In my last post I was talking about Freinfunk Gluon, Freemesh and what I was doing about it. This post would be a follow up to that.
So for a quick recap,
- I had setup a node with Freifunk Gluon firmware from the Freemesh Denkmark community
- Started setting up the gateway node to which other routers connect to and form a mesh
What is the current status ?
Well, I have completed the gateway setup and this post I am writing along with other network traffic from my laptop is going through the gateway. It’s not a big deal, because communities are using tools like Ansible & Puppet to automate the entire setup. But hey, this is very important to me doing it the long way.
How did I achieve it ?
- Create a VPS (5$) with Debian Jessie from Digital Ocean
- Setup the necessary users, disable remote login for root, disable password logins and only allow key based logins
- Setup a basic firewall
- Download the necessary software
- Setup B.A.T.M.A.N (for routing) & Fastd VPN (for connecting nodes)
- Setup network interfaces
- Setup DHCP & DNS (for mesh nodes & clients)
- Setup NAT to forward the traffic from mesh nodes & clients to the internet
- Setup vnstat for network statistics from various network interfaces
- Setup Hopglass (frontend) & Hopglass Server to collect info from the nodes & display them on the map
- Setup Grafana & Prometheus that provides data visualisation & monitoring respectively
- Setup Fail2Ban to ban IP’s by reading logs & dynamically add rules to iptables
- Clone the stable branch of Freifunk Gluon
- Clone an existing site configuration (its mesh node configuration actually)
- Update the site configuration with details like community name, IP’s for the node, WiFi & ad-hoc AP configuration, gateway information (so the nodes could connect to it via Fastd VPN), etc.,
- Build the firmware
- Flash it on to the router
Some hurdles faced
In any task there would be some hurdles and its up to us to solve them and proceed. The main hurdle I faced was lack of understanding in networks & its configurations. So, I didn’t solve or learn all of them, instead I took steps to learn and understand them better through simple setup.
I wanted to try out some of the software I mentioned above and see how the configurations would actually work. Since, I mostly use my laptop for development, I made a better use of Raspberry Pi by turning it into a test bed to hone my skills. So, for the initial part I tried setting up the following on my Pi and use them from my laptop,
- Iptables & NAT
For most of the part, I used tcpdump and syslog to monitor the output. By playing with the configurations, I was able get a good grasp on what was happening. There is still a lot to learn, but its a start nonetheless.
Then I faced some issues where the map wasn’t updated anymore, DNS & NTP requests were denied. Then after checking the logs could see that firewall was blocking those packets and so I had to add rules to allow the following (all these rules apply only to the private subnet),
You can check the map here.
What then ?
I will be continuing to experiment with the gateway and node, then see what else I can do to proceed. I am planning to look at the Ansible scripts to automate the gateway setup and further improve my knowledge on networks.
Note: If peers in my local community are interested in this concept, we could try it out.