|
Broadband-Hamnet™ Forum |
|
|
|
|
|
|
|
Subject :Re:Re:Re:Virtual Tunnels..
2014-10-10- 21:39:03
|
|
|
| SM7I |
|
| Member |
 |
Joined: 2012-04-30- 14:56:55
Posts: 79
Location: JO65mo |
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
This poses a delicate problem if the connection to internet itself is delivered through RF....
In Sweden, at least, we have several smaller cities that have local operators delivering internet by the means of wireless networking throughout the city.
One can also choose to see this as for what it is, the VPN solution is not really the way to move BBHN forward in the terms of being independant from the regular internet, it should only be seen as a temporary solution to bridge gaps between nodes until it is possible to have the density of nodes that allows for direct RF path. This is and has always been the foundation for our solution in Sweden. |
IP Logged
|
|
IT infrastructure and security professional |
|
|
|
|
|
Subject :Re:Virtual Tunnels..
2014-10-10- 21:20:26
|
|
|
| kc2zqo |
|
| Member |
|
Joined: 2013-11-25- 18:52:22
Posts: 6
Location: |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
AE6XE I feel any traffic routed via the internet regardless of the content needs to be encrypted. It is entirely possible that users will log into a remote node to modify the config while tunneling through the real internet. this info should not travel as clear text on the internet were Marketers and hackers are analyzing traffic regularly.
Since these tunnels begin and end were the real internet connects the encryption will never hit the RF. |
|
IP Logged
|
|
Asterisk |
|
|
|
|
|
Subject :Mesh Tunnels..
2014-10-10- 21:00:21
|
|
|
| kc2zqo |
|
|
| Member |
|
Joined: 2013-11-25- 18:52:22
Posts: 6
Location: |
|
|
|
|
|
Forum :
L.I./NYC
Topic :
Mesh Tunnels
I would like to start making some tunnels on Long Island. Hopefully this will help encourage more nodes as we can populate the mesh status window so we see other nodes. Plus we can begin developing services on the mesh while we wait for RF links to be established. You can contact me here or via my website http://kc2zqo.com/contact Another option would be via FB https://www.facebook.com/groups/LIMeshNetwork/
|
|
IP Logged
|
|
Last Edited On: 2014-10-10- 21:02:06 By kc2zqo for the Reason
|
|
Asterisk |
|
|
|
|
|
Subject :Re:Virtual Tunnels..
2014-10-10- 14:26:05
|
|
|
| KG6JEI |
|
| Member |
|
Joined: 2013-12-02- 19:52:05
Posts: 516
Location: |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
Re Encryption: This is actually still an issue that needs to be looked at, vtund either needs to be ran without encryption OR be configured/bound to only be able to connect over the WAN port. At the moment everything I heard has it unbound and not caring so it's possible it may choose to go over the mesh. Needs to be looked into deeper to be sure that can not happen. |
|
IP Logged
|
|
Note: Most posts submitted from iPhone |
|
|
|
|
|
Subject :LI Mesh Network..
2014-10-10- 13:15:56
|
|
|
| kc2zqo |
|
|
| Member |
|
Joined: 2013-11-25- 18:52:22
Posts: 6
Location: |
|
|
|
|
|
Forum :
L.I./NYC
Topic :
LI Mesh Network
We have a facebook group for Long island meshers all are welcome LI Mesh Network https://www.facebook.com/groups/LIMeshNetwork/
|
|
IP Logged
|
|
Last Edited On: 2014-10-10- 13:17:48 By kc2zqo for the Reason
|
|
Asterisk |
|
|
|
|
|
Subject :Re:Re:Virtual Tunnels..
2014-10-10- 12:30:29
|
|
|
| k5dlq |
|
| Member |
|
Joined: 2012-05-11- 08:05:13
Posts: 233
Location: Magnolia, TX USA |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
yes, i understand. this is just one step in my testing. Next, is to get a remote (across the internet/beyond my home router) client to connect. I would not expect to run in this (m2 to wrt) architecture in a normal situation. ;-)
D.
Also, the Bullet M2 is the client, so no tunneling "into" the M2. The server is on the 54GS.
|
|
IP Logged
|
|
Last Edited On: 2014-10-10- 12:32:50 By k5dlq for the Reason
|
Darryl - K5DLQ
www.aredn.org |
|
|
|
|
|
Subject :Re:Re:Virtual Tunnels..
2014-10-10- 12:20:57
|
|
|
| AE6XE |
|
| Member |
|
Joined: 2013-11-05- 00:09:51
Posts: 116
Location: |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
In regards to using the linksys as a switch for UBNT devices in context to running vtund... This configuration still has the WAN port only on the linksys. To tunnel to the UBNT would be like connecting up in the middle of a mesh rather than the edge of the mesh. It could be 1 hop (via DTD) or 10 hops (via RF, DTD) into the mesh, increasing points of failure with each hop, but identical in config files. The linksys would be routing the traffic and need to port forward into the mesh for incoming vtund client connections. Nothing special to run the vtund client on the UBNT, except olsrd could change the default gateway and break the tunnel connection. This architecture isn't typical/optimized/recommended, but technically could work. |
|
IP Logged
|
|
|
|
|
|
Subject :Re:Re:Virtual Tunnels..
2014-10-10- 11:47:42
|
|
|
|
|
|
|
Subject :Re:Re:Virtual Tunnels..
2014-10-10- 11:45:27
|
|
|
| SM7I |
|
|
| Member |
|
Joined: 2012-04-30- 14:56:55
Posts: 79
Location: JO65mo |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
One other positive benefit of running unecrypted is that we don't have the overhead traffic otherwise generated by encryption which makes it possible to run the solution over fairly low bandwidth providers like the NMT system running on 450 Mc up north in Sweden where GSM doesn't cover vast areas. |
|
IP Logged
|
|
IT infrastructure and security professional |
|
|
|
|
|
Subject :Re:Virtual Tunnels..
2014-10-10- 11:37:31
|
|
|
|
|
|
|
Subject :Re:Re:Virtual Tunnels..
2014-10-10- 11:32:06
|
|
|
| SM7I |
|
|
| Member |
|
Joined: 2012-04-30- 14:56:55
Posts: 79
Location: JO65mo |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
I don't disagree with you, but there were questionmarks about this in the early discussions and we chose to be on the safe side. Also, some rules and regulations may vary depending on DXCC. |
|
IP Logged
|
|
IT infrastructure and security professional |
|
|
|
|
|
Subject :Re:Virtual Tunnels..
2014-10-10- 11:21:00
|
|
|
| k5dlq |
|
|
| Member |
|
Joined: 2012-05-11- 08:05:13
Posts: 233
Location: Magnolia, TX USA |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
Yes, but as GRE is not related to Part 97, since, that encryption is not done over RF. It's only done over the tunnel and the tunnel is only over the WAN port. |
|
IP Logged
|
Darryl - K5DLQ
www.aredn.org |
|
|
|
|
|
Subject :Re:Re:Virtual Tunnels..
2014-10-10- 11:00:40
|
|
|
| SM7I |
|
|
| Member |
|
Joined: 2012-04-30- 14:56:55
Posts: 79
Location: JO65mo |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
Yes, we use the GL models with GRE tunneling. About encryption and why we also chose GRE is that in the early discussions it came up a need to comply with fcc part 97 that states that hamradio may not be encrypted, thus we did not need a heavier implementation.
About NAT, yes it is given that you have to either use DMZ mode or do forwarding in some way or publish the node directly onto internet, but given the fact that we use Linux there are no issues in hardening the node for a rather experienced Linuxuser.
GRE works very well and we have done a proof-of-concept solution involving mostly Sweden, but also Spain, Hawaii and Canada. |
|
IP Logged
|
|
IT infrastructure and security professional |
|
|
|
|
|
Subject :Re:Virtual Tunnels..
2014-10-10- 10:52:03
|
|
|
| k5dlq |
|
|
| Member |
|
Joined: 2012-05-11- 08:05:13
Posts: 233
Location: Magnolia, TX USA |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
So, to make sure I understand completely... my current WRT54GS v2 has the following in the /etc/vlan file.. config switch eth0
option vlan0 "1 2 3 4 5*"
option vlan1 "0 5"
---------- You suggest that I change to: config switch eth0
option vlan0 "1 2 3 4 5*"
option vlan1 "0 5"
option vlan2 "0t 1t" -------- Then, I can plug the UBNT M2 into the LAN port 1 (next to the WAN port 0). This way, LAN port 1 is tagged and will bridge to the WAN port.
do I have that correct?
|
|
IP Logged
|
|
Last Edited On: 2014-10-10- 10:55:40 By k5dlq for the Reason
|
Darryl - K5DLQ
www.aredn.org |
|
|
|
|
|
Subject :Re:Virtual Tunnels..
2014-10-10- 10:30:41
|
|
|
| AE5CA |
|
| Member |
|
Joined: 2012-05-19- 21:52:33
Posts: 81
Location: |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
It is possible to use a WRT54 to be you switch. The principle is kind of their in the instructions to activate dtd-linking on the WRT's at http://ubnt.hsmm-mesh.org/products/BBHN/wiki/HowTo/Enable%20DTDLINK%20on%20Linksys?version=1 Basically if you edit the /etc/vlan.conf file to add one of the Lan Ports to Vlan 1 you can use a WRT as the smart switch.
option vlan1 “3t 4 5t” Will provide internet to a ubnt node plugged the lan port next to the wan port. You would probable want to DTD link the two nodes as well with a:
option vlan2 "3t 5t" Clint, AE5CA
|
|
IP Logged
|
|
|
|
|
|
Subject :Re:Ubiquiti M2HP..
2014-10-10- 09:54:53
|
|
|
| KG6JEI |
|
|
| Member |
|
Joined: 2013-12-02- 19:52:05
Posts: 516
Location: |
|
|
|
|
|
Forum :
UBNT Firmware
Topic :
Ubiquiti M2HP
We do not utilize the LED's during normal operation for signal strength indication we currently normally use them for status information to provide easy user feedback as to the node operational status. Top solid green (Link4) generally mean the node has finished starting, flashing is early in the boot process has begun but not yet successfully finished. Red (Link1) means we have a connection established with a neighbor (nodes should begin showing up in the status list) Remaining 2 are reserved for future use. |
|
IP Logged
|
|
Note: Most posts submitted from iPhone |
|
|
|
|
|
Subject :Re:Re:Virtual Tunnels..
2014-10-10- 08:52:30
|
|
|
| k5dlq |
|
|
| Member |
|
Joined: 2012-05-11- 08:05:13
Posts: 233
Location: Magnolia, TX USA |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
good point. i just ordered a GS105E on Amazon for $45. problem solved. ;-) |
|
IP Logged
|
Darryl - K5DLQ
www.aredn.org |
|
|
|
|
|
Subject :Re:Ubiquiti M2HP..
2014-10-10- 08:47:33
|
|
|
|
|
|
|
Subject :Re:Re:Virtual Tunnels..
2014-10-10- 08:24:12
|
|
|
| AE6XE |
|
|
| Member |
|
Joined: 2013-11-05- 00:09:51
Posts: 116
Location: |
|
|
|
|
|
Forum :
General
Topic :
Virtual Tunnels
In the sense that this is a linux computer and we can program it do to anything, yes.
You might trial-n-error attempt to swap around the physical interfaces (eth0, eth0.1) assigned to the logical interfaces (LAN, WAN) in /etc/config/network UCI config file (risk is you revert to tftp to reload an image).
I believe this will break the setup gui code (don't do a 'save' in setup). You may wish to allow 2222, 8080, and 1978 ports open from WAN to access the node. Conrad may know if other hardcoded physical interface dependencies of what might break. The firewall zones and olsrd are based on the logical interface definitions (WAN, LAN, etc.), so 'should' still work.
config interface lan
option ifname "eth0" <- change to "eth0.1"
config interface wan
option ifname "eth0.1" <- change to "eth0"
~$65 for a GS105E is a known path from A to B... |
|
IP Logged
|
|
Last Edited On: 2014-10-10- 08:26:26 By AE6XE for the Reason formatting...
|
|
|
|
|
|
Subject :Re:Ubiquiti M2HP..
2014-10-10- 08:04:33
|
|
|
|
|
|
