Hello, I'm from Brazil, I have a project from my University... I have two Linksys WRT54Gl 1.1 And I need to mount a Mesh Network with OLSR protocol, and after mount a VPN. The questions are: How I Know if the Olsr Protocol is running? How I will mount a VPN? What's better OpenVPN, OpenSwam or other? Thanks, Gilson -- View this message in context: http://freifunk-potsdam-diskussion.1390855.n2.nabble.com/Olsr-VPN-tp6719842p... Sent from the Freifunk Potsdam Diskussion mailing list archive at Nabble.com.
Hi, On 24.08.2011, at 13:55, Gilson wrote:
I have two Linksys WRT54Gl 1.1 And I need to mount a Mesh Network with OLSR protocol, and after mount a VPN. (…) How I will mount a VPN? What's better OpenVPN, OpenSwam or other? I never worked with OpenSwan, but you should have a look at the latest Freifunk Firmware "classic" 1.7.4: http://download.berlin.freifunk.net/ipkg/_g+gl/
OLSR, OpenVPN and a self-explanatory GUI is already included. You can run an OpenVPN-client or even a server on the router. Setting up the mesh network works out of the box, you just need to assign an IP-Address (out of the same network) to the WRT-boxes.
How I Know if the Olsr Protocol is running? As long as the web interface shows OLSR-information, the daemon is running. Have a look at the status page: http://[router ip or hostname]/cgi-bin-status.html The other router should be visible as "neighbor" device.
Or look for the olsrd-process, i.e.: root@2-64-kuze:~# ps axu | grep olsrd 902 root 404 S olsrd -f /var/etc/olsrd-ipv6.conf -d 0 13902 root 1004 S olsrd -f /var/etc/olsrd.conf -d 0 28167 root 268 S grep olsrd (two processes are running) best regards, // melle -- xmpp: melle@jabber.ccc.de passion: http://mellenthin.de F489 2C4F E8C2 9A15 DBCB mission: http://freifunk-potsdam.de 127C 81B6 FDC3 7C1A FF85 pubkey: http://mellenthin.de/key.txt
Hello, About OpenVpn I saw in this link >> http://ipkg.berlin.freifunk.net/ChangeLog << this message: 2010-Aug-29: Again new stable 1.7.4 + OpenVPN/libopenssl does not work because I forgot to remove the old openssl-n from ipkg dir which was magically installed instead of the newer version. Grmbl. You know if the OpenVpn isn't working? Can you see the attachment, if the OLSR configuration is correct? http://freifunk-potsdam-diskussion.1390855.n2.nabble.com/file/n6739793/confi... configuration.pdf -- View this message in context: http://freifunk-potsdam-diskussion.1390855.n2.nabble.com/Olsr-VPN-tp6719842p... Sent from the Freifunk Potsdam Diskussion mailing list archive at Nabble.com.
Hi, On 29.08.11 23:35, Gilson wrote:
About OpenVpn I saw in this link >> http://ipkg.berlin.freifunk.net/ChangeLog <<
this message: 2010-Aug-29: Again new stable 1.7.4
+ OpenVPN/libopenssl does not work because I forgot to remove the old openssl-n from ipkg dir which was magically installed instead of the newer version. Grmbl.
You know if the OpenVpn isn't working? The problem occurred in 1.7.3, it was fixed in 1.7.4.
Can you see the attachment, if the OLSR configuration is correct? It looks good so far, but OLSR-DHCP range overlaps with the mesh-netwok. If you don't need dhcp on the wireless interface, leave OLSR-DHCP empty.
viele Grüße, // melle -- xmpp: melle@jabber.ccc.de passion: http://mellenthin.de 1A2D 0833 0873 BBB4 B273 mission: http://freifunk-potsdam.de 0A11 4759 49E4 195F D9E6 pubkey: http://mellenthin.de/key.txt
Hi, So, now the OpenVPN is running correct? Other question: What's difference between the inputs DHCP-OLSR and HNA4? They're responsible for what? DHCP-OLSR >> responsible for attribute the IP's address for clients OLSR. HNA4 >> responsible for say, who IP range belongs the OLSR. Is it? att, Gilson -- View this message in context: http://freifunk-potsdam-diskussion.1390855.n2.nabble.com/Olsr-VPN-tp6719842p... Sent from the Freifunk Potsdam Diskussion mailing list archive at Nabble.com.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, On 30.08.11 21:10, Gilson wrote:
So, now the OpenVPN is running correct? well, if the "ip r" command shows routes to your vpn -network: yes. If not, check the syslog using the "logread" command for error messages.
Other question: What's difference between the inputs DHCP-OLSR and HNA4? They're responsible for what?
DHCP-OLSR >> responsible for attribute the IP's address for clients OLSR. HNA4 >> responsible for say, who IP range belongs the OLSR. OLSR-DHCP assigns DHCP-Addresses to wifi clients via the ad-hoc interface. The client's address is masked (via NAT) behind the routers wifi-ip.
In our mesh, we assign ip addresses to the nodes like this: 10.22.0.32 10.22.0.64 10.22.0.96 10.22.0.128 10.22.0.160 10.22.0.192 10.22.0.224 10.22.1.0 10.22.1.32 10.22.1.64 10.22.1.96 10.22.1.128 10.22.1.160 10.22.1.192 10.22.1.224 ... The remaining addresses are left for OLSR-DHCP clients. The OLSR-DHCP setting for router 10.22.1.64 is "10.22.1.64/27,255.255.0.0": $ ipcalc 10.22.1.64/27 Address: 10.22.1.64 00001010.00010110.00000001.010 00000 Netmask: 255.255.255.224 = 27 11111111.11111111.11111111.111 00000 Wildcard: 0.0.0.31 00000000.00000000.00000000.000 11111 => Network: 10.22.1.64/27 00001010.00010110.00000001.010 00000 HostMin: 10.22.1.65 00001010.00010110.00000001.010 00001 HostMax: 10.22.1.94 00001010.00010110.00000001.010 11110 Broadcast: 10.22.1.95 00001010.00010110.00000001.010 11111 Hosts/Net: 30 Class A, Private Internet This means: within the 10.22.0.0/16 Network, the range 10.22.1.64/27 is reserved for DHCP-Clients of node 10.22.1.64. A total of 30 dhcp-clients is possible for each wifi-node. HNA4 announces routes and hosts. The announcement of "0.0.0.0/0" means: "Here's an uplink and I would like to share it". It's also possible to announce a single IP or a network (10.22.0.0/16). Thanks to OLSR, all mesh-nodes will know now this host/network route (you may check it using the "ip r" command). regards, // melle - -- xmpp: melle@jabber.ccc.de passion: http://mellenthin.de 1A2D 0833 0873 BBB4 B273 mission: http://freifunk-potsdam.de 0A11 4759 49E4 195F D9E6 pubkey: http://mellenthin.de/key.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk5lLAUACgkQR1lJ5Blf2eYkMwD6AiyweEaqXaVWcClcO7+l84Yq p7prXUkfX6M8KqRdOR4BAJBl/7aYPtaDWdMKJBK2RCiWkMfWzB/d79gTFsIB4ME/ =J9Va -----END PGP SIGNATURE-----
Hi, Ok, But I'm a little yet confused... So, if I create two subnets, the configuration is equal below: ROUTER 1 DHCP-OLSR: 192.160.1.0/25,255.255.255.0 HNA4: 192.160.1.0/25 IP WIRELESS: 192.160.1.1 MSK: 255.255.255.0 ROUTER 2 DHCP-OLSR: 192.160.1.128/25,255.255.255.0 HNA4: 192.160.1.128/25 IP WIRELESS: 192.160.1.129 MSK: 255.255.255.0 The clients will receive IP's 192.160.1.2 - 192.160.1.127 if is connected Router 1, and 192.160.1.130 - 192.160.1.254 if is connected Router 2. The OLSR-DHCP is responsible for this? correct? and is responsible for divide the networks? And, HNA4 will announce the networks that belongs OLSR. Regards, -- View this message in context: http://freifunk-potsdam-diskussion.1390855.n2.nabble.com/Olsr-VPN-tp6719842p... Sent from the Freifunk Potsdam Diskussion mailing list archive at Nabble.com.
Hi, sorry for the delayed response, I'm pretty busy at the moment… On 06.09.2011, at 01:02, Gilson wrote:
So, if I create two subnets, the configuration is equal below:
ROUTER 1 DHCP-OLSR: 192.160.1.0/25,255.255.255.0 HNA4: 192.160.1.0/25 IP WIRELESS: 192.160.1.1 MSK: 255.255.255.0
ROUTER 2 DHCP-OLSR: 192.160.1.128/25,255.255.255.0 HNA4: 192.160.1.128/25 IP WIRELESS: 192.160.1.129 MSK: 255.255.255.0 HNA4 should be "0.0.0.0/0" if the router provides an uplink. Leave empty else. OLSR will announce the existing nodes automatically, there is no need to announce this via HNA4 explicitly.
Please try first to setup the mesh without OLSR-DHCP. If this works, add olsr-dhcp. You should choose a smaller network for the dhcp-range. Recommendation: 192.160.1.32/27 + 192.160.1.64/27 which gives you 30 clients per node. $ ipcalc 192.160.1.32/27 Address: 192.160.1.32 11000000.10100000.00000001.001 00000 Netmask: 255.255.255.224 = 27 11111111.11111111.11111111.111 00000 Wildcard: 0.0.0.31 00000000.00000000.00000000.000 11111 => Network: 192.160.1.32/27 11000000.10100000.00000001.001 00000 HostMin: 192.160.1.33 11000000.10100000.00000001.001 00001 HostMax: 192.160.1.62 11000000.10100000.00000001.001 11110 Broadcast: 192.160.1.63 11000000.10100000.00000001.001 11111 Hosts/Net: 30 Class C IP WIRELESS: 192.160.1.32 DHCP-OLSR: 192.160.1.32/27,255.255.255.0 HNA4: MSK: 255.255.255.0 IP WIRELESS: 192.160.1.64 DHCP-OLSR: 192.160.1.64/27,255.255.255.0 HNA4: MSK: 255.255.255.0
The clients will receive IP's 192.160.1.2 - 192.160.1.127 if is connected Router 1, and 192.160.1.130 - 192.160.1.254 if is connected Router 2. Well there's a problem in your net masks:
$ ipcalc 192.160.1.0/25 Address: 192.160.1.0 11000000.10100000.00000001.0 0000000 Netmask: 255.255.255.128 = 25 11111111.11111111.11111111.1 0000000 Wildcard: 0.0.0.127 00000000.00000000.00000000.0 1111111 => Network: 192.160.1.0/25 11000000.10100000.00000001.0 0000000 HostMin: 192.160.1.1 11000000.10100000.00000001.0 0000001 HostMax: 192.160.1.126 11000000.10100000.00000001.0 1111110 Broadcast: 192.160.1.127 11000000.10100000.00000001.0 1111111 Hosts/Net: 126 Class C If you assign 1.1 to the router the IP overalaps with the dhcp-range. A "solution" would be to assign 1.0 to router 1, but this is forbidden (1.0 is the network-IP). Try my suggested IPs/Netmasks first. On 27.09.2011, at 19:30, Gilson wrote:
How I do that one router see the other? Since they are on different networks? They're on the same network: 192.160.1.0/24. Only the dhcp-range is a subset of the OLSR-network range.
viele Grüße, // melle -- xmpp: melle@jabber.ccc.de passion: http://mellenthin.de F489 2C4F E8C2 9A15 DBCB mission: http://freifunk-potsdam.de 127C 81B6 FDC3 7C1A FF85 pubkey: http://mellenthin.de/key.txt
hi, You could help me? -- View this message in context: http://freifunk-potsdam-diskussion.1390855.n2.nabble.com/Olsr-VPN-tp6719842p... Sent from the Freifunk Potsdam Diskussion mailing list archive at Nabble.com.
Hi, How I do that one router see the other? Since they are on different networks? Gilson -- View this message in context: http://freifunk-potsdam-diskussion.1390855.n2.nabble.com/Olsr-VPN-tp6719842p... Sent from the Freifunk Potsdam Diskussion mailing list archive at Nabble.com.
Hello, So, about OpenVPN, I'm trying to mount in this forms: First: Internet ---> Router 1 ---vpn---> Router 2 Second: Internet ---> Router 1 ---vpn---> Router 2 <---vpn--- Client 1 | Client 2 PS: The connection is VPN is via wirelles. What do you think? Is possible to mount this? I'm tried the first form and the tunnel is created, but I can't do pass the traffic inside the tunnel. regards -- View this message in context: http://freifunk-potsdam-diskussion.1390855.n2.nabble.com/Olsr-VPN-tp6719842p... Sent from the Freifunk Potsdam Diskussion mailing list archive at Nabble.com.
hi, On 03.10.2011, at 13:24, Gilson wrote:
So, about OpenVPN, I'm trying to mount in this forms:
First: Internet ---> Router 1 ---vpn---> Router 2
Second: Internet ---> Router 1 ---vpn---> Router 2 <---vpn--- Client 1 | Client 2
PS: The connection is VPN is via wirelles.
What do you think? Is possible to mount this?
I'm tried the first form and the tunnel is created, but I can't do pass the traffic inside the tunnel. So it sounds like the mesh is up and running, clients get an address via DHCP? So your problem looks like an OpenVPN issue. I cannot say much about that, maybe you should ask on an OpenVPN related Mailinglist [1]?
[1] http://openvpn.net/index.php/open-source/documentation/miscellaneous/61-mail... best regards, // melle -- xmpp: melle@jabber.ccc.de passion: http://mellenthin.de F489 2C4F E8C2 9A15 DBCB mission: http://freifunk-potsdam.de 127C 81B6 FDC3 7C1A FF85 pubkey: http://mellenthin.de/key.txt
Hi, Yes, the clients get address via DHCP. But, you know if is possible or you already do something like that? Regards -- View this message in context: http://freifunk-potsdam-diskussion.1390855.n2.nabble.com/Olsr-VPN-tp6719842p... Sent from the Freifunk Potsdam Diskussion mailing list archive at Nabble.com.
Hi, On 15.10.2011, at 13:52, Gilson wrote:
Yes, the clients get address via DHCP. But, you know if is possible or you already do something like that? no, we only used the OpenVPN client, never the server side. But it should be no big deal…
viele Grüße, // melle -- xmpp: melle@jabber.ccc.de passion: http://mellenthin.de F489 2C4F E8C2 9A15 DBCB mission: http://freifunk-potsdam.de 127C 81B6 FDC3 7C1A FF85 pubkey: http://mellenthin.de/key.txt
participants (2)
-
Gilson -
Thomas Mellenthin