WRT Router Series Wireless Client Bridge Mode with OpenWRT

Jump to navigation Jump to search

The purpose of this information is to configure an OpenWRT based router to function in a manner similar to a DD-WRT Router with a wireless interface configured in "Client Bridge" mode.

In DD-WRT, this is very simple: Select "Client Bridge" under the wireless settings tab. In OpenWRT it isn't as easy.

Important Note

Per the documentation here, it states (paraphrased): If the wireless adapter is in "Client" mode, it will not function as a bridge to devices plugged into the wired LAN ports. This is because most wireless LAN drivers do not support this functionality (IE, it isn't OpenWRT's fault, but a limitation of the hardware drivers).

Origins of this Article

There are two articles the information here is based on (plus actual experience and experimentation)

* These are not derogatory criticisms of the noted articles, just a blunt summary of how they are presented. Without their information as a foundation, neither this article, nor the tested configuration of an actual router could have been done. So thank you to them for the effort on writing the original articles.

A Simpler and more Direct "How to..."

Without going through the complex and non-intuitive UCI commands and / or complex GUI steps to achieve the same results, the solution here will be presented in the form of configuration files.


It is assumed the reader has a general knowledge of networking (IP Addresses, Wireless, etc.) and OpenWRT

To save confusion and focus on clarity of this specific subject, it is assumed the router being configured has a fresh installation of OpenWRT (19.07.05 or higher) installed and the following items are configured as described;

  • The default wireless configuration has been deleted
  • The WAN interface of the router has been disabled and is configured to not start at boot time.


opkg update

opkg install relayd luci-proto-relay

Configuration Files


config wifi-device 'radio0'

config wifi-iface 'wifinet0'
	option ssid 'WhatEverSSID'
	option device 'radio0'
	option mode 'sta'
	option key 'WhatEverKey'
	option encryption 'psk-mixed' OR 'WhatEverOtherEncryption'
	option network 'wwan'


WhatEverExistingWorkingSettings, "plus the following added or modified items";

config interface 'wwan'
	option ipaddr 'WhatEverIPAddress'
	option netmask 'WhatEverSubnetMask'
	option gateway 'WhatEverGateway'
	option broadcast 'WhatEverBroadcastIP'
	list dns 'WhatEverDNSServer'
	option proto 'static'

config interface 'ClientBridge'
	option proto 'relay'
	list network 'lan'
	list network 'wwan'
	option ipaddr 'SameIPAddressAsWWAN'

config interface 'lan'
	option ipaddr 'AnIPAddressOnTheSameSubnetAsWWAN'


config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan wwan ClientBridge'

The above settings for /etc/config/firewall can be viewed or configured in the LuCI GUI via Network, Interfaces, "LAN" Interface, Edit Button, Firewall Settings Tab, Create / Assign firewall-zone DropDown (not Network, Firewall).

* Anything that starts with "WhatEver" in the above example should include appropriate settings. See the next sections for some examples to clarify things.


For the above configuration files;

  • /etc/config/wireless
    • WhatEverSSID: MyWirelessNetwork (This is the name of the wireless network the Client Bridge Router should connect to, similar to how a laptop computer would)
    • WhatEverKey: MyWirelessNetworkKey
  • /etc/config/network
    • WhatEverIPAddress: (This is the IP Address by which the Client Bridge Router can be accessed for administration and configuration purposes)
    • WhatEverSubnetMask:
    • WhatEverGateway: (This is not the IP Address of the Client Bridge Router, but a router connected to the internet.)
    • WhatEverBroadcastIP:
    • WhatEverDNSServer: (usually the same as the router connected to the internet)
    • SameIPAddressAsWWAN: (This IP Address is assigned to the "RelayD" service
    • AnIPAddressOnTheSameSubnetAsWWAN: (This is a key setting to make it so the router is available via a wired network connection if something fails on the wireless. And yes, contrary to all of the examples on other sites, it can be in the same subnet as the wireless.)
  • /etc/config/firewall
    • lan: This is the default name of the Local Area Network zone for firewall settings
    • wwan: This is the default name of the wireless network zone for firewall settings
    • ClientBridge: This is an arbitrary name that can be set to almost anything (as long as it is under the 15 or so character limit that OpenWRT imposes)

Other Notes

DHCP can be used instead of assigning static IP Addresses, as in the above example. But it is far easier to assign static IPs.

WDS (Wireless Distribution System) can be used as an alternative for this method. But the down side is both the Access Point and Client Routers have to be configured. Using the method described here, nothing special has to be configured on the router providing Access Point service.

Double Check Settings

Double check all of the above settings as any errors may make the router inaccessible. This would require resetting the router to default settings and starting over. Resetting isn't a big deal if this is a 'virgin' router being set up for the sole purpose of being a Client Bridge.

Final Question

In the end, there are some questions that don't appear to have any answers;

  • Why is there a "Client" mode for a wireless adapter if it doesn't accomplish anything other than connecting a router as a client to an access point? IE, if it doesn't act as a wireless adapter for a wired network device, what's the point of "Client" mode?
  • Wouldn't it be better to have a group of packages (opkg install "Wireless Client Mode Package" relayd luci-proto-relay) included as a single package to enable this functionality?