Home > Documentation > Beginner

Janmesh - Linux Documentation

Welcome to the place where things start. Here you'll find beginner documentation, that is to be read before intermediate one.

Tutorial n°1 : How to deploy a local Janmesh network between two computers from nothing :

This tutorial has beeen updated and now is adapted to use with Ubuntu 18.04.

Objectives of this tutorial

The point of this tutorial is to inter-connect computers throught a wifi network, and to add a olsrd routing, plus an encryption and authentication layer with cjdns. It will make these machines a part of the Janmesh meshlocal.

The addressing

We will use link-local addresses. It's sufficient for the scale of most urban areas, because this methode allows about 65000 addresses, and most of the time one household will only need one address.
As a matter of fact inter-connecting different network segments will need two dedicated interfaces, for example to operate long-range liaison, connecting two network segments with each their 65 000 available addresses.
On the scale of a city
On the scale of a big city, it would be more complicated : we can cut the network into segments by neighbourhood or district, and every segment must have its own essid because the wifi coverage of the segments will be overlapping each other.
For example : append "Lyon 1er", "Lyon 2eme", "Lyon 3eme" to the essid for the areas of the city of Lyon.
Remenber that the wifi network is just a layer, and Janmesh acually uses cjdns, wich is a higher layer protocol, that uses the wider range of addresses of the IPV6 protocol to route packets between machines.

Step 0 : install required software

For each computer enter the command line (need an internet access) : $ sudo apt-get install olsrd ufw
This will install the olsrd dynamic routing and the firewall manager ufw.
Warning! As of 2021 olsrd is no longer available through apt-get in Ubuntu and has to be cloned with git from olsrd's github and compiled. This documentation has to be updated to help you to do so. It's basically just like cloning cjdns with git, going to the clone directory, and exectude "make" then "sudo make install". build-essentials, make and other software compilation related tools have to be installed.
As of 2021 november 29th, many things in this 2016 old documentation now have to be tweaked a bit:
Olsrd now needs to be git cloned from https://github.com/olsr/olrsd.git, then compiled with make then # make install.
You no longer need to add the IpV4Broadcast (you now, the thing) to your /etc/olsrd/olsrd.conf. You still need to specify a wifi interface
Olsrd has moved in the directory tree, which implies change in the path of Olsrd given in your upstart script
The best way to invoke it in this script is now by "olsrd -d 0 ;"

*wlan0 is now no longer in use in most linux distro. Your wifi interface is likely to be ws1lp0 or whatever, please check with iwconfig for the actual name of your wifi interface
newly generated cjdroute.conf now have ethernet autopeering disabled by default. Please remove de _disabled_ string before ETH in the corresponding section of your cjdroute.conf for things to work
And remember to keep a backup of this file in a safe place :)

Step 1 : Mesh setup

Step 1.1 : create the wifi network

Setting up a network connection using network manager

$ nmcli connection add con-name janmesh ipv4.method link-local ipv6.method auto autoconnect yes type wifi ifname wlan0 mode adhoc ssid http://janmesh.net

Step 1.2 : Activate olsrd dynamic routing

olrsd will allows every packet passing throught the wifi network to take the better route, from computer to computer.
Change the olsrd configuration file, /etc/olsrd.conf :
$ sudo nano /etc/olsrd.conf Add a section Interface "wlan0" {
(The name of your wifi interface will probably be "wlan0", but it can be different. For example on our lab-testing machine "durandal" it was called wlan5. You can use iwconfig to know the name of your wifi interface if you're not sur of its name (should be wlan-something)).
Then launch the olsrd daemon in background :
$ sudo olsrd

Step : installation and configuration of cjdns

Cjdns installation

Before anything, we need to install git to download the cjdns's source, that we will compile next.
$ sudo apt-get install git
Download, compile and install cjdns :
$ cd /opt
$ sudo git clone https://github.com/cjdelisle/cjdns.git
$ cd cjdns
$ sudo ./do
$ sudo ln -s /opt/cjdns/cjdroute /usr/bin
$ sudo su
# (umask 077 && ./cjdroute --genconf > /etc/cjdroute.conf)
# exit
Then launch cjdns with $ sudo cjdroute < /etc/cjdroute.conf

Step 3 : block any non-cjdns traffic and open the wifi

We will have to, for each machines, search into the congiguration file of cjdns which port it's using. you can open this file with the command : sudo nano /etc/cjdroute.conf The port number is on the line : "your.external.ip.goes.here:65011": {
In this case, it will be 65011. The number is randomly generated and won't be the same on your hardware. Write it down, we will need it !
We want here to block all the trafic on the wifi interface used by the mesh, except for the cjdns's port (65011 in this case). This number in the next lines should be adjust with your cjdns port number.
The name of the wifi interface should be wlan0. If it's not, you can have the actual name with the command iwconfig $ sudo ufw enable
$ sudo ufw deny in on wlan0
$ sudo ufw allow in on wlan0 to any port 65011
$ sudo ufw deny out on wlan0
$ sudo ufw allow out on wlan0 from any port 65011

Configure a script to make the changes permanent

Note : this method will use upstart, it's the default services management system in Ubuntu 14.04. But(For the long term supported versions), systemd is the default services manager since Ubuntu 16.04, it's better to use it. THIS SECTION HAS THEN TO BE UPDATED. Nevertheless Ubuntu 18.04 still supports upstart, then the code provided remains useful.
Into the folder /etc/init.d, create a text file nammed janmesh : $ gksu gedit /etc/init.d/janmesh And copy in it what follows :
case $1 in
/usr/bin/nmcli con up id janmesh;
/usr/bin/cjdroute < /etc/cjdroute.conf;
/usr/bin/killall cjdroute; /usr/bin/nmcli conn down id janmesh; /usr/bin/killall olsrd;;
save and close.
In Ubuntu 16.04 and newer: you have to make the script executable :
$ sudo chmod +x /etc/init.d/janmesh

You can now start or stop the janmesh connexion with : $ sudo /etc/init.d/janmesh start and $ sudo /etc/init.d/janmesh stop
The last step is to launch Janmesh at startup - be careful, if the only connection of your machine is Janmesh and your machine can only be remotely control, this step is essential, because we blocked all the trafic except the Janmesh (cjdns, higher CoOoOw stack level) one. You have to do so to get connectivity upon reboots later!
$ sudo update-rc.d janmesh defaults

And finally

HOWTO Prevent some services to be accessed on your computer, prevent them to be accessible throught Janmesh

Blocking a single port

If you wish to block only one particular service. Exemple for a mesh with one tun0 mesh interface up, on which we want to block access to a listening web server (port 80) :
$ sudo ufw deny in on tun0 to any port 80

Whitelisting only wished open services and blocking anything else

A much more secure approach is to block anything and allow only what is useful. Example if you want to allow a listening web server (port 80) and block anything else, for a mesh network operating on the tun0 interface: $ sudo ufw allow in on tun0 to any port 80
$ sudo ufw deny in on tun0

Licensing: this tutorial is placed under two licenses. Code is placed under
AGPLv3 license. Other text content here is licensed under Creative Commons BY-SA 4.0 license. Authors are : Shangri-l. Translators are : Nomys. Translation proofreader are : Shangri-l