Connecting Mesh Networks Via the Internet - A VPN Tunnel

Broadband-Hamnet is proud to host Darryl K5DLQ's great work on the Internet tunneling solution.
Darryl has crafted 2 easy-to-use scripts that install all the necessary software from the BBHN site, and adds an easy to use form in the administration section of the node GUI for either Tunnel Server or Client use. 

For this to work, you MUST be on a WRT54GS v1, v2, v3, or any UBNT hardware. This is due to memory and flash limits in WRT's. And your node must have internet connectivity for the installation, then you need to connect a cable to the WAN port of the router that supplies a connection to the internet (or do VLAN setup on UBNT gear, found elsewhere on the BBHN site).

Please make sure you have your Tunnel node upgraded to 3.1.0, then SSH into the node, copy and paste either of the 2 lines below, then reboot.
3.1.0 WILL talk to BBHN 3.0.0 nodes, so you do not need to upgrade all of your network to use the tunnel, but we highly recommend that you do (especially with the simple-to-use patch file) to have all nodes on the same stable version.

To setup a Tunnel option below, the node will have to have connectivity to the Internet. Then SSH into the node you will install the option on, copy the appropriate line below (either Client or Server) and paste it into the SSH command line. It will install all dependencies, install the form in the GUI, and then we recommend you reboot.

Tunnel Client (which connects to a Tunnel Server via the Internet)
wget http://www.broadband-hamnet.org/download/attitude_adjustment/12.09/ar71xx/generic/packages/setup_client_vpn ; chmod +x setup_client_vpn; ./setup_client_vpn

Tunnel Server (which has Internet service and hosts other clients connecting to it)
wget http://www.broadband-hamnet.org/download/attitude_adjustment/12.09/ar71xx/generic/packages/setup_server_vpn ; chmod +x setup_server_vpn; ./setup_server_vpn

If you plan on running a Tunnel Server, you will need to make sure that, if it is behind a firewall/router, port 5525 is forwarded to the Tunnel Server node.

Once it is installed, log into the Setup portion of the firmware where you will find a new link at the top, either TUNNEL SERVER or TUNNEL CLIENT

TUNNEL SERVER

For a TUNNEL SERVER, enter the client's node name (from another Ham), generate a password he will use on his TUNNEL CLIENT, and click ADD.

That will generate everything and an EMAIL link. If you click the EMAIL link, it will open and start an email with all the necessary information needed to send to whoever you would like to have tunnel to you. You will have to make sure the last line of the information is correct with your public IP address (not the mesh or private LAN IP)

Your connection details:
Name: {TUNNEL-CLIENT NODE NAME}
Password: {ENTERED PASSWORD}
Network: 172.31.{GENERATED IP ADDRESS}
Server address:{YOUR PUBLIC IP ADDRESS/DNS}

If you will be hosting many, you may want to log in to the tunnel server and edit the last line (/www/cgi-bin/vpn) in so it includes your IP address/DNS every time.

SAVE CHANGES and reboot. Then wait and watch your Mesh Status for the clients to attach.

TUNNEL CLIENT

If you will have a tunnel CLIENT node, send your Ham friend the nodename of the node to be a client (ex: K5KTF-TUNCLIENT).

He will take that name and generate other information he will give to you (shown above).

Take that information and enter it into the form on your node, click SAVE CHANGES, and reboot.

Once it comes back up, go to Mesh Status and watch the other nodes show up.

We have tried to make this process as simple as possible, but we may have missed a step or some minor information. If you find something or have a suggestion, email This e-mail address is being protected from spambots. You need JavaScript enabled to view it and we will be glad to listen and help.