I have (2) Issues.
#1 - I have an Raspberry Pi on the switch port and I am not able to get updates when using this switch. The computer however on the same port has no issues with internet access. Not knowing much about VLAN's, I am assuming the RPi is having issues with the VLAN setup ?
#2 - I would like to join / tunnel into an Existing Mesh Network via internet link, but not exactly sure what needs to be set or how.
Is there a easy way to test the routing to the Tunnel 172.. address? Has someone already written a guide besides the setup under documentation.
I saw an earlier post regarding the 5525 port blockage. Even setting my Comcast router to bridge mode, the online "Open Port" utilities show it is closed.
I am using a NetGear GS108Ev3 switch, configured as:
<Comcast Modem/Router>
<NetGear Switch> - WAN Port
<Bullet Node> - VLAN 2 Port.
<Computer> - LAN Port
<Raspberry PI> - LAN Port
Hope someone can tell me what I need to do in order to get the RPi able to access repositories when using the NetGear switches.
73 N4LDR
I have seen this behavior as well with one of my Pi's. Haven't researched it further, but, you can issue the following command at every boot of your Pi:
route add default gw 10.x.x.x
(where 10.x.x.x is the eth0 address of the node that the Pi is attached to)
#1) The RasPi may be configured by default to have a static IP address (192.168.1.1?) and be a DHCP server on its port so when you connect a laptop, the laptop receives an IP address and you can connect. (What OS is installed?) If so, you need to change the network configuration so that it receives an IP from the AREDN node. It will receive a 10.x.x.x address like a laptop and have access to the internet in the same way. To access the RasPi from another laptop on the mesh network, you would need to use its assigned 10.x.x.x address (and could advertise a mesh service to have a link in mesh status).
#2) There's no out-of-box way (something in the setup menus) in AREDN to do a port forward from the internet into the mesh network. This could only be done by someone that knows linux routing (iptables) and vi to edit the appropriate config files under the hood. This is something on the list to add in another release. Note, there is an AREDN menu option to forward from the internet to a computer on the internet gateway's LAN, but not beyond the gateway node into the mesh network.
Can you clarify what device is plugged into each port of the GS108Ev3 switch? Something looks amiss, but may just be the notation.
Port 1 = Comcast modem/router
Port 2 = Bullet
Port 3 = Computer
Port 4 = Raspberry Pi
Port 5 = open
Port 6 = open
Port 7 = open
Port 8 = open
Currently I have (2) Nodes, with only one being used at a time until I get thru some of these issues. I also see when looking at the tunneling directions to SSH into the Node.. This is something I have not been able to do on either node, not through the switch or direct to computer ethernet when issuing the "ssh root@10.x.x.x lan address. Both node have 3.15.1.0b02 installed.
The Raspberry Pi is getting the Address from the (NODE A) DHCP and shows that node as the gateway address. I also have the Pi mac: reserved in the Node. Currently the Pi has Wheezy installed. Never really gotten deep into Linux so still learning something new all the time.
The NODE A - Shows the Comcast Router Address as the gateway.
Here is my setup, re-arranged the order to make it easier for me to remember the porting.
Port 1 = (WAN) - Comcast modem/router
Port 2 = (NODE A) - Bullet
Port 3 = (LAN A) - Computer
Port 4 = (LAN A) - Raspberry Pi
Port 5 = (LAN A) - Cisco 7961 Ip Phone
Port 6 = (LAN A) - open
Port 7 = (NODE B) - NanoStation
Port 8 = (LAN B) - open
And the Configuration:
and the rest of the configuration
Switch config looks good. With ssh the nodes are expecting incoming connections on port "2222" and not the default "22". Consequently, try "ssh -p 2222 root@<IP or hostname>". However, in beta02, you should be able to configure the tunnel client from the setup menus and avoid the ssh commands (obsoleted the need to do command line).
There shouldn't be any issues with vlan packets for the rasPi. The switch is configured such that all packets going to the RasPi will be untagged and for the reverse direction, the switch won't do anything with a packet if the RasPi sends a tagged packet--all traffic in/out of the switch on the LAN ports can only be untagged to go anywhere. The bullet is the router-gateway between the RasPi and your home network. I'd recommend debugging by "ssh root@<RasPi IP>" and running the command, "traceroute 8.8.4.4". You should see the following path:
1 localnode.local.mesh [10.x.x.x] <- the bullet on port 2
2 192.168.1.1 <- or whatever your home network router is
3 An IP address of your service provider
4 ... and so on
how far does it get? the RasPi may have access to the internet, but have other road blocks for updating packages.
One option you might consider is loading OpenWRT on to the RasPi, which AREDN is based on. The out-of-box user interface, called Luci enables configuring the network of the device without having to know linux--installing packages, setting up all the interfaces, etc. Many widely used packages have Luci plugins for configuring in the UI. If you are digging further into linux, it would also be less confusing to be looking at one flavor of linux on both AREDN and RasPi.
Joe AE6XE
Thanks so much for the assistance, if nothing else I am learning a lot of Linux and Networking.
I thought I had the switch configured correctly. Still new with these smart switches.
The node assigned the IP for the Raspberry Pi, so I just assumed it was handling the gateway information. Just added the routing to the /etc/network/interfaces file.
I was not aware of the port "2222" for sshing into the nodes. That worked perfectly, although not needed.
Now for the hard question... how to use tunnel to bridge my nodes with another via internet.
How do you port forward 5525 to a different IP Range / Subnet that is on the switch?
Do you just forward to the Smart Switch IP address ?
to tunnel to another node on the internet, just setup a tunnel client on your node and make sure that whoever you are connecting to has a tunnel server setup on their node.
Or
vice versa.
IF you are the tunnel server, you need to port forward your internet router to pass port 5525 to your node's WAN address.
I am using Comcast/Xfinity Modem/Router. Comcast's router IP range is 10.0.0.x / netmask 255.255.255.0
The Node behind the switch is 10.0.46.x / netmask 255.255.255.248
When trying to port 5525 to the node's address I get the error message on the router, any idea's around it ?
look on your node status page.
You need to look for the WAN IP address and forward to that. it should be a 10.0.0.x according to your internal network addressing scheme.
Thank you. For some reason I thought it had to direct to the MeshNode's gateway.
Agreed! I can't stand being forced to use ISP-supplied routers. There's almost always something I want to do that it won't let me do, or a misfeature that I can't turn off, or a security bug that can't be patched. I build my own Linux boxes to act as my routers.
Things might get easier with IPv6 since it eliminates the #1 home-router-related hassle, that of making a server on your LAN accessible from the outside world. NAT and port forwarding become relics of the past.
No Joy on Tunneling !
I upgraded all nodes to b04.
Cable Modem in Bridge Mode, to Router with port #5525 to Mesh Node's WAN.
Server Node:
Tunnel Server DNS Name = Address of Cable Modems IP address
Client Node: Server Address = Address of Cable Modems IP Address, password and the 172.x.x.x address on the tunnel server.
All Enabled Check boxes are enabled, Nodes have been rebooted. Never get an Active Status.
SSH'd into each Node...
Tunnel Server:
>ps|grep vtun
3998 root 2620 S vtund[s]: waiting for connections on port 5525
Tunnel Client:
>ps|grep vtun
6221 root 2620 S vtund[c]: (Client Name-172-31-171-1 connecting to Tunnel DNS name. (This is pingable)
Any suggestions as to how to text, find where the failure is happening ?
Running out of idea's.
73 N4LDR (Loren)
one thing to try:
SSH into the CLIENT node, try and "telnet <your tunnel server IP> 5525"
if you get a "VTUN 3.x" response, you know it is routing through the internet/cablemodem/router/server node properly.
Thanks for the information.
I was not able to telnet using port 5525.
I edited etc/config.mesh/firewall and /etc/config.mesh/vtun using port #2250
Still was not able to connect or telnet.
edited /tmp/vtun/vtundsrv.conf and changed the port and issues vtund -s -f vtundsrv.conf and the tunnel works.
How can I make this change persistant. Everything I have tried, upon rebooting. the node is still listening on 5525.
in /etc/config/vtun,
after the line: config options
add:
option port 2252
then restart the node.
I am trying to do a tunnel (unsuccessfully) with another ham who has Comcast, so I thought I would try the alternate port number.
I changed the port number in firewall_tun and added the line in vtun, saved and rebooted. But it seems that my server node is "not listening" on 2252 (according to portqryui). It is not listening on 5525 either - which it was before.
So did I miss something?
Tnx
Ken
sorry: this is with 3.15.1.0b4 and Rocket M2
you must make sure that you have a valid client defined in order for the vtun service to start. If you have no clients listed, then the server will not start.
try a:
ps -w|grep tun
and check the output
it looks like it's running:
1335 root 2620 S vtund[s]: waiting for connections on port 2252
but not listening:
TCP port 2252 (unknown service): NOT LISTENING
portqry.exe -n 192.168.1.190 -e 2252 -p TCP exits with return code 0x00000001.
does that make any sense? Before, it *was* listening... but my local local client was showing as active and now its not.
Ken
I changed my files back to 5525 and now my server is LISTENING again. I do not know why I could not make 2252 work. I actually changed the port number in 3 files, although I am sure one of them was redundant being overwritten anyway on save/reboot.
My colleague changed his connection from Comcast to Verizon and his tunnel connection came up :-)
Given that Comcast still has a few customers who have not yet quit, you might want to seriously consider make this port change a "feature".
Thank you and 73
Ken
The firewall rules of an AREDN node explicitly define what incoming ports are allowed. To change the port # in the vtun config files would also necessitate going into the following files to change the port # accordingly (then reboot or restart firewall):
/etc/config/firewall
/etc/config.mesh/firewall
Joe AE6XE
That did it ! Thanks Much.
Not sure why 5525 is blocked by my provider.
Maybe it would be a nice feature in the Tunnel Section to also have a Location to specify a Port# instead of manual edits.
yeah. I built it be configurable, but, this version just doesn't expose that in the web interface. Maybe in the future if there is demand.