCI CLI commands:

uci set dhcp.lan.ignore=1
uci commit dhcp

In contrast to true bridging, packets forwarded by relayd are handled by the normal routing system internally, this means they're also affected by firewall policies set on LAN.

Edit /etc/config/firewall and locate the existing LAN zone definition, add the new wwan to it in order to apply the same policies on LAN and the wireless client.

OpenWrt, by default, ships a firewall configuration which disallows forwarded traffic within the LAN zone, means packets are not allowed to travel between multiple interfaces within it.

As outlined above, the forward policy was set to ACCEPT and both the lan and the wwan networks are configured as members of the LAN zone.

UCI CLI commands:

uci set firewall.@zone[0].forward=ACCEPT
uci set firewall.@zone[0].network="lan wwan"
uci commit firewall

Reload the DHCP service.

/etc/init.d/dnsmasq restart

Reload the firewall.

/etc/init.d/firewall restart

Reconfigure the wireless network.

wifi down; wifi

If the target network uses the 192.168.1.0/24 subnet, you must change the default LAN IP address to a different subnet, e.g. 192.168.2.1 . You can determine the assigned wifi address with the following command: uci -P/var/state get network.wwan.ipaddr 10.11.12.35 UCI CLI commands to change the default LAN IP address to a different subnet is: uci set network.lan.ipaddr=192.168.2.1 uci commit network reboot

At this point, the relayed client configuration should be finished.

After this the relay should work, however you will have trouble reaching the router from the main network. To get to it you'll need to manually set the IP address on your computer to an IP address on the same subnet (like 192.168.2.201 if you set the router ip to 192.168.2.1).

This is kind of tedious, but you can set things up so you can get it from the main network.

Run ifconfig and take note of the IP address assigned to wlan0. Then tell the relayd that this is the routers IP address with the following config.

uci set network.stabridge.ipaddr=192.168.1.35
uci commit network

You should make sure the main router is statically assigning the relay router the same IP address all the time.