Home > Documentation > Beginner

Janmesh - Linux Documentation

Welcome to the place where things start. Here you'll find beginner documentation, that is to be read before intermediate one.

Tutorial n°1 : How to deploy a local Janmesh network between two computers from nothing :

This tutorial has beeen updated and now is adapted to use with Ubuntu 18.04.

Objectives of this tutorial

The point of this tutorial is to inter-connect computers throught a wifi network, and to add a olsrd routing, plus an encryption and authentication layer with cjdns. It will make these machines a part of the Janmesh meshlocal.

The adressing

We will use link-local adresses. It's sufficient for the scale of most urban areas, because this methode allows about 65000 adresses, and most of the time one household will only need one adress.
As a matter of fact inter-connecting different network segments will need two dedicated interfaces, for example to operate long-range liaison, connecting two network segments with each theirs 65 000 available adresses.
On the scale of a city
On the scale of a big city, it would be more complicated : we can cut the network into segments by neighbourhood or district, and every segment must have its own essid because the wifi coverage of the segments will be overlapping each other.
For example : append "Lyon 1er", "Lyon 2eme", "Lyon 3eme" to the essid for the areas of the city of Lyon.
Remenber that the wifi network is just a layer, and Janmesh acually uses cjdns, wich is a higher layer protocol, that uses the wider range of adresses of the IPV6 protocol to route packets between machines.

Step 0 : install required software

For each computer enter the command line (need an internet access) : $ sudo apt-get install olsrd ufw
This will install the olsrd dynamic routing and the firewall manager gufw.

Step 1 : Mesh setup

Step 1.1 : create the wifi network


Setting up a network connection using network manager

$ nmcli connection add con-name janmesh ipv4.method link-local ipv6.method auto autoconnect yes type wifi ifname wlan0 mode adhoc ssid http://janmesh.net



Step 1.2 : Activate olsrd dynamic routing

olrsd will allows every packet passing throught the wifi network to take the better route, from computer to computer.
Change the olsrd configuration file, /etc/olsrd.conf :
$ sudo nano /etc/olsrd.conf Add a section Interface "wlan0" {
Ip4Broadcast 255.255.255.255
}
(The name of your wifi interface will probably be "wlan0", but it can be different. For example on durandal it is called wlan5. You can use iwconfig to know the name of your wifi interface if you're not sur of its name (should be wlan-something).
Then launch the olsrd daemon in background :
$ sudo olsrd

Step : installation and configuration of cjdns

Cjdns installation

Before anything, we need to install git to download the cjdns's source, that we will compile next.
$ sudo apt-get install git
Download, compile and install cjdns :
$ cd /opt
$ sudo git clone https://github.com/cjdelisle/cjdns.git
$ cd cjdns
$ sudo ./do
$ sudo ln -s /opt/cjdns/cjdroute /usr/bin
$ sudo su
# (umask 077 && ./cjdroute --genconf > /etc/cjdroute.conf)
# exit
Then launch cjdns with $ sudo cjdroute < /etc/cjdroute.conf

Step 3 : block any non-cjdns traffic and open the wifi

We will have to, for each machines, search into the congiguration file of cjdns which port it's using. you can open this file with the command : sudo nano /etc/cjdroute.conf The port number is on the line : "your.external.ip.goes.here:65011": {
In this case, it will be 65011. The number is randomly generated and won't be the same on your hardware. Write it down, we will need it !
We want here to block all the trafic on the wifi interface used by the mesh, except for the cjdns's port (65011 in this case). This number in the next lines should be adjust with your cjdns port number.
The name of the wifi interface should be wlan0. If it's not, you can have the actual name with the command iwconfig $ sudo ufw enable
$ sudo ufw deny in on wlan0
$ sudo ufw allow in on wlan0 to any port 65011
$ sudo ufw deny out on wlan0
$ sudo ufw allow out on wlan0 from any port 65011

Configure a script to make the changes permanent

Note : this method will use upstart, it's the default services management system in Ubuntu 14.04. But(For the long term supported versions), systemd is the default services manager since Ubuntu 16.04, it's better to use it. THIS SECTION HAS THEN TO BE UPDATED. Nevertheless Ubuntu 18.04 still supports upstart, then the code provided remains useful.
Into the folder /etc/init.d, create a text file nammed janmesh : $ gksu gedit /etc/init.d/janmesh And copy in it what follows :
#!/bin/sh
case $1 in
start)
/usr/bin/nmcli con up id janmesh;
/usr/bin/cjdroute < /etc/cjdroute.conf;
/usr/sbin/olsrd;;
stop)
/usr/bin/killall cjdroute; /usr/bin/nmcli conn down id janmesh; /usr/bin/killall olsrd;;
esac
save and close.
You can now start or stop the janmesh connexion with : $ sudo /etc/init.d/janmesh start and $ sudo /etc/init.d/janmesh stop
In Ubuntu 16.04 and newer: you have to make the script executable :
$ sudo chmod +x /etc/init.d/janmesh

The last step is to launch Janmesh at startup - be careful, if the only connection of your machine is Janmesh and your machine can only be remotely control, this step is essential, because we blocked all the trafic except the Janmesh (cjdns, higher CoOoOw stack level) one. You have to do so to get connectivity upon reboots later!
$ sudo update-rc.d janmesh defaults

And finally

HOWTO Prevent some services to be accessed on your computer, prevent them to be accessible throught Janmesh

Blocking a single port

If you wish to block only one particular service. Exemple for a mesh with one tun0 mesh interface up, on which we want to block access to a listening web server (port 80) :
$ sudo ufw deny in on tun0 to any port 80

Whitelisting only wished open services and blocking anything else

A much more secure approach is to block anything and allow only what is useful. Example if you want to allow a listening web server (port 80) and block anything else, for a mesh network operating on the tun0 interface: $ sudo ufw deny in on tun0
$ sudo ufw allow in on tun0 to any port 80

Licensing: this tutorial is placed under two licenses. Code is placed under
AGPLv3 license. Other text content here is licensed under Creative Commons BY-SA 4.0 license. Authors are : Shangri-l. Translators are : Nomys. Translation proofreader are : Shangri-l