We're going to write on the web a list of tested routers, just for
helping the visitors to have an idea of the supported/recommended
routers without copying and pasting the whole list provided by
OpenWrt/LEDE.
The discussion on this is here:
https://github.com/libremesh/lime-web/pull/14
Please answer with the routers you tried with LibreMesh.
I played with:
TP-Link WDR3600
TP-Link WR1043ND-v1
Ubiquiti NanoBridge M5
Ubiquiti NanoStation M5 XM
Ubiquiti NanoStation LoCo M2
Hi there!
I discovered your truly fantastic project through Ninux. I’m creating a mesh network here in Milano, Italia, with my project openspace. We are trying to build something truly scalable that could one day work all over the city. We started out with the excellent Commotion, and have moved onto a MetaMesh-like setup with pure openwrt and manual configurations for a lack of pre-compiled images of Commotion.
I’ve now discovered your project which seems to be a dream come true, which is Commotion-like ease of creation and deployment, but with much wider compatibility. If I manage to embrace and understand this new world outside of olsr and if we can get a few details figured out I really think this could be the definitive way to go, at least for the time being.
You can check out the details of our current MetaMesh-like configuration here should you be curious: https://openspacex.github.io/openNET.io [temporary address]. It basically adds on top of MetaMesh to try and reach Commotion’s configuration flexibility, like WPA2 on AP and MESH levels, olsrd-secure, and other nifty little details. The writing of this howto is a work in progress, but we should be finished in about a week.
All of this is the result of over a year of work on our part, thank to all of the amazing projects like yours out there. While approaching your project as a total newbie that has only worked with Commotion and MetaMesh, is there anything in the large scale that works so fundamentally differently in libremesh from how our previous setup works, that we should be considering before starting out?
If we start using LiMe to our network, we’d like to introduce WPA2 encryption on the AP and MESH wireless networks. And is it possible to separate the 2.4ghz and 5ghz MESH wireless networks SSIDs? Also, do you authenticate nodes on the network, like olsrd-secure does? If so, how? Is it possible to change the ssh port of the various nodes [security-by-obscurity self-alert]?
To better explain, we’re always trying to figure out how to make the infrastructure solid and resilient, and how to protect traffic and authenticate devices with more advanced crypto than simple symmetric keys [like the very WPA2 on mesh level and olsrd-secure passphrase that I’m inquiring about] that will leak in a matter of days after we start using them, so we’re the first to recognise the weakness of these protections, but they could be considered better than nothing perhaps? Do you have any other ideas?
At the risk of going off-topic, may I ask what your approach to security matters like this is? In terms of traffic security, device authentication, and network-wide resistance to “attacks”? What are the weak spots of the protocols you’re using here, in the event of someone actually trying to take down a part of the network? I ask because I know that with olsr for instance it’s enough to set an already-in-use static IP to a device to break the meshing in a serious way, like in traditional networks. How are things here instead? A friend of mine was thinking of using a blockchain to authenticate the various routers entering the network, towards the dream of a network that can’t be stopped by anyone or anything, exactly like bitcoin.
Anyway, back to us. How can I specify these extra details in the config file? I’m obviously happy to dig through documentation, but I have found nothing specific enough for my understanding. I’ve been able to change some parameters in chef under /etc/config/lime-defaults, but not all. I might be completely misunderstanding some fundamental details here, please excuse my ignorance.
Thank you so much in advance and super-kudos for your amazing work in any event!
Nicolas
Hi Marvin
I've done a lot of tests with VPNs for the standard setup of the mesh network we're building here in Milano, Italia, and I've found that usually routers are rather terrible at handling VPNs with reasonable speeds, openvpn being the slowest [10mbps up and down] and l2tp+ipsec being faster [15 to 20mbps], at the expense of being less secure. Also, I've gotten to the conclusion that doing the VPN routing in the same device as the one doing the meshing makes it rather difficult to diagnose issues over time and to pinpoint the bottleneck for slow overall speeds.
I know this is not the answer you were looking for, but our definitive setup involves setting up getting a microtik hex router that you can buy for about 60 to 80€ and running l2tp+ipsec to a Streisand instance [a fully self installing VPN and anonymity server]. We've been getting stable 120/120mbps speeds.
This setup also makes it very simple to understand what device is doing what, and how the routing is done on the large scale from the ISPs router, to the VPN router, to the meshing router, to the AP router, and so on [this is our setup].
I don't know how to solve your problem directly, but I thought I'd share my experience with you. Sorry for going slightly off topic.
Hope you can get your setup working nicely however you decide to do it!
Nicolas
________________________________
From: Marvin Arnold <marvin(a)unplugged.im>
Sent: Jan 31, 2017 06:34
To: lime-users(a)lists.libremesh.org
Subject: [lime-users] VPN
>
> I would like to finally make my internet at home available to my
> neighbors over lime. I called my ISP and they made it pretty clear they
> would take action against me if one of the users accessed illicit
> content. So I'm thinking about routing all web traffic through a VPN. Is
> this the most sensible thing to do?
>
> Assuming it is, I already setup the VPN server and now I'm trying to
> connect my lime router as a client.
>
> http://wiki.openwrt.org/inbox/vpn.howto
>
> https://www.robertkehoe.com/2015/08/setup-openvpn-using-openwrt/
>
> But as far as I can tell, opkg is not installed on the router. What's
> the best way to install it or install the openvpn client without it?
>
>
> _______________________________________________
> lime-users mailing list
> lime-users(a)lists.libremesh.org
> https://lists.libremesh.org/mailman/listinfo/lime-users
I would like to finally make my internet at home available to my
neighbors over lime. I called my ISP and they made it pretty clear they
would take action against me if one of the users accessed illicit
content. So I'm thinking about routing all web traffic through a VPN. Is
this the most sensible thing to do?
Assuming it is, I already setup the VPN server and now I'm trying to
connect my lime router as a client.
http://wiki.openwrt.org/inbox/vpn.howtohttps://www.robertkehoe.com/2015/08/setup-openvpn-using-openwrt/
But as far as I can tell, opkg is not installed on the router. What's
the best way to install it or install the openvpn client without it?
---------- Forwarded message ----------
From: Andreas Bräu <ab(a)andi95.de>
Date: 2017-01-31 9:04 GMT+01:00
Subject: [Battlemesh] Ideas page for GSoC 2017
To: battlemesh(a)ml.ninux.org
Hi there,
it’s great we got so many ideas so far for this year! Thank you all
for your support!
On some ideas I saw they had possible mentors, but no contact details
like mail. Contact details are necessary, so students can get in touch
to create and refine their proposals.
Can you please add your contacts to the ideas or to the more general
project description? You could also create a site for your wiki user
and add information there.
Thank you
Andi
—
Andreas Bräu
XMPP: andibraeu(a)jabber.weimarnetz.de
Twitter: @evAltenberga
Blog: https://blog.andi95.de
PGP: 0xB7E04818
_______________________________________________
Battlemesh mailing list
Battlemesh(a)ml.ninux.org
http://ml.ninux.org/mailman/listinfo/battlemesh
There's a group currently testing in Brasil how does LibreMesh run on
these ath9k+ath10k routers.
ath9k = 2.4ghz
ath10k = 5ghz
Extra packets needed so far:
kmod-ath10k
ath10k-firmware-qca988x
Progress so far: adhoc doesn't seem to work (virtual interface is not
created) on the ath10k interface. The 2.4ghz interface works correctly
(it's ath9k)
Currently trying ieee80211s mode on ath10k.
Will report any news
If anyone has already tested this hardware or has any tips, much welcome :)
cheers!
Hi Everyone,
I'm the new mantainer of Libremesh's Chef tool:
http://chef.altermundi.net/
I'm hunting down issues, so if you had any issue in the past with this
tool it would be awesome to have it reported.
You can do it by filling an issue report on Github here:
https://github.com/libremesh/alterchef/issues/new
Or you can send an email to this list or directly to me at:
nico+chef(a)libre.ws
Hope knowing about your issues/feature requests soon!
hello meshlings
this is more of a networking question than libremesh, but maybe someone can
help.
i want to access a router through ssh. this would be no problem if it were
connected directly to the internet on a wan port - dropbear is listening
for right ports.
the problem is that the router is behind another router - so instead of a
public ip address, it has a subnet address, like this:
internet
<->
isp router (which i don't have access to)
<->
lime router (wan port gets a subnet ip like 192.168.1.7)
if I have the public ip address of the isp router, and the local address
that the lime router got assigned, is there any way I can make some ssh
tunneling to reach the lime router? any ideas?
thanks
--
bruno(a)pobox.com ▀─█▄██▄▀▄
http://brunovianna.net ─█▄██▄▀█▀█▄
skype: randomico▀─█▄██▄▀█▀█▄▌██─█▌█▌
Hi!
Please read the forwarded email if you don't know what a GSoC is.
Everybody can participate as mentor (rewarded 500$) and anyone in a
university (from undergraduate to PhD) can participate as student
(should be rewarded 5k$).
The deadline for proposing ideas (find link below) is the end of this week.
We can propose ideas on implementation of lime-proto-client, support
for WPA in AP-client setup, multi-ap + WPA + QOS for prioritizing node
owner's traffic, improvement of LiMe-LUCI web interface (very
important), make easy the setup of captive portal with nodogsplash...
---------- Forwarded message ----------
From: Andreas Bräu <ab(a)andi95.de>
Date: 2017-01-15 20:56 GMT+01:00
Subject: Re: [Battlemesh] Google Summer of Code 2017 is coming
To: battlemesh(a)ml.ninux.org
Hi,
please keep in mind to add your ideas as soon as possible, not later
than by the end of the week to our wiki: https://wiki.freifunk.net/Ideas
Then the appication period will start.
Best regards,
Andi
Am 01.01.2017 um 16:49 schrieb Andreas Bräu:
> Hi there,
>
> I wish you a happy new year! New year, new GSoC! :)
>
> We're planning to apply again as organisation for GSoC 2017. As last
> year we want to be an umbrella organisation for wireless communities.
> More information on GSoC you can find at
> https://en.wikipedia.org/wiki/Google_Summer_of_Code
>
> Google announced the new program in October. The period to apply as
> organisation will start on January 19 and will close on February 9:
> https://developers.google.com/open-source/gsoc/timeline
>
> As every year we need your ideas for possible projects. These ideas are
> one of the most important parts of our application. They are also source
> for students to develop their project proposals. Please add your ideas
> to our wiki page at https://wiki.freifunk.net/Ideas Our ideas from last
> year I copied to https://wiki.freifunk.net/Ideas_GSoC_2016
>
> We're also looking for people helping us in administration. If you're
> interested in supporting us, send us a message.
>
> Please spread this to your communities, so we can get a great
> collections of ideas! If you know of other wireless communities, please
> inform them, too.
>
> Best regards,
>
> Andi
>
> _______________________________________________
> Battlemesh mailing list
> Battlemesh(a)ml.ninux.org
> http://ml.ninux.org/mailman/listinfo/battlemesh
Hi people,
Just wanted to report an issue on chef.
I was teaching some folks on how to use chef.altermundi.net
We created a new firmware, and when we asked chef to cook a new
version, the cook finished but the download firmware button has not
appeared.
I did a cook of an existing firmware, and it went ok, so it may be an
issue of permissions in the server.
Regards,
