---------- Forwarded message ----------
From: Monic Meisel <monic(a)monic.de>
Date: 2017-02-23 16:34 GMT+01:00
Subject: [Battlemesh] WCW - Call for participation
To: Battle of the Mesh Mailing List <battlemesh(a)ml.ninux.org>,
Deutschlandweite Liste für WLAN Neuigkeiten <wlannews(a)freifunk.net>
Cc: mitglieder(a)foerderverein.freie-netzwerke.de
Dear community activists and friends,
The WirelessCommunityWeekend will follow the 13 years of tradition
also in 2017 and take place in the c-base space station in Berlin.
>From the 26th to the 28th of May the Freifunk community will meet with
their guests to create an unconference and hackathon.
How to WCW
> Add your nick/name and meal prefences to participants page
https://wiki.freifunk.net/Wireless_Community_Weekend_2017/Participants
> Add your session and timeslot to
https://wiki.freifunk.net/Wireless_Community_Weekend_2017/Timetable
> Looking for accommodation or for offering a couch, use
https://wiki.freifunk.net/Wireless_Community_Weekend_2017/Accomodation
> Invite people that may be interested or you find interesting to meet
> Use #ffwcw as hashtag on twitter to spread the event
> Forward this mail also to other channels, groups
> Add your endorsement here
https://wiki.freifunk.net/Wireless_Community_Weekend_2017/Endorsements
> Land around 12:00 at the space station
> There is free coffee but no free beer* :p
> Do only smoke outside the building
> Get an eco, fair-trade Freifunk Hoodie or Tee close to the cost price
> Donate food specialties** or EUR for the endless BBQ on site
> Have fun and make new friends :))
The first program points are already there and some more ideas ... so
we are looking forward to your contribution and meeting you in Berlin!
<3 Monic
*Of course you can buy some, if there is a bar-bot
** Please tell upfront, since we need to calculate the meals
_______________________________________________
Battlemesh mailing list
Battlemesh(a)ml.ninux.org
http://ml.ninux.org/mailman/listinfo/battlemesh
Hi there!
I discovered your truly fantastic project through Ninux. I’m creating a mesh network here in Milano, Italia, with my project openspace. We are trying to build something truly scalable that could one day work all over the city. We started out with the excellent Commotion, and have moved onto a MetaMesh-like setup with pure openwrt and manual configurations for a lack of pre-compiled images of Commotion.
I’ve now discovered your project which seems to be a dream come true, which is Commotion-like ease of creation and deployment, but with much wider compatibility. If I manage to embrace and understand this new world outside of olsr and if we can get a few details figured out I really think this could be the definitive way to go, at least for the time being.
You can check out the details of our current MetaMesh-like configuration here should you be curious: https://openspacex.github.io/openNET.io [temporary address]. It basically adds on top of MetaMesh to try and reach Commotion’s configuration flexibility, like WPA2 on AP and MESH levels, olsrd-secure, and other nifty little details. The writing of this howto is a work in progress, but we should be finished in about a week.
All of this is the result of over a year of work on our part, thank to all of the amazing projects like yours out there. While approaching your project as a total newbie that has only worked with Commotion and MetaMesh, is there anything in the large scale that works so fundamentally differently in libremesh from how our previous setup works, that we should be considering before starting out?
If we start using LiMe to our network, we’d like to introduce WPA2 encryption on the AP and MESH wireless networks. And is it possible to separate the 2.4ghz and 5ghz MESH wireless networks SSIDs? Also, do you authenticate nodes on the network, like olsrd-secure does? If so, how? Is it possible to change the ssh port of the various nodes [security-by-obscurity self-alert]?
To better explain, we’re always trying to figure out how to make the infrastructure solid and resilient, and how to protect traffic and authenticate devices with more advanced crypto than simple symmetric keys [like the very WPA2 on mesh level and olsrd-secure passphrase that I’m inquiring about] that will leak in a matter of days after we start using them, so we’re the first to recognise the weakness of these protections, but they could be considered better than nothing perhaps? Do you have any other ideas?
At the risk of going off-topic, may I ask what your approach to security matters like this is? In terms of traffic security, device authentication, and network-wide resistance to “attacks”? What are the weak spots of the protocols you’re using here, in the event of someone actually trying to take down a part of the network? I ask because I know that with olsr for instance it’s enough to set an already-in-use static IP to a device to break the meshing in a serious way, like in traditional networks. How are things here instead? A friend of mine was thinking of using a blockchain to authenticate the various routers entering the network, towards the dream of a network that can’t be stopped by anyone or anything, exactly like bitcoin.
Anyway, back to us. How can I specify these extra details in the config file? I’m obviously happy to dig through documentation, but I have found nothing specific enough for my understanding. I’ve been able to change some parameters in chef under /etc/config/lime-defaults, but not all. I might be completely misunderstanding some fundamental details here, please excuse my ignorance.
Thank you so much in advance and super-kudos for your amazing work in any event!
Nicolas
Thanks for resharing Nicolas, the original never did find my mailbox.
We tried configuring this setup but hit a wall because we don't have
windows machines. Is there no easy way to take the configuration files
Streisand spits out and upload them directly to the hex? Alternatively,
we're not sure what which settings to copy over from that file and put
into the hex.
On 02/15/2017 02:27 AM, Nicolas North wrote:
> Hi Marvin
>
> I’m sorry but I’m having some serious spam issues since i’ve migrated
> my mailserver.
>
> Here is the mail i had sent you. Hope you receive it!
>
> ––––––––––––––––
>
> Hi Marvin
>
> Sorry for the late reply.
>
> We’re using Hexes as vpn-only devices, with the following setup:
>
> ||| ISP Router ||| <=> ||| Hex VPN Router ||| <=> ||| LiMe Router |||
> |
> wifi adhoc
> |
> [other LiMe routers]
>
> This is the guide we’ve been following
> [https://matthewmcclatchey.com/using-private-internet-accesss-vpn-with-mikro…],
> with the exception of the fact that our vpn is lt2p+ipsec, and that
> we’ve had to set max mtu and max mru values to 1280 for some reason as
> packets were getting fragmented with our setup.
>
> If you connect a cable from the ISP’s router’s lan to the Hex’s wan,
> and another cable from the Hex’s lan to the LiMe router’s wan, you’ll
> have all of your internet-bound traffic from inside your mesh network
> sandboxed inside the VPN with no exceptions. The hex has some kind of
> "persistent tunnel” enabled by default, so drops the connection if the
> vpn breaks for some reason, even though it never has unless we
> actually rebooted the remote vpn server for testing purposes.
>
> I suggest giving the Hex an address like 172.16.0.1 to avoid conflicts
> with other more common subnets. We set all our ISP routers to
> 192.168.0.1 and LiMe uses 10.13.0.1 etc… so we’re good to go. Also, as
> a bonus, we try to pair all LiMe routers with an openwrt “simple AP”
> router, that takes care of the AP level and lets the LiMe router
> handle only the adhoc meshing level, for maximum wireless efficiency.
>
> We give APs static addresses of 10.13.64.1, 2, 3, and so on. They must
> all be different. Try and stay out of the DHCP range which starts at
> 100 I think. This last part [the AP addressing] is all trial and error
> and experimental so it might be wrong, but for us it works. We still
> need to figure out how to scale addressing for APs so we’re open to
> suggestions. While we’re at it:
>
> *TLDR question: what static IPv4 address to give a simple AP connected
> to the lan of a LiMe router? Is 10.13.64.1 - 10.13.64.99 a good range?
> How do we scale beyond that since every AP in the entire network must
> have a different IP?*
>
> Let me know how this works for you. To those answering the question:
> thank you in advance.
>
>
> Nicolas
>
>
>
> From: Marvin Arnold <marvin(a)unplugged.im> <mailto:marvin@unplugged.im>
> Reply: Marvin Arnold <marvin(a)unplugged.im> <mailto:marvin@unplugged.im>
> Date: 14 February 2017 at 02:19:38
> To: pau(a)dabax.net <pau(a)dabax.net> <mailto:pau@dabax.net>, nk(a)os.vu
> <nk(a)os.vu> <mailto:nk@os.vu>
> Subject: Re: [lime-users] VPN
>
>> Hi Pau, Nicolas,
>>
>> Maybe I'm losing my head, but I can't find the original email from
>> Nicolas being quoted. It looks like it may be the additional VPN setup
>> tips we are looking for. I've checked my spam and don't see any hidden
>> messages...
>>
>>
>> On 02/13/2017 06:43 PM, Ilario wrote:
>> > Hi Nicolas!
>> > I think I missed some of your emails in Gmail's spam folder...
>> > Answer inline:
>> >
>> > 2017-02-13 1:51 GMT+01:00 Nicolas North <nk(a)os.vu>:
>> >> Also, as a bonus, we try to
>> >> pair all LiMe routers with an openwrt “simple AP” router, that
>> takes care of
>> >> the AP level and lets the LiMe router handle only the adhoc
>> meshing level,
>> >> for maximum wireless efficiency.
>> > That's really wise :)
>> >
>> >> We give APs static addresses of 10.13.64.1, 2, 3, and so on. They
>> must all
>> >> be different. Try and stay out of the DHCP range which starts at
>> 100 I
>> >> think.
>> > A very interesting question. There's no option for DHCP range in
>> > /etc/config/lime* files (and this is ok).
>> > But I supposed that the range was defined in /etc/config/dhcp, which
>> > on LibreMesh is identical than on OpenWrt/LEDE and contains:
>> > # cat /etc/config/dhcp
>> > [...]
>> > config dhcp 'lan'
>> > option interface 'lan'
>> > option start '100'
>> > option limit '150'
>> > option leasetime '1h'
>> >
>> > But trying to ask for a DHCP lease I received an IPv4 out of the
>> > 10.x.x.100-250 range, looking around I found that the DHCP range for
>> > anygw is hardcoded:
>> >
>> https://github.com/libremesh/lime-packages/commit/3a6596d50b3c0446b988f84d3…
>> > resulting in the whole subnet... No good. @devs?
>> >
>> > Anyway, do you need static IP addresses at the AP routers? You could
>> > also let them take the IP from LiMe (and LiMe would take care of
>> > avoiding collisions).
>> >
>> > Additionally, if you let LiMe routers to autoassign their own IPv4,
>> > they will span over the whole subnet, unless you specify a smaller
>> > "subnet" (not a real subnet, just a range) for auto-assignment, as
>> > explained in /etc/config/lime-example in the comment on the
>> > main_ipv4_address option:
>> >
>> https://github.com/libremesh/lime-packages/blob/2ce5ffa96de5b0b5abb507076b0…
>> >
>> > For example:
>> > # cat /etc/config/lime
>> > config lime 'network'
>> > option main_ipv4_address '10.13.128.0/16/17'
>> >
>> > will limit the autoassignment of IPv4 to the second half of the
>> > broadcast domain.
>> > Bye!
>> > Ilario
>> > _______________________________________________
>> > lime-users mailing list
>> > lime-users(a)lists.libremesh.org
>> > https://lists.libremesh.org/mailman/listinfo/lime-users
Hi Marvin
I've done a lot of tests with VPNs for the standard setup of the mesh network we're building here in Milano, Italia, and I've found that usually routers are rather terrible at handling VPNs with reasonable speeds, openvpn being the slowest [10mbps up and down] and l2tp+ipsec being faster [15 to 20mbps], at the expense of being less secure. Also, I've gotten to the conclusion that doing the VPN routing in the same device as the one doing the meshing makes it rather difficult to diagnose issues over time and to pinpoint the bottleneck for slow overall speeds.
I know this is not the answer you were looking for, but our definitive setup involves setting up getting a microtik hex router that you can buy for about 60 to 80€ and running l2tp+ipsec to a Streisand instance [a fully self installing VPN and anonymity server]. We've been getting stable 120/120mbps speeds.
This setup also makes it very simple to understand what device is doing what, and how the routing is done on the large scale from the ISPs router, to the VPN router, to the meshing router, to the AP router, and so on [this is our setup].
I don't know how to solve your problem directly, but I thought I'd share my experience with you. Sorry for going slightly off topic.
Hope you can get your setup working nicely however you decide to do it!
Nicolas
________________________________
From: Marvin Arnold <marvin(a)unplugged.im>
Sent: Jan 31, 2017 06:34
To: lime-users(a)lists.libremesh.org
Subject: [lime-users] VPN
>
> I would like to finally make my internet at home available to my
> neighbors over lime. I called my ISP and they made it pretty clear they
> would take action against me if one of the users accessed illicit
> content. So I'm thinking about routing all web traffic through a VPN. Is
> this the most sensible thing to do?
>
> Assuming it is, I already setup the VPN server and now I'm trying to
> connect my lime router as a client.
>
> http://wiki.openwrt.org/inbox/vpn.howto
>
> https://www.robertkehoe.com/2015/08/setup-openvpn-using-openwrt/
>
> But as far as I can tell, opkg is not installed on the router. What's
> the best way to install it or install the openvpn client without it?
>
>
> _______________________________________________
> lime-users mailing list
> lime-users(a)lists.libremesh.org
> https://lists.libremesh.org/mailman/listinfo/lime-users
Hi all.
I’m testing out a profile based on standard LiMe 1607 with no customizations on some TL-1043NDv3s, Ubiquiti Rocket M2s, and Bullet M2s [all 2.4 devices for quick reference for those of you who might not know them] , and I can’t seem to figure out why latency is so high and speed is so low.
I have a 1043ND with LiMe hooked up to a 200/30 fiber connection. If I connect to its wifi network with my computer I get 150/30 speed every time with 1ms ping to the ISP router. If I connect via ethernet to any other device meshing with it I only get between 7 and 20 down and up and ping to ISP router ranging from 3 to 200ms with an average of about 40. What am I doing wrong here?
All devices are brand new and working perfectly. They all have the profile based on standard LiMe 1607. Two 1043NDs establish 130mbps up/down between each other in adhoc wireless as seen from the wifi panel on luci, but I can’t seem to get any more than 7 to 20 mbps of actual internet speed on speedtest.net.
What’s even stranger is that the first time with the two 1043NDs I got 60 down and 30 up, and immediately thought this was a very big level up from olsr, which only gave me 25/25 [although every single time and very consistently]. But just a few minutes later, speeds started dropping, that very first time. They went slightly up after reboot, but down again just a few minutes later. I’ve refreshed every device since then with the same firmware, I can’t seem to figure this out. Speeds go down to 3mbps sometimes.
My computer is running nothing, and continuous side by side tests with the wifi network created by the TL1043 hooked up to wan confirm the problem is happening somewhere in the meshing. Ubiquiti devices seem to establish 60mbps wireless links between each other in the adhoc wireless network, but then only deliver actual internet speeds around 15 down and 10 up.
I’ve seen a maxrate of 54000bps in the bmx interface settings, but I doubt that has anything to do with this, right? What’s the bottleneck here? Is it the processing power of these devices? A configuration issue? It can’t be interference here in my area as, once again, I’m getting perfect speeds on those same channels connecting directly to the 1043ND hooked up to wan. The ethernet cable is known to work to full speed if connected to the ISP router. Even using another 1043ND as the “wanned” router doesn’t help.
Please help me figure this out. Thank you so much in advance!
Nicolas
I would like to finally make my internet at home available to my
neighbors over lime. I called my ISP and they made it pretty clear they
would take action against me if one of the users accessed illicit
content. So I'm thinking about routing all web traffic through a VPN. Is
this the most sensible thing to do?
Assuming it is, I already setup the VPN server and now I'm trying to
connect my lime router as a client.
http://wiki.openwrt.org/inbox/vpn.howtohttps://www.robertkehoe.com/2015/08/setup-openvpn-using-openwrt/
But as far as I can tell, opkg is not installed on the router. What's
the best way to install it or install the openvpn client without it?
---------- Forwarded message ----------
From: Andreas Bräu <ab(a)andi95.de>
Date: 2017-01-31 9:04 GMT+01:00
Subject: [Battlemesh] Ideas page for GSoC 2017
To: battlemesh(a)ml.ninux.org
Hi there,
it’s great we got so many ideas so far for this year! Thank you all
for your support!
On some ideas I saw they had possible mentors, but no contact details
like mail. Contact details are necessary, so students can get in touch
to create and refine their proposals.
Can you please add your contacts to the ideas or to the more general
project description? You could also create a site for your wiki user
and add information there.
Thank you
Andi
—
Andreas Bräu
XMPP: andibraeu(a)jabber.weimarnetz.de
Twitter: @evAltenberga
Blog: https://blog.andi95.de
PGP: 0xB7E04818
_______________________________________________
Battlemesh mailing list
Battlemesh(a)ml.ninux.org
http://ml.ninux.org/mailman/listinfo/battlemesh
There's a group currently testing in Brasil how does LibreMesh run on
these ath9k+ath10k routers.
ath9k = 2.4ghz
ath10k = 5ghz
Extra packets needed so far:
kmod-ath10k
ath10k-firmware-qca988x
Progress so far: adhoc doesn't seem to work (virtual interface is not
created) on the ath10k interface. The 2.4ghz interface works correctly
(it's ath9k)
Currently trying ieee80211s mode on ath10k.
Will report any news
If anyone has already tested this hardware or has any tips, much welcome :)
cheers!
Hi Everyone,
I'm the new mantainer of Libremesh's Chef tool:
http://chef.altermundi.net/
I'm hunting down issues, so if you had any issue in the past with this
tool it would be awesome to have it reported.
You can do it by filling an issue report on Github here:
https://github.com/libremesh/alterchef/issues/new
Or you can send an email to this list or directly to me at:
nico+chef(a)libre.ws
Hope knowing about your issues/feature requests soon!
hello meshlings
this is more of a networking question than libremesh, but maybe someone can
help.
i want to access a router through ssh. this would be no problem if it were
connected directly to the internet on a wan port - dropbear is listening
for right ports.
the problem is that the router is behind another router - so instead of a
public ip address, it has a subnet address, like this:
internet
<->
isp router (which i don't have access to)
<->
lime router (wan port gets a subnet ip like 192.168.1.7)
if I have the public ip address of the isp router, and the local address
that the lime router got assigned, is there any way I can make some ssh
tunneling to reach the lime router? any ideas?
thanks
--
bruno(a)pobox.com ▀─█▄██▄▀▄
http://brunovianna.net ─█▄██▄▀█▀█▄
skype: randomico▀─█▄██▄▀█▀█▄▌██─█▌█▌
