In Sweden we have now, on trial, installed the Racoon IPSec VPN server on our gateway, which makes it possible to connect to the BBHN/HSMM/AMPRnet network behind the gateway using a regular client such as iPhone, Windows, Mac, Linux or whatever.

This gives the opportunety to do a real live demo, among other things, from your clubhouse or such.

We have also connected to a large BBHN network based in New Mexico US, also one node in Barcelona Spain is connected.

We are happy to announce that the system is very stable and reliable.

Hi:

today by first time, I see the neighbour stations from USA in my station.

I am seeing The  Swedish stations ok, about 3 weeks,  

I suppose that Johan SM7I, has completed the link to the USA network.

Excelent work, Johan, thanks for your help!!

The router now is in test phase in my shack, in a few days I will  mount in the roof on the mast reserved for this with a onmi 6 dbs antenna, and put the 2,4 ghz signal in my area.

I wait that other Spanish hams will connect in a future.

node name : http;//eb5jeq-24:8080

73s.

Miguel EB5JEQ www.eb5jeq.es

VA3WPN

There are two known VPN solutions as of today, the GRE solution and the VTUN solution.

Both of them has their pros and cons, but in the end it´s up to you and your environment to choose which one is the most suitable.

Also, there are no issues in combining the two solutions, but it requires a hubsoftware. It´s also possible to combine networks of different HSBB / BBHN firmware-versions using hubsoftware, however there´s a slight handjob to be done on the 0.4.3 nodes in order for this to work. No big deal actually.

Yes, VoIP is being used widely over HSMM / BBHN networks and our (SM) network uses this traversing VPN without any issues.

You can have a look at our (SM) hub at http://44.140.236.17:8080

If you need details on the GRE solution please drop me an email and I´ll send you the documents.

Hi guys. Need some assistance/guidance on this...
I have followed K5KTF's instructions to install the vtun server on my 54GS. I am seeing two issues:

1) It appears that the firewall is blocking connections from the WAN to vtun. If I disable the firewall (/etc/init.d/firewall stop), i do see successful connections to vtund.

2) Even though these connections are successful to vtund, it looks like OLSRD is not aware of them. ie. no new routes are established in olsrd status pages and no "remote" nodes are appearing.

I have verified that the "iptables -A FORWARD -i eth0.0 -o tun+ -j ACCEPT" commands are in the /etc/init.d/firewall file as described.
I have added the tun interfaces to the /etc/config/olsrd.conf file (and config.mesh file)
I have double checked the vtundsrv.conf file client entries to contain the proper interface "up" commands and addresses.

Any advice, troubleshooting tips?

Thanks, K5DLQ - Darryl

Daryl:

start at the simple parts, verify ping , verify olsr packets being recieved and transmitted (tcpdump) etx on the interface first and work your way up.  

OLSR has to have the data before routing can become a question and so on so work the issue from the bottom up or top down on each item.

VA3WPN

Try again, there was a slight routingissue, but it´s taken care of now.

Ok.
Further troubleshooting...
I can ping from the server to the client.
when i run tcpdump on the tun1 interface, i am seeing the following:
16:13:28.450171 IP 172.31.201.253 > 172.31.201.254: ICMP 172.31.201.253 udp port 698 unreachable, length 92 E..pPW..@.=;................E..T..@.@.M..............@cY.8i8.,.. .g...b..... ...

Looks like the OLSRD packets aren't being accepted. (port 698 unreachable).

in my /etc/config/olsrd.conf file, I do have:
Interface "tun1"
{
Ip4Broadcast 172.31.201.253
}

Where would change the config to allow olsr to accept these packets from the tun1 interface?

Thanks, Darryl

Darryl: 

(Oops while I was typing Joe got to you so I've cleared my comment)

SM7I:

I took a look at your link. I'm concerned about the address space you are using for your VPN service and how it does not match reasonable internet standards.

1.1.1.0/24 is a public address space and should not be used on the mesh nodes without and assigned allocation from APNIC.

The nodes are not configured to block routing 1.1.1.0/24 out to the public internet.  

You may be causing packet leakage by operating in this manner.

APNIC has had serious issues with this http://www.potaroo.net/studies/1slash8/1slash8.pdf

perhaps moving the the 172.31.x.x space BBHN is promoting for VPN's would be wise.

thanks Joe.
Ok, I'm taking a different approach... putting the wrt54gs vtun server on hold...

I'm trying on my Bullet M2 now. I followed your instructions for setting up vtund server on a UBNT Bullet M2.

I used your instructions and did the following:
ran opkg commands...
cp vtundsrv.conf after editing it for a new remote client name/pass (the remote client is a Linksys, so, I commented out the compress and encrypt lines as they don't appear to be compatible with UBNT version of vtun)
appended your network to both my /etc/config/network files
appended your firewall to both my /etc/config/firewall files
appended your olsrd to both my /etc/config/olsrd files
cp vtundsrv to init.d and chmod'd it
vtundsrv enabled (verified rc.d symlink)
reboot

Results:
vtund starts upon boot as expected.
i stopped it to run it as a non-daemon.
ran it: vtund -s -n -f /etc/vtundsrv.conf

I get no vtund connections until I issue a '/etc/init.d/firewall reload'
I then see the remote client connect.
I can ping the remote client 172.31.201.253
In olsrd routes page, i see one additional entry:
172.31.201.254 (mid1.K5DLQ-LGS2-DESK) 10.46.103.163 (K5DLQ-LGS2-DESK) 1 1.000 wlan0

BTW, K5DLQ-LGS2-DESK is another one of my RF MESH nodes (not wired).
My vtun server is on K5DLQ-UBM2-100

Could it be the configuration of the remote node causing no olsrd routing updates??

I would love to have someone else try to remote into my server. (begging/grovelling) ;-)

73, Darryl

P.S. I am running the UBM2 thru a Netgear GS105E with vlans configured.

Also, a quick follow-on question for Joe (et al)...
Would this configuration work on Linksys (other than ipkg instead of opkg)?
I'm guessing no as the config files look like they are different formats between versions of openWRT.

k5dlq - Darryl