Mesh/Relay setup

From Sudo Room
Revision as of 22:29, 23 December 2013 by Juul (talk | contribs)
Jump to navigation Jump to search

Relay nodes are Internet connected hosts that allow mesh nodes to talk to each other using batman-adv over the Internet. Mesh nodes connect to relay nodes using a type of layer 2 tunnel called L2TP. The software used to establish these tunnels is called tunneldigger and was developed by wlan slovenija. A relay node is usually a VPS or a dedicated server with a good amount of available bandwidth and cpu.

L2TP tunnels are unencrypted. They are used primarily because they are layer 2 (so they can be used for batman-adv) and are part of the Linux kernel. They code does not take up much space on the space-limited mesh nodes and does not use much cpu.

A relay node needs two pieces of software configured:

  1. B.A.T.M.A.N. Advanced
  2. Tunneldigger Broker


Operating system

Relays must run Linux, since Linux-specific kernel modules are involved.

This guide is intended for Debian 7 (Wheezy). If you are running something else, see the following.

Ubuntu

It seems that some versions (at least version 12.10) don't have any way of installing the required L2TP modules.

To check if your version of Ubuntu has the L2TP modules, run:

sudo aptitude install apt-file
sudo apt-file update
apt-file search l2tp_netlink

If you get no results, or if the only result you get is a package called "user-mode-linux", then your version of Ubuntu does not work with tunneldigger :(

Debian 6 (Squeeze)

If you are running Debian 6, then you should upgrade to Debian 7. There is a comprehensive guide here. The short version is:

sudo aptitude update && sudo aptitude safe-upgrade

Edit your /etc/apt/sources.list from e.g:

deb http://ftp.us.debian.org/debian squeeze main
deb http://security.debian.org/ squeeze/updates main

To:

deb http://ftp.us.debian.org/debian wheezy main
deb http://security.debian.org/ wheezy/updates main

Now upgrade your system:

sudo aptitude update && sudo apt-get dist-upgrade

Notice that it is now recommended to use apt-get instead of aptitude for the dist-upgrade.

Follow the instructions on screen and reboot.

After rebooting you should be running a 3.x kernel. Check which version you're running with:

uname -a

If you are running a 2.x version, then you may be able to solve the problem by editing /etc/grub/menu.lst and finding lines like:

title vmlinuz-2.6.32-5-amd64
  root (hd0,0)
  kernel /boot/vmlinuz-2.6.32-5-amd64 console=hvc0 root=/dev/xvda1 ro
  initrd /boot/initrd.img-2.6.32-5-amd64

and commenting them out like so:

#title vmlinuz-2.6.32-5-amd64
#  root (hd0,0)
#  kernel /boot/vmlinuz-2.6.32-5-amd64 console=hvc0 root=/dev/xvda1 ro
#  initrd /boot/initrd.img-2.6.32-5-amd64

and rebooting.

If you encounter any other problems, refer to the official guide.

Other distros

You are on your own, but if you figure out how to get batman-adv and tunneldigger working on a different distro, then please edit this wiki!

batman-adv

You should already have the batman_adv module. Try loading it:

sudo modprobe batman_adv

If there are no errors, you have the module.

Add batman_adv at the end of /etc/modules to make it auto-load on bootup:

batman_adv

Install the batctl utility:

sudo aptitude install batctl

Tunneldigger broker

Install the broker

You must have the following kernel modules available:

  • l2tp_core
  • l2tp_eth
  • l2tp_netlink

To check:

 modprobe l2tp_core
 modprobe l2tp_eth
 modprobe l2tp_netlink

If there are no errors, you have the modules. If there are errors, then you should install the linux-image-extra package for your kernel. E.g:

 sudo aptitude install linux-image-extra-3.5.0-36-generic

Use apt-cache search linux-image-extra to find the package for you kernel version (hint: You can find your kernel version using: uname -a)

It seems that some Ubuntu version do not include the l2tp_* modules in any packages. See the section on Ubuntu further up this page.

Now add the module names at the end of /etc/modules so they are automatically loaded on boot:

 l2tp_core
 l2tp_eth
 l2tp_netlink

Now install some required packages:

 sudo aptitude install iproute bridge-utils libnetfilter-conntrack3 python-dev libevent-dev ebtables python-pip git

Download tunneldigger with git if you have not already done so:

 cd
 git clone https://github.com/wlanslovenija/tunneldigger.git
 sudo mv tunneldigger /opt
 cd /opt
 sudo chown root.root -R tunneldigger
 cd tunneldigger/broker

Now install the additional required python packages:

 sudo pip install -r requirements.txt

If it doesn't work, change the line:

 construct==2.0.6

to:

 construct==2.06

You may have to remove the python-netfilter line in requirements.txt and install it manually:

 git clone --depth=1 https://github.com/jlaine/python-netfilter.git
 cd python-netfiler
 sudo python setup.py install

If you have a python-netfilter package available to install via apt, then it is likely too old. Don't use it.

If you have any problems with pip, try upgrading it:

 sudo pip install --upgrade pip

You may have to log out and log back in for pip to work after this

Configure the broker

Open l2tp_broker.cfg.

You will want to change the "address=" line to your public IP address, and "interface=" to your public ethernet interface.

Run the broker

You can run the broker using:

sudo ./l2tp_broker.py l2tp_broker.cfg

To run the broker as a daemon and automatically on system startup, see the sections below.

Test the broker

To test the broker you need to install tunneldigger client on a different system. Ensure you have the L2TP modules loaded on your client system.

Install tunneldigger client requirements on you client system:

sudo aptitude install libnl-dev build-essential git

Download tunneldigger on client system:

cd
git clone https://github.com/wlanslovenija/tunneldigger.git

Compile tunneldigger client:

cd tunneldigger
make

Ensure that the tunneldigger broker is running on your relay node and run the tunneldigger client:

sudo ./l2tp_client -f -u foo -l <ip_of_your_relay_node>:<53> -i l2tp

The tunneldigger client should inform you when the tunnel has been established. This is what you'd expect to see:

l2tp-client: Performing broker selection...
l2tp-client: Selected 192.157.221.200:53 as the best broker.
l2tp-client: Tunnel successfully established.

If you use the -L option for l2tp_client, you may get an error from the broker like:

RTNETLINK answers: Invalid argument

Don't worry about it. The broker is attempting to clear out a sometimes non-existent traffic control rule using the command:

/sbin/tc qdisc del dev <tunnel_iface> root handle 1: htb default 0

This doesn't harm anything, but if you want to fix the behavior, look in traffic_control.py in the reset function.

Configure the broker to auto-start

Telling the sudo mesh organization about your relay node

If you want others to use your relay node, you should contact the sudo mesh group, either at info@sudomesh.org or by showing up to a weekly meeting or hacknight!

Securing your system

Now that you're running a piece of the mesh infrastructure, you may want to ensure that your server stays reasonably secure. We recommend that you set up automatic security updates as described in Mesh/Server_security this guide.