Update all nodes on your mesh with AREDN 3.0.2. (At least all the nodes connected to the internet). This is necessary to have the proper firewall configuration on all nodes. To avoid routing failures, if a given mesh has a tunnel and one or more advertised gateway nodes, then the tunnel node must be one of those advertised gateways.
Tunnel nodes by definition will need to be connected to the internet. These instructions assume an internet connection and they will fail without one. You will need to have VLAN capable switch (such as a Netgear GS105E) configured to provide both Internet and LAN Ports to the node.
You may wish to setup your tunnel node to support D-t-D linking if it is not the main connection to your mesh.
The instructions below show both a long and a short URL for the installation scripts. The pictures show the long form but either can be used.
Client: wget http://bit.ly/meshvpnclient2
Server: wget http://bit.ly/meshvpnserver2
If you use the short url the second command will be:
Client: sh meshvpnclient
Server: sh meshvpnserver
Contact the person managing the tunnel server you wish to connect to and provide them the name of your Client node. They will need to give you the URL or IP address of the tunnel server, the password for the connection, and the IP address for the tunnel connection (172.31.xx.yy).
As an example, I have a tunnel server at 192.168.1.130 and the password I set up on the tunnel server was “abcdefghij” (please use a stronger password), and the tunnel connection ip address is 172.31.54.200 then to set up a client connection on your node you would:
Log in to you node using a terminal program such as putty.exe
Run the two setup lines.
wget http://usercontent.bbhndev.org/K/5/K5DLQ/client/setup_vpn
or
wget http://bit.ly/meshvpnclient
sh setup_vpn
or
sh meshvpnclent
Enter y to reboot your node
After rebooting your node, log into the web interface.
Click on Setup and enter root for the user and your password for the node
Click on the Tunnel Client tab. Enter the URL or IP of your tunnel server, the password provided, and the IP address of the tunnel connection. Make sure the enabled box is clicked and then click add.
Click Save Changes and if the tunnel server is up and running you should soon be connected to the Tunnel Server.
Once the server and the client exchange information, you should be able to see the tunnel in your mesh status screen
Your tunnel server node will need to be accessible from the internet. This will require either a static ip (not common) or using a service such as dyndns.com to provide a URL for your connection and to update the dynamic IP of your connection. In most cases, once you have set up the account with the dynamic ip service, you update your home router to update the service when your IP address changes. You will also need to forward port 5525 tcp from your router to your tunnel server. You will need to consult your router manual for instructions to perform this setup.
The server setup is similar to the Client except, that after you log into your node using putty the wget command will be:
wget http://usercontent.bbhndev.org/K/5/K5DLQ/server/setup_vpn
or
wget http://bit.ly/meshvpnserver
Then you run
sh setup_vpn
or
sh meshvpnserver
Enter y to reboot your node
After rebooting your node, using the web interface go into the setup/Tunnel Server. You can then enter the node name, and password for each client you wish to be able to connect to your node. The tunnel connection IP is provided for you. Click the active box and add for each connection. Click Save Changes and you will be ready to receive connections from a client.
The intention is to make the tunnel setup a part of the main firmware in a near term release. Until then these scripts should get you started.
Good Luck!
Clint, AE5CA
Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer