You are here

Tunnel set up

19 posts / 0 new
Last post
Ai6bx
Tunnel set up
does anyone have a good white paper or notes on tunnel set up? I am starting to plan a tunnel and wish to accomplish the following:

link mesh islands
link Rasp Asterisk systems
give myself a way to access the mesh and manage while traveling for business or in my RV.

thanks,

Keith - AI6BX
WU2S
WU2S's picture
Tunnel setup

Tunnel support is built into the AREDN firmware. Just go to the Setup page and select either Tunnel Server or Tunnel Client from the menu bar at the top of the page. Before you begin, make sure that you have an Internet connection to the node. Confirm an Internet connection by looking at the main status page and see that there is an IP address for the "default gateway" on the lower left.

The tunnel software pakage needs to be installed, so click the Install button and wait until the pakage is downloaded and the node reboots.

After the reboot, go back to the Setup page and fill in the required information. If your are establishing a Tunnel Server, you will need to have a publicly available Tunnel Server DNS Name for the tunnel clients to connect to. One way to do that is to setup a No-IP or DynDNS account, name your server, assuming your mesh node gateway is on your home network, and forward port 5525 on your ISP router to the mesh node. Complete the server setup by entering the exact client name and password.

Setting up a Tunnel Client is easier since it does not need port forwarding on your home router. Just enter the server DNS name, password and network address that was established in the Tunnel server this client will connect to.
 

Image Attachments: 
kd4kso
kd4kso's picture
Where do I get the
Where do I get the information for the server I want to connect to? Also do I need to set my Air Router as a mesh node or Mesh Router? I tried setting it as a router but it would not let me set the distance and so I could not save that change.
WU2S
WU2S's picture
Getting Started with Tunnels
You need to make arrangement with someone who has established a tunnel server in the area of your interest. The tunnel server operator will give you the information on where to connect your tunnel client to. Set the AirRouter as a mesh node.
kd4kso
kd4kso's picture
Thank you 
Thank you 
Jerry W0HU
Vtun Server Setup
Hi Randy,
I got my tunnel clients working fairly easily, and am enjoying their connectivity.  However, I am now trying to set up a server on a nano-loco that is connected via an Air Router to one of my "node" connections at the switch.  I will try to diagram this for you, all are CAT5e connections here:

Starting at the nano-loco, it is connected to the Air Router, which is configured as a mesh node.

The Air Router connects to the GS108Ev3 WAN connection at the tower junction box, where the other nodes are connected also.  This switch is just set up as seven nodes and a WAN connection.

My home network (internet) router connects to the WAN port on the switch in the tower junction box.

My home network router connects to the ComCast modem.  Comcast modem is not used for anything except the internet provider connection to my home internet router system (wired and wireless).  The only "mesh" connection to this system is from the GS108Ev3 on the tower.

I have established an account via no-ip.  So far, I haven't figured out how to get from that account to the server on the Nano-Loco.

I know this sounds really dumb, but I need help.  My background is electronics technology and police work, and I am trying to learn about this networking stuff, but it is slow going.

Thanks and 73,

Jerry



 
WU2S
WU2S's picture
Port forwarding
You will need to setup port forwarding on your Comcast Internet connection so that connection requests to port 5525 from the No-IP host can be forwarded to the tunnel server on your home network.
Take a look at the advanced settings on your home router to find the port forwarding setup. If you still have difficulty, please identify the model number of the Comcast router so that we can look for documentation and try to assist you.
-Randy
K5DLQ
K5DLQ's picture
also, your nano loco should
also, your nano loco should be directly connected to your GS108E switch in a DTD port that ALSO has the WAN vlan
 
w5mig
w5mig's picture
Tunnel setup problem

I have read all the comments above trying to set up a tunnel at my home qth. I want to get this figured out as I plan to connect 2 mesh Islands at a public service event in a few weeks. I had a tunnel working for a short while earlier today. When I went back to it if no longer was working. I'm lost at this point. Here is my set up.

The tunnel server and client are both AirRouters. The ethernet ports of the AirRouters are connected to ports 1 & 2 of a linksys wrt54g2, the home network. The wrt54g2 has port 5525 forwarded to the 192.168.1.x address of the AirRouter acting as the server. I have a noip dns name,  the ip address is the 172.31.x.x address issued by the tunnel server. The client is set up with the noip dns name, the password I created setting up the tunnel server and the 172.31.x.x address issued by the tunnel server. The enable box is check on both the server and client. 

What am I doing wrong here that the tunnel does not like? 

Thanks, 

Jerry
w5mig

KG6JEI
This is known as hairpinning
This is known as hairpinning or "hairpin routing" (because it resembles a hairpin )

This isn't guaranteed to work, I've worked with a number of systems that forbade this (I actually seem to recall a RFC that actually said you were not suppose to allow this but I can't find it right now)

The prime RFC I found that says this should be allowed didn't come out till 2007.

If you want to truely test this you will need to do it remotely, if you just want to test the tunnel works use the 192.168.1.x address of the AirRouter.
 
w5mig
w5mig's picture
Working now - sort of

Ok.  I have a remote mesh that I am able to vpn into. I have two nodes locally and three nodes at the remote site.  So I set up tunneling from there and it works!  Great. All was working great for a while but now, for some reason, in the local mesh, when I try to connect to any node in the local or remote mesh I get a "this site can't be reached" message in my browser. I can still connect to any node from the remote mesh. I tried rebooting the tunnel server but no change. What happened at my end?

w5mig
w5mig's picture
Solved
Ok. Figured that out.  Was connecting via the wifi adapter.  When switched to the lan adapter all worked well.
Jerry W0HU
Vtun Server Setup
Sorry for the long silent gap.  After a long conversation with a really decent chap at ComCast, and then having his checked my modem over the cable, it was determined that my modem is such that I cannot have access to the part of the modem that does port forwarding.  Which is OK, because it is in bridge mode, which allows my own router to handle those functions.  We explored the systems, and Darryl is right, the NanoLoco (tunnel server) has to be on a dtd connection that has the WAN vlan on the switch.  Checking the WAN address on the node's gui then revealed the proper address to which the port 5525 needed forwarded.  Doing this and clarifying the internet site address (the provider's equipment did not like one of the "legal" characters in my site name) brought the tunnel server to the point of being activated.  It seems to be working properly now,.  Thank you both Darry and Randy, and my friend here, Charles for all your assistance!
WU2S
WU2S's picture
Good news
Very happy to see that your persistence paid off! 
K5DLQ
K5DLQ's picture
glad you got'er done!  
glad you got'er done!
 
KJ7MIZ
Voice over Tunnel?
I have my tunnel established and I can see other nodes on the status page.  What I’m not clear on is how my HT interfaces with the router for voice communications. 
K6AH
K6AH's picture
HTs are not easily interfaced
HTs are not easily interfaced with the AREDN network.  However, VoIP telephones and cell phones are.  There are many posts explaining how that's done.  The Voice-over IP forum is a good place to start: https://www.arednmesh.org/forums/voice-over-ip-voip
 
kk6qms
kk6qms's picture
AREDN network is just a data

AREDN network is just a data network. In theory you could set up any radio system that uses a data network. (VoIP etc work on AREDN net because users have set up their own servers to manage and connect those VoIP devices together) For an HT over rf- Allstar would work. https://www.allstarlink.org/ 
You would need an ASL Asterisk server on the AREDN network as well as multiple interfaces to connect repeaters/radios to each other. The RTCM device is used commonly on repeaters to allow communication via the ASL system. (http://micro-node.com/thin-m1.shtml). Many end users like you and I use a small radio interface (https://dmkeng.com/Products.htm), a radio, and a R-Pi to create a way into ASL over rf from an HT etc. at their home or in their RV/mobile/etc. You can also use an Android app to connect to ASL and connect/talk on ASL. Connect to an ASL node that is linked to a repeater or end user and you will be heard over rf on those systems.

Lot of info- and I am no expert- but hoping it sheds some light on your question.

73- 
Clifford

AA7AU
AA7AU's picture
Allstar/Hamvoip over mesh

I have Allstar/Hamvoip running very nicely over my mesh network in Idaho using several Raspberry PI 3Bs installed with this:
https://www.hamvoip.org/

A couple of the PIs (3B) are installed on a couple of our local repeaters (the PI is actually the controller for one of them.) and each are connected over part15 links using their eth0 ports thru to the Interwebs with public node#s for outside access - and are running just fine. However, on each of these I also have a second "private" node# configured in that PI and accessible thru its eth1 (USB-eth adapter) linked to over our mesh system.

I have another PI configured in the same way (but without a radio attached) down in the valley which allows me another public node "entrance" into my system and I "bridge" that over to its second [private] node# which I then link/bridge as needed into my system. There are a couple of other "portable" PIs setup with a dongle and they use both nodes in each install in a similar way (see: http://chilinodz.wikidot.com/ ). Unfortunately the locally-made ChiliNodz are not currently in production. As previously mentioned, one can connect many different sorts of audio dongles and radios to Hamvoip - there are many home-brew designs. What I have in the case, however, is much more portable than most.

Bottom line: with a little bit of networking one can easily and effectively marry the Allstar system into an AREDN mesh and also have it setup to run without an internet connection when necessary (and still work the mtn top rerpeaters).

I've even used (in a test mode) a mesh tunnel to connect in from out-of-state and connect to/thru my mesh/Allstar setup. The possibilities for distributing access to our mtn top repeaters over our local local mesh when/if direct 2M connection is not possible via RF and the internet is down ... are terrific.

Hope this makes sense,
- Don - AA7AU

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer