no internet on private SSID unless node has direct uplink

[yardenac]

We have a node whose only connection to the internet is via another nearby node. If people are using the peoplesopen.net SSID, they're able to use the internet. But if people are using the private SSID, they're not able to use the internet.

Marc told me this is a known issue and that providing a general solution would get very complicated. But he also said there is a way to configure nodes case by case and make this work. This should be documented eventually. Thanks :)

[paidforby]

I'd be interested to know why @Juul stated that a general solution would get very complicated. My guess is that to bridge over ad-hoc interfaces the nodes need to agree on ip addressing, encryption, and routing.

With the public (peoplesopen) interface this is simple, we already handle IP conflicts with the meshnode-databse, encryption is a non-issue because the network is already open, and routing is managed by babel.

On the private interface, none of these are given, we'd have to come up with some scheme for IPs or have them auto-negotiated. Encryption would have to be agreed on ahead of time (in makenode?) and keys would have to be shared across all nodes. It should be easy enough to get babel running over another ad-hoc interface, but then again the IP address make become an issue, especially as the private mesh is scaled up.

I'd be interested to know what the case-by-case solution is? I'm currently poking around in /etc/config/network and /etc/config/wireless trying to get some private meshing working. Any advice would be greatly appreciated!

[paidforby]

Accidentally closed.

[paidforby]

So after some investigation, I'm guessing the "quick and dirty" solution is to:

1. setup another adhoc interface (presumably with shared keys and encryption settings, though first we should try to get it working without encryption)
2. manually assign static, non-conflicting IPs to the new adhoc interfaces on each node you want on your private mesh
3. bridge the interfaces to the priv network or directly to eth1 (the internet connection)
4. start babeld on the interfaces

I have yet to get this working as I'm unsure how to start babel correctly with the new interfaces. I'm also worried that this will break the open networks and their meshing. It seems like all of this is very wrapped up in the /etc/init.d/meshrouting script and the corresponding config file. Eventually these should be ported to UCI configs, but first I would need to understand what all the script does, which I think would also be useful in addressing this bug.

[Juul]

WPA2 on an ad-hoc mode network is technically allowed by the standard but I've never seen it done and I'm fairly sure it isn't supported by wpa_supplicant or any other piece of open source software. That's it. Nothing else about this is difficult but this one problem is very hard to solve.

[paidforby]

Hmmm, I can see that being a problem. I attempted to just change the open adhoc interfaces (mesh2 and mesh5) to 'psk2' encryption with identical keys but it seemed to break the meshing. It does appear to be difficult to find any documentation regarding private meshing on openwrt. I'll keep digging though.