Thanks for resharing Nicolas, the original never
did find my mailbox.
We tried configuring this setup but hit a wall because we don't have
windows machines. Is there no easy way to take the configuration
files Streisand spits out and upload them directly to the hex?
Alternatively, we're not sure what which settings to copy over from
that file and put into the hex.
On 02/15/2017 02:27 AM, Nicolas North wrote:
Hi Marvin
I’m sorry but I’m having some serious spam issues since i’ve
migrated my mailserver.
Here is the mail i had sent you. Hope you receive it!
––––––––––––––––
Hi Marvin
Sorry for the late reply.
We’re using Hexes as vpn-only devices, with the following setup:
||| ISP Router ||| <=> ||| Hex VPN Router ||| <=> ||| LiMe Router |||
|
wifi adhoc
|
[other LiMe routers]
This is the guide we’ve been following
[
https://matthewmcclatchey.com/using-private-internet-accesss-vpn-with-mikro…],
with the exception of the fact that our vpn is lt2p+ipsec, and that
we’ve had to set max mtu and max mru values to 1280 for some reason
as packets were getting fragmented with our setup.
If you connect a cable from the ISP’s router’s lan to the Hex’s wan,
and another cable from the Hex’s lan to the LiMe router’s wan,
you’ll have all of your internet-bound traffic from inside your mesh
network sandboxed inside the VPN with no exceptions. The hex has
some kind of "persistent tunnel” enabled by default, so drops the
connection if the vpn breaks for some reason, even though it never
has unless we actually rebooted the remote vpn server for testing
purposes.
I suggest giving the Hex an address like 172.16.0.1 to avoid
conflicts with other more common subnets. We set all our ISP routers
to 192.168.0.1 and LiMe uses 10.13.0.1 etc… so we’re good to go.
Also, as a bonus, we try to pair all LiMe routers with an openwrt
“simple AP” router, that takes care of the AP level and lets the
LiMe router handle only the adhoc meshing level, for maximum
wireless efficiency.
We give APs static addresses of 10.13.64.1, 2, 3, and so on. They
must all be different. Try and stay out of the DHCP range which
starts at 100 I think. This last part [the AP addressing] is all
trial and error and experimental so it might be wrong, but for us it
works. We still need to figure out how to scale addressing for APs
so we’re open to suggestions. While we’re at it:
*TLDR question: what static IPv4 address to give a simple AP
connected to the lan of a LiMe router? Is 10.13.64.1 - 10.13.64.99 a
good range? How do we scale beyond that since every AP in the entire
network must have a different IP?*
Let me know how this works for you. To those answering the question:
thank you in advance.
Nicolas
From: Marvin Arnold <marvin(a)unplugged.im> <mailto:marvin@unplugged.im>
Reply: Marvin Arnold <marvin(a)unplugged.im> <mailto:marvin@unplugged.im>
Date: 14 February 2017 at 02:19:38
To: pau(a)dabax.net <pau(a)dabax.net> <mailto:pau@dabax.net>, nk(a)os.vu
<nk(a)os.vu> <mailto:nk@os.vu>
Subject: Re: [lime-users] VPN
> Hi Pau, Nicolas,
>
> Maybe I'm losing my head, but I can't find the original email from
> Nicolas being quoted. It looks like it may be the additional VPN setup
> tips we are looking for. I've checked my spam and don't see any hidden
> messages...
>
>
> On 02/13/2017 06:43 PM, Ilario wrote:
> > Hi Nicolas!
> > I think I missed some of your emails in Gmail's spam folder...
> > Answer inline:
> >
> > 2017-02-13 1:51 GMT+01:00 Nicolas North <nk(a)os.vu>vu>:
> >> Also, as a bonus, we try to
> >> pair all LiMe routers with an openwrt “simple AP” router, that
> takes care of
> >> the AP level and lets the LiMe router handle only the adhoc
> meshing level,
> >> for maximum wireless efficiency.
> > That's really wise :)
> >
> >> We give APs static addresses of 10.13.64.1, 2, 3, and so on.
> They must all
> >> be different. Try and stay out of the DHCP range which starts at
> 100 I
> >> think.
> > A very interesting question. There's no option for DHCP range in
> > /etc/config/lime* files (and this is ok).
> > But I supposed that the range was defined in /etc/config/dhcp, which
> > on LibreMesh is identical than on OpenWrt/LEDE and contains:
> > # cat /etc/config/dhcp
> > [...]
> > config dhcp 'lan'
> > option interface 'lan'
> > option start '100'
> > option limit '150'
> > option leasetime '1h'
> >
> > But trying to ask for a DHCP lease I received an IPv4 out of the
> > 10.x.x.100-250 range, looking around I found that the DHCP range for
> > anygw is hardcoded:
> >
>
https://github.com/libremesh/lime-packages/commit/3a6596d50b3c0446b988f84d3…
> > resulting in the whole subnet... No good. @devs?
> >
> > Anyway, do you need static IP addresses at the AP routers? You could
> > also let them take the IP from LiMe (and LiMe would take care of
> > avoiding collisions).
> >
> > Additionally, if you let LiMe routers to autoassign their own IPv4,
> > they will span over the whole subnet, unless you specify a smaller
> > "subnet" (not a real subnet, just a range) for auto-assignment, as
> > explained in /etc/config/lime-example in the comment on the
> > main_ipv4_address option:
> >
>
https://github.com/libremesh/lime-packages/blob/2ce5ffa96de5b0b5abb507076b0…
> >
> > For example:
> > # cat /etc/config/lime
> > config lime 'network'
> > option main_ipv4_address '10.13.128.0/16/17'
> >
> > will limit the autoassignment of IPv4 to the second half of the
> > broadcast domain.
> > Bye!
> > Ilario
> > _______________________________________________
> > lime-users mailing list
> > lime-users(a)lists.libremesh.org
> >
https://lists.libremesh.org/mailman/listinfo/lime-users
_______________________________________________
lime-users mailing list
lime-users(a)lists.libremesh.org