Ages ago, i was setting up 802.11r the complicated way using all the r0kh and r1kh lists across all access points, which worked well but was a little pita to setup. After creating a little helper, i just discovered that recent OpenWRT builds can cope with the option ft_psk_generate_local to dynamically create the RADIUS keys and stuff. Even with Luci support, just enable 802.11r Fast Transition and Generate PMK locally, set a Mobility Domain (same across all AP’s per SSID) and a NAS ID (unique, i’d still prefer the BSSID w/o the colons) and it works out of the box. Read more

The blog post from casept was almost working for me, except for one little thing to mention in section You’ll also need to set the client up on your server uci add_list network.@wireguard_wg0[-1].allowed_ips="0.0.0.0/0" (obviously) is replacing the existing default route, which renders internet unusable ;) As we’re routing the clients traffic anyway, we can just allow the single host address like uci add_list network.@wireguard_wg0[-1].allowed_ips="192.168.199.2/32" (192.168.199.0/24 as WireGuards subnet in this example). Read more