Recently I wanted to improve the WiFi coverage in my house. My trusted Linksys EA6350 v3 wasn’t able to cover to full square footage, so I got a second router to fill in the wireless gap - the TP-Link Archer C7 AC1750 v5. Unfortunately, there was no easy way to connect the two routers with an ethernet cable, so I opted for a 802.11s mesh setup in order to connect them wirelessly. I flashed both routers with OpenWRT 23.05, and the setup procedure turned out to be very simple.
My only requirement was that both access points serve the same SSID with the same password so that my devices can automatically connect to the AP that’s broadcasting the strongest signal. Fast roaming with DAWN was something I was looking into as well, but in my case, it wasn’t necessary after all. I found that my devices are seamlessly connecting between the APs without any noticeable packet loss.
Prerequisites
In order to configure encrypted 802.11s mesh, OpenWRT requires the correct wpad version installed. So, step one (on both routers) is to remove the default wpad package via LuCI web interface or via CLI:
opkg update
opkg remove wpad-mini
opkg remove wpad-basic
opkg remove wpad-basic-wolfssl
opkg remove wpad-basic-openssl
opkg remove wpad-basic-mbedtls
With the default package out of the way, you can install wpad package that supports encryption. I opted for wpad-openssl. If your router has limited free space, you might want to consider a stripped-down version, such as wpad-mesh-openssl.
opkg install wpad-openssl
I will spare you the details, but after a good couple of hours of troubleshooting why my routers didn’t want to establish the mesh connection, I learned that default firmware for TP-Link Archer C7 AC1750 v5 was to blame. So, if you own this particular router, make sure that you uninstall the ath10k-firmware-qca988x-ct package (alternative ath10k firmware for QCA988X from Candela Technologies), and install the “non-ct” version.
opkg remove ath10k-firmware-qca988x-ct
opkg install ath10k-firmware-qca988x
Setup
With all prerequisites in place, we can finally configure the mesh. Using the LuCI web interface, on both routers navigate to Network > Wireless, and add a new network on your preferred radio interface. In my case, that was the one supporting 802.11ac/n standards.
On the “general setup” tab, select 802.11s mode, enter the desired Mesh ID, and select your network (in most cases, it’ll be LAN). On “Wireless Security” tab, make sure to select WPA3-SAE encryption and to set a long passphrase.
Remember, both access points should have identical configurations, so double-check that operating frequency (Mode and Channel), Mesh ID, and encryption settings are configured the same on both routers.
Once you configure the mesh point and enable the network interface (all under Network > Wireless page), give a minute to both routers to establish a mesh. You will know when it’s up once it shows up in the “Associated Stations” overview (again, on the same “Wireless” page in LuCI).
With 802.11s mesh up and running, you can configure identical wireless networks on both routers (i.e. with the same SSID, encryption type, and password). Provided that both routers are in the same network segment (e.g. 192.168.1.0/24), clients connected to either AP will be able to communicate with each other.
A few notes
There should only be one DHCP server in your network. I usually leave DHCP server running on the “primary” router, which connects to WAN. The secondary router, which in this case acts like a WiFi extender, has DHCP server (for both IPv4 and IPv6) disabled.