I discovered your truly fantastic project through Ninux. I’m creating a mesh network here in Milano, Italia, with my project openspace. We are trying to build something truly scalable that could one day work all over the city. We started out with the excellent Commotion, and have moved onto a MetaMesh-like setup with pure openwrt and manual configurations for a lack of pre-compiled images of Commotion.

I’ve now discovered your project which seems to be a dream come true, which is Commotion-like ease of creation and deployment, but with much wider compatibility. If I manage to embrace and understand this new world outside of olsr and if we can get a few details figured out I really think this could be the definitive way to go, at least for the time being.

You can check out the details of our current MetaMesh-like configuration here should you be curious: https://openspacex.github.io/openNET.io [temporary address]. It basically adds on top of MetaMesh to try and reach Commotion’s configuration flexibility, like WPA2 on AP and MESH levels, olsrd-secure, and other nifty little details. The writing of this howto is a work in progress, but we should be finished in about a week.

All of this is the result of over a year of work on our part, thank to all of the amazing projects like yours out there. While approaching your project as a total newbie that has only worked with Commotion and MetaMesh, is there anything in the large scale that works so fundamentally differently in libremesh from how our previous setup works, that we should be considering before starting out?

If we start using LiMe to our network, we’d like to introduce WPA2 encryption on the AP and MESH wireless networks. And is it possible to separate the 2.4ghz and 5ghz MESH wireless networks SSIDs? Also, do you authenticate nodes on the network, like olsrd-secure does? If so, how? Is it possible to change the ssh port of the various nodes [security-by-obscurity self-alert]?

To better explain, we’re always trying to figure out how to make the infrastructure solid and resilient, and how to protect traffic and authenticate devices with more advanced crypto than simple symmetric keys [like the very WPA2 on mesh level and olsrd-secure passphrase that I’m inquiring about] that will leak in a matter of days after we start using them, so we’re the first to recognise the weakness of these protections, but they could be considered better than nothing perhaps? Do you have any other ideas?

At the risk of going off-topic, may I ask what your approach to security matters like this is? In terms of traffic security, device authentication, and network-wide resistance to “attacks”? What are the weak spots of the protocols you’re using here, in the event of someone actually trying to take down a part of the network? I ask because I know that with olsr for instance it’s enough to set an already-in-use static IP to a device to break the meshing in a serious way, like in traditional networks. How are things here instead? A friend of mine was thinking of using a blockchain to authenticate the various routers entering the network, towards the dream of a network that can’t be stopped by anyone or anything, exactly like bitcoin.

Anyway, back to us. How can I specify these extra details in the config file? I’m obviously happy to dig through documentation, but I have found nothing specific enough for my understanding. I’ve been able to change some parameters in chef under /etc/config/lime-defaults, but not all. I might be completely misunderstanding some fundamental details here, please excuse my ignorance.