OpenWrt 802.11s mesh

802.11s mesh

https://openwrt.org/docs/guide-user/network/wifi/mesh/80211s

To use 802.11s mesh, you’ll need OpenWrt 19.07+ with the wpad-mesh-openssl or wpad-mesh-wolfssl package installed. See steps below.

Buying a device for 802.11s mesh

For secondary mesh devices (that will just act as access points), at a bare minimum you will need a device with 4 MB of flash and 32 MB of RAM. However, this will require building a custom OpenWrt package for your device and/or doing all of the configuration over SSH.

It will be much easier with a device with at least 8 MB of flash and 64 MB of RAM, which are also the minimum requirements for a primary mesh device. For more information, see Buying a device for use with OpenWrt

Adding mesh support to a device already running OpenWrt

Set up internet access on the device

You can either plug the device into another router that already has internet, or follow these steps to join an existing wireless network:
1. Go to Network > Wireless > Scan
2. Find your existing wireless network and click Join Network
3. Type your WPA passphrase and click Submit > Save > Save & Apply
4. In the Wireless Overview make sure the wireless connection is working
Install the mesh packages
1. Go to System > Software
2. Go to the Installed tab and in the Filter type wpad
3. If you have either wpad-basic or wpad-mini installed, click Remove to uninstall them
4. Go to the Available tab and click Update lists
5. In the Filter type wpad-mesh
6. Install either wpad-mesh-openssl (for devices with a lot of storage/memory) or wpad-mesh-wolfssl (for devices with low storage/memory)
7. If you joined an existing wireless network to get internet access, go to Network > Wireless and click Remove by that network

Building OpenWrt 19.07 with mesh support for a device with limited storage/RAM

The example below is for the TP-Link TL-WRN841N v8; customize it to suit your needs as per the documentation: Beginners guide to building your own firmware

Download and extract the source, e.g.

wget https://downloads.openwrt.org/releases/19.07.5/targets/ath79/tiny/openwrt-imagebuilder-19.07.5-ath79-tiny.Linux-x86_64.tar.xz
tar -xvf openwrt-imagebuilder-19.07.5-ath79-tiny.Linux-x86_64.tar.xz
cd openwrt-imagebuilder-19.07.5-ath79-tiny.Linux-x86_64/

Figure out which value to use for PROFILE
```
make info
```
Build the package, e.g.
```
make image PROFILE=tplink_tl-wr841-v8 PACKAGES="uhttpd uhttpd-mod-ubus libiwinfo-lua luci-base luci-mod-admin-full luci-theme-bootstrap wpad-mesh-wolfssl -wpad-basic -wpad-mini -ppp -ppp-mod-pppoe -kmod-pppoe -ip6tables -odhcp6c -kmod-ipv6 -kmod-ip6tables -odhcpd-ipv6only -odhcpd -iptables -opkg -uclient-fetch -libuclient20160123 -firewall -kmod-ipt-core -kmod-ipt-offload -kmod-nf-conntrack -kmod-nf-flow -kmod-nf-ipt -kmod-nf-reject -dnsmasq"
```
- If you see this error: [mktplinkfw] *** error: images are too big by 799789 bytes
  
  See here to see some packages you can remove to save space: https://openwrt.org/docs/guide-user/additional-software/saving_space. You may be able to remove more packages depending on your needs; see above for an example.
  
  ⚠️ Devices with 4 MB of flash storage may not have enough space for the LUCI web interface and the mesh package. Thankfully, it is fairly easy to set up the mesh over SSH (see below).
Get the built image from bin/targets, e.g. bin/targets/ath79/tiny
Flash the image

Set up the mesh network using LUCI

Devices:

Primary mesh device
- This is the device that is connected to the internet (e.g. via a network cable to a cable/DSL modem)
- This device acts as a router and will manage the DHCP, DNS, and firewall for the network
- This device can also act as a wireless AP (access point)
Secondary mesh device(s)
- These devices will extend the wireless network and act as wireless APs

If you’re just setting up the router after flashing it, see Installation and initial configuration here to do the initial setup: OpenWrt
Configure the LAN interface
1. Set the IP
  
  On the primary mesh device you’ll want to set a static IP (e.g. 192.168.0.1). On the secondary mesh devices you can also set a static IP on the same subnet (e.g. 192.168.0.2) or you can use DHCP instead.
  - Set a static IP: see Change the IP address here: OpenWrt
  - Use DHCP: Network > Interfaces > LAN > Edit > Protocol > DHCP client > Save > Apply unchecked
2. For all secondary mesh devices with a static IP:
  1. Network > Interfaces > LAN > Edit
  2. IPv4 gateway > Set to the IP of the primary mesh device (e.g. 192.168.0.1)
  3. Use custom DNS servers > Add the IP of the primary mesh device
  4. Save > Save & Apply
(Optional) Disable unnecessary services

For secondary mesh devices, you can optionally disable some services that will be provided by the primary mesh device
1. System > Startup
2. Click Enabled for each of these services (if you see Disabled, it means they’re already disabled):
  - dnsmasq
  - firewall
  - odhcpd
  (If you built your own OpenWrt package without these services (-dnsmasq, -firewall, -odhcpd), they will not be displayed on the Startup screen)
Configure the mesh wireless network
1. Network > Wireless
2. Either Add a new network or Edit an existing network
  
  It shouldn’t matter whether the mesh network is the primary or secondary network
3. Under Device Configuration > General Setup
  1. Set Channel to a specific channel (this must be the same on all mesh devices)
4. Under Device Configuration > Advanced Settings
  1. Set Country Code
5. Under Interface Configuration > General Setup
  1. Set Mode to 802.11s
  2. Set the Mesh Id
    
    This can be any string (e.g. 80211s-mesh), but it must be the same on all mesh devices
    
    I like to use a random value (e.g. generated using openssl rand -hex 6) since the mesh network may be visible by some clients
  3. Set Network to lan
    
    This will prevent the firewall from blocking traffic between the mesh routers so all devices on the mesh network can see each other
6. Under Interface Configuration > Wireless Security
  1. Set Encryption to WPA3-SAE
  2. Set Key to a randomly generated secure string
7. Save > Save & Apply
8. If you see Wireless network is disabled under the mesh network, click Enable
Configure the wireless network for clients

Skip this step if you already have a wireless network for clients
1. Network > Wireless
2. Either Add a new network or Edit an existing network
  
  Make sure you don’t edit the mesh network you just created 😄
3. Under Interface Configuration > General Setup
  1. Set Mode to Access Point
  2. Set ESSID to the same value on all routers
    
    This will make the network look the same to clients so they can automatically switch between any of the mesh routers
  3. Set Network to lan
4. Under Wireless Security
  1. Set Encryption to WPA2-PSK
  2. Set Key to the same values on all routers
5. Save > Save & Apply

Set up the mesh network over SSH

Connect to the device, e.g.
```
ssh root@192.168.1.1
```
(As needed) Set the root password
```
passwd
```
(As needed) Change the IP address

Make sure each router on the mesh network has a different IP on the same subnet (e.g. 192.168.0.2)
1. Edit /etc/config/network
```
vi /etc/config/network
```
2. Under config interface 'lan' set option ipaddr
3. Restart the network
```
service network reload
```
For all secondary mesh devices:
```
uci set network.lan.gateway='192.168.0.1'
uci add_list network.lan.dns='192.168.0.1'
```
(Replace the IP address with the IP of the mesh device that is connected to the internet)

Configure the mesh wireless network

Edit /etc/config/network
```
vi /etc/config/network
```
Under config wifi-device 'radio0':
1. Remove this line to enable the wireless radio:
```
        option disabled '1'
```
2. Update the options to set the channel and country, e.g.
```
        option channel '1'
        option country 'IO'
```

Still in /etc/config/wireless, add a new section to create the mesh interface

config wifi-iface 'mesh'
        option device 'radio0'
        option network 'lan'
        option key 'gqjfjfn7smcKu&bx'
        option mesh_rssi_threshold '0'
        option mesh_fwding '1'
        option mode 'mesh'
        option mesh_id 'ef4ef8ebb23d'
        option encryption 'sae'

(Replace key and mesh_id with your own values)

Restart the wireless interface
```
wifi
```

(Optional) Tail the logs to make sure it worked

logread -l 20 -f

e.g.

# logread -l 20 -f
Fri Jan  8 18:31:12 2021 daemon.notice wpa_supplicant[2257]: wlan0: MESH-GROUP-STARTED ssid="ef4ef8ebb23d" id=0
Fri Jan  8 18:31:12 2021 daemon.notice wpa_supplicant[2257]: wlan0: new peer notification for 24:a4:3c:ae:df:83
Fri Jan  8 18:31:13 2021 daemon.notice wpa_supplicant[2257]: wlan0: mesh plink with 24:a4:3c:ae:df:83 established
Fri Jan  8 18:31:13 2021 daemon.notice wpa_supplicant[2257]: wlan0: MESH-PEER-CONNECTED 24:a4:3c:ae:df:83

(Optional) View the mesh status

iw dev wlan0 station dump