I just released a new version
of netsukuku (0.9.1) that fixes a major bug. In version 0.9 the
dns-to-andna redirector was working perfectly on a PC with Ubuntu,
but it did not work at all on a router with OpenWrt.
I take advantage of this new
release to try and see what are the necessary steps to deploy a
router in the following scenario.
Those who follow my blog know that in my house, I prepared a simple cabling. There is a room in which a number of cables arrive. Among these, one comes from the roof (where my WISP provider has installed an antenna of their property), one comes from the garage (where I have placed a server) and one comes from the living-room.
In that room is a simple non-configurable hub where all the cables are attached.
I have a router that has a wireless interface and an internal configurable switch which is usually configured to have one WAN port and four LAN ports. A classic tp-link 1043 to be exact. I want to put this router in the living-room to be able to connect with several devices to the Internet.
Those who follow my blog know that in my house, I prepared a simple cabling. There is a room in which a number of cables arrive. Among these, one comes from the roof (where my WISP provider has installed an antenna of their property), one comes from the garage (where I have placed a server) and one comes from the living-room.
In that room is a simple non-configurable hub where all the cables are attached.
I have a router that has a wireless interface and an internal configurable switch which is usually configured to have one WAN port and four LAN ports. A classic tp-link 1043 to be exact. I want to put this router in the living-room to be able to connect with several devices to the Internet.
Let's see how to configure
this router to meet these needs and start building at the same time a Netsukuku network.
First, I have built the
OpenWrt firmware according to the instructions linked in my previous
post. I also included the package for the web commands interface
(luci). I flashed the router with the firmware.
I connected one of the LAN ports of the router to the network port of my PC, logged in via web interface to the default URL for a fresh install of OpenWrt (http://192.168.1.1) and set a password for root.
As a first modification, since the device of my WISP uses the address of 192.168.1.1/24, I set the LAN interface address of the router to 192.168.3.1.
I connected one of the LAN ports of the router to the network port of my PC, logged in via web interface to the default URL for a fresh install of OpenWrt (http://192.168.1.1) and set a password for root.
As a first modification, since the device of my WISP uses the address of 192.168.1.1/24, I set the LAN interface address of the router to 192.168.3.1.
![]() | |
I changed that input field. |
Once that I applied the setting, I had to redo the connection of the network interface on my PC and direct the browser to the new URL (http://192.168.3.1)
Then, I enabled the Wifi interface.
![]() |
Click "Edit"... |
The second change that I want
to make is about the bridge that is enabled by default in the
installation of OpenWrt between the wifi interface and the ports
marked as LAN.
For now, I do not foresee to connect any other device to the LAN ports of this router. But even if this were to happen in the future, I want to give to Netsukuku the duty to route the packets received via wifi to the local wired network when necessary. So I want to remove this bridge.
For now, I do not foresee to connect any other device to the LAN ports of this router. But even if this were to happen in the future, I want to give to Netsukuku the duty to route the packets received via wifi to the local wired network when necessary. So I want to remove this bridge.
We can see through the
OpenWrt web interface how the bridge is made.
To start, the switch inside the device is configured to use the protocol VLAN. The VLAN 2 is composed of just the port 0 of the switch (marked as WAN port in the case). VLAN 1 is composed of the other 4 ports (marked as 1 .. 4 in the case). Both the packets that belong to one VLAN or the other will get to the router's CPU and they'll be "tagged".
To start, the switch inside the device is configured to use the protocol VLAN. The VLAN 2 is composed of just the port 0 of the switch (marked as WAN port in the case). VLAN 1 is composed of the other 4 ports (marked as 1 .. 4 in the case). Both the packets that belong to one VLAN or the other will get to the router's CPU and they'll be "tagged".
![]() |
Here no changes are needed |
So the bridge between the LAN
ports and the WiFi is actually a bridge between the eth0.1 interface
and the wireless interface, as seen in the "physical settings"
page shown below. The name "eth0.1" does not indicate a
port other than eth0, rather it is a notation used by Linux to
indicate a VLAN. As if we say to the CPU: "packets read and
written in the eth0 interface are formatted according to the protocol
VLAN; grab only those that belong to VLAN 1."
![]() |
Interface LAN with bridge enabled |
In the "physical settings" page I disable the bridge and I select only the interface "eth0.1".
![]() |
Interface LAN without bridge |
At this point the wireless physical interface is not associated to any logical interface. I create a new logical interface named WIFI.
![]() |
Click "Add new interface"... |
![]() |
Name "WIFI", protocol static, interface wireless, then click "Submit"... |
![]() |
Set address 192.168.4.1 and netmask 24 bits, then below... |
![]() | |
click to enable a DHCP server, finally remember to click "Save and apply." |
Now the router has 3 logical interfaces: LAN, WIFI and WAN. I did not make any changes to the WAN interface, which has protocol DHCP and is associated to the physical interface eth0.2 as shown below.
![]() |
The WAN interface is made up of the physical interface eth0.2 |
Now I make two changes to the
configuration of the firewall included in OpenWrt.
First, optional, I include the new interface WIFI in the "lan" zone of the firewall.
First, optional, I include the new interface WIFI in the "lan" zone of the firewall.
![]() |
Firewall,
zones, “lan” edit...
|
![]() |
Select
interface WIFI and click “save and apply”
|
For the second, crucial, I add some rules
to the firewall to prevent it from blocking important packets.
With
the first rule I tell him to accept incoming packets from the "wan"
zone destined for port 269 (both TCP and UDP) on the router itself.
These packets implement the routing protocol of Netsukuku. I named
this rule "Allow-netsukuku."
With the second rule I tell him to accept forwarding any packet to or from any zone if the addresses of the source and destination are in the class IPv4 10.0.0.0/8. That is, I allow network traffic to pass through me. I named this rule "Allow-netsukuku-traffic."
These rules are necessary if other Netsukuku nodes (eg my server in the garage) must be connected to the WAN port of the router.
With the second rule I tell him to accept forwarding any packet to or from any zone if the addresses of the source and destination are in the class IPv4 10.0.0.0/8. That is, I allow network traffic to pass through me. I named this rule "Allow-netsukuku-traffic."
These rules are necessary if other Netsukuku nodes (eg my server in the garage) must be connected to the WAN port of the router.
![]() |
Use these input fields to create a rule for incoming packets. |
![]() |
Use these ones to create a rule for passing-through packets. |
![]() |
The two rules should appear
in the list as shown above. You may need to reboot the router to see
the rules in the list.
|
At this point I was pretty
happy with the setup, it seemed a good time to save a backup.
The backup archive which can be generated from the OpenWrt web interface is composed of a series of system configuration files that reside in /etc. By watching those files one can understand how to get the same results even when a firmware doesn't includ the package of the web interface (luci).
The backup archive which can be generated from the OpenWrt web interface is composed of a series of system configuration files that reside in /etc. By watching those files one can understand how to get the same results even when a firmware doesn't includ the package of the web interface (luci).
Then I turned off the router
and I placed it in its final position in the living-room. I connected
the router's WAN port to the network wire that reaches the hub. I
then connected my PC to the wireless network 'ntkd' and I checked to
be able to surf the Internet.
The wireless interface of my PC has obtained an address in the 192.168.4.xxx subnet, as expected. I can connect wirelessly to the router at 192.168.4.1 with both the web interface and with SSH. And I can surf the Internet.
The wireless interface of my PC has obtained an address in the 192.168.4.xxx subnet, as expected. I can connect wirelessly to the router at 192.168.4.1 with both the web interface and with SSH. And I can surf the Internet.
I logged in to the router via SSH and I followed the instructions linked in my previous post. That is, I modified configuration files (nsswitch.conf, dnsmasq.conf, ...) and I restarted the services dnsmasq and dns-to-andna.
Finally I started the daemon ntkd and I told him to listen on interfaces wlan0 and eth0.2.
Finally I started the daemon ntkd and I told him to listen on interfaces wlan0 and eth0.2.
root@OpenWrt:~# ntkd -i wlan0 -i eth0.2
In my Ubuntu server (whose hostname is nodo07) ntkd was already up and I had installed a web server.
So I connected my Android phone with the wireless network 'ntkd'. With the browser of the phone I am able to visit the website of my server and navigate on the Internet websites, such as Wikipedia. Then I repeated the same test with the same results, as expected, from a Windows laptop.
Hi I am really interested in what you are doing, I also want to implement a kind of mesh network for multiple devices for my school work. Just want to ask if this version 0.9.1 is still working for ubuntu and not only on routers with OpenWRT. Also is the steps in: https://lab.dyne.org/Netsukuku_Dev/beta/ubuntu still applicable for compiling and using this v0.9.1 of netsukuku?
ReplyDeleteMany thanks!
The new version works on ubuntu too and the instructions have been updated.
ReplyDeleteI am trying to install this on Ubuntu 12.04 and I cannot locate the packages for both libgee-0.8-dev and libgcrypt20-dev. Any suggestions?
ReplyDeleteYou can upgrade to a recent version of Ubuntu
ReplyDelete-or-
For libgcrypt the package libgcrypt11-dev (you shoud have this one) is ok.
For libgee-0.8 download and compile from source
https://download.gnome.org/sources/libgee/0.12/libgee-0.12.1.tar.xz
I have tried several times to compile Netsukuku for a WRT54GL.
ReplyDeleteThe problem is, after install I have no web interface or even a DHCP server on the LAN. I can ping, Telnet and SSH 192.168.1.1.
The only errors I get are "recursive dependency detected!" when I run "make menuconfig".
I am using Debian 7.5 (Wheezy) and have compiled libgee-0.8
Any suggestions?
Anonymous, for this kind of support use the mailing lists.
ReplyDeleteInfo at https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/netsukuku
and https://lists.nongnu.org/mailman/listinfo/netsukuku-vala
Hi, Luca! When will we see the 1.0 version?
ReplyDelete