You are here

Tunnel set up

15 posts / 0 new
Last post
Ai6bx
Tunnel set up

does anyone have a good white paper or notes on tunnel set up? I am starting to plan a tunnel and wish to accomplish the following:

link mesh islands
link Rasp Asterisk systems
give myself a way to access the mesh and manage while traveling for business or in my RV.

thanks,

Keith - AI6BX

WU2S
WU2S's picture
Tunnel setup

Tunnel support is built into the AREDN firmware. Just go to the Setup page and select either Tunnel Server or Tunnel Client from the menu bar at the top of the page. Before you begin, make sure that you have an Internet connection to the node. Confirm an Internet connection by looking at the main status page and see that there is an IP address for the "default gateway" on the lower left.

The tunnel software pakage needs to be installed, so click the Install button and wait until the pakage is downloaded and the node reboots.

After the reboot, go back to the Setup page and fill in the required information. If your are establishing a Tunnel Server, you will need to have a publicly available Tunnel Server DNS Name for the tunnel clients to connect to. One way to do that is to setup a No-IP or DynDNS account, name your server, assuming your mesh node gateway is on your home network, and forward port 5525 on your ISP router to the mesh node. Complete the server setup by entering the exact client name and password.

Setting up a Tunnel Client is easier since it does not need port forwarding on your home router. Just enter the server DNS name, password and network address that was established in the Tunnel server this client will connect to.
 

Image Attachments: 
kd4kso
kd4kso's picture
Where do I get the

Where do I get the information for the server I want to connect to? Also do I need to set my Air Router as a mesh node or Mesh Router? I tried setting it as a router but it would not let me set the distance and so I could not save that change.

WU2S
WU2S's picture
Getting Started with Tunnels

You need to make arrangement with someone who has established a tunnel server in the area of your interest. The tunnel server operator will give you the information on where to connect your tunnel client to. Set the AirRouter as a mesh node.

kd4kso
kd4kso's picture
Thank you 

Thank you 

Jerry W0HU
Vtun Server Setup

Hi Randy,
I got my tunnel clients working fairly easily, and am enjoying their connectivity.  However, I am now trying to set up a server on a nano-loco that is connected via an Air Router to one of my "node" connections at the switch.  I will try to diagram this for you, all are CAT5e connections here:

Starting at the nano-loco, it is connected to the Air Router, which is configured as a mesh node.

The Air Router connects to the GS108Ev3 WAN connection at the tower junction box, where the other nodes are connected also.  This switch is just set up as seven nodes and a WAN connection.

My home network (internet) router connects to the WAN port on the switch in the tower junction box.

My home network router connects to the ComCast modem.  Comcast modem is not used for anything except the internet provider connection to my home internet router system (wired and wireless).  The only "mesh" connection to this system is from the GS108Ev3 on the tower.

I have established an account via no-ip.  So far, I haven't figured out how to get from that account to the server on the Nano-Loco.

I know this sounds really dumb, but I need help.  My background is electronics technology and police work, and I am trying to learn about this networking stuff, but it is slow going.

Thanks and 73,

Jerry



 

WU2S
WU2S's picture
Port forwarding

You will need to setup port forwarding on your Comcast Internet connection so that connection requests to port 5525 from the No-IP host can be forwarded to the tunnel server on your home network.
Take a look at the advanced settings on your home router to find the port forwarding setup. If you still have difficulty, please identify the model number of the Comcast router so that we can look for documentation and try to assist you.
-Randy

K5DLQ
K5DLQ's picture
also, your nano loco should

also, your nano loco should be directly connected to your GS108E switch in a DTD port that ALSO has the WAN vlan
 

w5mig
w5mig's picture
Tunnel setup problem

I have read all the comments above trying to set up a tunnel at my home qth. I want to get this figured out as I plan to connect 2 mesh Islands at a public service event in a few weeks. I had a tunnel working for a short while earlier today. When I went back to it if no longer was working. I'm lost at this point. Here is my set up.

The tunnel server and client are both AirRouters. The ethernet ports of the AirRouters are connected to ports 1 & 2 of a linksys wrt54g2, the home network. The wrt54g2 has port 5525 forwarded to the 192.168.1.x address of the AirRouter acting as the server. I have a noip dns name,  the ip address is the 172.31.x.x address issued by the tunnel server. The client is set up with the noip dns name, the password I created setting up the tunnel server and the 172.31.x.x address issued by the tunnel server. The enable box is check on both the server and client. 

What am I doing wrong here that the tunnel does not like? 

Thanks, 

Jerry
w5mig

KG6JEI
This is known as hairpinning

This is known as hairpinning or "hairpin routing" (because it resembles a hairpin )

This isn't guaranteed to work, I've worked with a number of systems that forbade this (I actually seem to recall a RFC that actually said you were not suppose to allow this but I can't find it right now)

The prime RFC I found that says this should be allowed didn't come out till 2007.

If you want to truely test this you will need to do it remotely, if you just want to test the tunnel works use the 192.168.1.x address of the AirRouter.
 

w5mig
w5mig's picture
Working now - sort of

Ok.  I have a remote mesh that I am able to vpn into. I have two nodes locally and three nodes at the remote site.  So I set up tunneling from there and it works!  Great. All was working great for a while but now, for some reason, in the local mesh, when I try to connect to any node in the local or remote mesh I get a "this site can't be reached" message in my browser. I can still connect to any node from the remote mesh. I tried rebooting the tunnel server but no change. What happened at my end?

w5mig
w5mig's picture
Solved

Ok. Figured that out.  Was connecting via the wifi adapter.  When switched to the lan adapter all worked well.

Jerry W0HU
Vtun Server Setup

Sorry for the long silent gap.  After a long conversation with a really decent chap at ComCast, and then having his checked my modem over the cable, it was determined that my modem is such that I cannot have access to the part of the modem that does port forwarding.  Which is OK, because it is in bridge mode, which allows my own router to handle those functions.  We explored the systems, and Darryl is right, the NanoLoco (tunnel server) has to be on a dtd connection that has the WAN vlan on the switch.  Checking the WAN address on the node's gui then revealed the proper address to which the port 5525 needed forwarded.  Doing this and clarifying the internet site address (the provider's equipment did not like one of the "legal" characters in my site name) brought the tunnel server to the point of being activated.  It seems to be working properly now,.  Thank you both Darry and Randy, and my friend here, Charles for all your assistance!

WU2S
WU2S's picture
Good news

Very happy to see that your persistence paid off! 

K5DLQ
K5DLQ's picture
glad you got'er done!  

glad you got'er done!
 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer