Marc Ahlgrim

Digital Creator

15 minute read

A DIY 802.11s Wi-fi Mesh with OpenWrt

We will build a DIY 802.11s Wi-fi mesh with OpenWrt and two cheap commodity consumer routers using fast roaming 802.11r. Please use my affiliate links if you want to buy them

Watch the video on YouTube

Affiliate links:

Archer C7 : Amazon Xiaomi: Amazon Xiaomi Aliexpress AliExpress

The scripts for automatic deployment are on my github repository

Click to view the entire transcript Today we will build a true Wi-fi mesh with two commodity consumer grade Wi-fi routers. One is the TP-Link Archer C7 and the other one is the Xiaomi mi router 4a gigabit edition. You can get both in the 20 to 50 Dollars range each and hence build yourself a Wi-fi mesh with three nodes far below 100 Dollars. You may of course use any other device that is supported. Please see my affiliate links in the description if you want to buy them. Many thanks. The mesh configuration on OpenWrt is done in two or three clicks really. But we do have to prepare a couple of things. First off, you should make sure that your hardware actually supports mesh_point mode. In order to do this, you would need to ssh into the router and run iw list and search for mesh. If you are however using one of those devices listed here, then you should be quite safe. Let’s go and configure the first router. This will be the device that is connected to the internet. The gateway of our mesh. I use the Archer C7 for this. So we have Internet connection on the WAN port and we plug in our PC on the LAN port. By default, the LAN interface provides IP addresses over DHCP in the 192.168.1.x range and the router itself has the IP 192.168.1.1. I assume that you are using DHCP on your PC so you should get an IP address in that range automatically. Next we need to check on the software prerequisites. In the OpenWrt GUI which is called luci, this is done under System and then Software. Usually a consumer grade Wi-fi router does not have a lot of memory. Therefore, the number and type of software packages that are installed on it strive to be rather small and don’t necessarily provide all features. The software packages that provide Wi-fi on OpenWrt start with wpad. And as you can see there is one that is already installed and also there are a couple of others which provide more features such as – you may have guessed – mesh. If you don’t see any packages here, then click on “Update lists”. The ones that provide mesh here are the full featured packages down here and the wpad-mesh packages here. So we need to chose one of them. Let’s use wpad-mesh-openssl for example. Now, when you try to install this and you did not tick the box “overwrite files from other packages” then you might get an error message saying that there is a conflict with an already installed package. So we need to remove it first. That can be done on the “installed” tab here. Please – when you do this make sure that you are connected to the device with a wire as this will kill the Wi-fi. So let me uninstall all conflicting packages here. Then go back to the “Available” tab and install the right wpad package. Perfect. All done. At this point the safest bet is to reboot the wifi router by clicking on system then reboot. The reason is that the old version of the files might still be in use. On the command line you could do a combination of wifi down then /etc/init.d/wpad stop then opkg remove on the obsolete packages and an opgk install on the new one, followed by wpad start and wifi up. You may do that if you can’t reboot your router for example because of the kids ;-) (logo) Cool, my first Wi-fi router has rebooted and it is now using the new version of wpad. If we check in the Software section again then we can see the newly installed package here. You may notice that the amount of free space that you have available on your router has decreased by the size of the package. OpenWrt has not freed up the memory for the package that you have uninstalled. That’s normal and related to the fact that the firmware is located in a read-only block device and the new package is just put into a read-write partition that is mounted as an overlay file system. Keep that in mind when you install software on a router – you may quickly run out of memory. Awesome, now let’s configure the mesh. We go to network-wireless, then the radio we want to use and click on add here. I will use the 2.4 GHz radio in a first step. You can of course also use the 5 GHz radio or we can later add a second mesh on the 5 GHz if we want to. I’ll talk about the pros and cons of the two bands later. On the general tab down here we need to select 802.11s in the mode field. IEEE 802.11s is the name of the underlying standard for mesh. Next we give it a name or ID – that will be the SSID which will be visible on the air and we have to select a network. Now – the network that you select here in fact corresponds to the names of interfaces that you can see on the network then interfaces section. I set this to LAN on my main router – so the mesh will be bridged to my LAN network. If you have network segmentation like I showed in my previous videos then you would also see guest, iot and potentially a couple more here – do NOT select multiple networks here. The mesh can not do VLANs – we will do this in the second and third episode. For the time being we will just work with one network. Last but not least I will have to go to the wireless security tab and chose the encryption. For the mesh we have two choices here. We can chose SAE or none. SAE is short for Simultaneous Authentication of Equals and provides ad hoc two-way encryption. If we chose none then the traffic would be unencrypted. If we want to have encryption then the only choice that is valid here is WPA3-SAE. Theoretically we could also use WPA2 and add the SAE encryption manually. But here let’s just use WPA3-SAE. That’s it – save and apply. Now let’s go to the second access point. For this I will use the Xiaomi mi router which I have bought for one of the previous videos. This device will only serve as a so called dumb access point, so it should not act as a router but rather only have access point functionality. Therefore we will need to do a couple of additional steps which in fact have nothing to do with Wi-fi mesh but rather with removing unneeded functionality. The reason I will do this is so that I can use features like fast roaming later. If you have followed my previous videos then you probably already have done that. But I wanted to provide the newcomers with a working out-of-the-box configuration in this episode here. For your convenience I am providing a script that automates these steps on my github repository. So you could as well just ssh into the router and copy paste the script into the ssh window. That will come in handy if you want to configure not only two but let’s say 5 or 10 devices. Both routers by default have the 192.168.1.1 address. In order to avoid conflicts during the configuration, please do now disconnect your PC from the first router and connect your PC to a LAN port of the second router. Do not connect both routers to each other yet. Now we log into luci and go to network-interfaces. Next to the LAN interface click on edit. We need to give the LAN interface a different IP address in the same subnet like our main router. In order to do this we have two possibilities. We could either use a fixed IP address in the same subnet, for example 192.168.1.2. In this case we would also need to tell it about the first router in the IPv4 gateway field and we would need to go to the “DHCP Server” tab and tick the box “Ignore Interface”. Or – we just set the interface to be a dhcp client. The advantage of this is that we get all the settings like DNS Server and default gateway etc. from the main router. The disadvantage is that we would need to find out the new IP address which it gets from the main router before we can reconnect to it. Let’s do that. Change the protocol to DHCP client, click on save. Once you click on “Save” and then “Save and apply” the router will change its IP address, that means that we will now lose connectivity. If we did nothing, then the changes would be reverted back within 90 seconds. Now we have 90 seconds to reconnect before luci reverts the changes. Now please plug in the cable going to the LAN port of your main router into the second LAN port of the second router, so in other words please connect the LAN ports of the routers to each other. Like it is shown here. If you now browse to the 192.168.1.1 address then you will be looking at the first router. And down here somewhere you should see the second router appearing. Browse to the IP address that is shown there. That’s the new IP address of your second router. You should now get a message saying that the changes have been applied. Cool. We’re nearly done with preparations. We just need to remove some more unneeded stuff from the second Access point such as the WAN interfaces, DHCP Server, DNS Server and Firewall. Under network-Interfaces I can now delete all unused interfaces, so I can delete the WAN and WAN6 interface. So now we only have the LAN interface in the list which in fact will later be connected to the mesh directly. The WAN zone only exists on the first router which is connected to the Internet. Actually we can now even assign the wan switch port of this device to the lan interface. In order to do this we go to this devices tab here and click on “configure” next to the br-lan bridge. Add the wan port and then save and apply. Just two more tiny things and we are done with housekeeping on the access point. Go to network-firewall and delete all zones. Then go to System-Startup and click on the “enabled” button next to dnsmasq, odhcpd and firewall. These operations disable the firewall and the dns and dhcp server. Save and apply. To make sure that they are really stopped click on the stop button next to them. Awesome. This part was really just related to turning the second router into a dumb access point. We don’t want it to act as a router but just as an additional access point in our LAN and ultimately in our Wi-Fi mesh network. Now let’s follow exactly the same procedure like on the first device - remove the old wpad, install the new one, go to wireless, add the mesh. Select the LAN network down here. Again – make sure that you are on the same band and channel like the first router here. Once I click on “Save and Apply” then we should see the other mesh point here in the associated stations list. If you don’t see the other mesh point here then the safest bet again would be to quickly reboot both routers in order to make sure that the new config is properly applied on both. In addition to that, you could ssh into the router and run logread -f while you restart the interfaces in order to see if it wants to tell you something. Awesome. Now we have the two routers connected with the Wi-fi mesh. Let’s remove the wire between the two routers and see if we can do basic connectivity. Go to Network – then Diagnostics – and ping the other router’s address, by default 192.168.1.1. If that goes OK then try to ping OpenWrt.org. If that also goes OK then we are good to proceed. Just one more thing here. When you reboot the second access point then most probably it will get assigned a new IP address because the MAC address of the Wifi interface is different from the MAC of the Ethernet interface. Please do double check on the status page of your first router. Mine got the dot 132 address over the Ethernet and then received the dot 131 address over the mesh. Just another remark here – the meshes show “Encryption: None” on the wireless page of the Xiaomi but they should be encrypted. On my Archer C7 they do properly show WPA3 SAE. I guess that’s a bug in luci. Actually that leads me to a CALL TO ACTION – I need you to get involved again. I am not using Mesh here at home a lot – so I can’t really tell you guys if it is stable, reliable, performant etc. So I would be curious to learn from you if you are using Wi-fi mesh with OpenWrt and if you can say anything about long term reliability and performance. Please drop me a comment and also tell me which hardware you are using for the mesh – many thanks again! Perfect! Now we have the main router connected to the internet on the WAN side and to the mesh on the LAN side. The second access point is connected to the Mesh which is bridged to all ports at the back of the device. The last thing that we need to do is to actually turn both devices into Wi-Fi access points. Let’s go to Network – then Wireless and add a wireless network here. I will call it my-wifi, add it to the lan network, select wpa2-psk as security level and give it a secret password. You may actually add that Wi-fi to all adapters on all bands. If you want to use fast roaming as well then just tick the box next to 802.11r fast roaming, type in the exact same mobility domain on all devices and change the FT protocol to FT over the air. That’s pretty much it. Do the same exact config on both devices and all additional devices you want to add. You may chose different radio channels on the radio band that is NOT connected to the mesh. As in my example the mesh is on the 2.4 GHz band, I could therefore serve Wi-fi to my clients in the 5 GHz band on different channels. If everything went well then you can now connect to one of the access points and actually you may remove the Ethernet cable that runs to your PC from the second access point – it can now run standalone as a full wireless mesh access point with fast roaming capabilities. In a nutshell, the config is pretty similar to what I showed in my fast roaming video – just now the access points are interconnected via mesh rather than Ethernet. Awesome. If you want to add a third, fourth or fifth access point then do the above for each one of them. Alternatively use the script from my github repository which in fact automates the steps. Why have I chosen the 2.4 GHz band as a back haul for the mesh rather than the faster 5 GHz band ? Well, the 2.4 GHz band might be crowded and also provide less bandwidth but in certain situations it does have a number of advantages. Such as it can more easily penetrate walls and other obstacles. So if there is a concrete wall between the Access points then you might get better connectivity on the lower frequencies of the 2.4 GHz band rather than the 5 GHz band. You might even use a directional antenna to improve connectivity between the access points such as the 99 cents Yagi Uda antenna made of paperclips and foam which I showed in my second ever video. Link up here. To me it doesn’t matter because as I am using fixed channels 1 on one side of the house and 11 on the other side for many many years all the conflicting access points in the neighborhood have moved to other channels over the years. As I have so many SSIDs on each radio that actually makes that channels look crowded to others. Also – my Internet connection only provides 100 Mbits so the 2.4 GHz is totally OK as a backbone for me. I need to admit that the density of Wi-fi networks is not very high where I live – if you live in an apartment in a big city then this might be a totally different situation and It might be better for you to chose the 5 GHz band as a backbone. Last but not least let’s talk about some basic troubleshooting steps. If ever the stations can’t associate then the best thing to do is to double-check on everything – channel, SSID, password and the like plus in order to get more information ssh into the router and use the logread -f command to see log messages. They will give you hints on what went wrong. Rebooting the router might help as well just to make sure that all changes are taken into consideration properly. That’s it for today. In the next episodes we will see how we can overcome some limitations of the concept of this episode. In fact we can not use VLANs over the mesh at the moment, that means that if we want to build a guest Wi-Fi over the mesh then we would have to tunnel VLANs over the mesh to the second access point. We will do this in the next episode. In the third episode we will look into more advanced options using the batman-adv protocol and maybe I will do a fourth episode with some additional use cases such as a wireless mesh managed switch. Either way, make sure that you bookmark my channel page or even better – do subscribe to my channel so you will be notified if a new episode comes out. But before everything else – Many thanks for watching. Likes and comments are appreciated – stay safe, stay healthy, bye for now!

You May Also Enjoy