You are here

Limiting nodes that may join the mesh

12 posts / 0 new
Last post
kg9dw's picture
Limiting nodes that may join the mesh

In describing AREDN to a fellow ham, the topic of security or malicious interference came up. I also saw the ragchew conversation about and X86 build based on the software.

Is there already a way to control who can join an AREDN mesh? Or are we left with what we do with FM repeaters (you can tell someone to not use the system, but there is limited technology available via Part 97 to prevent use)?



K5DLQ's picture
At the moment, there's not a

At the moment, there's not a "stable" way.  OLSR does have a "secure" plugin that provides this feature.  (requires a shared key on all deployed nodes to participate on the mesh)  However, this plugin has some bugs and, from my understanding, is no longer maintained by the OLSR team.

No techncial method at this time

At the moment there is no technical method to keep them off. 

We had deployed with using the "OLSR Secure" module under V2 protocol but had to pull it at the time because we traced some instability to having the module installed and found various bugs in it that were unknown,    This is probably the best chance though for making an "isolated" network but would require us to jump to a V4 protocol,  which may be a bit of a ways away at the moment.

At the moment the best really is rules, in that if you change the SSID from AREDN you can claim its a 'closed' system and invite only. Also by being under a different SSID you won't get inadvertent packets in.

Its one of those topics thats floating around on our (well at least mine) "we really wan to see this again" list, but a few other items been ahead of it at the moment (XW hardware for one)

For us to get it in will take a protocol jump (which means the change has to be grouped in with other changes) and would need some significant testing  to make sure any flaws that existed have been fully cleaned up (we think we got a large part of it during last code scrub)

KU7PDX's picture
SSID is probably the best way to go...

Changing the SSID would probably be the best way to indicate it is a closed system. Just like a voice repeater, you could contact unwelcome hams and notify them that they aren't permitted to use the system then and ultimately escalate to the FCC if necessary.

I think my comments from

I think my comments from another thread are apropos here:



Has there been any progress

Has there been any progress in the ability to block (or perhaps allow) certain nodes from joining a mesh?

For development status
For development status updates please check the ticket tracking system bloodhound

Tickets are processed based on many factors including level of interest expressed in the ticket for such features.
Thanks. I'd seen the status
Thanks. I'd seen the status on that ticket. However, I didn't want to assume that OLSR Secure was the only approach and was wondering if there was any other activity that might address the issue.  I guess there isn't.
I don't see any mention of
I don't see any mention of OLSR Secure in the ticket this is being handled under.

Not aware of any plans for secure module to solve the single question of restricting a single node.
Ahh... I see now. My
Ahh... I see now. My confusion with the mention of the shared key earlier in this thread.  So, since my interest may be different that what kg9dw posted, I would like to see something like an Access Control List where specific nodes (perhaps identified by MAC address) could be added and those nodes would not be allowed to join the mesh (through whatever nodes had it listed in it's ACL).
Basically that is how the
Basically that is how the current open ticket for this currently describes the solution.
K5DLQ's picture
(ie.  http://bloodhound.aredn

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer