Manual Configuration
Revision as of 19:25, 12 November 2019 by Stephen304 (talk | contribs)
Configuring your Mesh Node
Once your device has been flashed, the meshing software needs to be set up. Follow these steps to complete the set-up:
- Plug your node's WAN port into a network that provides internet access. If your device has multiple ports, check the device page for which one to use.
- Navigate to the openwrt configuration page at
http://192.168.1.1/
- Log in with an empty password and press "Go to password configuration..." to set an administrator password
- Optional: Add an ssh key to the SSH-Keys section to allow secure access to the node via ssh.
- Enter a new password, uncheck "Password authentication" and "Allow root logins with password". Press "Save & Apply".
- Navigate to Network > DHCP and DNS and add 2 values for DNS Forwardings:
200:c493:950a:d576:a413:faef:990b:fb76
and1.1.1.1
, click "Save & Apply" at the bottom - Use scp to send the Yggdrasil package to the node, eg.
scp -o StrictHostKeyChecking=no ~/Downloads/yggdrasil_0.3.5-4_aarch64_cortex-a53.ipk root@192.168.1.1:/tmp
- Use ssh and your node's password to access the node's command line, eg.
ssh root@192.168.1.1
- Run
opkg update && opkg install kmod-tun nano
to prepare the node for Yggdrasil - Run
opkg install /tmp/yggdrasil_0.3.5-4_aarch64_cortex-a53.ipk
to install Yggdrasil - Use the command
nano /etc/yggdrasil.conf
to edit the Yggdrasil configuration. Change peers section to include a few public nodes: - Press
Ctrl + O, Enter, Ctrl + X
to edit the text editor - Run
yggdrasilctl getSelf
and take note of the "IPv6 subnet", for exampleIPv6 subnet: 300:f86f:fcf9:8479::/64
- Run
reboot
to fully initialize Yggdrasil - Navigate to Network > Interfaces in the Openwrt web configuration and find "ULA Prefix" near the bottom. Replace the value with the IPv6 subnet value from before (starting from 3xx and ending with /64) and click "Save & Apply"
- On the same page, click "Edit" next to "LAN" and set "IPv6 assignment length" to 64. Under the DHCP Server section in the "IPv6 Settings" tab, check "Always announce default router". Click Save & Apply
- Navigate to Network > Firewall, and find "LAN" in the "Zones" section. Press the Edit button for this zone.
- Under the "Inter-Zone Forwarding" section, add "yggdrasil" to both "Allow forward to destination zones:" and "Allow forward from source zones:". Press "Save & Apply".
- Optional: To disallow unencrypted usage of the shared internet connection, remove "WAN" from "Allow forward to destination zones:"
- Optional: Under Network > Firewall > Traffic Rules, check enable on "Allow-SSH-yggdrasil" to allow ssh access using the node's mesh IP. Click "Save & Apply".
{ "Peers": [ "tcp://50.236.201.218:56088", "tcp://45.76.166.128:12345", "tcp://45.77.107.150:34660", "tcp://108.175.10.127:61216", "tcp://198.58.100.240:44478" ],...
Once these steps are completed, your node will be capable of meshing with any other similarly configured node, as well as relaying encrypted mesh traffic to nodes over the internet if an internet connection is supplied to the node. Clients of the node will also be able to access in-mesh services using mesh IPs that the node assigns to connected devices. You can test this out by visiting the in-mesh wiki while connected to a LAN port of the node.
Gateway Config
DIAG
tcpdump -nqi any net 4.2.2.1 ip a | grep 200 # think metric as in "cost" -> higher is lower priority ip route del default via 192.168.42.1 dev enp0s25 ip route del default via 192.168.42.1 dev enp0s25 metric 700 ./build -d # build w/ debug flag env PPROFLISTEN=localhost:6060 ./yggdrasil -useconffile /etc/yggdrasil/yggdrasil.conf http://localhost:6060/debug/pprof/ ./yggdrasilctl -v getself
DO
yctl addlocalsubnet 0.0.0.0/0 yctl addremotesubnet subnet=192.168.69.10/24 box_pub_key=c34739a55e013d5fbccd1741658bea2885e418e0c100cffa5f286d1c41c93817 #DO pubkey! yctl addremotesubnet subnet=192.168.69.30/32 box_pub_key=33da15e48ac664defab0dedca3e91c26e759452ce0ea8f4387925557ca4eb653 #laptop pubkey! ip addr add 192.168.69.1/24 dev ygg0 yggdrasilctl settunnelrouting enabled iptables -A FORWARD -i ygg0 -j ACCEPT iptables -A FORWARD -o ygg0 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 | tee /proc/sys/net/ipv4/ip_forward
RPI
yggdrasilctl addlocalsubnet subnet=0.0.0.0/0 yggdrasilctl addremotesubnet subnet=0.0.0.0/0 box_pub_key=cb240d63c9d69f2d6b133a77a341f035c2d62507c22f0302e40ace7e0245184e ip addr add 192.168.69.10/24 dev ygg0 yggdrasilctl settunnelrouting enabled ip ro add 167.71.82.204 via 192.168.1.1 dev eth1 ip ro replace default via 192.168.69.1 yggdrasilctl addpeer yggdrasil addpeer uri=tcp://167.71.82.204:2617
LAPTOP
./yggdrasilctl addpeer yggdrasil addpeer uri=tcp://167.71.82.204:2617 ./yggdrasilctl addlocalsubnet subnet=0.0.0.0/0 ./yggdrasilctl addremotesubnet subnet=0.0.0.0/0 box_pub_key=cb240d63c9d69f2d6b133a77a341f035c2d62507c22f0302e40ace7e0245184e ip addr add 192.168.69.30/24 dev tun0 ./yggdrasilctl settunnelrouting enabled ip ro add 167.71.82.204 via 192.168.1.1 dev wlp4s0 ip ro replace default via 192.168.69.1 # yggdrasilctl setconfig to set runtime configureation