Hello, i'm hopeful that someone can help me figure this out.
I have 2 antennas connect to a MikroTik hAP ac lite. Every thing works as I would expect here.
With the hAP, it is configured with Radio1) Wifi for clients to connect, Radio2) Wifi client to access home LAN.
I want to use any device on my LAN to access mesh and have done the following:
1) Add a static route to my home LAN router, 10.0.0.0, 255.0.0.0, gateway set to home LAN IP of Radio2 home LAN IP.
2) Added DNS entry of the hAP device, I have tried both home LAN and mesh IP.
3) Modified DNS servers on hAP device to point to dns server on home LAN
Problem: DNS is unresponsive. Using nslookup, the request times out when directly querying either IP address of the hAP from a pc on my home LAN. Connections to the hAP device by ip address are functional from the home LAN, http, ssh etc.
Note: DNS is functional from when connected to Radio1 resolving devices on the home LAN.
If someone is able to point me in the right direction, I would be very grateful.
I have attempted adding additional rules to /etc/config.mesh/firewall but did not have any impact. DNS continues to be unresponsive when attempting to resolve mesh hosts from my home LAN.
Thank you in advance,
Nick N7UF
"With the hAP, it is configured with (2 GHz) Radio1) Wifi Access Point for clients to connect, (5 GHz) Radio2) Wifi client to access home LAN.
I want to use any device on my (hAP's) LAN to access mesh"
Hi, Nick:
This might work for you.
73, Chuck
Nick N7UF
Devices on the LAN of a router can search DNS toward the internet.
Devices on the WAN of the hAP, your home LAN, are not supposed to see devices or services or domain names
on 'the other side' of a router.
Please, why are you not seeking DNS queries in the 'normal' direction?
3s, Chuck
---->> 1) Add a static route to my home LAN router, 10.0.0.0, 255.0.0.0, gateway set to home LAN IP of Radio2 home LAN IP.
Your HOME network is 10.x.x.x and the MESH is also 10.x.x.x
My home LAN is 192.168.1.0. The static route was added to my home LAN to route traffic to the mesh network using the hAP's 192.168.1.0 network address as the gateway. Accessing mesh via direct IP works! Its only DNS that I can't seem to get working.
Please see attached screenshot, the operations are taking place from a machine on my home LAN. 192.168.1.211 is the IP the hAP device.
Move any such home device to the LAN of the hAP.
The DNS on the hAP will resolve hosts on your local AREDN LAN.
The DNS on your home router will resolve hosts on your home LAN.
The DNS on your ISP will resolve hosts on the internet.
Chuck
It is my expectation that when using the wifi client configuration, this would connection would be a LAN connection and allow queries to DNS to resolve mesh hosts. Reality, timeout occurs and DNS is unresponsive.
Is there a reason for this limitation?
It is the purpose and function of a router to to what it does.
When something does what it is supposed to do, it cannot be a limitation.
Originally:
"I want to use any device on my LAN to access mesh..."
Then put the device on the same LAN of a 'mesh' device or accessible via that 'mesh' device's WAN.
Do not put it in the LAN of a 'mesh' device whose WAN is on your LAN.
73, Chuck
I am not connected the way most people are - but it works. In my case, I am NOT using a consumer type router, but rather a more commercial router - Mikrotik RB4011. I have a cable from a LAN port on my hAP by way of a couple managed switches to a VLAN port on the router (the switches tag the hAP LAN traffic as VLAN 5). That port of the router is set up as a DHCP client, so it gets a DHCP address from the hAP. Therefore, the router has a direct presence on the AREDN mesh. In the router, I have a manual route set for 10.0.0.0/8 to use the IP of the hAP as the gateway, and there is a static DNS entry in the router to point to the hAP for anything local.mesh. Lastly, there are firewall rules so that only certain home network devices can get to the hAP.
For those that speak RouterOS, here is a serious extract of applicable config settings in the router. I may have missed something, and I intentionally deleted a bunch of stuff that would only confuse the issue (for example, there are several AREDN connections to different devices).
/interface vlan
add comment="AREDN hAP-at-Home LAN" interface=E05-pA10_802.1Q name=VLAN_005 \
vlan-id=5
/interface list
add name="AREDN LAN"
/interface list member
add interface=VLAN_005 list="AREDN LAN"
/ip dhcp-client
add add-default-route=no disabled=no interface=VLAN_005 use-peer-ntp=no
set allow-remote-requests=yes servers=8.8.8.8,4.2.2.1
/ip dns static
add address=10.9.60.81 name=local.mesh
/ip firewall filter
add action=accept chain=forward comment=\
"Allow privileged PCs access to AREDN mesh LANs" in-interface-list=LAN \
out-interface-list="AREDN LAN" src-address-list=Privileged
add action=accept chain=forward comment=\
"Allow all AREDN LANs access to NTP server UDP port 123." dst-address=\
192.168.123.123 dst-port=123 in-interface-list="AREDN LAN" protocol=udp
/ip route
add comment="AREDN hAP-at-Home" distance=1 dst-address=10.0.0.0/8 gateway=\
10.9.60.81
/ip route rule
add action=lookup-only-in-table dst-address=10.0.0.0/8 interface=E02-pB4_101 \
table=main
add action=lookup-only-in-table dst-address=10.0.0.0/8 interface=E06-pA2_201 \
table=main