Home > Documentation > Beginner

Janmesh - Setting up encrypted ad-hoc mesh network using cjdns and Linux

Welcome to the place where things start. Here you'll find beginner documentation.
Once your mesh is working, you may want to read How to share internet access from one machine connected to the mesh to another one.

Tutorial n°1 : How to deploy a local Janmesh network between two computers from nothing

This tutorial is meant to be used with Ubuntu 22.04 LTS or newer, up-to-date Debian, and other Ubuntu-based or Debian-based GNU/Linux distributions, and can be easily adapted to any other distro.

Objectives of this tutorial

The point of this tutorial is to inter-connect computers through a wifi network (SSID http://janmesh.net), and add an encryption and authentication layer with cjdns. It will make these machines a part of the Janmesh meshlocal.
You'll have to follow this tutorial on a single computer if you want to join the Janmesh network through wifi admitting there's another station at range. If you wish to set up the network from scratch on several computers in your area, you'll need to apply these steps on each of them.

General prerequisite

We will asume in this tutorial that your Linux computer is connected to your home LAN network and have Internet access through one network interface, and that you have one available wifi interface devoted to operate the mesh.
In short this means
A quick note about wifi support in Linux: Since linux Wifi modules ("drivers") are mostly maintained and developped by volunteers, the focus is mainly put on Managed mode (to connect to an access point as a client, say in a public place or at home to your local ISP-Box), and ad-hoc support which allows acentered communication is not always complete and working as expected.
Admitting your Wifi has a module, it is not enough to be certain that this particular wifi will be able to operate ad-hoc properly.

A quick note about the range: The Main Thing with the Janmesh project is that techonologies used implies routing between nodes ; the more people join the network, the more the range of the whole network extends. Two stations that are unable to connect directly will be able to talk to each other with intermediate ones relaying/routing their (end-to-end encrypted) data.
Out of range network segments can easily be connected together using a tunnel inside The Ordinary Internet. It's a core feature of Cjdns, and currently by far its main use. One people somewhere will need to configure it to accept entering connections from another people and redirect incoming connexions from his/her ISPBox, then the other people just need to be a "leaf" peer by entering the IP adress of this box and the credential provided by the first person, and, voila, the two network segments are merged as long as internet is available.

The addressing

We will use link-local addresses, which have the advantage to be automatically set up. They are used only for the physical layer (ad-hoc wifi) of the network, that is to say any machine within the range of your own wifi. It's then sufficient for the scale of any area, because this methods allows about 65000 addresses, and most of the time one household will only need one or a handful of addresses.

And now here we go

Defintion: Root commands an non-root, user commands


Step 0: install required software

In a terminal emulator, enter the following command line (needs an internet access) : $ sudo apt-get install git ufw build-essential wireless-tools bison flex nodejs

Step 1 : Mesh setup

Step 1.1: installation and configuration of cjdns

Cjdns installation

Download, compile and install cjdns (needs an internet access) :
$ cd /opt
$ sudo mkdir cjdns
$ sudo chown <your username for this linux machine> cjdns
$ git clone https://github.com/cjdelisle/cjdns.git
$ cd cjdns

Then continue with
$ ./do
[TODO add extra info about Rust]
$ sudo ln -s /opt/cjdns/cjdroute /usr/bin
$ sudo su
# (umask 077 && ./cjdroute --genconf > /etc/cjdroute.conf)
# exit

Step 1.2: block any non-cjdns traffic on wireless interface, block any incoming cjdns traffic

We will have to, for each machines, search into the congiguration file of cjdns which port it's using. you can open this file with the command : sudo nano /etc/cjdroute.conf The port number is at the line containing: "your.external.ip.goes.here:65011": {
(you can quit nano with [CONTROL]+X)

this is now necessary to take note of the port number (In this case, it will be 65011). This number is randomly generated and won't be the same on your hardware. Write it down, we will need it!
It is also a good idead to write down your IpV6 Cjdns address, of the form aaaa:bbbb:cccc:dddd:eeee:ffff, also indicated in this file, since it is the adress you can pass around to neighbours to authenticate connections from your machine or allow them to access any kind of service you will run on it. We want here to block all the trafic on the wifi interface used by the mesh, except for the cjdns's port (65011 in this case). This number in the next lines should be adjust with your cjdns port number.
You can have the actual name of your (currently still marked unmanaged if you got several ones) wifi interface with the command iwconfig
$ sudo ufw default allow
$ sudo ufw allow in on <your wifi interface> to any port <your cjdns port number>
$ sudo ufw deny in on <your wifi interface>
$ sudo ufw enable

Next step is to block any incoming traffic from Cjdns' tun0 interface as a whole.
$ sudo ufw deny in on tun0 If you wish later to open a particular service, add an allow in on tun0 to any port <your service's port> rule BEFORE this one. TIP you may want to use Gufw, which is an easy to use graphical front-end to ufw to do so. Then launch cjdns with
$ sudo su
# cjdroute < /etc/cjdroute.conf
# exit

Step 2: Set up the wifi

iwconfig command once again can give you the name of your (currently still marked unmanaged if you got several ones) wifi interface. $ nmcli conn add conn-name janmesh ipv4.method link-local ipv6.method link-local autoconnect yes type wifi ifname <your wifi interface> mode adhoc ssid http://janmesh.net

Step 3: add startup scripts to make the changes permanent

Licensing: this tutorial is licensed under
Creative Commons BY-SA 4.0 license. Contributors to date: Shangri-l, Nomys.