You are here

Software updates and tunnel software

14 posts / 0 new
Last post
Software updates and tunnel software

I read the release notes for firmware. I have some questions:

1) Once a firmware update has been accomplished, does the node retain the settings for the tunnel software? or will the tunnel software have to be re-configured again?
2) What if the Internet is not available after a firmware update? Just how does one go about reloading the tunnel software?

Which leads to my point in another post: Why is the Internet required for loading the tunnel software? Why can't you just download the software as a binary module and then upload it via a laptop and a second node connected to the laptop?

K6AH's picture
The tunnel feature is used to

The tunnel feature is used to connect mesh islands (clusters of AREDN nodes covering some limited geographic area).  Tunnels use the Internet to interconnect mesh islands.  Therefore, it is assumed you will have and have setup this Internet connection.  Tunnel aren't used very often and since they count on the Internet to run, they aren't very useful in a disaster.  As a general rule, I don't allow tunnels on the San Diego AREDN Network... they give a false indication of how prepared any given user group is for a disaster.

Lastly, all optional software packages are installed through Internet connections.  It's generally easier... all you need do is turn on the Gateway option on an Internet-connected mode and then click your node's tunnel install button. 

I would recommend getting used to the loading and operation of a few nodes before tackling tunnels.

Having said all that, your recommendation on a step-by-step instruction is well taken... although it means people would need to read it.  ;-)  We have actually found that people would rather ask questions of the group than to read our written instructions for themselves.

We'll get you through this, so don't get discouraged.

Andre, K6AH

PS. When the Save Settings box is checked, nodes do retain the tunnel configuration after updates.

K5DLQ's picture
well, if you want to tunnel

well, if you want to tunnel across the internet, it is assumed that you will have internet access to install the packages....
Am I missing something in your question??



Why would the Internet be required for tunneling? Why do you assume that Internet is the sole means for interconnecting clusters of AREDN nodes? Perhaps I have an alternative in mind which does not depend on the Internet for the reasons given by Andre, K6AH.

K6AH's picture
I believe Darryl's point was...

I believe Darryl's point was that AREDN tunnels were designed to connect through the Internet.  There are certainly other uses for them (which they were not designed for) such as through private wired and wireless networks, etc., and there are a few of these in use in SoCal.  You will need to be cautious though... as LQ and NLQ are handled differently and the node will flag the link as down if only minor interruptions occur on the tunnel.

There is a new feature request (that I submitted about a year or two back) that calls for a tunnel-like link-type which runs through Ubiquiti AirOS devices and potentially leverages their proprietary TDMA protocol.  Using the standard tunnels to accomplish this could be prpoblematic for the reasons I've already stated.


I'm glad to see that you are

I'm glad to see that you are thinking along the same lines as I am. As all Amateur Radio folks should know, Part 97.113-a-4 only applies to transmitted RF signals on the Amateur Radio Services frequencies. So, running encryption straight up on a Part 97 transmitter is prohibited.

However, Could you pass data traffic from a Part 97 node through an encrypted Part 15 RF link to another Part 97 node and still be legal. Most certainly! Think about that.

Andre, is it possible to use scp to upload the tunnel software to a node? (Linux to Linux)

K6AH's picture
Refuse to debate...

I'll not get into a debate about this, but not everyone shares your opinion on what "all Amateur Radio folks should know,"  

Part 97 through Part 15 - Sure that's what happens when you connect an access point to a node for users to connect.

I'll defer to Darryl on the use of scp.  I'm not a Linux guy.

K5DLQ's picture
The "Install" tunnels button

The "Install" tunnels button does more than just install packages.  It sets up network interfaces and makes config file changes in a few locations in addition to package installation.

AE6XE's picture
I think I've installed the

I think I've installed the packages manually before and it worked, but this was after a sysupgrade where the config files are preserved and already setup.  It would be a minor change to check if packages are already installed to proceed with updating the config files the very first time.    A) packages manually installed; B) click the button in the UI to complete the setup.


Gentlemen, comments

Darryl, Yes, the Internet button certainly makes the install easier. However, manual installation works correctly as well.

Joe, the manual installation can be accomplished as part of an initial setup. Once the tunnel software is loaded, you still have to go into the server / client pages and add the needed information.

Thank you Darryl and Joe.


KE2N's picture
backbone tunnelling

two years ago I did some testing with the Mid Atlantic IP Network (MAIPN) and AREDN mesh - when the tunnel feature was quite new.  The idea was to look at different ways users could be attached to our part 15 backbone network. 

At the time, a feature to provide (or at least set up) backbone linking of mesh islands was proposed as a possible feature for the AREDN package.  Here is an out take from the report that I wrote and shared with some of the Developers at the time:

" ...The WAN port is also used for the Tunnel/Client feature of the mesh.  This is a version of VPN that allows two smaller meshes to join together by way of the Internet, or any other network, connected to the WAN port. Tunnel clients appear as Remote Nodes on the same mesh network. This feature was tested with both DHCP and static node assignments (function #2 above).  Because the WAN port is used for tunneling, the local LAN-connected users will automatically have access to the upstream network, even if the gateway box is not checked. This may be desired or not. Such access can be prevented in a number of ways such as using VLANs, or assigning a separate network segment for mesh tunneling and using gateways that only work within this segment.
" Since backbone linking of meshes (as opposed to Internet linking of meshes) is likely to be a common application, AREDN are contemplating a GUI option to specifically define a backbone subnet route for such linking.  Detailed functionality of this feature are not known but should be applicable to MAIPN."
Agreement, no debates

97.113 Prohibited Transmissions - the title of this section says it all. (Transmissions on Amateur Radio Service frequencies by licensed Amateur Radio operators using devices operating as Part 97). If a signal is transmitted by a Part 15 device, then Part 97 rules do not apply. Enough said on the matter.

It's ok. I'll experiment with SSH and it's utilities and get a definitive answer about scp and such.


AE6XE's picture
1) "Once a firmware update

1) "Once a firmware update has been accomplished, does the node retain the settings for the tunnel software? or will the tunnel software have to be re-configured again?"

If the tunnel software had been previously installed and configured, then you go through a firmware upgrade in the AREDN firmware (we call this a "sysupgrade", the tool from openwrt that performs this firmware upgrade), then 'yes', your tunnel configuration information is saved across upgrades.

2) "What if the Internet is not available after a firmware update? Just how does one go about reloading the tunnel software?"

The tunnel software is installed from standard linux packages.   The internet is not required to install packages.   One does have to have access to the internet in advance to download the desired packages from however.    The process is to download the appropriate and dependent packages to a laptop, then put these packages on a device that is connected to the mesh network and 'upload' the packages one at a time to install.

These add-on packages are not saved across a firmware upgrade and do need to be re-installed.    You will find that to install some/many packages will complain because they are dependent on other packages.   You will need to upload these dependent packages first, to successfully install.   For the tunnel feature, direct internet access is required if you'd like this to be a 1-button click.

I'm not aware of anyone that doesn't use a tunnel over the internet.   To bridge over the top of other non-internet based wireless links, which may be encrypted, there is a different feature called 'dtdlink' that has precedence of being used instead.

Thank you for the useful insight on the topic.

"I'm not aware of anyone that doesn't use a tunnel over the internet ...." Sir, there is a first time for everything.

As far as the loading of the tunnel software, I am more concerned about a future where a deployed mesh net cluster is being updated with newer firmware and lacks an Internet connection to restore a tunnel connection.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer