Hi there!
I discovered your truly fantastic project through Ninux. I’m creating a mesh network here
in Milano, Italia, with my project openspace. We are trying to build something truly
scalable that could one day work all over the city. We started out with the excellent
Commotion, and have moved onto a MetaMesh-like setup with pure openwrt and manual
configurations for a lack of pre-compiled images of Commotion.
I’ve now discovered your project which seems to be a dream come true, which is
Commotion-like ease of creation and deployment, but with much wider compatibility. If I
manage to embrace and understand this new world outside of olsr and if we can get a few
details figured out I really think this could be the definitive way to go, at least for
the time being.
You can check out the details of our current MetaMesh-like configuration here should you
be curious:
https://openspacex.github.io/openNET.io [temporary address]. It basically adds
on top of MetaMesh to try and reach Commotion’s configuration flexibility, like WPA2 on AP
and MESH levels, olsrd-secure, and other nifty little details. The writing of this howto
is a work in progress, but we should be finished in about a week.
All of this is the result of over a year of work on our part, thank to all of the amazing
projects like yours out there. While approaching your project as a total newbie that has
only worked with Commotion and MetaMesh, is there anything in the large scale that works
so fundamentally differently in libremesh from how our previous setup works, that we
should be considering before starting out?
If we start using LiMe to our network, we’d like to introduce WPA2 encryption on the AP
and MESH wireless networks. And is it possible to separate the 2.4ghz and 5ghz MESH
wireless networks SSIDs? Also, do you authenticate nodes on the network, like olsrd-secure
does? If so, how? Is it possible to change the ssh port of the various nodes
[security-by-obscurity self-alert]?
To better explain, we’re always trying to figure out how to make the infrastructure solid
and resilient, and how to protect traffic and authenticate devices with more advanced
crypto than simple symmetric keys [like the very WPA2 on mesh level and olsrd-secure
passphrase that I’m inquiring about] that will leak in a matter of days after we start
using them, so we’re the first to recognise the weakness of these protections, but they
could be considered better than nothing perhaps? Do you have any other ideas?
At the risk of going off-topic, may I ask what your approach to security matters like this
is? In terms of traffic security, device authentication, and network-wide resistance to
“attacks”? What are the weak spots of the protocols you’re using here, in the event of
someone actually trying to take down a part of the network? I ask because I know that with
olsr for instance it’s enough to set an already-in-use static IP to a device to break the
meshing in a serious way, like in traditional networks. How are things here instead? A
friend of mine was thinking of using a blockchain to authenticate the various routers
entering the network, towards the dream of a network that can’t be stopped by anyone or
anything, exactly like bitcoin.
Anyway, back to us. How can I specify these extra details in the config file? I’m
obviously happy to dig through documentation, but I have found nothing specific enough for
my understanding. I’ve been able to change some parameters in chef under
/etc/config/lime-defaults, but not all. I might be completely misunderstanding some
fundamental details here, please excuse my ignorance.
Thank you so much in advance and super-kudos for your amazing work in any event!
Nicolas