Posted: Fri Jan 20, 2017 0:21 Post subject: Client Bridge issues with WR941ND v3
To begin my story with, you have to know about my landlord. He's paranoid, badly. I only rent a room in his flat (got two other guys living here in the other rooms), and he "takes care" of the internet in general.
He bought a ZyXel Armor Z1 router to replace the previous, aging one. Here comes the paranoid part. Not just did he set a mile-long password, he also deployed hidden SSID and *drums please* MAC filtering. Of the few bad choices possible during a wireless AP setup as easy as a ZyXel, he chose some of the worst.
So the thing is, I have devices coming and going. Some including that he does not approve of (I use my old laptop as a "home server", 2x1TB HDD in the bad boy, it takes care of my torrent downloads and media streaming).
For this I wanted to create my own network, a subset of the "big one". So I took my old trusty TL-WR941ND v3, installed the latest DD-WRT on it, and set it up, the following way:
- Fixed IP on LAN, in the non-DHCP range of the main router
- MAC clone of the wireless interface to a MAC address I do not use
- ath0 is in Client Bridge (Routed) mode, with manual gateway setting, mixed mode, dynamic channel width (landlord set it to fixed HT20...), security set up properly, network configuration is bridged.
- ath0.1 is a virtual interface, my own hotspot. Custom name (does not match the origin router), bridged, without AP isolation, WPA2 Personal security enabled
So far, WiFi and internet access works, so does LAN (where my server resides). However for some weird reason, anything behind this specific router can't see out to the "big network", even though my router only works as an access point/repeater to the actual router on the network (IP addresses and everything come from the origin router).
Am I doing something wrong, if yes, how can I make it so that even with the custom wireless AP config and LAN connection, devices behind my router could see the whole network? The reverse is not an issue, any device connected to the main router can see e.g. my server, but not the other way around.
Should setup as Client ... not client bridge (routed)
In 'client' mode your router will operate as regular gateway (in gateway mode) only the physical
wireless interface will act as WAN. You can probably set WAN as DCHP or static since you know his settings.
Just match his wireless security.
Set your own LAN network & DHCP to suit yourself.
create a VAP to connect your wireless ....... should be able to set whatever WPA2-aes security you want on the VAP ----
---or other interface if dual radio.
Should setup as Client ... not client bridge (routed)
In 'client' mode your router will operate as regular gateway (in gateway mode) only the physical
wireless interface will act as WAN. You can probably set WAN as DCHP or static since you know his settings.
Just match his wireless security.
Set your own LAN network & DHCP to suit yourself.
create a VAP to connect your wireless ....... should be able to set whatever WPA2-aes security you want on the VAP ----
---or other interface if dual radio.
I went with "Client Bridge (Routed)" since that's the configuration described in the guide.
I do not want the router to act as a DHCP server or do anything else. I just want it to take any device connected to it, wired or wireless, and pass it through to the origin router.
EDIT:
Tried the client setup. Switched to client mode, confirmed settings, and applied settings. Now the router stopped broadcasting its own AP (ath0.1), does not connect to the origin router, and cannot be accessed from LAN either.
In 'client' you must establish and maintain a connection or the VAP will not work.
Client bridge (router) is all same subnet and is just a hack and not recommended if you are going to use multiple devices behind it and want full network access.
This is NOT a transparent bridge. You should be able to have internet access but that's about it ...
Setup as 'client' then you are isolated (NATed) from main source and should be able to do what you want within your own network.
If you want full network function with main you need to be in WDS mode. This will require access to main router and it
must be WDS compatible with what you are bridging with.
(routers of same chipset)
In 'client' you must establish and maintain a connection or the VAP will not work.
I'm very well aware of this. Yet the router in client mode refuses to connect.
mrjcd wrote:
Client bridge (router) is all same subnet and is just a hack and not recommended if you are going to use multiple devices behind it and want full network access.
This is NOT a transparent bridge. You should be able to have internet access but that's about it ...
I have internet, and in some cases, devices on different networks can access each other (e.g. my laptop, connected to the 5G of origin router, can access my server which is a wired connection to the secondary router, and vice versa). However for some reason some devices can't see each other (e.g. the origin router cannot access the server, which is a problem, as I want some services to be available from outside the network too).
mrjcd wrote:
Setup as 'client' then you are isolated (NATed) from main source and should be able to do what you want within your own network.
I want to avoid this as much as possible. The bridged client mode works, more or less, I'm trying to isolate the cases where it does not, and try to fix them.
mrjcd wrote:
If you want full network function with main you need to be in WDS mode. This will require access to main router and it
must be WDS compatible with what you are bridging with.
(routers of same chipset)
