Openmesh.clewn.org

A meshlocal experiment. Formerly known as Janmesh project which started in 2015.

What is a meshlocal What are the benefits Overlay networks Meshlocal routers requirements and setup Contact: mesh@clewn.org Chat Shop?

Meshlocal routers requirements and setup

For the following paper, we'll assume the aim of a meshlocal router running OpenWRT as its operating system and providing

802.11s mesh "hardwired" wifi to connect and extend the network from other similar devices at range
Yggdrasil embeded connectivity to globalize the meshes at the world level with the use of this overlay network, as well as allowing LAN client device to gain access to it.

The importance of open wifis

The main concept is the idea of Joint Access Mesh Networking which has been at the center of the whole range of experiments with the technologies that we started to run one decade ago, under the initial name of Janmesh.
The open nature of the proposed 802.11s wifi simply, straightly, allows anyone to join it and start to be a part of it, mutualizing ressources, and accelerating the capacity of the network as a whole to be something interesting and useful. That's why the choice of no shared secret necessary to become a part of it is at the root of this project's philosophy.

A few conventionnal identifiers and channels for the 802.11s meshwifi

To help directing scanning people to some consistent documentation, here's what is used as a de facto standard for the "meshID" name of the 802.11s network:

meshwifi.clewn.org for the 2.4Ghz band if any
meshwifi.clewn.org 5G for the 5Ghz band if any

Channels for the 802.11s

Concerning the channels used, and to avoid the need of a wireless scan in order to get the right channel when setting up a newcomer box to join in the localmesh, it is suggested that:

2.4Ghz meshes prefer the channel number 5
5Ghz meshes prefer the channel number 100, unless local regulations make another better choice necessary

Basics of OpenWRT configuration for the meshlocal router

Accessing your router's web interface

To access a freshly OpenWRT flahed router's web interface, once one of its LAN ports is connected to your home LAN, navigate your web browser to https://192.168.1.1.

Make sure the 192.168.1.1 address is not already in use by your home lan gateway. If so, you can either modify the gateway static address to, say, 192.168.1.254, or, use a direct connection to an ethernet-equipped computer, with no other LAN interface active.
Note that your web browser will warn you about the fact that the HTTPS certificate of the address is self-signed, which is absolutely normal for a LAN ip address. Go on and continue by ignoring the warning.
Prefer HTTPS in any case, otherwise your router password will be exposed to any potential malware on the local networks.

Firstly once landing in the web interface, set up a strong password and be sure to write it down and store it in a safe place, especially if your router model is not equipated with a reset button.

Common router base setup

Once you set up the wireless in 802.11s wifi mode with the recommended parameters explained above, you can go on.

The DHCP server of the router must be set to non-authoritative
Wifi country code should reflect the actual country of deployment.
The protocol for the lan interface among the availables networks must be set to "DHCP Client".
Note that this will renew the IP address of the LAN interface which you used to access the device at 192.168.1.1, for most probably something in the 192.168.1.X range, X being a number between 1 and 254. Check in your main home router's interface which address the OpenWRT device now have, or maybe issue an arp-scan command if available on your computer.
each Wifi available must not be attached to any interface, for each of them : remove "lan" under the interfaces listed.

Yggdrasil support

Yggdrasil package, which ships as a dependency to the (also needed) luci-proto-yggdrasil package, must be installed with the OpenWRT software channels application. Then, some outbound peers have to be added to unify meshlocals at the global level. Refer to the official yggdrasil-network website for a list of currently running public peers to connect to, sorted by continents and countries.
To configure Yggdrasil:
- in the System tab, perfrom a reboot to make the Yggdrasil protocol available in Luci, then re-log in your device
- create a new network interface named "yggdrasil" with Yggdrasil as the protocol
- generate a new keypair
- in the "peers" section, add a multicast rule set to send and receive beacon on br-lan
- in the "peers" section, add some internet public peers as found on the official yggdrasil-network website
A new firewall zone for the interface "yggdrasil" must be created with the default settings (Input: Reject, Output: Accept, Forward: Reject)

Isolating the wifi

Create a new network device named br-wifi of type bridge
Create a new network interface named wifi for the device br-wifi with protocol set to unmanaged
For any of the wifi network as configured in wireless, affect wifi as their network
Double check the newly created network interface named wifi to be sure it's linked to the device br-wifi and not br-lan. If not, change this
Edit the yggdrasil network interface, in its peers section : add a multicast rule set to send and receive beacons for br-wifi
In Firewall: create a new zone named wifilan, with input/output/forward set to "accept", with the "covered networks" set to wifi and lan ; allow forward from source zone lan
Restart the yggdrasil network interface

Using the remaining WAN ethernet interface for wired mesh backbone

Currently one ethernet socket on the router is used to connect to the home internet gateway. The remaining ones can be used simply as an extender of the home gateway available ethernet sockets, as is.
The WAN ethernet interface of the router, which is currently unused, can be used to allow direct cable connection with some long ethernet cable between two particular routers disposed in two separate sibling homes.
This "backbone", if used someday, could then ensure an high bandwidth data pipe for increasing the performances of the meshlocal as a whole.

For both network interfaces Wan and Wan6, set protocol to unmanaged
In the Yggdrasil network interface, in "peers" section, add a broadcast rule, emitting and receiving beacon, for the device wan
Modify the Wan firewall zone to disable masquerade and accept input

Note that this setup will be useful for people needing to wire several LAN devices to the main home internet gateway, and, maybe someday, to wire one, and only one, close neighbour's own meshlocal router with a cable to set up a backbone.
But alternatively, by inverting the configuration just provided, with WAN (with the above firewall rules correctly set) set up as DHCP client (Firstly! Otherwise the access to the router device is lost forever or until a possible full reset), and Lan as unmanaged, it's possible to have as many backbones cabled as there is available ports on the router. Really cool neighbours are required in this case, and the realisation of such a setup is left as an exercise to the reader.

Installing Cjdns

Cjdns is an additionnal autopeering trusted network similar to Yggdrasil, less useful nevertheless for an heterogenous home devices environnement, but which brings to the meshlocal the interesting ability to have it used to share one internet access from one household, to one or several households on the meshlocal with very few steps. It is then recommended that any of the meshlocal routers on your meshlocal have Cjdns installed and running, which can be achieved this way:

Install the luci-app-cjdns package using software channels of your router
In Services, look at Cjdns settings and add an interface named "all" in the Ethernet Interfaces section. If "Services" isn't showing yet, firstly click on "Overview" for Luci to rebuild its top bar menu
In the firewall's traffic rules, add a new "Allow-wifi-IGMP" selecting the protocol IGMP for the incoming zone "wifi", with the rule "accept" and destination zone being "wifilan"

Please look for the "Bring internet through meshlocal" section of this site for additionnal documentation on how to bring internet to a distant router using the Cjdns capacities.

It's time to reboot and test

So far, rebooting your device and testing should show the Yggdrasil autopeering/peering main feature, as well as extra ones, functionning.
It may be an idea to enable yggdrasil on some client devices at each home and see which IP-based application can work as is.

What is a meshlocal What are the benefits Overlay networks Meshlocal routers requirements and setup Chat Contact: mesh@clewn.org Shop?