You are here

Looking for information on xlink configuration.

3 posts / 0 new
Last post
Looking for information on xlink configuration.

I am new to using AREDN. Back in the day I was playing with HSMM and while similar there are a good number of improvements that have been made to AREDN. One of them is the cross link functionality but there seems to be no real documentation for setting it up. At least I have been at a loss trying to find anything more than a mention of this feature.

What I have is a Proxmox server that will be running a bunch of the services that will be exposed on the AREDN mesh. This server sits out on a VLAN (I will refer to this as the VM net) that hangs off a OPNSense firewall. I have another VLAN (Local net) off the same OPNSense firewall that contains all the computers and other devices in the house. The Mikrotik hAP connects to the Local net using the WAN connection. I would like to get the hAP configured so that it knows about the VM net and how to route to it. I would also like to have the VM net propagate through OSLR so that other mesh nodes knows where the VM net resides and can connect to the services running in the VM net. From what I can read of the xlink config file, that is what it seems would be where the configuration gets set.

Alternatively, another less desirable way to do this is to connect one of the LAN ports on the hAP back into OPNSense firewall configured as a separate VLAN. Then add that VLAN to the Proxmox server so that the VLAN can be added to some VMs running the desired services and assign static IPs to the VMs that would be on the mesh side of the hAP. While I could make this work, it has the opportunity to fail is the hAP needs to be swapped out or gets reconfigured where the mesh network receives a new network range. I would rather just make the VM net so that there are not any spontaneous failures.

Assuming that I get the cross link feature running, I then will have a problem where I need to make the services available on the mesh. The AREDN firmware seems to only allow services to be listed if they are directly connected to one of the IPs available on the AREDN node. Is there a way around this so that the service can be seen by other nodes? It does not matter if the services are exposed on the node that is providing the route to the VM net. Would it be that I just have to maintain the /etc/config/services file manually on the node?

Gerard, WTØF

w6bi's picture
Advanced Network Configuration

The ability to configure that (and other advanced networking features) will appear on the GUI that SHOULD appear in a nightly build in the next few days.  It'll be on the "Advanced Network" tab (but only on the hAP ac2 and ac3 initially, I believe).

Orv W6BI

K6CCC's picture
You are likely far better to

You are likely far better to put that on a LAN port of the hAP rather than the WAN port.  Although a little different, this is what I am doing.  On my hAPac3, I have the WAN port connected to a managed LAN switch where that data is encapsulated into VLAN 201 (my primary home LAN) so that the hAPac3 had internet access for some tunnels.  The hAPac3 gets a DHCP address from my Mikrotik RB4011 main home router.  The address is a DHCP reservation so the hAPac3 always gets the same address.  The RB4011 has port forwarding configured so that port 5525 from the Internet is NAT forwarded to the hAPac3 for those tunnels.  The WAN connection on the hAPac3 is exclusively used for tunnels (as it was intended) so nothing special needs to be configured in the hAPac3 other than building the tunnels.  Note that if you are only operating as a tunnel client, the port 5525 NAT forward is not required.  The forward is required if you are operating as a tunnel server (I am both).
One of the LAN ports on the hAPac3 is connected to another port on the managed LAN switch that is encapsulated into VLAN 11.  That eventually gets to a VLAN trunk into the RB4011 router where the router gets a DHCP address from the hAPac3.  For a couple services, the router then routes packets to other LANs as needed.  For example, port 80 traffic is routed to a different LAN to reach my web server, and port 123 is routed to another VLAN ro reach my NTP server.  VLAN 11 also has a wired connection to a Raspberry Pi-4 that is primarily used for remote access into the AREDN network.  With some more router magic I can VNC into the RasPi and then access the AREDN network from that.  Lastly I have a Grandstream VOIP phone connected to VLAN 11 so it gets a AREDN LAN address.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer