{"id":26,"date":"2011-03-11T22:22:23","date_gmt":"2011-03-11T22:22:23","guid":{"rendered":"http:\/\/ulrichard.is-a-geek.net\/?p=26"},"modified":"2011-03-11T22:22:23","modified_gmt":"2011-03-11T22:22:23","slug":"openwirelessch-in-brunnen","status":"publish","type":"post","link":"https:\/\/ulrichard.ch\/blog\/?p=26","title":{"rendered":"openwireless.ch in Brunnen"},"content":{"rendered":"<p>I heard of <a href=\"http:\/\/en.wikipedia.org\/wiki\/Mesh_networking\">mesh networks<\/a> before,\u00c2\u00a0 be it from the <a href=\"http:\/\/one.laptop.org\/\">OneLaptopPerChild<\/a> or the German <a href=\"http:\/\/start.freifunk.net\/\">Freifunker community<\/a>. But the recent episode of <a href=\"http:\/\/chaosradio.ccc.de\/cr165.html\">ChaosRadio<\/a> about the <a href=\"http:\/\/www.villagetelco.org\/about\/mesh-potato\/\">MeshPotato<\/a> got me interested enough to give it a try. The meshing community here in Switzerland is organized at <a href=\"http:\/\/www.openwireless.ch\/\">openwireless.ch<\/a>. Sure, I could buy a compatible router and install the provided firmware. But being a true geek I wanted to see how it works on hardware that I already have. So I started with these three devices:<\/p>\n<ul>\n<li><a href=\"http:\/\/www.pcengines.ch\/alix2d13.htm\">Alix 2d13<\/a> running <a href=\"http:\/\/wiki.ubuntuusers.de\/Alix\/CF-Bootmedium_erstellen\">ubuntu server lucid<br \/>\n<\/a><\/li>\n<li><a href=\"http:\/\/openmoko.com\/freerunner.html\">Openmoko Freerunner<\/a> running <a href=\"http:\/\/openmoko.com\/freerunner.html\">qtmoko (based on debian lenny)<br \/>\n<\/a><\/li>\n<li>Acer Aspire one running <a href=\"http:\/\/www.ubuntu.com\">ubuntu maverick<br \/>\n<\/a><\/li>\n<\/ul>\n<p>I wanted to allow access to the internet, but only through an anonymizing service, so I wouldn&#8217;t get into trouble if somebody does something illegal over my wire.<!--more--><\/p>\n<h3>NETWORK INTERFACES<\/h3>\n<p>For mesh networks, the wireless cards have to run in ad-hoc mode. Not all drivers have good support for that. The only problem I found with ad-hoc, is that the freerunner sometimes looses all wifi connection after some hours and needs a reboot. But I have no idea if it&#8217;s related to ad-hoc mode. So here are the settings I use:<\/p>\n<p>alix : <a href=\"http:\/\/blog.ulrichard.ch\/wp-uploads\/2011\/03\/interfaces.txt\">\/etc\/network\/interfaces<\/a><\/p>\n<p>freerunner: <a href=\"http:\/\/blog.ulrichard.ch\/wp-uploads\/2011\/03\/openwireless.txt\">script to switch to meshing<\/a><\/p>\n<p>netbook: Recent versions of the <a href=\"http:\/\/projects.gnome.org\/NetworkManager\/\">gnome network manager<\/a> can handle all the ad-hoc settings on the GUI<\/p>\n<p>Galaxy: The <a href=\"http:\/\/www.olsr.org\/?q=olsr_on_android\">hacking<\/a> required to get the Galaxy to mesh was too much for a phone on contract. Would be nice, it that became simpler&#8230;<\/p>\n<h3>OLSR<\/h3>\n<p>First, Install the <a href=\"http:\/\/olsr.org\/\">olsrd<\/a><strong> <\/strong>package on all the three devices (apt-get install olsrd). That&#8217;s for the routing. Configure it in \/etc\/olsrd.conf. It&#8217;s best if you register with <a href=\"https:\/\/mehr.openwireless.ch\/node\/add\/manetip\">openwireless.ch<\/a> to get an ip address assigned to your hotspot. Use 255.255.255.255 for broadcast and 02:ca:ff:ee:ba:be as BSSID. Now you can run <strong>olsrd -d 2<\/strong> on the commmandline to get some debug output. To be able to run it as a daemon, you &#8216;ll have to enable it in \/etc\/default\/olsrd and either specify the config file we edited before, or apply your settings also in \/etc\/olsrd\/olsrd.conf . With the command <strong>route<\/strong> you can see the routing table on the machines. If you configured one as an internet uplink, it should appear as default gateway on the others automatically. If that doesn&#8217;t work out, check the upd traffic on port 698 on the wifi interfaces all the machines involved. I use <strong>iptraf<\/strong> for that, but <strong>tcpdump<\/strong> or <strong>ngrep<\/strong> should work as well.<\/p>\n<h3>DHCP<\/h3>\n<p>To eliminate error sources I used static ip adresses first, and only switched to DHCP once the olsr meshing ran well. Normally dnsmasq is used for DHCP as well. I use (apt-get install dhcp3-server) instead, as that&#8217;s the first howto for ubuntu that I stumbled across, and I didn&#8217;t know that dnsmasq can handle DHCP. The configuration is easily done in \/etc\/dhcp3\/dhcpd.conf\u00c2\u00a0 Here is the important part:<\/p>\n<pre>option domain-name \"openwireless.ch\";\noption domain-name-servers 10.247.200.50;\nsubnet 10.247.0.0 netmask 255.255.0.0{\n\u00c2\u00a0 range 10.247.200.51 10.247.200.63;\n\u00c2\u00a0 option subnet-mask 255.255.0.0;\n\u00c2\u00a0 option broadcast-address 255.255.255.255;<\/pre>\n<pre>}<\/pre>\n<p>Note that I give only the address of the uplink as a single DNS. More on that later in the TOR section.<\/p>\n<h3>DNS<\/h3>\n<p>First I tried to route the DNS through NAT to the internet and back. I couldn&#8217;t get that to work with iptables. Next I installed dnsmasq, which worked well. But in the end I use the dns proxy from tor to avoid dns leaks.<\/p>\n<h3>TOR<\/h3>\n<p>As mentioned above, I wanted to send internet traffic from the mesh through an anonymizer. Lately you hear about <a href=\"https:\/\/www.torproject.org\/\">tor<\/a> everywhere (apt-get install tor). So, why not give it a try. The configuration is done in \/etc\/tor\/torrc . Its well documented, and you have a socks proxy up in no time, but for that you have to configure your browser. I wanted a <a href=\"https:\/\/trac.torproject.org\/projects\/tor\/wiki\/TheOnionRouter\/TransparentProxy\">transparent proxy<\/a>. So I messed around with iptables for a while. Then I discovered that I really have to add settings to the \/etc\/tor\/torrc file that were not documented in there like many others, but on the howtos in the internet:<\/p>\n<p># Transparent proxy<br \/>\nAutomapHostsOnResolve 1<br \/>\nTransPort 9040<br \/>\nTransListenAddress 127.0.0.1<br \/>\nTransListenAddress 10.247.200.50<br \/>\nDNSPort 53<br \/>\nDNSListenAddress 10.247.200.50<\/p>\n<h3>IPTABLES<\/h3>\n<p>From what I read, the firewalling and routing is usually done with iptables and all the examples I found were done that way. I spent hours reading through documentation and examples. It just didn&#8217;t do what I wanted: my transparent tor proxy wouldn&#8217;t work.<\/p>\n<h3>VUURMUUR<\/h3>\n<p>After I got frustrated with iptables, I started to search for something a bit more userfriendly with a ncurses gui, that I could run via ssh on the alix. That&#8217;s when I found <a href=\"http:\/\/www.vuurmuur.org\/ \">vuurmuur<\/a> (apt-get install vuurmuur vuurmuur-conf). You&#8217;re much better guided to set up your rules, and when you&#8217;re done, you can have a look at the iptables script it generates. But don&#8217;t be surprised if it&#8217;s way longer that what you did by hand. It also has nice logging and throttling (traffic shaping).<\/p>\n<p><a href=\"http:\/\/blog.ulrichard.ch\/wp-uploads\/2011\/03\/vuurmuur_rules.txt\">vuurmuur_rules<\/a><\/p>\n<p><a href=\"http:\/\/blog.ulrichard.ch\/wp-uploads\/2011\/03\/vuurmuur.txt\">vuurmuur generated iptables script<\/a><\/p>\n<h3>DHCP RELAY<\/h3>\n<p>Then I thought about what happens if a new user is not in the range of my hotspot where the DHCP server runs. He couldn&#8217;t join the mesh! So I found (apt-get install dhcp3-relay). I had to specify the DHCP server to rely to, which I didn&#8217;t like so much. I installed it on the freerunner and have yet to test it.<\/p>\n<p>Well, I hope some people here in Brunnen will join the mesh&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I heard of mesh networks before,\u00c2\u00a0 be it from the OneLaptopPerChild or the German Freifunker community. But the recent episode of ChaosRadio about the MeshPotato got me interested enough to give it a try. The meshing community here in Switzerland is organized at openwireless.ch. Sure, I could buy a compatible router and install the provided [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,1],"tags":[90,141,157,166,246],"class_list":["post-26","post","type-post","status-publish","format-standard","hentry","category-projects","category-uncategorized","tag-freifunk","tag-mesh","tag-olsrd","tag-openwireless","tag-wifi"],"_links":{"self":[{"href":"https:\/\/ulrichard.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/26","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ulrichard.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ulrichard.ch\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ulrichard.ch\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ulrichard.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=26"}],"version-history":[{"count":0,"href":"https:\/\/ulrichard.ch\/blog\/index.php?rest_route=\/wp\/v2\/posts\/26\/revisions"}],"wp:attachment":[{"href":"https:\/\/ulrichard.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=26"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ulrichard.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=26"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ulrichard.ch\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=26"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}