Difference between revisions of "First Time Setup"

Jump to navigation Jump to search
 
(29 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
{{Tip | Before continuing, connect to your mesh node using the '''MassMesh.org''' wireless network or by connecting directly to the mesh node, like in [[Mesh Node Troubleshooting]].}}
 +
 +
{{Tip | Access your mesh node by navigating to http://192.168.42.1 in your web browser.}}
 +
 
== Setting Your Password ==
 
== Setting Your Password ==
 +
 +
[[File:No_password.png|thumb|When you first boot your mesh node, there is no admin password set.]]
 +
 +
When you first boot your mesh node, there is no password set. This is quite dangerous, so OpenWrt will disable many useful features until you set one. Therefore, it is important that you set one up right away.
 +
 +
{{Warning|This is not the same thing as a wi-fi password. Your admin password should be a secret.}}
 +
 +
To set a password, complete the following steps:
 +
* Navigate to "System > Administration" in the left-hand menu of OpenWrt
 +
** [[File:Set_password_screen.png|frameless|Enter your desired password twice, and click "Save."]]
 +
* Enter your desired password twice, and hit Enter or click "Save."
 +
 
== Enabling Remote Support ==
 
== Enabling Remote Support ==
 +
 +
Following these steps, you will allow a maintainer to log into and use your mesh node remotely -- as long as it's connected to the global Yggdrasil network. See [[#The Yggdrasil Page]] if you think you may not be connected to the rest of the Yggdrasil network.
 +
 +
In order to enable remote support, you will need to:
 +
# Authorize the maintenance team to access your mesh node
 +
# Allow SSH over Yggdrasil
 +
 
=== Authorize the Maintenance Team to Access Your Mesh Node ===
 
=== Authorize the Maintenance Team to Access Your Mesh Node ===
 +
 +
{{Note|You must first [[#Setting Your Password|Set Up a Password]] before adding authorized remote users.}}
 +
 
# Navigate to System > Administration
 
# Navigate to System > Administration
 
# Select the "SSH-Keys" tab
 
# Select the "SSH-Keys" tab
## You should see something like this
+
## [[File:SSH_Keys_Screen_owrt.png|frameless|The ssh-keys tab.]]
 
# Enter the following keys, clicking "Add Key" in between each
 
# Enter the following keys, clicking "Add Key" in between each
 
<pre>
 
<pre>
...
+
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqb+eTvCL3tilg3xKpLdClC0BuJiDXCiIsgYhoO5/6Rf6u/FGQYUGPwyhCqoXNeGhUhAIHUvD+HIcMfvFgdTRJ/K7uSe35FmrobT3QGpKMLwq2+HJNhIbK18n4SeL74JGfntnecw2Wbfd9qy9UAyM7422BVttGDcgRZzaj+Lzf5hc4gLT8J3zv8ybLOAxFOcwQV+TPg76jMIHr7BnAIxCQZEOsFydNINnJLn5WjezzeDvX2sTJbLe7lsHE8oE7YDyZxFw39F9t8AGg96xgnTJvYv9JG3dczgTicB+dj1C0FnlhZD8o9k6xcMex2mSpR2jmcf8TluFladVuQlP4/oEiz0rOZ7PAYC5BWXx1i4PwWm/Xas3TcGg1WokWSAcijUpeqhkEekQk4RXWfrdKDoGLQF3rAbmdD9gz4MuxuNoyXKmdhvwsBeqzNnADqHllcw95+gNVYUJz1VNM2oPfNvHtOY624YY9rWy/uL6plocM07Vtvf8/CKuQ+fPIcRhwJDk= lurker@join-or-die
...
+
 
 +
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA3nzI6T6Lpd5xFoRewcx91Dv9sUzNNmdYfwOleemBFz0y3RaQElehUWasyjuIURZw7RL5EjvrqeQq9pe/lO99dO0F9yMuMsMH2t88YrVJQ/z/5Aa4I2zYQotKb/9CCfynsy41y5xywxtOwXiDk2kpo+c9VZCyCeW8Hnc9HaIpkKSLnkqDVhESzlrkYyNKZvUAL1hiFIzmmw/veFgRb7/ol76Ze3xsWugbHUECEIAKoz/8uaevOAAoJrMFhffFIQ8IfClqDZv2lnBBhvh1O9TO0Mg4klcieyQ1RZhMjeP4WnAa9PXP7xZlQHLgO9qO1jDd2sOdkX6EedCfX5jO4Y51HPJpV35uYumw3veftMlpIJFmA2eIQxU19SCYpojWRGXZ5v9WtFIHX2nGy+Gi1bk7TR+HBsCDXOPhhQk4ceIM4OonqEb1NJ57elxh6mFbDAQCZtYhRLqYvcyGpuBdVdLNOJbOZ7vBJY3Kfjxa87rvFIJheT6DXhpdRayeOovLm0vuJ53bZoWxWOqjpuigQqHtSB3OmintrKB916BhNFsHwPeZpK0ahZGFygV63REM/X8m0nOlHqyAY69uzLHyYXM83zAI1L5Y4wuzsVqO+1tnK6PMcfg5/DArjBrn7YqA5tzJY9EgdVVPjpgjD2yYYTOP6b3UUw4uFj3asnOX24dfVzk= ward@countzero
 +
 
 +
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVi8ExDYdV7EfkjQiMZA3o0QtjVNtd0wVzp9n1xFqY1dse/zHBqrEZQKBtbrk7D/NAI4qzoogC6SbHWa8fHPyc3LJuKbxHrSC8xylByGL7nAzI7AfmsHCQ8Z+OrgI625PzVpMCY/30D/rBgR2JTlzxlA35cuOPjN5r1HHE53+mVRu62jn/wTa16ubFXaYmibpZ3C830+qsAB8RPEHJH7zknFNPponAqH7kt1I8WQL6fa2TCuxIBijzDLbtX1xH4klTeMRJTK+tmLRUUjUefD/f7lNlgce7o9zkHktO5u1hmpC95/NC2cylzU9RWglHqJ21fSg66y441lm0Y9ZUc2p7DQFQP0f6kovuPWgVPWuMCQHVPgCWqqlKfTK3Dyscn9MfsCUnN2fZY+T0fx3lutLcIOwvQc/N2EDJIb0/R+7XMrzfUDVrkGeBoG11tBkKjltdC19JrAmGAkfIcN0LMOeZT7yTlZ/f/6d5C19DegXX74owM4V4pkqs/hbpmDkvQYkSXPfVpZ9ZTVUVSBrwKVaVX9A1hTXjIzfsuoZheMIdlakt0qSIuukyaIxzi1aAH67nR0kp+XCLldBDXGKQXah+mIGQPDBwWFR34re40jzxKmvLT+Dq+5yASgoLDbul8IYDJa2r7yYZQu+EgsW24p62q+y041wW4YIGBJs/cQqpCw== stephen304@gmail.com
 +
 
 
</pre>
 
</pre>
  
=== Enable the SSH over Yggdrasil Firewall Rule ===
+
=== Allow SSH over Yggdrasil ===
 
# Navigate to Network > Firewall
 
# Navigate to Network > Firewall
 
# Select the "Traffic Rules tab
 
# Select the "Traffic Rules tab
## You should see something like this
+
## [[File:Firewall_traffic_rules_tab_owrt.png|frameless|The network firewall traffic rules tab.]]
 
# Scroll down to "Allow-SSH-Yggdrasil"
 
# Scroll down to "Allow-SSH-Yggdrasil"
 
# Enable the Accept input checkbox
 
# Enable the Accept input checkbox
## You should see something like this
+
## [[File:Enable_ssh_over_yggdrasil_firewall_rule_checked.png|frameless|Enable the ssh-over-yggdrasil firewall rule.]]
 
# Click "Save and Apply"
 
# Click "Save and Apply"
## The button looks like this
+
## [[File:firewall_save_and_apply.png|frameless|Click save and apply]]
  
 
== The Diagnostic Page ==
 
== The Diagnostic Page ==
 
== The Yggdrasil Page ==
 
== The Yggdrasil Page ==
 +
 +
[[File:Peers.png|thumb|A working mesh node should have several peers.]]
 +
 +
One of the most helpful screens for troubleshooting is the Yggdrasil page. This page is entirely focused on your mesh node's status ''within the global Yggdrasil mesh network.'' You can access the Yggdrasil page by selecting "Network > Yggdrasil" on the right-hand menu in OpenWrt.
 +
 +
=== Important Yggdrasil Information ===
 +
 +
You can view important information about your mesh node in the Yggdrasil screen. Among other things, you can view your node's static [https://en.wikipedia.org/wiki/IPv6 IPv6] address and [https://en.wikipedia.org/wiki/Public-key_cryptography public key.]
 +
 +
Your static IPv6 address is unique to the Yggdrasil, and never changes. It comes in handy very frequently, and is used for remote support (among other things.) Your public key is sometimes used to gain access to private resources on the Yggdrasil network. It's good to know where it is just in case you ever need it.
 +
 +
[[File:IPv6.png|frameless|Your static IPv6 address is unique to the Yggdrasil, and never changes.]]
 +
[[File:Pubkey.png|frameless|Your public key is sometimes used to gain access to private resources on the Yggdrasil network.]]
 +
 +
=== Checking for Peers ===
 +
 +
As long as your mesh node has public Yggdrasil peers, it is connected to the global Yggdrasil mesh network. This means that things like remote support will work properly. If you're interested in learning more about Yggdrasil vs. the Internet vs. the LAN, see our [[Network Architecture]] page.
 +
 +
A working mesh node should have several peers. You can see these in the following screen:
 +
* [[File:Peers.png|frameless|A working mesh node should have several peers.]]
 +
 +
If you don't have any peers, your Yggdrasil screen will look something like this:
 +
* [[File:No_Peers.png|frameless|If you don't have any peers, your Yggdrasil screen will look something like this.]]
 +
* Note the "Proto" column.... it says "self," because the only peer your mesh node has is ... itself!
 +
 +
=== Test that you can access Yggdrasil sites ===
 +
 +
You should be on the Yggdrasil network now. Verify that you are by going to ''http://[319:3cf0:dd1d:47b9:20c:29ff:fe2c:39be]/'' to view the Yggdrasil Network home page. Alternatively you can connect to YaCy, the Yggdrasil Search engine, at ''http://[300:7232:2b0e:d6e9:216:3eff:fe38:cefc]:8090/''/
 +
 
== The Internet Gateway Page ==
 
== The Internet Gateway Page ==
 +
 +
Once you are connected to the ''Yggdrasil mesh network'' (see previous section), it is time to configure the node for internet access. To do so, the node needs to be connected to an internet gateway. We use a program called [https://github.com/massmesh/autoygg Autoygg] for this purpose. You can access the Internet Gateway page by selecting "Network > Internet Gateway" in the left-hand menu in OpenWrt.
 +
 +
=== The Autoygg client status page ===
 +
 +
The '''Status''' page shows the current connection state with the configured Autoygg Gateway. On first boot, the page will show that you are '''disconnected''':
 +
 +
[[File:AutoyggStatusFirstTimeSetup.png|frameless|The Autoygg status screen for a new installation.]]
 +
 +
=== The Autoygg client settings page ===
 +
 +
On the '''Settings''' page, an Internet Gateway server can be configured. It is also possible (but not required) to populate your name, e-mail address and/or phone number, to identify yourself to the gateway owner.
 +
 +
==== Connecting to a Mass Mesh public Internet Gateway ====
 +
<section begin=autoygg_firstsetup />
 +
Mass Mesh runs a public Internet Gateway at the address '''200:83a1:3b1a:e7af:4b46:6169:8435:9280'''. If you would like to use it to connect to the internet, put that address in the '''autoygg gateway''' field and click '''SAVE & APPLY''':
 +
 +
[[File:AutoyggSettingsMassMeshGateway.png|frameless|The Autoygg settings screen with the Mass Mesh gateway configured.]]
 +
 +
At this point, the '''Status''' page will show you are not connected:
 +
 +
[[File:AutoyggStatusPageClientNotConnected.png|frameless|The Autoygg status screen with the Mass Mesh gateway configured, but not connected.]]
 +
 +
Before you can connect to the internet via the Mass Mesh gateway, one of our volunteers will need to add your node to the accesslist on the gateway server. You can request this in the '''[https://app.element.io/#/room/#mm-ap-hosts:matrix.org Mass Mesh AP Hosts chat room].''' Please provide your Yggdrasil IPv6 address when you do so, which is available on the '''Yggdrasil node status''' page:
 +
 +
[[File:IPv6.png|frameless|Your static IPv6 address is unique to your Yggdrasil node, and never changes.]]
 +
 +
Once your node is added to our accesslist, you can hit the '''Connect''' button and if that goes well, the status page will look similar to this:
 +
 +
[[File:AutoyggStatusPageClientConnected.png|frameless|The Autoygg status screen with the Mass Mesh gateway configured and connected.]]
 +
<section end=autoygg_firstsetup />
 +
 +
==== Connecting to your own Internet Gateway ====
 +
 +
It is also possible to run your own Internet Gateway server. This can be done on a cheap cloud VPS, for instance. It requires installing and running the [https://github.com/MassMesh/autoygg/blob/main/README.md Autoygg server]. If you want assistance with this, please ask in the '''[https://app.element.io/#/room/#massmeshtech:matrix.org MassMesh Tech chat room].'''

Latest revision as of 14:41, 29 March 2023

Tip: Before continuing, connect to your mesh node using the MassMesh.org wireless network or by connecting directly to the mesh node, like in Mesh Node Troubleshooting.
Tip: Access your mesh node by navigating to http://192.168.42.1 in your web browser.

Setting Your Password

When you first boot your mesh node, there is no admin password set.

When you first boot your mesh node, there is no password set. This is quite dangerous, so OpenWrt will disable many useful features until you set one. Therefore, it is important that you set one up right away.

Warning: This is not the same thing as a wi-fi password. Your admin password should be a secret.

To set a password, complete the following steps:

  • Navigate to "System > Administration" in the left-hand menu of OpenWrt
    • Enter your desired password twice, and click "Save."
  • Enter your desired password twice, and hit Enter or click "Save."

Enabling Remote Support

Following these steps, you will allow a maintainer to log into and use your mesh node remotely -- as long as it's connected to the global Yggdrasil network. See #The Yggdrasil Page if you think you may not be connected to the rest of the Yggdrasil network.

In order to enable remote support, you will need to:

  1. Authorize the maintenance team to access your mesh node
  2. Allow SSH over Yggdrasil

Authorize the Maintenance Team to Access Your Mesh Node

Note: You must first Set Up a Password before adding authorized remote users.
  1. Navigate to System > Administration
  2. Select the "SSH-Keys" tab
    1. The ssh-keys tab.
  3. Enter the following keys, clicking "Add Key" in between each
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqb+eTvCL3tilg3xKpLdClC0BuJiDXCiIsgYhoO5/6Rf6u/FGQYUGPwyhCqoXNeGhUhAIHUvD+HIcMfvFgdTRJ/K7uSe35FmrobT3QGpKMLwq2+HJNhIbK18n4SeL74JGfntnecw2Wbfd9qy9UAyM7422BVttGDcgRZzaj+Lzf5hc4gLT8J3zv8ybLOAxFOcwQV+TPg76jMIHr7BnAIxCQZEOsFydNINnJLn5WjezzeDvX2sTJbLe7lsHE8oE7YDyZxFw39F9t8AGg96xgnTJvYv9JG3dczgTicB+dj1C0FnlhZD8o9k6xcMex2mSpR2jmcf8TluFladVuQlP4/oEiz0rOZ7PAYC5BWXx1i4PwWm/Xas3TcGg1WokWSAcijUpeqhkEekQk4RXWfrdKDoGLQF3rAbmdD9gz4MuxuNoyXKmdhvwsBeqzNnADqHllcw95+gNVYUJz1VNM2oPfNvHtOY624YY9rWy/uL6plocM07Vtvf8/CKuQ+fPIcRhwJDk= lurker@join-or-die

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA3nzI6T6Lpd5xFoRewcx91Dv9sUzNNmdYfwOleemBFz0y3RaQElehUWasyjuIURZw7RL5EjvrqeQq9pe/lO99dO0F9yMuMsMH2t88YrVJQ/z/5Aa4I2zYQotKb/9CCfynsy41y5xywxtOwXiDk2kpo+c9VZCyCeW8Hnc9HaIpkKSLnkqDVhESzlrkYyNKZvUAL1hiFIzmmw/veFgRb7/ol76Ze3xsWugbHUECEIAKoz/8uaevOAAoJrMFhffFIQ8IfClqDZv2lnBBhvh1O9TO0Mg4klcieyQ1RZhMjeP4WnAa9PXP7xZlQHLgO9qO1jDd2sOdkX6EedCfX5jO4Y51HPJpV35uYumw3veftMlpIJFmA2eIQxU19SCYpojWRGXZ5v9WtFIHX2nGy+Gi1bk7TR+HBsCDXOPhhQk4ceIM4OonqEb1NJ57elxh6mFbDAQCZtYhRLqYvcyGpuBdVdLNOJbOZ7vBJY3Kfjxa87rvFIJheT6DXhpdRayeOovLm0vuJ53bZoWxWOqjpuigQqHtSB3OmintrKB916BhNFsHwPeZpK0ahZGFygV63REM/X8m0nOlHqyAY69uzLHyYXM83zAI1L5Y4wuzsVqO+1tnK6PMcfg5/DArjBrn7YqA5tzJY9EgdVVPjpgjD2yYYTOP6b3UUw4uFj3asnOX24dfVzk= ward@countzero

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDVi8ExDYdV7EfkjQiMZA3o0QtjVNtd0wVzp9n1xFqY1dse/zHBqrEZQKBtbrk7D/NAI4qzoogC6SbHWa8fHPyc3LJuKbxHrSC8xylByGL7nAzI7AfmsHCQ8Z+OrgI625PzVpMCY/30D/rBgR2JTlzxlA35cuOPjN5r1HHE53+mVRu62jn/wTa16ubFXaYmibpZ3C830+qsAB8RPEHJH7zknFNPponAqH7kt1I8WQL6fa2TCuxIBijzDLbtX1xH4klTeMRJTK+tmLRUUjUefD/f7lNlgce7o9zkHktO5u1hmpC95/NC2cylzU9RWglHqJ21fSg66y441lm0Y9ZUc2p7DQFQP0f6kovuPWgVPWuMCQHVPgCWqqlKfTK3Dyscn9MfsCUnN2fZY+T0fx3lutLcIOwvQc/N2EDJIb0/R+7XMrzfUDVrkGeBoG11tBkKjltdC19JrAmGAkfIcN0LMOeZT7yTlZ/f/6d5C19DegXX74owM4V4pkqs/hbpmDkvQYkSXPfVpZ9ZTVUVSBrwKVaVX9A1hTXjIzfsuoZheMIdlakt0qSIuukyaIxzi1aAH67nR0kp+XCLldBDXGKQXah+mIGQPDBwWFR34re40jzxKmvLT+Dq+5yASgoLDbul8IYDJa2r7yYZQu+EgsW24p62q+y041wW4YIGBJs/cQqpCw== stephen304@gmail.com

Allow SSH over Yggdrasil

  1. Navigate to Network > Firewall
  2. Select the "Traffic Rules tab
    1. The network firewall traffic rules tab.
  3. Scroll down to "Allow-SSH-Yggdrasil"
  4. Enable the Accept input checkbox
    1. Enable the ssh-over-yggdrasil firewall rule.
  5. Click "Save and Apply"
    1. Click save and apply

The Diagnostic Page

The Yggdrasil Page

A working mesh node should have several peers.

One of the most helpful screens for troubleshooting is the Yggdrasil page. This page is entirely focused on your mesh node's status within the global Yggdrasil mesh network. You can access the Yggdrasil page by selecting "Network > Yggdrasil" on the right-hand menu in OpenWrt.

Important Yggdrasil Information

You can view important information about your mesh node in the Yggdrasil screen. Among other things, you can view your node's static IPv6 address and public key.

Your static IPv6 address is unique to the Yggdrasil, and never changes. It comes in handy very frequently, and is used for remote support (among other things.) Your public key is sometimes used to gain access to private resources on the Yggdrasil network. It's good to know where it is just in case you ever need it.

Your static IPv6 address is unique to the Yggdrasil, and never changes. Your public key is sometimes used to gain access to private resources on the Yggdrasil network.

Checking for Peers

As long as your mesh node has public Yggdrasil peers, it is connected to the global Yggdrasil mesh network. This means that things like remote support will work properly. If you're interested in learning more about Yggdrasil vs. the Internet vs. the LAN, see our Network Architecture page.

A working mesh node should have several peers. You can see these in the following screen:

  • A working mesh node should have several peers.

If you don't have any peers, your Yggdrasil screen will look something like this:

  • If you don't have any peers, your Yggdrasil screen will look something like this.
  • Note the "Proto" column.... it says "self," because the only peer your mesh node has is ... itself!

Test that you can access Yggdrasil sites

You should be on the Yggdrasil network now. Verify that you are by going to http://[319:3cf0:dd1d:47b9:20c:29ff:fe2c:39be]/ to view the Yggdrasil Network home page. Alternatively you can connect to YaCy, the Yggdrasil Search engine, at http://[300:7232:2b0e:d6e9:216:3eff:fe38:cefc]:8090//

The Internet Gateway Page

Once you are connected to the Yggdrasil mesh network (see previous section), it is time to configure the node for internet access. To do so, the node needs to be connected to an internet gateway. We use a program called Autoygg for this purpose. You can access the Internet Gateway page by selecting "Network > Internet Gateway" in the left-hand menu in OpenWrt.

The Autoygg client status page

The Status page shows the current connection state with the configured Autoygg Gateway. On first boot, the page will show that you are disconnected:

The Autoygg status screen for a new installation.

The Autoygg client settings page

On the Settings page, an Internet Gateway server can be configured. It is also possible (but not required) to populate your name, e-mail address and/or phone number, to identify yourself to the gateway owner.

Connecting to a Mass Mesh public Internet Gateway

Mass Mesh runs a public Internet Gateway at the address 200:83a1:3b1a:e7af:4b46:6169:8435:9280. If you would like to use it to connect to the internet, put that address in the autoygg gateway field and click SAVE & APPLY:

The Autoygg settings screen with the Mass Mesh gateway configured.

At this point, the Status page will show you are not connected:

The Autoygg status screen with the Mass Mesh gateway configured, but not connected.

Before you can connect to the internet via the Mass Mesh gateway, one of our volunteers will need to add your node to the accesslist on the gateway server. You can request this in the Mass Mesh AP Hosts chat room. Please provide your Yggdrasil IPv6 address when you do so, which is available on the Yggdrasil node status page:

Your static IPv6 address is unique to your Yggdrasil node, and never changes.

Once your node is added to our accesslist, you can hit the Connect button and if that goes well, the status page will look similar to this:

The Autoygg status screen with the Mass Mesh gateway configured and connected.


Connecting to your own Internet Gateway

It is also possible to run your own Internet Gateway server. This can be done on a cheap cloud VPS, for instance. It requires installing and running the Autoygg server. If you want assistance with this, please ask in the MassMesh Tech chat room.