Setting up WDS in OpenWRT
Here I will show you how to set up WDS (Wireless Distribution System) using OpenWRT and two OpenWRT-compliant
routers. WDS is particularily useful for people who live in a home where wiring through the walls is not feasible, and while
wireless is an option, there may be cases where either A) The access point is located too far for the conventional
wireless USB or PCMCIA card, or B) You want wired computers connected to a wireless router which will inturn connect
to another wireless router. Yet only one acts as a DHCP server, thus allowing you to extend your network in a more
convenient way.
>==ADSL/CABLE LINE==>==[[[[ MAIN ROUTER BOX ]]]] ~~~~~Wireless Signal~~~~[[[[ SECOND ROUTER BOX ]]]]
^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^
| Wired/Wireless Clients | | Wired/Wireless Clients |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
| Common Network Gateway |
This tutorial will assume that you already have OpenWRT (White Russian 0.9) set up on two routers. I might put up a
tutorial for installing OpenWRT down the road, but a lot of people have already put up such guides. Furthermore, once
you put up a tutorial for installing firmware, you usually get a million questions about how to unbrick a router. Personally,
the two routers I used were both Asus WL-500G Premiums; they are great routers - granted the standard Asus firmware
and so called "BitTorrent downloader" are complete junk. But that doesn't really matter since OpenWRT saves the day.
Assuming you have two routers with identical OpenWRT (White Russian 0.9) firmware setup, we are ready to begin.
Note that this tutorial absolutely does not apply to the Kamikaze release of OpenWRT, as it is a radical change compared
to the White Russian branch.
The first and most important thing is to set the lan_ipaddr value of each router to different values. I cannot stress this
enough, if you don't figure this out (or don't do it), you are wasting your time. If both routers are left to their default
address of 192.168.1.1 you will generate a race condition in your network, and the two routers will compete quite often
on various tasks.
From now on I will refer to the router that acts as a DHCP server and takes in the ADSL/CABLE line from your ISP as
WhiteR1; and the other router that acts as an extension to WhiteR1, as WhiteR2.
WhiteR1:~# nvram set lan_ipaddr=192.168.1.1
WhiteR1:~# nvram commit
WhiteR1:~# reboot
And for WhiteR2 set the address to something different....
WhiteR2:~# nvram set lan_ipaddr=192.168.1.2
WhiteR2:~# nvram commit
WhiteR2:~# reboot
So far, so good. Now ssh back into WhiteR1 and do the following...
WhiteR1:~# nvram set wl0_lazywds=0 <- Don't accept WDS connections from just anyone, we'll specify the MAC address' ourself.
WhiteR1:~# nvram set wl0_wds=aa:bb:cc:dd:ee:ff <- This is the MAC-address of the router WhiteR2
WhiteR1:~# nvram commit
WhiteR1:~# reboot
Similarily ssh into WhiteR2 and do the following...
WhiteR2:~# nvram set wl0_lazywds=0 <- Don't accept WDS connections from just anyone, we'll specify the MAC address' ourself.
WhiteR2:~# nvram set wl0_wds=aa:bb:cc:dd:ee:ff <- This is the MAC-address of the router WhiteR1
WhiteR2:~# nvram commit
WhiteR2:~# reboot
Now after WhiteR2 has rebooted, ssh into it again and lets disable the DHCP server and Firewall (as WhiteR1 will handle
both cases anyhow). It is most important that DHCP be disabled on WhiteR2, because if it issues any addresses, there is
a good chance you'll run into problems as WhiteR2 has no ADSL/CABLE feed.
WhiteR2:~# cd /etc/init.d/
WhiteR2:~# chmod -x S60dnsmasq <- This just makes the init.d script non-executable.
WhiteR2:~# chmod -x S35firewall
WhiteR2:~# reboot
One last step we need to do is set the SSIDs of the routers. Typically all routers should be the same SSID, however
when you scan your network it can become annoying seeing two devices with the same SSID name. Really the only way
to differentiate between the two is by looking at their MAC addresses. You can overcome this by using a special SSID
nvram value, wl0_wds_ssid.
Thus, ssh into WhiteR1 and perform...
WhiteR1:~# nvram set wl0_wds_ssid=somename <------|
WhiteR1:~# nvram commit |
WhiteR1:~# reboot |--------- These two strings must be identical!
Next, ssh into WhiteR2 and perform... |
WhiteR2:~# nvram set wl0_wds_ssid=somename <----- |
WhiteR2:~# nvram commit
WhiteR2:~# reboot
That's it! You can now connect wired/wireless devices to either WhiteR1 or WhiteR2 and all the leasing will be done via
WhiteR1, and WhiteR2 will act as an extension to WhiteR1!
Below I cover enabling WDS security. Only move onto the next phase if you have fully tested our work thus far. The
problem becomes far harder to diagnose if you try to do too much at once, and then make an overly ambitious jump to
the wifi security part.
(Will Write this part later)
