You are here

Wrapping my head around Tunneling

6 posts / 0 new
Last post
Wrapping my head around Tunneling

Hi all,

I'm a newbie when it comes to networking configuring.  So, please excuse the naivete of this question. :-)

I have a Rocket M5 configured and functional.  I also have a camera installed on the node, and advertised. So, I got that part down.  

I wanted to do some experimentation with Tunneling.  And while I have the software installed, I did not know how to properly configure the server/client settings.  The online documentation is detailed.  But, still a bit over my head.

I found this online:

And that one picture helped!

But here is where it gets confusing.  I'm probably misunderstanding the concept and need clarification.

Do I need to have another AREDN node (let's call it node 1) functional and located somewhere else - and connected to the Internet - to connect to that particular tunnel server (call it node 2)?  I gave node 2 the information from node 1 (like in the example from Orange County). 

On my home router, I tried to forward port 5525 to the WAN address of node 2.   Unfortunately, the router indicated that particular IP was invalid. At the time, I DID NOT have node 1 attached to the home router.

I must be missing an additional step or two.  It's my understanding (and I could be way off-case) that I should be able to tunnel into a node/tunnel server from anywhere, provided I have an Internet connection, the tunnel server is configured and enabled, and I have the proper port forwarded.  But that's not what I'm seeing.

Thanks in advance!


Joe, NJ1Q



w6bi's picture
More info in the docs

There's more detail (plus a great diagram) in the online docs:
Search for Tunnel Server.

Orv W6BI

Thanks Orv.

Thanks Orv.

So, as I thought, I will need to have a node (like a Rocket M5) on the CLIENT end, and going through a managed switch, like say, a GS105.

The PC would be attached to one of the "LAN" ports on the switch, with the NODE on the "node" port and my Internet connection (from the home router) on the "WAN" port.

Joe, NJ1Q


K6AH's picture
Use when an RF link is not possible

An AREDN Tunnel simply stands-in for a non-existent RF link.  If two mesh networks are not able to be connected via an RF link, then one node from each mesh can be "tunneled" and the two networks become connected as if there was an AREDN RF link connecting them.

AA7AU's picture
Some connection exceptions

I have noted that there are some minor exceptions where a properly setup tunnel does NOT act the same as a normal AREDN RF link between devices. One example is MeshChat, where two devices hosting the same MeshChat "zone" will not update each other when connected thru a tunnel. I *think* we have also had issues with Voip thru a tunnel but I'd have to go dig out my notes on that. Seems like there have been other issues, but memory fails at the moment.

[opinion] As an aside, (while this can be a contentious issue) please also note that our local [informal, non-chartered] LVmesh (Las Vegas) group actively discourages any use of "tunnels" except in the case of 1) emergencies; 2) limited appropriate community-support events; and/or 3) proper control operator functions limited to a temporary single end-point connection. We do NOT approve of remote mesh islands (big or small) connected by tunnels to our local RF mesh.

With all that said, a tunnel is a fantastic [temporary] tool for remote control operator support functions on a case-by-case basis. I install one on every remote node which has another network "back door", just in case. Thanks to those who implemented this feature, I just wish it wasn't sometimes seen as a way to generally tie remote bits together when RF doesn't do the job. [/opinion]

Happy New Year to all,
- Don - AA7AU

K6AH's picture

Don, I generally share your opinion on this.  A search of the topic on the AREDN forum will return a number of debates on the subject.

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer