FYI: wlan1 is the 5Ghz Radio. I switched for testing purposes to wlan0 (2.4Ghz).
Using the 2.4band makes some difference. Now I get a station-dump, but still no "real" connection e.g. I can't ping the other router. This seems driver related and it looks like its not fixed, even it was closed by @nbd. I am using the latest trunk with MT76 driver:
kmod-mt76-core - 4.9.67+2017-12-08-e5046560-1
kmod-mt7603 - 4.9.67+2017-12-08-e5046560-1
kmod-mt76x2 - 4.9.67+2017-12-08-e5046560-1
Please use wpad-mesh instead of wpad and authsae
What is the difference? The full wpad package should be capable of everything?
Replacing authsae and wpad for wpad-mesh made a difference. Now I'm connecting encrypted on the 2.4Ghz band (MT7603 to MT7628). On the 5Ghz still no joy (MT7612 to MT7612).
I did read somewhere that authsae was outdated (2014) and I did try wpad-mesh, but in combination with authsae still installed...oops.
I will try ath9k to ath9k later, maybe that still needs the nohwcrypt=1 flag during module loading??
802.11s with encryption on the atk9k (without the need to put any flags like in the past), works.
I didn't notice a significant performance hit on the atk9k chipset, so I'm really happy to have an encrypted mesh now. Thanks for pointing me to wpad-mesh (@nbd)
Since I didn't get the 5Ghz MT7612 to work yet I only have one ath10k device I couldn't test that.
@drbrains -- super exciting that more people are interested in setting up mesh and most importantly got it working. 
If you don't have time to create a proper wiki page, can you post sanitized changes made to relevant config files (network, wifi, firewall) here in this thread?
@drbrains Im interested in your configs too, since wds doenst work stable and encrypted mesh doesnt work at all for me
Basically my config is a few posts up. Combine that with replacing Wpad-mini with Wpad-mesh and making sure no other authsae is installed.
I am not sure what ābreaksā if one would replace the full Wpad with Wpad-mesh. I will test later, cause I never tried Wpad (full) without authsae which possibly might have broken the setup in the first place.
All my mesh-points are sort of ādumb-APā, so dhcp disabled and I bridged directly to ālanā as you could see, so no firewall modification or network modifications required. Only exception being my āmainā router to hand out IP via dhcp (standard setup).
Anything special about setting the network.lan.ipaddr on the mesh-points? Does it have to be random? Does it matter what it set to?
I have all my APās or other managed devices inside my lan subnet (Static) for easy use (home setup). So definitely not random otherwise I would never know how to access a single AP.
So itās like you would do if you had wired APās. Only difference replacing the cable with the mesh (simplistic I know)
and @nbd
Replacing full wpad and authsae with only wpad-mesh didnt work. Without authsae i even get my logs spammed with: hostapd: handle_probe_req: send failed
Have you done a full reset or simply uninstalled old and installed the new package?
Iām using some old 4/32 hardware to mix into the mesh. For those I needed to recompile and flash because of memory limitations; on higher end devices I removed and installed without a full reflash.
Both ways worked fine for me. For sure I did Not select the authsae package to rebuild the image, eveything seems to be in the Wpad-mesh package. Iām not home right now, I can do some testing later during the day. Iām assuming if āopkg list-installedā only shows the Wpad-mesh package (and whatever else you need/installed) then its fine. As a side note I did use the āforce-reinstall and āforce-overwrite when replacing the packages on a running system. After that I did a ā/etc/unit.d/network restartā. That might be overkill and just āWifi stopā wait āWifi startā should work.
Sadly, with wpad-mesh installed my radio1 doesn't start even if the mesh is the only interface set up on it:
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'mesh'
option mesh_id 'mesh'
Any suggestions?
@stangri, no suggestions at the moment. Initially I thought it wouldnt work since you left out " option encryption 'none' ". You could have missed that copying into your post, so I tried without on my own setup. This showed some other interesting facts.
@nbd: even if I put " encycryption 'authsae' " the generated file for wpa_supplicant (/var/run/wpa_supplicant-wlan1.conf) will not have the encryption set. I could simply connect from an "Open" meshpoint (without any encryption) to my "Closed" meshpoint.
network={
ssid="RichieMeshUp"
key_mgmt=NONE
mode=5
fixed_freq=1
frequency=5745
ht40=1
vht=1
max_oper_chwidth=0
beacon_int=100
}
@drbrains -- thanks for your prompt reply. Do you have any other interfaces on the same radio as the mesh interface? Are any other packages besides wpad-mesh required?
No other interfaces on the same radio. Only wpad-mesh installed, but I noticed the authsae is not really happening (so the OOTB wpad-mini should even work, none encrypted). Waiting for a reply from @nbd on how to fix that. Sofar as long as the wifi-driver itself allows 802.11s, I seem to be able to mix different chipsets (Atheros and Mediatek).
I didn't try to Wireshark the unencrypted packages yet. I don't know how easy it is to "sniff" the mesh_id. cause it seems as soon as you have the correct mesh_id, you could just join the mesh and get full access which could be a major security issue.
The files are regenerated on a network restart. So one of the scripts is not (not correctly) parsing the encryption into the wpa_supplicant conf.
Iām not that familiar yet, with which script does what, but the answer should be there.
Switched to a different (more stable) router and 17.01.4. With wpad-mesh installed, the hostapd config file doesn't include the interface of the mesh network. @nbd -- does mesh interface have to be the only interface on the radio?
It doesnāt have to be the only interface. Iām using a mesh and AP on the same (only) radio on my old TP-Link WR740v4
with /etc/wireless/config set
option encryption 'psk2/aes'
my /var/run/wpa_supplicant-wlan1.conf has "key_mgmt=SAE" set correct but wireless does not work. (ath9k wzr-hp g300nh)
My Phone does not see the network
https://wiki.openwrt.org/doc/howto/mesh.80211s
edit: using wpad-mesh without authsae or wpad