OK, trying something a bit interesting here, I want to be able to tunnel into AREDN over the internet from my phone.
So far I got the wireguard server set up on AREDN, I got *most* of the Wireguard client set up, I realized that the wireguard password seems to be formatted as such:
[public key][???][pre-shared key]
I have no clue what the middle segment is, it doesn't appear to be any other known key (or have to do with anything I can figure out), not even sure if I need it.
My main hang-ups are:
I've been trolling around the code today trying to make heads or tails of some missing gaps. Any ideas?
I've included my configuration below, AFAIK: it *looks* correct, but I'm clearly missing something unless AREDN uses an incompatible fork of Wireguard. Also while that DNS IP is of my node, I'm trying to connect to a node via IP just to eliminate DNS as being the problem (of course no return packets and no confirmed connected client on AREDN shows clear issues on dataflow)
So far I got the wireguard server set up on AREDN, I got *most* of the Wireguard client set up, I realized that the wireguard password seems to be formatted as such:
[public key][???][pre-shared key]
I have no clue what the middle segment is, it doesn't appear to be any other known key (or have to do with anything I can figure out), not even sure if I need it.
My main hang-ups are:
- I connect, traffic transmits, but nothing returns
- AREDN does not display a connected wireguard client (nor active server FWIW)
- I cannot find Wireguard logs on the AREDN node to even begin to troubleshoot what is going on here
- The "Addresses" I have listed on the interface is set to the address on my server node, but when I connect to AREDN nodes the IP that my node uses is offset from the address listed on the AREDN server node, so I feel this may be off, plus I'm not sure the subnet
- I double checked these keys via "wg show" commands on the AREDN node
I've been trolling around the code today trying to make heads or tails of some missing gaps. Any ideas?
I've included my configuration below, AFAIK: it *looks* correct, but I'm clearly missing something unless AREDN uses an incompatible fork of Wireguard. Also while that DNS IP is of my node, I'm trying to connect to a node via IP just to eliminate DNS as being the problem (of course no return packets and no confirmed connected client on AREDN shows clear issues on dataflow)
AFAIK, the tunnel feature in the AREDN firmware only works between 2 devices running the AREDN firmware.
If you only have wifi internet available then you can use the above devices so long as you have a model with two radios. Make one radio the wifi connection, the AREDN software gives you a connection over a tunnel, and then use the other radio to establish local LAN wifi and connect your phone.
If you have no internet wired or wireless but have cell phone coverage, you can use a cell phone to make a local hotspot. Then use one of the above devices to connect to the hotspot and make a tunnel over the internet thru the hot spot.
AFIK there is no way to do this without another device, but the device can be small and easy to take with you. Many of the GL.iNET devices run from USB power so you can use a simple battery pack.
Ed
Edit: I just looked at the GL-E750V2 (MUDI) and it has a built in battery ... and an ethernet port! I don't see this specific model (V2) on the supported devices list ... will this device accept firmware and work as an AREDN device?
*entirely* possible -- I'm generally assuming this is an off-the-shelf wireguard binary with a bunch of tooling slapped on top to make setup easier for AREDN to AREDN tunnels and therefore *should* be compatible with other wireguard clients if you set it up correctly. If it's a custom binary, I could do other things (eg: put a VPN server behind the AREDN node inside of the LAN), but I was going to try to do something native first (and write up a handy tutorial on it).
@K7EOK
Oh yeah local WiFi is 100% an option (that I may take advantage of at some point), for now I'm eyeballing solutions to effectively "dial" into the mesh over the internet for convenience's sake (obviously not useful during an event when our internet/wireguard tunnels are offline and we're relying on RF), native wireguard is the best option because it's something I can write up tutorials for and make *super* accessible to everybody. In lieu of that I'll just deploy a machine inside of the LAN side of the mesh and install a VPN server there and use that to bounce.
I pushed it to the back burner since that..
Not sure if that helps..