Hi Leonardo This is to protect those who share their Internet connection with the mesh network from being responsible for other people's traffic. Streisand is amazing and the VPSs available on arubacloud.com only cost 1€ a month, the lowest price we have ever found, with the benefit of being close to us [they're located in Arezzo and we're in Milano] for very low latency and they have of course an IP recognized as Italian in all of the geoIP databases, so that users don't notice any difference when navigating to websites like Google that trace your ip location and adapt the language of their website. Im getting speeds between 100 and 120mbps down with l2tp+ipsec on my Hex and that makes for a very good amount of bandwidth to be shared with the network. Nicolas Sent from Nine ________________________________ From: Leonardo Taborda &lt;leonardotaborda(a)networkbogota.org&gt; Sent: Feb 16, 2017 23:46 To: lime-users(a)lists.libremesh.org Subject: Re: [lime-users] VPN > Hello Nicolas and Marvin > > This is really interesting, I had no idea about streisand. If you guys > are setting up this in a mesh network, is it for browsing safely or > taking advantage of the ease of setting up vpns? > > El 16/02/17 a las 10:00, Nicolas North escribió: >> Hi again! >> >> I’m glad you received it this time and are testing it out. >> >> I definitely have no windows machines either ;] >> >> And actually you don’t need any configuration files for streisand. >> Once you’ve set up your instance just navigate to your server’s web >> address and log in with the provided credentials. Then when you see >> this screen: >> >> >> Select L2TP/IPsec. Then on the next screen press linux, and copy the >> credentials you find there in the Hex admin page’s configuration in >> the appropriate fields. >> >> That will get you up and running in no time. Remember to select max >> MTU and RMU to 1280 if you’re getting fragmented packets [I for >> instance could not access http://speedtest.net before I corrected >> these values, exactly because of packet fragmentation]. >> >> Let me know if you need any further help! >> >> >> Nicolas >> >> >> From: Marvin Arnold &lt;marvin(a)unplugged.im&gt; <mailto:marvin@unplugged.im> >> Reply: libremesh users &lt;lime-users(a)lists.libremesh.org&gt; >> <mailto:lime-users@lists.libremesh.org> >> Date: 16 February 2017 at 15:49:26 >> To: lime-users(a)lists.libremesh.org &lt;lime-users(a)lists.libremesh.org&gt; >> <mailto:lime-users@lists.libremesh.org> >> Subject: Re: [lime-users] VPN >> >>> Thanks for resharing Nicolas, the original never did find my mailbox. >>> >>> We tried configuring this setup but hit a wall because we don't have >>> windows machines. Is there no easy way to take the configuration >>> files Streisand spits out and upload them directly to the hex? >>> Alternatively, we're not sure what which settings to copy over from >>> that file and put into the hex. >>> >>> >>> On 02/15/2017 02:27 AM, Nicolas North wrote: >>>> Hi Marvin >>>> >>>> I’m sorry but I’m having some serious spam issues since i’ve >>>> migrated my mailserver. >>>> >>>> Here is the mail i had sent you. Hope you receive it! >>>> >>>> –––––––––––––––– >>>> >>>> Hi Marvin >>>> >>>> Sorry for the late reply. >>>> >>>> We’re using Hexes as vpn-only devices, with the following setup: >>>> >>>> ||| ISP Router ||| <=> ||| Hex VPN Router ||| <=> ||| LiMe Router ||| >>>> | >>>> wifi adhoc >>>> | >>>> [other LiMe routers] >>>> >>>> This is the guide we’ve been following >>>> [https://matthewmcclatchey.com/using-private-internet-accesss-vpn-with-mikro…], >>>> with the exception of the fact that our vpn is lt2p+ipsec, and that >>>> we’ve had to set max mtu and max mru values to 1280 for some reason >>>> as packets were getting fragmented with our setup. >>>> >>>> If you connect a cable from the ISP’s router’s lan to the Hex’s wan, >>>> and another cable from the Hex’s lan to the LiMe router’s wan, >>>> you’ll have all of your internet-bound traffic from inside your mesh >>>> network sandboxed inside the VPN with no exceptions. The hex has >>>> some kind of "persistent tunnel” enabled by default, so drops the >>>> connection if the vpn breaks for some reason, even though it never >>>> has unless we actually rebooted the remote vpn server for testing >>>> purposes. >>>> >>>> I suggest giving the Hex an address like 172.16.0.1 to avoid >>>> conflicts with other more common subnets. We set all our ISP routers >>>> to 192.168.0.1 and LiMe uses 10.13.0.1 etc… so we’re good to go. >>>> Also, as a bonus, we try to pair all LiMe routers with an openwrt >>>> “simple AP” router, that takes care of the AP level and lets the >>>> LiMe router handle only the adhoc meshing level, for maximum >>>> wireless efficiency. >>>> >>>> We give APs static addresses of 10.13.64.1, 2, 3, and so on. They >>>> must all be different. Try and stay out of the DHCP range which >>>> starts at 100 I think. This last part [the AP addressing] is all >>>> trial and error and experimental so it might be wrong, but for us it >>>> works. We still need to figure out how to scale addressing for APs >>>> so we’re open to suggestions. While we’re at it: >>>> >>>> *TLDR question: what static IPv4 address to give a simple AP >>>> connected to the lan of a LiMe router? Is 10.13.64.1 - 10.13.64.99 a >>>> good range? How do we scale beyond that since every AP in the entire >>>> network must have a different IP?* >>>> >>>> Let me know how this works for you. To those answering the question: >>>> thank you in advance. >>>> >>>> >>>> Nicolas >>>> >>>> >>>> >>>> From: Marvin Arnold &lt;marvin(a)unplugged.im&gt; <mailto:marvin@unplugged.im> >>>> Reply: Marvin Arnold &lt;marvin(a)unplugged.im&gt; <mailto:marvin@unplugged.im> >>>> Date: 14 February 2017 at 02:19:38 >>>> To: pau(a)dabax.net &lt;pau(a)dabax.net&gt; <mailto:pau@dabax.net>, nk(a)os.vu >>>> &lt;nk(a)os.vu&gt; <mailto:nk@os.vu> >>>> Subject: Re: [lime-users] VPN >>>> >>>>> Hi Pau, Nicolas, >>>>> >>>>> Maybe I'm losing my head, but I can't find the original email from >>>>> Nicolas being quoted. It looks like it may be the additional VPN setup >>>>> tips we are looking for. I've checked my spam and don't see any hidden >>>>> messages... >>>>> >>>>> >>>>> On 02/13/2017 06:43 PM, Ilario wrote: >>>>>> Hi Nicolas! >>>>>> I think I missed some of your emails in Gmail's spam folder... >>>>>> Answer inline: >>>>>> >>>>>> 2017-02-13 1:51 GMT+01:00 Nicolas North &lt;nk(a)os.vu&gt;vu>: >>>>>>> Also, as a bonus, we try to >>>>>>> pair all LiMe routers with an openwrt “simple AP” router, that >>>>> takes care of >>>>>>> the AP level and lets the LiMe router handle only the adhoc >>>>> meshing level, >>>>>>> for maximum wireless efficiency. >>>>>> That's really wise :) >>>>>> >>>>>>> We give APs static addresses of 10.13.64.1, 2, 3, and so on. >>>>> They must all >>>>>>> be different. Try and stay out of the DHCP range which starts at >>>>> 100 I >>>>>>> think. >>>>>> A very interesting question. There's no option for DHCP range in >>>>>> /etc/config/lime* files (and this is ok). >>>>>> But I supposed that the range was defined in /etc/config/dhcp, which >>>>>> on LibreMesh is identical than on OpenWrt/LEDE and contains: >>>>>> # cat /etc/config/dhcp >>>>>> [...] >>>>>> config dhcp 'lan' >>>>>> option interface 'lan' >>>>>> option start '100' >>>>>> option limit '150' >>>>>> option leasetime '1h' >>>>>> >>>>>> But trying to ask for a DHCP lease I received an IPv4 out of the >>>>>> 10.x.x.100-250 range, looking around I found that the DHCP range for >>>>>> anygw is hardcoded: >>>>>> >>>>> https://github.com/libremesh/lime-packages/commit/3a6596d50b3c0446b988f84d3… >>>>>> resulting in the whole subnet... No good. @devs? >>>>>> >>>>>> Anyway, do you need static IP addresses at the AP routers? You could >>>>>> also let them take the IP from LiMe (and LiMe would take care of >>>>>> avoiding collisions). >>>>>> >>>>>> Additionally, if you let LiMe routers to autoassign their own IPv4, >>>>>> they will span over the whole subnet, unless you specify a smaller >>>>>> "subnet" (not a real subnet, just a range) for auto-assignment, as >>>>>> explained in /etc/config/lime-example in the comment on the >>>>>> main_ipv4_address option: >>>>>> >>>>> https://github.com/libremesh/lime-packages/blob/2ce5ffa96de5b0b5abb507076b0… >>>>>> For example: >>>>>> # cat /etc/config/lime >>>>>> config lime 'network' >>>>>> option main_ipv4_address '10.13.128.0/16/17' >>>>>> >>>>>> will limit the autoassignment of IPv4 to the second half of the >>>>>> broadcast domain. >>>>>> Bye! >>>>>> Ilario >>>>>> _______________________________________________ >>>>>> lime-users mailing list >>>>>> lime-users(a)lists.libremesh.org >>>>>> https://lists.libremesh.org/mailman/listinfo/lime-users >>> _______________________________________________ >>> lime-users mailing list >>> lime-users(a)lists.libremesh.org >>> https://lists.libremesh.org/mailman/listinfo/lime-users >> _______________________________________________ >> lime-users mailing list >> lime-users(a)lists.libremesh.org >> https://lists.libremesh.org/mailman/listinfo/lime-users > -- > Cordialmente > > Leonardo Taborda Ángel > leonardotaborda(a)networkbogota.org > www.networkbogota.org > > "When there is a will, there is a way" > > > > > _______________________________________________ > lime-users mailing list > lime-users(a)lists.libremesh.org > https://lists.libremesh.org/mailman/listinfo/lime-users

We have successfully setup the hex to connect to our streisand. But my IP address is still the local one and not the VPN. How do we route the traffic correctly? It didn't automagically work by just plugging it up like you said. On 02/17/2017 10:07 AM, Leonardo Taborda wrote: > thanks Nicolas. Now it is more clear. > El 17/02/17 a las 04:14, nk(a)os.vu escribió: >> Hi Leonardo >> >> This is to protect those who share their Internet connection with the mesh network from being responsible for other people's traffic. Streisand is amazing and the VPSs available on arubacloud.com only cost 1€ a month, the lowest price we have ever found, with the benefit of being close to us [they're located in Arezzo and we're in Milano] for very low latency and they have of course an IP recognized as Italian in all of the geoIP databases, so that users don't notice any difference when navigating to websites like Google that trace your ip location and adapt the language of their website. >> >> Im getting speeds between 100 and 120mbps down with l2tp+ipsec on my Hex and that makes for a very good amount of bandwidth to be shared with the network. >> >> >> Nicolas >> >> Sent from Nine >> ________________________________ >> From: Leonardo Taborda &lt;leonardotaborda(a)networkbogota.org&gt; >> Sent: Feb 16, 2017 23:46 >> To: lime-users(a)lists.libremesh.org >> Subject: Re: [lime-users] VPN >> >>> Hello Nicolas and Marvin >>> >>> This is really interesting, I had no idea about streisand. If you guys >>> are setting up this in a mesh network, is it for browsing safely or >>> taking advantage of the ease of setting up vpns? >>> >>> El 16/02/17 a las 10:00, Nicolas North escribió: >>>> Hi again! >>>> >>>> I’m glad you received it this time and are testing it out. >>>> >>>> I definitely have no windows machines either ;] >>>> >>>> And actually you don’t need any configuration files for streisand. >>>> Once you’ve set up your instance just navigate to your server’s web >>>> address and log in with the provided credentials. Then when you see >>>> this screen: >>>> >>>> >>>> Select L2TP/IPsec. Then on the next screen press linux, and copy the >>>> credentials you find there in the Hex admin page’s configuration in >>>> the appropriate fields. >>>> >>>> That will get you up and running in no time. Remember to select max >>>> MTU and RMU to 1280 if you’re getting fragmented packets [I for >>>> instance could not access http://speedtest.net before I corrected >>>> these values, exactly because of packet fragmentation]. >>>> >>>> Let me know if you need any further help! >>>> >>>> >>>> Nicolas >>>> >>>> >>>> From: Marvin Arnold &lt;marvin(a)unplugged.im&gt; <mailto:marvin@unplugged.im> >>>> Reply: libremesh users &lt;lime-users(a)lists.libremesh.org&gt; >>>> <mailto:lime-users@lists.libremesh.org> >>>> Date: 16 February 2017 at 15:49:26 >>>> To: lime-users(a)lists.libremesh.org &lt;lime-users(a)lists.libremesh.org&gt; >>>> <mailto:lime-users@lists.libremesh.org> >>>> Subject: Re: [lime-users] VPN >>>> >>>>> Thanks for resharing Nicolas, the original never did find my mailbox. >>>>> >>>>> We tried configuring this setup but hit a wall because we don't have >>>>> windows machines. Is there no easy way to take the configuration >>>>> files Streisand spits out and upload them directly to the hex? >>>>> Alternatively, we're not sure what which settings to copy over from >>>>> that file and put into the hex. >>>>> >>>>> >>>>> On 02/15/2017 02:27 AM, Nicolas North wrote: >>>>>> Hi Marvin >>>>>> >>>>>> I’m sorry but I’m having some serious spam issues since i’ve >>>>>> migrated my mailserver. >>>>>> >>>>>> Here is the mail i had sent you. Hope you receive it! >>>>>> >>>>>> –––––––––––––––– >>>>>> >>>>>> Hi Marvin >>>>>> >>>>>> Sorry for the late reply. >>>>>> >>>>>> We’re using Hexes as vpn-only devices, with the following setup: >>>>>> >>>>>> ||| ISP Router ||| <=> ||| Hex VPN Router ||| <=> ||| LiMe Router ||| >>>>>> | >>>>>> wifi adhoc >>>>>> | >>>>>> [other LiMe routers] >>>>>> >>>>>> This is the guide we’ve been following >>>>>> [https://matthewmcclatchey.com/using-private-internet-accesss-vpn-with-mikro…], >>>>>> with the exception of the fact that our vpn is lt2p+ipsec, and that >>>>>> we’ve had to set max mtu and max mru values to 1280 for some reason >>>>>> as packets were getting fragmented with our setup. >>>>>> >>>>>> If you connect a cable from the ISP’s router’s lan to the Hex’s wan, >>>>>> and another cable from the Hex’s lan to the LiMe router’s wan, >>>>>> you’ll have all of your internet-bound traffic from inside your mesh >>>>>> network sandboxed inside the VPN with no exceptions. The hex has >>>>>> some kind of "persistent tunnel” enabled by default, so drops the >>>>>> connection if the vpn breaks for some reason, even though it never >>>>>> has unless we actually rebooted the remote vpn server for testing >>>>>> purposes. >>>>>> >>>>>> I suggest giving the Hex an address like 172.16.0.1 to avoid >>>>>> conflicts with other more common subnets. We set all our ISP routers >>>>>> to 192.168.0.1 and LiMe uses 10.13.0.1 etc… so we’re good to go. >>>>>> Also, as a bonus, we try to pair all LiMe routers with an openwrt >>>>>> “simple AP” router, that takes care of the AP level and lets the >>>>>> LiMe router handle only the adhoc meshing level, for maximum >>>>>> wireless efficiency. >>>>>> >>>>>> We give APs static addresses of 10.13.64.1, 2, 3, and so on. They >>>>>> must all be different. Try and stay out of the DHCP range which >>>>>> starts at 100 I think. This last part [the AP addressing] is all >>>>>> trial and error and experimental so it might be wrong, but for us it >>>>>> works. We still need to figure out how to scale addressing for APs >>>>>> so we’re open to suggestions. While we’re at it: >>>>>> >>>>>> *TLDR question: what static IPv4 address to give a simple AP >>>>>> connected to the lan of a LiMe router? Is 10.13.64.1 - 10.13.64.99 a >>>>>> good range? How do we scale beyond that since every AP in the entire >>>>>> network must have a different IP?* >>>>>> >>>>>> Let me know how this works for you. To those answering the question: >>>>>> thank you in advance. >>>>>> >>>>>> >>>>>> Nicolas >>>>>> >>>>>> >>>>>> >>>>>> From: Marvin Arnold &lt;marvin(a)unplugged.im&gt; <mailto:marvin@unplugged.im> >>>>>> Reply: Marvin Arnold &lt;marvin(a)unplugged.im&gt; <mailto:marvin@unplugged.im> >>>>>> Date: 14 February 2017 at 02:19:38 >>>>>> To: pau(a)dabax.net &lt;pau(a)dabax.net&gt; <mailto:pau@dabax.net>, nk(a)os.vu >>>>>> &lt;nk(a)os.vu&gt; <mailto:nk@os.vu> >>>>>> Subject: Re: [lime-users] VPN >>>>>> >>>>>>> Hi Pau, Nicolas, >>>>>>> >>>>>>> Maybe I'm losing my head, but I can't find the original email from >>>>>>> Nicolas being quoted. It looks like it may be the additional VPN setup >>>>>>> tips we are looking for. I've checked my spam and don't see any hidden >>>>>>> messages... >>>>>>> >>>>>>> >>>>>>> On 02/13/2017 06:43 PM, Ilario wrote: >>>>>>>> Hi Nicolas! >>>>>>>> I think I missed some of your emails in Gmail's spam folder... >>>>>>>> Answer inline: >>>>>>>> >>>>>>>> 2017-02-13 1:51 GMT+01:00 Nicolas North &lt;nk(a)os.vu&gt;vu>: >>>>>>>>> Also, as a bonus, we try to >>>>>>>>> pair all LiMe routers with an openwrt “simple AP” router, that >>>>>>> takes care of >>>>>>>>> the AP level and lets the LiMe router handle only the adhoc >>>>>>> meshing level, >>>>>>>>> for maximum wireless efficiency. >>>>>>>> That's really wise :) >>>>>>>> >>>>>>>>> We give APs static addresses of 10.13.64.1, 2, 3, and so on. >>>>>>> They must all >>>>>>>>> be different. Try and stay out of the DHCP range which starts at >>>>>>> 100 I >>>>>>>>> think. >>>>>>>> A very interesting question. There's no option for DHCP range in >>>>>>>> /etc/config/lime* files (and this is ok). >>>>>>>> But I supposed that the range was defined in /etc/config/dhcp, which >>>>>>>> on LibreMesh is identical than on OpenWrt/LEDE and contains: >>>>>>>> # cat /etc/config/dhcp >>>>>>>> [...] >>>>>>>> config dhcp 'lan' >>>>>>>> option interface 'lan' >>>>>>>> option start '100' >>>>>>>> option limit '150' >>>>>>>> option leasetime '1h' >>>>>>>> >>>>>>>> But trying to ask for a DHCP lease I received an IPv4 out of the >>>>>>>> 10.x.x.100-250 range, looking around I found that the DHCP range for >>>>>>>> anygw is hardcoded: >>>>>>>> >>>>>>> https://github.com/libremesh/lime-packages/commit/3a6596d50b3c0446b988f84d3… >>>>>>>> resulting in the whole subnet... No good. @devs? >>>>>>>> >>>>>>>> Anyway, do you need static IP addresses at the AP routers? You could >>>>>>>> also let them take the IP from LiMe (and LiMe would take care of >>>>>>>> avoiding collisions). >>>>>>>> >>>>>>>> Additionally, if you let LiMe routers to autoassign their own IPv4, >>>>>>>> they will span over the whole subnet, unless you specify a smaller >>>>>>>> "subnet" (not a real subnet, just a range) for auto-assignment, as >>>>>>>> explained in /etc/config/lime-example in the comment on the >>>>>>>> main_ipv4_address option: >>>>>>>> >>>>>>> https://github.com/libremesh/lime-packages/blob/2ce5ffa96de5b0b5abb507076b0… >>>>>>>> For example: >>>>>>>> # cat /etc/config/lime >>>>>>>> config lime 'network' >>>>>>>> option main_ipv4_address '10.13.128.0/16/17' >>>>>>>> >>>>>>>> will limit the autoassignment of IPv4 to the second half of the >>>>>>>> broadcast domain. >>>>>>>> Bye! >>>>>>>> Ilario >>>>>>>> _______________________________________________ >>>>>>>> lime-users mailing list >>>>>>>> lime-users(a)lists.libremesh.org >>>>>>>> https://lists.libremesh.org/mailman/listinfo/lime-users >>>>> _______________________________________________ >>>>> lime-users mailing list >>>>> lime-users(a)lists.libremesh.org >>>>> https://lists.libremesh.org/mailman/listinfo/lime-users >>>> _______________________________________________ >>>> lime-users mailing list >>>> lime-users(a)lists.libremesh.org >>>> https://lists.libremesh.org/mailman/listinfo/lime-users >>> -- >>> Cordialmente >>> >>> Leonardo Taborda Ángel >>> leonardotaborda(a)networkbogota.org >>> www.networkbogota.org >>> >>> "When there is a will, there is a way" >>> >>> >>> >>> >>> _______________________________________________ >>> lime-users mailing list >>> lime-users(a)lists.libremesh.org >>> https://lists.libremesh.org/mailman/listinfo/lime-users > > -- > Cordialmente > > Leonardo Taborda Ángel > leonardotaborda(a)networkbogota.org > www.networkbogota.org > > "When there is a will, there is a way" > > > _______________________________________________ > lime-users mailing list > lime-users(a)lists.libremesh.org > https://lists.libremesh.org/mailman/listinfo/lime-users _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users

Hi again Marvin I’ve finally been able to do the howto screencast! Here is the link: https://www.youtube.com/watch?v=faGi4mFvcqo [still processing as of right now] It’s my first screencast ever so I hope it makes sense ;] I’ll also make a shorter version for faster setup in the next few days. Let me know if you’re able to get everything up and running. Nk From: Marvin Arnold &lt;marvin(a)geeky.rocks&gt; Reply: libremesh users &lt;lime-users(a)lists.libremesh.org&gt; Date: 24 marzo 2017 at 00:54:20 To: libremesh users &lt;lime-users(a)lists.libremesh.org&gt; Subject:  Re: [lime-users] VPN > Hey Nicolas, ever make any progress on this? I've been dormant but ready to start back up, given a little instruction. > > On 03/08/2017 04:52 AM, Nk wrote: > > Hi Marvin > > > > Sorry for the late reply > > > > I think we’ve solved our spam issues so I hope this mail reaches you correctly now. > > > > I have actually just purchased two new hex routers for our network and I’ll set them up tonight or tomorrow night. I’ll document the process as I’m doing it and send you a link to it. > > > > Hope we’re still in time ;] > > > > On 22 Feb 2017, 04:36 +0100, Marvin Arnold &lt;marvin(a)unplugged.im&gt;im>, wrote: > > > We have successfully setup the hex to connect to our streisand. But my IP address is still the local one and not the VPN. How do we route the traffic correctly? It didn't automagically work by just plugging it up like you said. > > > > > > On 02/17/2017 10:07 AM, Leonardo Taborda wrote: > > > > thanks Nicolas. Now it is more clear. > > > > El 17/02/17 a las 04:14, nk(a)os.vu escribió: > > > > > > > > > > Hi Leonardo > > > > > > > > > > This is to protect those who share their Internet connection with the mesh network from being responsible for other people's traffic. Streisand is amazing and the VPSs available on arubacloud.com only cost 1€ a month, the lowest price we have ever found, with the benefit of being close to us [they're located in Arezzo and we're in Milano] for very low latency and they have of course an IP recognized as Italian in all of the geoIP databases, so that users don't notice any difference when navigating to websites like Google that trace your ip location and adapt the language of their website. > > > > > > > > > > Im getting speeds between 100 and 120mbps down with l2tp+ipsec on my Hex and that makes for a very good amount of bandwidth to be shared with the network. > > > > > > > > > > > > > > > Nicolas > > > > > > > > > > Sent from Nine > > > > > ________________________________ > > > > > From: Leonardo Taborda &lt;leonardotaborda(a)networkbogota.org&gt; > > > > > Sent: Feb 16, 2017 23:46 > > > > > To: lime-users(a)lists.libremesh.org > > > > > Subject: Re: [lime-users] VPN > > > > > > > > > > > > > > > > > > > > > > Hello Nicolas and Marvin > > > > > > > > > > > > This is really interesting, I had no idea about streisand. If you guys > > > > > > are setting up this in a mesh network, is it for browsing safely or > > > > > > taking advantage of the ease of setting up vpns? > > > > > > > > > > > > El 16/02/17 a las 10:00, Nicolas North escribió: > > > > > > > > > > > > > > > > > > > > Hi again! > > > > > > > > > > > > > > I’m glad you received it this time and are testing it out. > > > > > > > > > > > > > > I definitely have no windows machines either ;] > > > > > > > > > > > > > > And actually you don’t need any configuration files for streisand. > > > > > > > Once you’ve set up your instance just navigate to your server’s web > > > > > > > address and log in with the provided credentials. Then when you see > > > > > > > this screen: > > > > > > > > > > > > > > > > > > > > > Select L2TP/IPsec. Then on the next screen press linux, and copy the > > > > > > > credentials you find there in the Hex admin page’s configuration in > > > > > > > the appropriate fields. > > > > > > > > > > > > > > That will get you up and running in no time. Remember to select max > > > > > > > MTU and RMU to 1280 if you’re getting fragmented packets [I for > > > > > > > instance could not access http://speedtest.net before I corrected > > > > > > > these values, exactly because of packet fragmentation]. > > > > > > > > > > > > > > Let me know if you need any further help! > > > > > > > > > > > > > > > > > > > > > Nicolas > > > > > > > > > > > > > > > > > > > > > From: Marvin Arnold &lt;marvin(a)unplugged.im&gt; <mailto:marvin@unplugged.im> > > > > > > > Reply: libremesh users &lt;lime-users(a)lists.libremesh.org&gt; > > > > > > > <mailto:lime-users@lists.libremesh.org> > > > > > > > Date: 16 February 2017 at 15:49:26 > > > > > > > To: lime-users(a)lists.libremesh.org &lt;lime-users(a)lists.libremesh.org&gt; > > > > > > > <mailto:lime-users@lists.libremesh.org> > > > > > > > Subject: Re: [lime-users] VPN > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks for resharing Nicolas, the original never did find my mailbox. > > > > > > > > > > > > > > > > We tried configuring this setup but hit a wall because we don't have > > > > > > > > windows machines. Is there no easy way to take the configuration > > > > > > > > files Streisand spits out and upload them directly to the hex? > > > > > > > > Alternatively, we're not sure what which settings to copy over from > > > > > > > > that file and put into the hex. > > > > > > > > > > > > > > > > > > > > > > > > On 02/15/2017 02:27 AM, Nicolas North wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > Hi Marvin > > > > > > > > > > > > > > > > > > I’m sorry but I’m having some serious spam issues since i’ve > > > > > > > > > migrated my mailserver. > > > > > > > > > > > > > > > > > > Here is the mail i had sent you. Hope you receive it! > > > > > > > > > > > > > > > > > > –––––––––––––––– > > > > > > > > > > > > > > > > > > Hi Marvin > > > > > > > > > > > > > > > > > > Sorry for the late reply. > > > > > > > > > > > > > > > > > > We’re using Hexes as vpn-only devices, with the following setup: > > > > > > > > > > > > > > > > > > ||| ISP Router ||| <=> ||| Hex VPN Router ||| <=> ||| LiMe Router ||| > > > > > > > > > | > > > > > > > > > wifi adhoc > > > > > > > > > | > > > > > > > > > [other LiMe routers] > > > > > > > > > > > > > > > > > > This is the guide we’ve been following > > > > > > > > > [https://matthewmcclatchey.com/using-private-internet-accesss-vpn-with-mikro…], > > > > > > > > > with the exception of the fact that our vpn is lt2p+ipsec, and that > > > > > > > > > we’ve had to set max mtu and max mru values to 1280 for some reason > > > > > > > > > as packets were getting fragmented with our setup. > > > > > > > > > > > > > > > > > > If you connect a cable from the ISP’s router’s lan to the Hex’s wan, > > > > > > > > > and another cable from the Hex’s lan to the LiMe router’s wan, > > > > > > > > > you’ll have all of your internet-bound traffic from inside your mesh > > > > > > > > > network sandboxed inside the VPN with no exceptions. The hex has > > > > > > > > > some kind of "persistent tunnel” enabled by default, so drops the > > > > > > > > > connection if the vpn breaks for some reason, even though it never > > > > > > > > > has unless we actually rebooted the remote vpn server for testing > > > > > > > > > purposes. > > > > > > > > > > > > > > > > > > I suggest giving the Hex an address like 172.16.0.1 to avoid > > > > > > > > > conflicts with other more common subnets. We set all our ISP routers > > > > > > > > > to 192.168.0.1 and LiMe uses 10.13.0.1 etc… so we’re good to go. > > > > > > > > > Also, as a bonus, we try to pair all LiMe routers with an openwrt > > > > > > > > > “simple AP” router, that takes care of the AP level and lets the > > > > > > > > > LiMe router handle only the adhoc meshing level, for maximum > > > > > > > > > wireless efficiency. > > > > > > > > > > > > > > > > > > We give APs static addresses of 10.13.64.1, 2, 3, and so on. They > > > > > > > > > must all be different. Try and stay out of the DHCP range which > > > > > > > > > starts at 100 I think. This last part [the AP addressing] is all > > > > > > > > > trial and error and experimental so it might be wrong, but for us it > > > > > > > > > works. We still need to figure out how to scale addressing for APs > > > > > > > > > so we’re open to suggestions. While we’re at it: > > > > > > > > > > > > > > > > > > *TLDR question: what static IPv4 address to give a simple AP > > > > > > > > > connected to the lan of a LiMe router? Is 10.13.64.1 - 10.13.64.99 a > > > > > > > > > good range? How do we scale beyond that since every AP in the entire > > > > > > > > > network must have a different IP?* > > > > > > > > > > > > > > > > > > Let me know how this works for you. To those answering the question: > > > > > > > > > thank you in advance. > > > > > > > > > > > > > > > > > > > > > > > > > > > Nicolas > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From: Marvin Arnold &lt;marvin(a)unplugged.im&gt; <mailto:marvin@unplugged.im> > > > > > > > > > Reply: Marvin Arnold &lt;marvin(a)unplugged.im&gt; <mailto:marvin@unplugged.im> > > > > > > > > > Date: 14 February 2017 at 02:19:38 > > > > > > > > > To: pau(a)dabax.net &lt;pau(a)dabax.net&gt; <mailto:pau@dabax.net>, nk(a)os.vu > > > > > > > > > &lt;nk(a)os.vu&gt; <mailto:nk@os.vu> > > > > > > > > > Subject: Re: [lime-users] VPN > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hi Pau, Nicolas, > > > > > > > > > > > > > > > > > > > > Maybe I'm losing my head, but I can't find the original email from > > > > > > > > > > Nicolas being quoted. It looks like it may be the additional VPN setup > > > > > > > > > > tips we are looking for. I've checked my spam and don't see any hidden > > > > > > > > > > messages... > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 02/13/2017 06:43 PM, Ilario wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hi Nicolas! > > > > > > > > > > > I think I missed some of your emails in Gmail's spam folder... > > > > > > > > > > > Answer inline: > > > > > > > > > > > > > > > > > > > > > > 2017-02-13 1:51 GMT+01:00 Nicolas North &lt;nk(a)os.vu&gt;vu>: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Also, as a bonus, we try to > > > > > > > > > > > > pair all LiMe routers with an openwrt “simple AP” router, that > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > takes care of > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > the AP level and lets the LiMe router handle only the adhoc > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > meshing level, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > for maximum wireless efficiency. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > That's really wise :) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > We give APs static addresses of 10.13.64.1, 2, 3, and so on. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > They must all > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > be different. Try and stay out of the DHCP range which starts at > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 100 I > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > think. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > A very interesting question. There's no option for DHCP range in > > > > > > > > > > > /etc/config/lime* files (and this is ok). > > > > > > > > > > > But I supposed that the range was defined in /etc/config/dhcp, which > > > > > > > > > > > on LibreMesh is identical than on OpenWrt/LEDE and contains: > > > > > > > > > > > # cat /etc/config/dhcp > > > > > > > > > > > [...] > > > > > > > > > > > config dhcp 'lan' > > > > > > > > > > > option interface 'lan' > > > > > > > > > > > option start '100' > > > > > > > > > > > option limit '150' > > > > > > > > > > > option leasetime '1h' > > > > > > > > > > > > > > > > > > > > > > But trying to ask for a DHCP lease I received an IPv4 out of the > > > > > > > > > > > 10.x.x.100-250 range, looking around I found that the DHCP range for > > > > > > > > > > > anygw is hardcoded: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/libremesh/lime-packages/commit/3a6596d50b3c0446b988f84d3… > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > resulting in the whole subnet... No good. @devs? > > > > > > > > > > > > > > > > > > > > > > Anyway, do you need static IP addresses at the AP routers? You could > > > > > > > > > > > also let them take the IP from LiMe (and LiMe would take care of > > > > > > > > > > > avoiding collisions). > > > > > > > > > > > > > > > > > > > > > > Additionally, if you let LiMe routers to autoassign their own IPv4, > > > > > > > > > > > they will span over the whole subnet, unless you specify a smaller > > > > > > > > > > > "subnet" (not a real subnet, just a range) for auto-assignment, as > > > > > > > > > > > explained in /etc/config/lime-example in the comment on the > > > > > > > > > > > main_ipv4_address option: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://github.com/libremesh/lime-packages/blob/2ce5ffa96de5b0b5abb507076b0… > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > For example: > > > > > > > > > > > # cat /etc/config/lime > > > > > > > > > > > config lime 'network' > > > > > > > > > > > option main_ipv4_address '10.13.128.0/16/17' > > > > > > > > > > > > > > > > > > > > > > will limit the autoassignment of IPv4 to the second half of the > > > > > > > > > > > broadcast domain. > > > > > > > > > > > Bye! > > > > > > > > > > > Ilario > > > > > > > > > > > _______________________________________________ > > > > > > > > > > > lime-users mailing list > > > > > > > > > > > lime-users(a)lists.libremesh.org > > > > > > > > > > > https://lists.libremesh.org/mailman/listinfo/lime-users > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > lime-users mailing list > > > > > > > > lime-users(a)lists.libremesh.org > > > > > > > > https://lists.libremesh.org/mailman/listinfo/lime-users > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > lime-users mailing list > > > > > > > lime-users(a)lists.libremesh.org > > > > > > > https://lists.libremesh.org/mailman/listinfo/lime-users > > > > > > > > > > > > > > > > > > > -- > > > > > > Cordialmente > > > > > > > > > > > > Leonardo Taborda Ángel > > > > > > leonardotaborda(a)networkbogota.org > > > > > > www.networkbogota.org > > > > > > > > > > > > "When there is a will, there is a way" > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > lime-users mailing list > > > > > > lime-users(a)lists.libremesh.org > > > > > > https://lists.libremesh.org/mailman/listinfo/lime-users > > > > > > > > > > > > > > > > > > -- > > > > Cordialmente > > > > > > > > Leonardo Taborda Ángel > > > > leonardotaborda(a)networkbogota.org > > > > www.networkbogota.org > > > > > > > > "When there is a will, there is a way" > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > lime-users mailing list > > > > lime-users(a)lists.libremesh.org > > > > https://lists.libremesh.org/mailman/listinfo/lime-users > > > > > > > > > > _______________________________________________ > > > lime-users mailing list > > > lime-users(a)lists.libremesh.org > > > https://lists.libremesh.org/mailman/listinfo/lime-users > > > > > > > > _______________________________________________ > > lime-users mailing list > > lime-users(a)lists.libremesh.org > > https://lists.libremesh.org/mailman/listinfo/lime-users > > _______________________________________________ > lime-users mailing list > lime-users(a)lists.libremesh.org > https://lists.libremesh.org/mailman/listinfo/lime-users _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users

*ping 8.8.8.8* [reply with output]

*curl ipinfo.io* [reply with output]

*nslookup wikipedia.org* [reply with output]

*ping 8.8.8.8* [reply with output]

*curl ipinfo.io* [reply with output]

*nslookup wikipedia.org* [reply with output]

How are you connecting via wifi to the hex? You have a simple access point connected on the lan side of the hex that does no routing at all, I assume, is this correct?

In any event, it looks like your computer is hard-set [meaning in system options or via ifconfig/ipconfig] to use itself as the DNS server [strange config btw, is this a server?] when using the wifi interface [127.0.0.1] whereas it’s not hard-set to a specific DNS server when using the wired interface.

Is your computer getting an IP automatically from the HEX when connecting to it via ethernet? Could you post the result of command *ifconfig*

Secondly, could you try [always via ethernet] to *nslookup wikipedia.org 172.16.0.1*

and *nslookup wikipedia.org 8.8.8.8* ?

Thanks On 7 apr 2017, 01:43 +0200, Marvin Arnold &lt;marvin(a)geeky.rocks&gt;ks>, wrote: > > Hey, I'm replying with two sets of commands. The first is always > using WIFI which is working fine. The second is connecting my > computer to the hex via ethernet, which does not work well. > > I'm pretty sure its not my computer's ethernet. I've also tried > connecting my computer directly into the isp router via ethernet > and that works fine. > > Working version using hex<WIFI>computer: > >> *ping 8.8.8.8* [reply with output] > $ ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=43 time=63.6 ms > >> *curl ipinfo.io* [reply with output] > $ curl ipinfo.io > { > "ip": "X.X.X.X", > "hostname": "XX.net", > "city": "Washington", > "region": "District of Columbia", > "country": "US", > "loc": "LAT,LONG", > "org": "ORG", > "postal": "XXXXX" > } > >> *nslookup wikipedia.org* [reply with output] > > $ nslookup wikipedia.org > Server: 127.0.1.1 > Address: 127.0.1.1#53 > > Non-authoritative answer: > Name: wikipedia.org > > ---------------------------- KEEP SCROLLING > ------------------------------------ > > Broken version using hex<ethernet>: > >> *ping 8.8.8.8* [reply with output] > $ ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=44 time=64.2 ms > >> *curl ipinfo.io* [reply with output] > $ curl ipinfo.io > curl: (6) Could not resolve host: ipinfo.io > > >> *nslookup wikipedia.org* [reply with output] > > $ nslookup wikipedia.org > ;; connection timed out; no servers could be reached > > Non-authoritative answer: > Name: wikipedia.org > > > _______________________________________________ > lime-users mailing list > lime-users(a)lists.libremesh.org > https://lists.libremesh.org/mailman/listinfo/lime-users _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users