On Mon, Mar 30, 2015 at 5:10 PM, Adrian Chadd <adrian@freebsd.org> wrote:
So there are a few things we can hack into this.

You could do some kind of "autodetect" on the port - if it sees a
magic frame, put the port into "I'm a mesh node" vlan. Otherwise, take
it out of the "I'm a mesh node!" vlan. Kind of like 802.1x, but
without all the crap associated with it

I'm most of the way there with an implementation now:

  https://github.com/sudomesh/notdhcpserver

  https://github.com/sudomesh/notdhcpclient

and in order to remote-admin extender-nodes (antenna-nodes) from the home-node GUI we'll need:

  https://github.com/sudomesh/ubus-https-forwarder

The actual changing of network config based on the notdhcp protocol will simply be implemented as hook scripts, and I'll shell startup script and hook scripts that pull their config from a notdhcp uci file.

Since we'll use https, each extender-node will need an SSL cert that is trusted by the home nodes (the N750 nodes). The way this is solved is by using makenode to generate a cert for each home node that is then given to the extender-nodes by notdhcpserver. The extender-nodes for a single home node are all given the same cert. The cert is transmitted in the clear, but it is transmitted from a socket bound to a dedicated ethernet interface to an extender-node that has deactivated its wifi interface. You would have to physically intercept the packet on the wire, and since these nodes have remote-reset and flash capability the security is already breached at that point.

Based on advice from Jenny I've changed the naming (in the readme files) from antenna-node to extender-node. The TP-Link N600/N750 routers have external antennae but the nanostation/nanobridge nodes don't have any obvious antennas. It's very likely that people will hear "antenna node" and think we mean the TP-Link routers. Again based on suggestion from Jenny I've taken to calling the N600/N750 routers home-nodes. Of course this is up for discussion and change, but we should settle on a convention soon.

btw to those that don't know: Western Digital are no longer producing networking products but fortunately TP-Link are selling products with the same board and even the same model names. The difference is that the TP-Links are ~$9 more expensive but have external detachable antennae. Oh and they have two versions of the N600 (gigabit and no gigabit). We can probably compensate somewhat for the price difference by bulk-ordering.

--
marc/juul