Control OpenWRT with DHCP Server in OpenWISP2

[M Ricky Anggoro P]

Hello, this is my third time I ask for help in this forum, so I hope it solve my case

So I want to established a Network like this:

I Have OpenWISP2 Controller installed on my Raspberry Controller, that will control the Mikrotik-OpenWRT device. the Controller, and the Mikrotik OpenWRT device are on my organization network (10.33.109.0/24), and I want the wireless Network is different with the organization network, but the wireless Network on the OpenWRT 1 and OpenWRT 2 is same, and will get the DHCP service from the Raspberry Controller, not the OpenWRT device, and of course, it will need NAT. My question:

- Is it possible for the wireless network to receive the Raspberry Controller and get NAT? 

- How to configure this to OpenWISP controller?

I'm a little bit confused to configure this, and I heard I can use dnsmasq on Raspberry to build DHCP Server, but I dont know how to configure NAT from wireless Network to LAN (10.33.109.0/24) Network. 

Thank you very much

[A Stanley]

I think what you are asking is possible but I've never tried it.  A few things you'll have to get working.

1.  DHCP server on they raspi (I would install a full server not dnsmasq)

2.  The Access Points will have to be configured as routers and not bridges.

3.  Since you have two gateways on the same network you'll have to synch your NAT and Default GW.

4.  You should be able to use keepalived to set up VRRP for your First Hop Redundancy Protocol.

5. You'll need to figure out a way to synchronize the NAT between the two routers (I've only seen this done with Cisco Devices)

I realize this isn't an answer so much as more things to think about.

If it were me I'd put my wireless devices on their own vlan and separate IP space and configure them as bridges.

--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/fc542a50-9b71-4e56-9e6c-cd1a242aa369%40googlegroups.com.

[A Stanley]

Almost forgot, the wirless routers will have to be configured with "IP Helper" address to forward DHCP requests to the Raspi.  You should be able to find examples for most of this in the Openwrt docs.

https://openwrt.org/docs/guide-user/network/high-availability

[M Ricky Anggoro P]

Thanks @2stacks for the advice. Giving your advice, High availability in openWRT is for fail over Router. But it seems like OpenWISP is not support yet for the configuration, CMIIW. After I search in this forum, I found something similar, in this -> https://groups.google.com/d/msg/openwisp/UpVgnZlwdOg/py06vwLtCQAJ

Federico said to only bridging LAN interface and wireless interface, but I want different network between LAN and wireless, so I can remote the OpenWRT from outside (No need VPN, because my organization already established VPN to access the LAN Network). 

To unsubscribe from this group and stop receiving emails from it, send an email to open...@googlegroups.com.

[A Stanley]

Yes, I didn't mean to imply that this config was supported by openwisp but to point out that it would first have to be something possible in openwrt.

To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/016d3db3-0d08-4d69-b384-19561f3add1b%40googlegroups.com.

[Federico Capoano]

In this case you don't have to bridge the wifi with the LAN, otherwise the wifi clients will get their address from the DHCP server on the raspberry pi.

You have to set up a DHCP server on each OpenWRT router with a different network from your organization's network, but you will also need to configure the IP tables routes (or policy routing, depending on your needs and tastes) to send packets to the organization's gateway in order for the internet connection to work.

OpenWISP can do this, OpenWISP can generate any configuration that OpenWRT supports, it's just a matter of working to first find out what is the exact working OpenWRT configuration you need to write, then follow the documentation of the configuration engine library to understand how to put it in OpenWISP: http://netjsonconfig.openwisp.org/en/latest/backends/openwrt.html

Disclaimer: this work makes sense only if you have many routers, say tens, hundreds, thousands.

I hope this helps

Federico

To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/CAP6YPdoXQEOhZtbczpVqY7ebgHJ-Q_4B-ug82gBXCxP3k-oHdA%40mail.gmail.com.

[M Ricky Anggoro P]

Thanks federico for the response. It seems that DHCP and NAT is serve by OpenWRT, right? In my case, I want the packet to go to Raspberry Pi first, before reaching Gateway, and I only use 2 AP. I have a research about OpenWRT compare with Mikrotik, so this is the case for OpenWRT network, is it possible? 

To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/CAERYH6Up0agWVA%3DzswGnJHrfUROYd%2BP%3D7K0dUbMdhPFDqt5BuA%40mail.gmail.com.

[Federico Capoano]

On Wed, Jul 24, 2019 at 1:04 PM M Ricky Anggoro P <rickyan...@gmail.com> wrote:

Thanks federico for the response. It seems that DHCP and NAT is serve by OpenWRT, right?

Right, I think so.

 

In my case, I want the packet to go to Raspberry Pi first, before reaching Gateway

So on OpenWRT you must set the address of the raspberry pi as the gateway, then the raspberry pi will have to route the packet to the real internet gateway.

 

and I only use 2 AP. I have a research about OpenWRT compare with Mikrotik, so this is the case for OpenWRT network, is it possible? 

I do not understand well what you're trying to convey here.

I meant to say that if you are doing all this work with OpenWISP just for 2 routers, it's overkill.

Best regards

Federico

[M Ricky Anggoro P]

Thanks Federico for your advice. Now I tried to config with OpenWISP, but i had some problem when i generate Wireless configuration to OpenWRT, this is the logread output:

hu Aug  1 20:14:31 2019 daemon.info openwisp: Local configuration outdated

Thu Aug  1 20:14:31 2019 daemon.info openwisp: Downloading configuration from controller...

Thu Aug  1 20:14:31 2019 daemon.info openwisp: Configuration downloaded, now applying it...

Thu Aug  1 20:14:32 2019 daemon.info openwisp: Service firewall has been reloaded via procd/ubus

Thu Aug  1 20:14:32 2019 daemon.info openwisp: Service network has been reloaded via procd/ubus

Thu Aug  1 20:14:32 2019 daemon.info openwisp: Service system has been reloaded via procd/ubus

Thu Aug  1 20:14:33 2019 daemon.info openwisp: Service wireless has been reloaded via procd/ubus

Thu Aug  1 20:14:35 2019 daemon.info dnsmasq[3121]: read /etc/hosts - 4 addresses

Thu Aug  1 20:14:35 2019 daemon.info dnsmasq[3121]: read /tmp/hosts/odhcpd - 0 addresses

Thu Aug  1 20:14:35 2019 daemon.info dnsmasq[3121]: read /tmp/hosts/dhcp.dnsmasq1 - 2 addresses

Thu Aug  1 20:14:35 2019 daemon.info dnsmasq-dhcp[3121]: read /etc/ethers - 0 addresses

Thu Aug  1 20:14:36 2019 daemon.notice netifd: Interface 'wlan0' is now down

Thu Aug  1 20:14:36 2019 kern.info kernel: [ 1774.511345] br-wlan0: port 1(wlan0) entered disabled state

Thu Aug  1 20:14:36 2019 kern.info kernel: [ 1774.529707] device wlan0 left promiscuous mode

Thu Aug  1 20:14:36 2019 kern.info kernel: [ 1774.534434] br-wlan0: port 1(wlan0) entered disabled state

Thu Aug  1 20:14:36 2019 daemon.notice netifd: Interface 'wlan0' is disabled

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: reading /tmp/resolv.conf.auto

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain test

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain onion

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain localhost

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain local

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain invalid

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain bind

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain lan

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using nameserver 10.13.10.13#53

Thu Aug  1 20:14:36 2019 kern.info kernel: [ 1774.600950] br-wlan0: port 1(wlan0) entered blocking state

Thu Aug  1 20:14:36 2019 kern.info kernel: [ 1774.606676] br-wlan0: port 1(wlan0) entered disabled state

Thu Aug  1 20:14:36 2019 kern.info kernel: [ 1774.612817] device wlan0 entered promiscuous mode

Thu Aug  1 20:14:36 2019 kern.info kernel: [ 1774.677526] br-wlan0: port 1(wlan0) entered blocking state

Thu Aug  1 20:14:36 2019 kern.info kernel: [ 1774.683296] br-wlan0: port 1(wlan0) entered forwarding state

Thu Aug  1 20:14:36 2019 daemon.notice netifd: Interface 'wlan0' is enabled

Thu Aug  1 20:14:36 2019 daemon.notice netifd: Interface 'wlan0' is setting up now

Thu Aug  1 20:14:36 2019 daemon.notice netifd: Interface 'wlan0' is now up

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: reading /tmp/resolv.conf.auto

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain test

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain onion

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain localhost

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain local

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain invalid

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain bind

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using local addresses only for domain lan

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using nameserver 10.13.10.13#53

Thu Aug  1 20:14:36 2019 daemon.info dnsmasq[3121]: using nameserver 10.13.10.13#53

Thu Aug  1 20:14:37 2019 daemon.notice hostapd: wlan0: interface state ENABLED->DISABLED

Thu Aug  1 20:14:37 2019 daemon.notice hostapd: wlan0: AP-DISABLED

Thu Aug  1 20:14:37 2019 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING

Thu Aug  1 20:14:37 2019 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0

Thu Aug  1 20:14:37 2019 kern.info kernel: [ 1775.142748] device wlan0 left promiscuous mode

Thu Aug  1 20:14:37 2019 kern.info kernel: [ 1775.147543] br-wlan0: port 1(wlan0) entered disabled state

Thu Aug  1 20:14:37 2019 daemon.notice netifd: bridge 'br-wlan0' link is down

Thu Aug  1 20:14:37 2019 daemon.notice netifd: Interface 'wlan0' has link connectivity loss

Thu Aug  1 20:14:37 2019 daemon.notice netifd: Network device 'wlan0' link is down

Thu Aug  1 20:14:37 2019 daemon.notice netifd: Interface 'wlan0' is now down

Thu Aug  1 20:14:37 2019 daemon.notice netifd: Interface 'wlan0' is disabled

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: reading /tmp/resolv.conf.auto

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain test

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain onion

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain localhost

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain local

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain invalid

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain bind

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain lan

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using nameserver 10.13.10.13#53

Thu Aug  1 20:14:37 2019 kern.info kernel: [ 1775.354111] IPv6: ADDRCONF(NETDEV_UP): br-wlan0: link is not ready

Thu Aug  1 20:14:37 2019 daemon.notice netifd: Interface 'wlan0' is enabled

Thu Aug  1 20:14:37 2019 daemon.notice netifd: Interface 'wlan0' is setting up now

Thu Aug  1 20:14:37 2019 daemon.notice netifd: Interface 'wlan0' is now up

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: reading /tmp/resolv.conf.auto

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain test

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain onion

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain localhost

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain local

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain invalid

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain bind

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using local addresses only for domain lan

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using nameserver 10.13.10.13#53

Thu Aug  1 20:14:37 2019 daemon.info dnsmasq[3121]: using nameserver 10.13.10.13#53

Thu Aug  1 20:14:37 2019 user.notice firewall: Reloading firewall due to ifup of wlan0 (br-wlan0)

Thu Aug  1 20:14:38 2019 daemon.info openwisp: Testing configuration...

Thu Aug  1 20:14:38 2019 user.notice firewall: Reloading firewall due to ifup of wlan0 (br-wlan0)

Thu Aug  1 20:14:39 2019 kern.debug kernel: [ 1777.063010] ath: EEPROM regdomain: 0x8168

Thu Aug  1 20:14:39 2019 kern.debug kernel: [ 1777.063022] ath: EEPROM indicates we should expect a country code

Thu Aug  1 20:14:39 2019 kern.debug kernel: [ 1777.063027] ath: doing EEPROM country->regdmn map search

Thu Aug  1 20:14:39 2019 kern.debug kernel: [ 1777.063032] ath: country maps to regdmn code: 0x3

Thu Aug  1 20:14:39 2019 kern.debug kernel: [ 1777.063037] ath: Country alpha2 being used: ID

Thu Aug  1 20:14:39 2019 kern.debug kernel: [ 1777.063040] ath: Regpair used: 0x3

Thu Aug  1 20:14:39 2019 kern.debug kernel: [ 1777.063047] ath: regdomain 0x8168 dynamically updated by user

Thu Aug  1 20:14:39 2019 daemon.info openwisp: Configuration test succeeded

Thu Aug  1 20:14:40 2019 user.notice mac80211: Failed command: iw phy phy0 set antenna all all

Thu Aug  1 20:14:40 2019 daemon.info openwisp: Configuration applied successfully

Thu Aug  1 20:14:41 2019 daemon.err hostapd: Configuration file: /var/run/hostapd-phy0.conf

Thu Aug  1 20:14:41 2019 kern.info kernel: [ 1779.108953] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready

Thu Aug  1 20:14:41 2019 kern.info kernel: [ 1779.142285] br-wlan0: port 1(wlan0) entered blocking state

Thu Aug  1 20:14:41 2019 kern.info kernel: [ 1779.147967] br-wlan0: port 1(wlan0) entered disabled state

Thu Aug  1 20:14:41 2019 kern.info kernel: [ 1779.154134] device wlan0 entered promiscuous mode

Thu Aug  1 20:14:41 2019 daemon.notice hostapd: ctrl_iface exists and seems to be in use - cannot override it

Thu Aug  1 20:14:41 2019 daemon.notice hostapd: Delete '/var/run/hostapd/wlan0' manually if it is not used anymore

Thu Aug  1 20:14:41 2019 daemon.err hostapd: Failed to setup control interface for wlan0

Thu Aug  1 20:14:41 2019 daemon.err hostapd: wlan0: Unable to setup interface.

Thu Aug  1 20:14:41 2019 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->DISABLED

Thu Aug  1 20:14:41 2019 daemon.notice hostapd: wlan0: AP-DISABLED

Thu Aug  1 20:14:41 2019 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING

Thu Aug  1 20:14:41 2019 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started

Thu Aug  1 20:14:41 2019 daemon.notice hostapd: wlan0: AP-DISABLED

Thu Aug  1 20:14:41 2019 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING

Thu Aug  1 20:14:41 2019 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started

Thu Aug  1 20:14:41 2019 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0

Thu Aug  1 20:14:41 2019 kern.info kernel: [ 1779.209644] device wlan0 left promiscuous mode

Thu Aug  1 20:14:41 2019 kern.info kernel: [ 1779.214378] br-wlan0: port 1(wlan0) entered disabled state

Thu Aug  1 20:14:41 2019 daemon.notice netifd: radio0 (4002): WARNING (wireless_add_process): executable path /usr/sbin/wpad does not match process 1306 path ()

Thu Aug  1 20:14:41 2019 daemon.notice netifd: radio0 (4002): Device setup failed: HOSTAPD_START_FAILED

Thu Aug  1 20:14:41 2019 daemon.info dnsmasq[3121]: read /etc/hosts - 4 addresses

Thu Aug  1 20:14:41 2019 daemon.info dnsmasq[3121]: read /tmp/hosts/odhcpd - 0 addresses

Thu Aug  1 20:14:41 2019 daemon.info dnsmasq[3121]: read /tmp/hosts/dhcp.dnsmasq1 - 2 addresses

Thu Aug  1 20:14:41 2019 daemon.info dnsmasq-dhcp[3121]: read /etc/ethers - 0 addresses

Thu Aug  1 20:14:51 2019 user.notice mac80211: Failed command: iw phy phy0 set antenna all all

Thu Aug  1 20:14:52 2019 daemon.err hostapd: Configuration file: /var/run/hostapd-phy0.conf

Thu Aug  1 20:14:52 2019 kern.info kernel: [ 1790.275431] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready

Thu Aug  1 20:14:52 2019 kern.info kernel: [ 1790.286449] br-wlan0: port 1(wlan0) entered blocking state

Thu Aug  1 20:14:52 2019 kern.info kernel: [ 1790.292218] br-wlan0: port 1(wlan0) entered disabled state

Thu Aug  1 20:14:52 2019 kern.info kernel: [ 1790.298326] device wlan0 entered promiscuous mode

Thu Aug  1 20:14:52 2019 daemon.notice hostapd: ctrl_iface exists and seems to be in use - cannot override it

Thu Aug  1 20:14:52 2019 daemon.notice hostapd: Delete '/var/run/hostapd/wlan0' manually if it is not used anymore

Thu Aug  1 20:14:52 2019 daemon.err hostapd: Failed to setup control interface for wlan0

Thu Aug  1 20:14:52 2019 daemon.err hostapd: wlan0: Unable to setup interface.

Thu Aug  1 20:14:52 2019 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->DISABLED

Thu Aug  1 20:14:52 2019 daemon.notice hostapd: wlan0: AP-DISABLED

Thu Aug  1 20:14:52 2019 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING

Thu Aug  1 20:14:52 2019 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started

Thu Aug  1 20:14:52 2019 daemon.notice hostapd: wlan0: AP-DISABLED

Thu Aug  1 20:14:52 2019 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING

Thu Aug  1 20:14:52 2019 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started

Thu Aug  1 20:14:52 2019 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0

Thu Aug  1 20:14:52 2019 kern.info kernel: [ 1790.330428] device wlan0 left promiscuous mode

Thu Aug  1 20:14:52 2019 kern.info kernel: [ 1790.335334] br-wlan0: port 1(wlan0) entered disabled state

Thu Aug  1 20:14:52 2019 daemon.notice netifd: radio0 (4308): WARNING (wireless_add_process): executable path /usr/sbin/wpad does not match process 1306 path ()

Thu Aug  1 20:14:52 2019 daemon.notice netifd: radio0 (4308): Device setup failed: HOSTAPD_START_FAILED

And this is the Configuration output from the NetJSON:

package system

config system 'system'

option hostname 'OpenWRT'

option maintainer 'Ricky Anggro'

package network

config interface 'wlan0'

option auto '1'

option dns '10.13.10.13'

option enabled '1'

option ifname 'wlan0'

option ipaddr '192.168.1.1'

option mtu '1500'

option netmask '255.255.255.0'

option proto 'static'

package wireless

config wifi-device 'radio0'

option channel '11'

option country 'ID'

option disabled '0'

option htmode 'HT20'

option hwmode '11g'

option txpower '10'

option type 'mac80211'

config wifi-iface 'wifi_wlan0'

option device 'radio0'

option disabled '0'

option encryption 'psk2+tkip+ccmp'

option hidden '0'

option ifname 'wlan0'

option isolate '0'

option key '12345678'

option macfilter 'disable'

option mode 'ap'

option network 'wlan0'

option ssid 'Ricky-Wifi'

option wds '0'

option wmm '1'

I'm still new and after watch the tutorial video, and then run the config above. What is wrong from my config? please help me, thank you