Yup, that's the issue. I am running a wr841n-v9 with mini. On 01/31/2017 07:54 AM, Ilario wrote:

Hey Leonardo I actually have zero experience with tinc. I’ll look into it if I have some spare time in the next few days. In general, I’m pretty satisfied with the current setup. Let me know if you test something out! Thanks for the input! Nicolas From: Leonardo Taborda <leonardotaborda(a)networkbogota.org> Reply: libremesh users <lime-users(a)lists.libremesh.org> Date: 31 January 2017 at 14:42:45 To: lime-users(a)lists.libremesh.org <lime-users(a)lists.libremesh.org> Subject:  Re: [lime-users] VPN Hello guys Depending on the router you are using, the ar71xx-mini does not have opkg included, but the 8mb image it does. I have tinc running on a wdr3600 for librenet6 service. As Nicolas points out, it has some pitfalls running in the same device mesh and vpn control. Of course i use tinc only to provide ipv6 connectivity. For Nicolas, would tinc have the same performance issues? Leonardo El 31/01/17 a las 06:26, nk(a)os.vu escribió: Hi Marvin I've done a lot of tests with VPNs for the standard setup of the mesh network we're building here in Milano, Italia, and I've found that usually routers are rather terrible at handling VPNs with reasonable speeds, openvpn being the slowest [10mbps up and down] and l2tp+ipsec being faster [15 to 20mbps], at the expense of being less secure. Also, I've gotten to the conclusion that doing the VPN routing in the same device as the one doing the meshing makes it rather difficult to diagnose issues over time and to pinpoint the bottleneck for slow overall speeds. I know this is not the answer you were looking for, but our definitive setup involves setting up getting a microtik hex router that you can buy for about 60 to 80€ and running l2tp+ipsec to a Streisand instance [a fully self installing VPN and anonymity server]. We've been getting stable 120/120mbps speeds. This setup also makes it very simple to understand what device is doing what, and how the routing is done on the large scale from the ISPs router, to the VPN router, to the meshing router, to the AP router, and so on [this is our setup]. I don't know how to solve your problem directly, but I thought I'd share my experience with you. Sorry for going slightly off topic. Hope you can get your setup working nicely however you decide to do it! Nicolas ________________________________ From: Marvin Arnold <marvin(a)unplugged.im> Sent: Jan 31, 2017 06:34 To: lime-users(a)lists.libremesh.org Subject: [lime-users] VPN I would like to finally make my internet at home available to my neighbors over lime. I called my ISP and they made it pretty clear they would take action against me if one of the users accessed illicit content. So I'm thinking about routing all web traffic through a VPN. Is this the most sensible thing to do? Assuming it is, I already setup the VPN server and now I'm trying to connect my lime router as a client. http://wiki.openwrt.org/inbox/vpn.howto https://www.robertkehoe.com/2015/08/setup-openvpn-using-openwrt/ But as far as I can tell, opkg is not installed on the router. What's the best way to install it or install the openvpn client without it? _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users -- Cordialmente Leonardo Taborda Ángel leonardotaborda(a)networkbogota.org www.networkbogota.org "When there is a will, there is a way" _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users

I switched to a wdr4300 with full lime but still having issues. This is the output on community chaos: root@LiMe-d00515:~# openvpn --config marvin.ovpn Thu Feb 2 05:10:24 2017 OpenVPN 2.3.6 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 31 2016 Thu Feb 2 05:10:24 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 Thu Feb 2 05:10:24 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Feb 2 05:10:24 2017 Control Channel Authentication: tls-auth using INLINE static key file Thu Feb 2 05:10:24 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication Thu Feb 2 05:10:24 2017 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication openvpn: can't resolve symbol '__clzsi2' And on develop: root@LiMe-d00515:~# openvpn --config marvin.ovpn Error relocating /usr/lib/liblzo2.so.2: __clzsi2: symbol not found Error relocating /usr/lib/liblzo2.so.2: __ctzsi2: symbol not found Error relocating /usr/sbin/openvpn: __clzsi2: symbol not found Any ideas? On 01/31/2017 05:03 PM, Pau wrote:

Thanks Pau, I am using downloads.libremesh. I'll give the manual compilation a try. marvin On 02/03/2017 10:20 AM, Pau wrote:

After doing that, I was able to get an openvpn connection working. But I had to comment out some parts of my config file that referenced dnsmasq because that wasn't installed. I'm recompiling lime now with dnsmasq to try again. Are there any other steps I need to take so that lime routes internet traffic through the VPN? On 02/05/2017 04:21 PM, Ilario wrote:

I haven't tried for mini/4mb yet. But I do have opkg and openvpn working on a custom build of ar71xx. I also just finished a build including dnsmasq. I did this because I got a working VPN connection but internet access through that lime router would die once the connection established. I was hoping dnsmasq would automagically fix the problem. Instead, I'm still unable to access the internet and even the connection to the router (eg anygw/10.13.0.1) times out, fails to load luci, and telnet/ssh aren't working. I think I'm going to have to reset... On 02/06/2017 08:41 AM, Leonardo Taborda wrote:

thanks illario, if it generates the 4mb image, for sure it flashes ok El 07/02/17 a las 12:24, Ilario escribió: -- Cordialmente Leonardo Taborda Ángel leonardotaborda(a)networkbogota.org www.networkbogota.org "When there is a will, there is a way"

for me sounds weird too, that's why i asked. I tried some months ago to compile an ar71xx-mini image just with block-mount and kmod-fs-ext4, for the tplink tlmr3020, in order to increase storage space with an usb stick. Of course it didnt work because the image didn't get generated by lime-build. El 07/02/17 a las 14:57, Pau escribió: -- Cordialmente Leonardo Taborda Ángel leonardotaborda(a)networkbogota.org www.networkbogota.org "When there is a will, there is a way"

2017-02-09 10:56 GMT+01:00 Ilario <iochesonome(a)gmail.com>om>: Ok, so now I managed to obtain clean ar71xx-mini basic images. Adding only openvpn-openssl the image for 4 MB routers doesn't get created (I refer to images for TP-Link WR841N*). Adding only opkg the image for 4 MB routers _does_ get created. Adding only tinc the image for 4 MB routers doesn't get created. Adding only fastd the image for 4 MB routers _does_ get created. Earlier I believed that the images for 4 MB routers were created because the modification time for the 4 MB router files in lime-build/output/ was updated every time I compiled. But it wasn't a newly compiled image, just an old one copied over and over from build/src/bin/ar71xx to output/ar71xx-mini-basic-16.07. Sorry for the wrong information. This problem would be avoided if lime-build would erase all the files in build/src/bin/ and in output/ before starting a new compilation, do you think it should do this? Am I right saying that in Freifunk they suggest also routers with 4 MB (TP-Link WR841N) and they use Tinc on them? Anyway, as for GSoC we proposed to implement LibreNet6 in LiMe, it could be useful to try fitting LEDE + LiMe + Tinc in 4 MB in next release :) Bye! Ilario

Hi Marvin Sorry for the late reply. We’re using Hexes as vpn-only devices, with the following setup: ||| ISP Router ||| <=> ||| Hex VPN Router ||| <=> ||| LiMe Router |||    |        wifi adhoc    |   [other LiMe routers] This is the guide we’ve been following [https://matthewmcclatchey.com/using-private-internet-accesss-vpn-with-mikro…], with the exception of the fact that our vpn is lt2p+ipsec, and that we’ve had to set max mtu and max mru values to 1280 for some reason as packets were getting fragmented with our setup. If you connect a cable from the ISP’s router’s lan to the Hex’s wan, and another cable from the Hex’s lan to the LiMe router’s wan, you’ll have all of your internet-bound traffic from inside your mesh network sandboxed inside the VPN with no exceptions. The hex has some kind of "persistent tunnel” enabled by default, so drops the connection if the vpn breaks for some reason, even though it never has unless we actually rebooted the remote vpn server for testing purposes. I suggest giving the Hex an address like 172.16.0.1 to avoid conflicts with other more common subnets. We set all our ISP routers to 192.168.0.1 and LiMe uses 10.13.0.1 etc… so we’re good to go. Also, as a bonus, we try to pair all LiMe routers with an openwrt “simple AP” router, that takes care of the AP level and lets the LiMe router handle only the adhoc meshing level, for maximum wireless efficiency. We give APs static addresses of 10.13.64.1, 2, 3, and so on. They must all be different. Try and stay out of the DHCP range which starts at 100 I think. This last part [the AP addressing] is all trial and error and experimental so it might be wrong, but for us it works. We still need to figure out how to scale addressing for APs so we’re open to suggestions. While we’re at it: TLDR question: what static IPv4 address to give a simple AP connected to the lan of a LiMe router? Is 10.13.64.1 - 10.13.64.99 a good range? How do we scale beyond that since every AP in the entire network must have a different IP? Let me know how this works for you. To those answering the question: thank you in advance. Nicolas From: Marvin Arnold &lt;marvin(a)unplugged.im&gt; Reply: libremesh users &lt;lime-users(a)lists.libremesh.org&gt; Date: 9 February 2017 at 04:47:41 To: libremesh users &lt;lime-users(a)lists.libremesh.org&gt; Subject:  Re: [lime-users] VPN Hi Nicolas, Could you give us some more tips about how to set up the VPN client on the hex router. We ordered one that will be arriving tomorrow and will set it up like you suggest ISP router <-> hex VPN router <-> mesh router. Do we flash the hex with LibreMesh as well? How do we configure the connection between the VPN and mesh router so that the VPN knows to forward web traffic correctly? As a 1+, I'd also be interested in understanding how to do this when on the same device. I currently still have a wdr4300 that can connect to a VPN but it stops forwarding web traffic correctly after it connects. On 02/07/2017 11:18 AM, Marvin Arnold wrote: Hey Nicolas, Sorry I just noticed that some lime email goes to my spam. I wonder how many emails I've missed before. Anyways, this is awesome feedback. Thanks a bunch. On 01/31/2017 05:26 AM, nk(a)os.vu wrote: Hi Marvin I've done a lot of tests with VPNs for the standard setup of the mesh network we're building here in Milano, Italia, and I've found that usually routers are rather terrible at handling VPNs with reasonable speeds, openvpn being the slowest [10mbps up and down] and l2tp+ipsec being faster [15 to 20mbps], at the expense of being less secure. Also, I've gotten to the conclusion that doing the VPN routing in the same device as the one doing the meshing makes it rather difficult to diagnose issues over time and to pinpoint the bottleneck for slow overall speeds. I know this is not the answer you were looking for, but our definitive setup involves setting up getting a microtik hex router that you can buy for about 60 to 80€ and running l2tp+ipsec to a Streisand instance [a fully self installing VPN and anonymity server]. We've been getting stable 120/120mbps speeds. This setup also makes it very simple to understand what device is doing what, and how the routing is done on the large scale from the ISPs router, to the VPN router, to the meshing router, to the AP router, and so on [this is our setup]. I don't know how to solve your problem directly, but I thought I'd share my experience with you. Sorry for going slightly off topic. Hope you can get your setup working nicely however you decide to do it! Nicolas ________________________________ From: Marvin Arnold &lt;marvin(a)unplugged.im&gt; Sent: Jan 31, 2017 06:34 To: lime-users(a)lists.libremesh.org Subject: [lime-users] VPN I would like to finally make my internet at home available to my neighbors over lime. I called my ISP and they made it pretty clear they would take action against me if one of the users accessed illicit content. So I'm thinking about routing all web traffic through a VPN. Is this the most sensible thing to do? Assuming it is, I already setup the VPN server and now I'm trying to connect my lime router as a client. http://wiki.openwrt.org/inbox/vpn.howto https://www.robertkehoe.com/2015/08/setup-openvpn-using-openwrt/ But as far as I can tell, opkg is not installed on the router. What's the best way to install it or install the openvpn client without it? _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users _______________________________________________ lime-users mailing list lime-users(a)lists.libremesh.org https://lists.libremesh.org/mailman/listinfo/lime-users