Hi again Marvin

I’ve finally been able to do the howto screencast! Here is the link: https://www.youtube.com/watch?v=faGi4mFvcqo [still processing as of right now]

It’s my first screencast ever so I hope it makes sense ;]

I’ll also make a shorter version for faster setup in the next few days.

Let me know if you’re able to get everything up and running.


Nk


From: Marvin Arnold <marvin@geeky.rocks>
Reply: libremesh users <lime-users@lists.libremesh.org>
Date: 24 marzo 2017 at 00:54:20
To: libremesh users <lime-users@lists.libremesh.org>
Subject:  Re: [lime-users] VPN

Hey Nicolas, ever make any progress on this? I've been dormant but ready to start back up, given a little instruction.


On 03/08/2017 04:52 AM, Nk wrote:
Hi Marvin

Sorry for the late reply

I think we’ve solved our spam issues so I hope this mail reaches you correctly now.

I have actually just purchased two new hex routers for our network and I’ll set them up tonight or tomorrow night. I’ll document the process as I’m doing it and send you a link to it.

Hope we’re still in time ;]

On 22 Feb 2017, 04:36 +0100, Marvin Arnold <marvin@unplugged.im>, wrote:

We have successfully setup the hex to connect to our streisand. But my IP address is still the local one and not the VPN. How do we route the traffic correctly? It didn't automagically work by just plugging it up like you said.


On 02/17/2017 10:07 AM, Leonardo Taborda wrote:
thanks Nicolas. Now it is more clear.
El 17/02/17 a las 04:14, nk@os.vu escribió:
Hi Leonardo

This is to protect those who share their Internet connection with the mesh network from being responsible for other people's traffic. Streisand is amazing and the VPSs available on arubacloud.com only cost 1€ a month, the lowest price we have ever found, with the benefit of being close to us [they're located in Arezzo and we're in Milano] for very low latency and they have of course an IP recognized as Italian in all of the geoIP databases, so that users don't notice any difference when navigating to websites like Google that trace your ip location and adapt the language of their website.

Im getting speeds between 100 and 120mbps down with l2tp+ipsec on my Hex and that makes for a very good amount of bandwidth to be shared with the network.


Nicolas

Sent from Nine
________________________________
From: Leonardo Taborda <leonardotaborda@networkbogota.org>
Sent: Feb 16, 2017 23:46
To: lime-users@lists.libremesh.org
Subject: Re: [lime-users] VPN

Hello Nicolas and Marvin

This is really interesting, I had no idea about streisand. If you guys   
are setting up this in a mesh network, is it for browsing safely or   
taking advantage of the ease of setting up vpns?

El 16/02/17 a las 10:00, Nicolas North escribió:
Hi again!

I’m glad you received it this time and are testing it out.

I definitely have no windows machines either ;]

And actually you don’t need any configuration files for streisand.   
Once you’ve set up your instance just navigate to your server’s web   
address and log in with the provided credentials. Then when you see   
this screen:


Select L2TP/IPsec. Then on the next screen press linux, and copy the   
credentials you find there in the Hex admin page’s configuration in   
the appropriate fields.

That will get you up and running in no time. Remember to select max   
MTU and RMU to 1280 if you’re getting fragmented packets [I for   
instance could not access http://speedtest.net before I corrected   
these values, exactly because of packet fragmentation].

Let me know if you need any further help!


Nicolas


From: Marvin Arnold <marvin@unplugged.im> <mailto:marvin@unplugged.im>
Reply: libremesh users <lime-users@lists.libremesh.org>   
<mailto:lime-users@lists.libremesh.org>
Date: 16 February 2017 at 15:49:26
To: lime-users@lists.libremesh.org <lime-users@lists.libremesh.org>   
<mailto:lime-users@lists.libremesh.org>
Subject: Re: [lime-users] VPN

Thanks for resharing Nicolas, the original never did find my mailbox.

We tried configuring this setup but hit a wall because we don't have   
windows machines. Is there no easy way to take the configuration   
files Streisand spits out and upload them directly to the hex?   
Alternatively, we're not sure what which settings to copy over from   
that file and put into the hex.


On 02/15/2017 02:27 AM, Nicolas North wrote:
Hi Marvin

I’m sorry but I’m having some serious spam issues since i’ve   
migrated my mailserver.

Here is the mail i had sent you. Hope you receive it!

––––––––––––––––

Hi Marvin

Sorry for the late reply.

We’re using Hexes as vpn-only devices, with the following setup:

||| ISP Router ||| <=> ||| Hex VPN Router ||| <=> ||| LiMe Router |||
 |
   wifi adhoc
 |
  [other LiMe routers]

This is the guide we’ve been following   
[https://matthewmcclatchey.com/using-private-internet-accesss-vpn-with-mikrotiks-routeros-via-pptp/],   
with the exception of the fact that our vpn is lt2p+ipsec, and that   
we’ve had to set max mtu and max mru values to 1280 for some reason   
as packets were getting fragmented with our setup.

If you connect a cable from the ISP’s router’s lan to the Hex’s wan,   
and another cable from the Hex’s lan to the LiMe router’s wan,   
you’ll have all of your internet-bound traffic from inside your mesh   
network sandboxed inside the VPN with no exceptions. The hex has   
some kind of "persistent tunnel” enabled by default, so drops the   
connection if the vpn breaks for some reason, even though it never   
has unless we actually rebooted the remote vpn server for testing   
purposes.

I suggest giving the Hex an address like 172.16.0.1 to avoid   
conflicts with other more common subnets. We set all our ISP routers   
to 192.168.0.1 and LiMe uses 10.13.0.1 etc… so we’re good to go.   
Also, as a bonus, we try to pair all LiMe routers with an openwrt   
“simple AP” router, that takes care of the AP level and lets the   
LiMe router handle only the adhoc meshing level, for maximum   
wireless efficiency.

We give APs static addresses of 10.13.64.1, 2, 3, and so on. They   
must all be different. Try and stay out of the DHCP range which   
starts at 100 I think. This last part [the AP addressing] is all   
trial and error and experimental so it might be wrong, but for us it   
works. We still need to figure out how to scale addressing for APs   
so we’re open to suggestions. While we’re at it:

*TLDR question: what static IPv4 address to give a simple AP   
connected to the lan of a LiMe router? Is 10.13.64.1 - 10.13.64.99 a   
good range? How do we scale beyond that since every AP in the entire   
network must have a different IP?*

Let me know how this works for you. To those answering the question:   
thank you in advance.


Nicolas



From: Marvin Arnold <marvin@unplugged.im> <mailto:marvin@unplugged.im>
Reply: Marvin Arnold <marvin@unplugged.im> <mailto:marvin@unplugged.im>
Date: 14 February 2017 at 02:19:38
To: pau@dabax.net <pau@dabax.net> <mailto:pau@dabax.net>, nk@os.vu   
<nk@os.vu> <mailto:nk@os.vu>
Subject: Re: [lime-users] VPN

Hi Pau, Nicolas,

Maybe I'm losing my head, but I can't find the original email from
Nicolas being quoted. It looks like it may be the additional VPN setup
tips we are looking for. I've checked my spam and don't see any hidden
messages...


On 02/13/2017 06:43 PM, Ilario wrote:
Hi Nicolas!
I think I missed some of your emails in Gmail's spam folder...
Answer inline:

2017-02-13 1:51 GMT+01:00 Nicolas North <nk@os.vu>:
Also, as a bonus, we try to
pair all LiMe routers with an openwrt “simple AP” router, that   
takes care of
the AP level and lets the LiMe router handle only the adhoc   
meshing level,
for maximum wireless efficiency.
That's really wise :)

We give APs static addresses of 10.13.64.1, 2, 3, and so on.   
They must all
be different. Try and stay out of the DHCP range which starts at   
100 I
think.
A very interesting question. There's no option for DHCP range in
/etc/config/lime* files (and this is ok).
But I supposed that the range was defined in /etc/config/dhcp, which
on LibreMesh is identical than on OpenWrt/LEDE and contains:
# cat /etc/config/dhcp
[...]
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '1h'

But trying to ask for a DHCP lease I received an IPv4 out of the
10.x.x.100-250 range, looking around I found that the DHCP range for
anygw is hardcoded:

https://github.com/libremesh/lime-packages/commit/3a6596d50b3c0446b988f84d32b73a46ec67702a#diff-c0a61b337dea9c132127ea22e7f7ea83R50
resulting in the whole subnet... No good. @devs?

Anyway, do you need static IP addresses at the AP routers? You could
also let them take the IP from LiMe (and LiMe would take care of
avoiding collisions).

Additionally, if you let LiMe routers to autoassign their own IPv4,
they will span over the whole subnet, unless you specify a smaller
"subnet" (not a real subnet, just a range) for auto-assignment, as
explained in /etc/config/lime-example in the comment on the
main_ipv4_address option:

https://github.com/libremesh/lime-packages/blob/2ce5ffa96de5b0b5abb507076b0736cf23e2817c/packages/lime-system/files/etc/config/lime.example#L25
For example:
# cat /etc/config/lime
config lime 'network'
option main_ipv4_address '10.13.128.0/16/17'

will limit the autoassignment of IPv4 to the second half of the
broadcast domain.
Bye!
Ilario
_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users
_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users
_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users
--   
Cordialmente

Leonardo Taborda Ángel
leonardotaborda@networkbogota.org
www.networkbogota.org

"When there is a will, there is a way"




_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users

--   
Cordialmente

Leonardo Taborda Ángel
leonardotaborda@networkbogota.org
www.networkbogota.org

"When there is a will, there is a way"


_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users

_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users


_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users

_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users