Difference between revisions of "Node Setup"

Jump to navigation Jump to search
Line 1: Line 1:
 +
Familiar with a terminal? This page will help you get your mesh node set up. You will first need to select a device and flash a firmware onto it - those instructions can be found on the device-specific page. Then, head back here to complete the rest of the set-up.
 +
 
== Communication Channels ==
 
== Communication Channels ==
 +
Need help? Here's how to get in touch:
 
* [https://riot.im/app/#/group/+massmesh:matrix.org Matrix Chat]
 
* [https://riot.im/app/#/group/+massmesh:matrix.org Matrix Chat]
 
* [https://lists.riseup.net/www/info/massmeshnet Mailing List]
 
* [https://lists.riseup.net/www/info/massmeshnet Mailing List]
 
* [https://www.meetup.com/SomervillePirates/ Weekly Meetups]
 
* [https://www.meetup.com/SomervillePirates/ Weekly Meetups]
 +
 
== Choosing a Node ==
 
== Choosing a Node ==
 
Take a look at our [[Devices|devices]] page. Because we are using Yggdrasil for encrypted routing, you will want to choose a device with an Yggdrasil speed that meets your needs.
 
Take a look at our [[Devices|devices]] page. Because we are using Yggdrasil for encrypted routing, you will want to choose a device with an Yggdrasil speed that meets your needs.
Line 10: Line 14:
  
 
Return to this page after flashing your device to finish the set-up.
 
Return to this page after flashing your device to finish the set-up.
 +
 +
== Configuring your Node ==
 +
Once your device has been flashed, the meshing software needs to be set up. Follow these steps to complete the set-up:
 +
<ol>
 +
<li>Plug your node's WAN port into a network that provides internet access. If your device has multiple ports, check the device page for which one to use.</li>
 +
<li>Navigate to the openwrt configuration page at <code>http://192.168.1.1/</code></li>
 +
<li>Log in with an empty password and follow the prompt to set a secure password</li>
 +
<li>Navigate to Network > DHCP and DNS and set DNS Forwardings to <code>1.1.1.1</code>, click "Save & Apply" at the bottom</li>
 +
<li>Use scp to send the Yggdrasil package to the node, eg. <code>scp -o StrictHostKeyChecking=no ~/Downloads/yggdrasil_0.3.5-4_aarch64_cortex-a53.ipk root@192.168.1.1:/tmp</code></li>
 +
<li>Use ssh and your node's password to access the node's command line, eg. <code>ssh root@192.168.1.1</code></li>
 +
<li>Run <code>opkg update && opkg install kmod-tun nano</code> to prepare the node for Yggdrasil</li>
 +
<li>Run <code>opkg install /tmp/yggdrasil_0.3.5-4_aarch64_cortex-a53.ipk</code> to install Yggdrasil</li>
 +
<li>Run <code>reboot</code> to fully initialize Yggdrasil</li>
 +
<li>Run ssh again to get access to the node's command line: <code>ssh root@192.168.1.1</code></li>
 +
<li>Use the command <code>nano /etc/yggdrasil.conf</code> to edit the Yggdrasil configuration. Change peers section to include a public node:</li>
 +
<pre>{ "Peers": [ "tcp://ygg.stephen304.com:56088" ],...</pre>
 +
<li>Press <code>Ctrl + O, Enter, Ctrl + X</code> to edit the text editor</li>
 +
<li>Run <code>yggdrasilctl getSelf</code> and take note of the "IPv6 subnet", for example <code>IPv6 subnet: 300:f86f:fcf9:8479::/64</code></li>
 +
<li>Navigate to Network > Interfaces in the Openwrt web configuration and find "ULA Prefix" near the bottom. Replace the value with the IPv6 subnet value from the last step (starting from 3xx and ending with /64) and click "Save & Apply"</li>
 +
<li>On the same page, click "Edit" next to "LAN" and set "IPv6 assignment length" to 64. Under the DHCP Server section in the "IPv6 Settings" tab, check "Always announce default router". Click Save & Apply</li>
 +
<li>Navigate to Network > Firewall, and find "LAN" in the "Zones" section. Press the Edit button for this zone.</li>
 +
<li>Under the "Inter-Zone Forwarding" section, add "yggdrasil" to both "Allow forward to destination zones:" and "Allow forward from source zones:". Press "Save & Apply".</li>
 +
<li>Optional: To disallow unencrypted usage of the shared internet connection, remove "WAN" from "Allow forward to destination zones:"</li>
 +
<li>Navigate to System > Administration and uncheck "Password authentication" and "Allow root logins with password". Press "Save & Apply".</li>
 +
<li>Optional: Add an ssh key to the SSH-Keys section to allow secure access to the node via ssh.</li>
 +
<li>Optional: Under Network > Firewall > Traffic Rules, check enable on "Allow-SSH-yggdrasil" to allow ssh access using the node's mesh IP</li>
 +
</ol>
 +
 +
Once these steps are completed, your node will be capable of meshing with any other similarly configured node, as well as relaying encrypted mesh traffic to nodes over the internet if an internet connection is supplied to the node. Clients of the node will also be able to access in-mesh services using mesh IPs that the node assigns to connected devices. You can test this out by visiting the [http://[203:e0b0:ec08:4e1f:f004:19a9:577a:90ba]/wiki/index.php?title=Main_Page in-mesh wiki] while connected to a LAN port of the node.
  
 
== Node Placement ==
 
== Node Placement ==

Revision as of 15:58, 14 April 2019

Familiar with a terminal? This page will help you get your mesh node set up. You will first need to select a device and flash a firmware onto it - those instructions can be found on the device-specific page. Then, head back here to complete the rest of the set-up.

Communication Channels

Need help? Here's how to get in touch:

Choosing a Node

Take a look at our devices page. Because we are using Yggdrasil for encrypted routing, you will want to choose a device with an Yggdrasil speed that meets your needs.

Flashing the Firmware

Refer to the wiki page for your device, or bring your node to one of our meetings and have it flashed for you!

Return to this page after flashing your device to finish the set-up.

Configuring your Node

Once your device has been flashed, the meshing software needs to be set up. Follow these steps to complete the set-up:

  1. Plug your node's WAN port into a network that provides internet access. If your device has multiple ports, check the device page for which one to use.
  2. Navigate to the openwrt configuration page at http://192.168.1.1/
  3. Log in with an empty password and follow the prompt to set a secure password
  4. Navigate to Network > DHCP and DNS and set DNS Forwardings to 1.1.1.1, click "Save & Apply" at the bottom
  5. Use scp to send the Yggdrasil package to the node, eg. scp -o StrictHostKeyChecking=no ~/Downloads/yggdrasil_0.3.5-4_aarch64_cortex-a53.ipk root@192.168.1.1:/tmp
  6. Use ssh and your node's password to access the node's command line, eg. ssh root@192.168.1.1
  7. Run opkg update && opkg install kmod-tun nano to prepare the node for Yggdrasil
  8. Run opkg install /tmp/yggdrasil_0.3.5-4_aarch64_cortex-a53.ipk to install Yggdrasil
  9. Run reboot to fully initialize Yggdrasil
  10. Run ssh again to get access to the node's command line: ssh root@192.168.1.1
  11. Use the command nano /etc/yggdrasil.conf to edit the Yggdrasil configuration. Change peers section to include a public node:
  12. { "Peers": [ "tcp://ygg.stephen304.com:56088" ],...
  13. Press Ctrl + O, Enter, Ctrl + X to edit the text editor
  14. Run yggdrasilctl getSelf and take note of the "IPv6 subnet", for example IPv6 subnet: 300:f86f:fcf9:8479::/64
  15. Navigate to Network > Interfaces in the Openwrt web configuration and find "ULA Prefix" near the bottom. Replace the value with the IPv6 subnet value from the last step (starting from 3xx and ending with /64) and click "Save & Apply"
  16. On the same page, click "Edit" next to "LAN" and set "IPv6 assignment length" to 64. Under the DHCP Server section in the "IPv6 Settings" tab, check "Always announce default router". Click Save & Apply
  17. Navigate to Network > Firewall, and find "LAN" in the "Zones" section. Press the Edit button for this zone.
  18. Under the "Inter-Zone Forwarding" section, add "yggdrasil" to both "Allow forward to destination zones:" and "Allow forward from source zones:". Press "Save & Apply".
  19. Optional: To disallow unencrypted usage of the shared internet connection, remove "WAN" from "Allow forward to destination zones:"
  20. Navigate to System > Administration and uncheck "Password authentication" and "Allow root logins with password". Press "Save & Apply".
  21. Optional: Add an ssh key to the SSH-Keys section to allow secure access to the node via ssh.
  22. Optional: Under Network > Firewall > Traffic Rules, check enable on "Allow-SSH-yggdrasil" to allow ssh access using the node's mesh IP

Once these steps are completed, your node will be capable of meshing with any other similarly configured node, as well as relaying encrypted mesh traffic to nodes over the internet if an internet connection is supplied to the node. Clients of the node will also be able to access in-mesh services using mesh IPs that the node assigns to connected devices. You can test this out by visiting the in-mesh wiki while connected to a LAN port of the node.

Node Placement

In order to communicate on the mesh, your node must be able to talk to other nodes in your area. Here are some suggestions to help maximize your signal:

  • If the node is weather resistant, mount it on the outside of the house or to a column facing the street
  • Indoor nodes should be placed on or near windows facing the street and other buildings

Wiring Up the Node

In addition to providing power to the node, you may also want to use the following ports on the device:

  • The WAN port (on multi-port devices) may be connected to a spare LAN port on your regular router (or directly to your modem) to share your internet connection with the mesh
  • The LAN port may be connected to a switch or any device to provide internet to that device through the mesh