OLSR Mesh Wifi with DD-WRT

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Wed Jun 19, 2019 17:05    Post subject: OLSR Mesh Wifi with DD-WRT Reply with quote
Preface: This project for me is a jump into ice water. Any help is much appreciated.

This thread will be a sort of log of what I’m trying. If in the end I succeed (that’s a big if), I’ll create another thread with everything in it that might work as a sticky/reference point, and maybe someone can put that information in the wiki. Again, any help is much appreciated.

Index of useful Links:
DD-WRT Wiki on OLSR
Benryanau's thread for initial setup
WPA2 with OLSR (from OpenWRT)
DD-WRT Internal Networks/Interfaces

Testing Setup
I have two routers, a Netgear R7000 (this is connected to the internet), and a Netgear R7000P.
The specs can be looked up online. They are Broadcom SoC based routers.

Here’s some terminology I use interchangeably, but they refer to the same thing:
Router 1 = Host Router = Netgear R7000 = 192.168.1.1
Router 2 = Node Router = Netgear R7000p = 192.168.2.1

For setting things up I have the routers connected like so:

Code:

(modem) --> Router 1 (host) <---(OLSR wireless)---> Router 2 (node)
                               |                                                        |
                       (ethernet)                                           (ethernet)
                               |                                                        |
                         Desktop                                                Laptop

Background and Motivation
I just got gigabit speed internet. The Cable Company said “you honestly can’t really use more than 400mbps anyway”... Watch me Twisted Evil

The reason a mesh wifi setup seems most viable is: I have about 2500 sq. ft. of house to cover, and that should extend into the backyard and front yard. One option is a balls to the wall router, however I don’t think that will net me the speeds I want/need as some of my devices run older wireless hardware. Also, 5GHz propogation in my house is a very optimistic idea.

A WDS bridge not viable because from what I understand, it will cut my available bandwidth in half. Running an ethernet cable through the house is my fallback option for placing two routers, however a successful mesh network can extend well beyond that.

All this being said, Mesh Routing is going to become more prevalent. The prior hardware bottleneck is fast becoming a thing of the past., On the closed-source side we’re seeing Mesh routing options pop up everywhere in the form of the Ubiquiti Mesh HD, Google Wifi (whoever installs this in their house must have a screw loose), Netgear Orbi, Linksys Velop, D-Link Cover, Eero, TP-Link Deco, etc. etc. etc.

All these solutions are expensive and closed source with unknown security and/or privacy implications. Either way, I want to get it up and running on DD-WRT, and a comprehensive how-to guide could prove very popular.

Here’s my setup:
My original router that’s served me really well is a Netgear R7000.
After doing some research, I decided to buy a Netgear R7000P. If all else fails it should at the very least serve as an improvement over my existing setup.

Body

Here’s where I am so far:
I’ve got both routers connected via Ethernet to two separate computers to set them up. After following this guide I’ve got both routers talking to each other over the 5GHz (eth2) spectrum.

Router 1 (R7000, Connected to Modem)
Setup --> Basic Setup:

Wireless --> Basic Settings:

Setup --> Advanced Routing:


Last edited by Fried Chicken on Fri Jun 21, 2019 7:23; edited 10 times in total
Sponsor
Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Wed Jun 19, 2019 17:10    Post subject: Reply with quote
Router 2 (R7000P)
Setup --> Basic Setup:

Wireless --> Basic Settings:

Setup --> Advanced Routing:



Last edited by Fried Chicken on Fri Jun 21, 2019 7:27; edited 1 time in total
Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Wed Jun 19, 2019 17:23    Post subject: Reply with quote
On Router 1 I’m intentionally leaving the 2.4GHz antenna as an access point so the rest of my house still has WiFi.

With this setup, I’m able to access both routers through the webui (192.168.1.1 for router 1, and 192.168.2.1 for router 2), while connected to one of the routers. I can also telnet into both of them, and ping them as well, so long as I’m connected via Ethernet to either one of the routers.

I’m also able to see the OLSR Daemon for the respective routers when connected via ethernet for each of the routers, showing that they are talking to one another via the eth2 interface.

What I’m not able to do is access the internet.
I tried blindly running this code on router 1, as referenced in benryanau’s thread
Code:
iptables -t nat -A POSTROUTING -o vlan1 -j MASQUERADE


But now I’ve changed something that I don’t know what and I still don’t have internet. While trying to set things up, at some point I got the WAN IP Address to show up on the 2nd router’s OLSR Daemon page (192.168.2.1:8080), but then I kept playing with it and it disappeared. There was still no internet.

Anyway, I’m now at the point where I’m guessing and checking, something that cannot work given the complexity of the settings. My suspicion is I need to somehow link the WAN interface of router 1 with the 5GHz antenna (eth2), and then on router 2 connect the 5GHz antenna with the WAN of that? I don’t know. I’ve consulted the Wiki on DD-WRT’s Default Internal Device Network.

I don’t know what IPTables are, and I read somewhere they shouldn’t be used with OLSR? Again, biting a big piece off of this cookie, but I feel this is something I can get running with the proper help, and I also feel properly configured OLSR for DD-WRT could be immensely helpful for everyone.

OSLR Daemon for the host router

OSLR Routes for the host router


Last edited by Fried Chicken on Thu Jun 20, 2019 5:19; edited 4 times in total
Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Wed Jun 19, 2019 19:33    Post subject: OLSR and WPA2 Reply with quote
As it stands, I’ve just did a reset on both routers and reconfigured everything to remove any possibility of stray crap causing trouble.

The two routers are talking to eachother over hte eth2 (5GHz) network.

I want to get 2 things accomplished:
1. Internet on the node
2. WPA2 Encryption

Regarding goal one, by adding the the vlan2 interface from router 1, I get my WAN IP to show up on the OLSR daemon page, however I don’t know where to go from there.

Regarding goal two, I found a guide for adding WPA2 over OLSR (borrowed from OpenWRT).
https://justingoetz.net/display/PB/2019/04/10/Comprehensive+guide+to+running+OLSR+over+WPA2+on+OpenWRT

Unfortunately, I don’t have a way to edit my conf files. Incidentally, the conf files are located in the tmp folder and not in the etc folder, or the /tmp/etc folder. Doesn’t seem to matter.

The guide suggests editing olsrd.conf files, something I haven’t found out how to do over telnet or otherwise. I tried vi olsrd.conf which lets me somehow edit it, but when I did that the routers got mad, and I think it reverted it after doing any changes under the advanced routing page.

I’m also adding my OLSR daemons for my node router (R7000P 192.168.2.1.

The Wiki says I need to enable NAT routing by doing the following:
Code:
iptables -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE
iptables -t nat -A POSTROUTING -o $(nvram get wl0_ifname) -s $(nvram get eth1_ipaddr)/$(nvram get eth1_netmask) -d $(nvram get eth1_ipaddr)/$(nvram get eth1_netmask) -j MASQUERADE
iptables -t nat -A POSTROUTING -o $(nvram get lan_ifname) -s $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -j MASQUERADE


I don’t quite want to do that yet, b/c I don’t know how I would revert those changes once I do, but I might just save the settings and go for it.

[edit]

I went ahead and ran the commands after saving the settings.
I still do not get anything from the node router (R7000P), neither by pinging IP addresses from the router directly via telnet, nor through the Macbook I have connected.

On the main router (R7000) I’m still able to access the internet. If I disable gateway mode under Setup --> Advanced routing, I’m not able to access the internet via the iMac I have attached. I am able to ping IP address and URLs via telnet, so the internet is somehow there, but it’s not getting transferred.

OSLR Daemon for the node


OSLR Routes for the node


Last edited by Fried Chicken on Thu Jun 20, 2019 5:16; edited 3 times in total
Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Wed Jun 19, 2019 20:07    Post subject: Reply with quote
One more post to add the OLSR.conf files as they currently stand.

Notice the lack of Hna4 for the Host router, although the OLSR daemon shows 0.0.0.0, although maybe I should add that (via the DD-WRT web interface). The Hna4 correlates to the “Host Net Announce” on the WebUI.


[UPDATE]

I changed the host announce under setup --> advanced routing to
Code:
0.0.0.0 0.0.0.0

I didn’t try this yet, b/c the web daemon for OLSR already showed 0.0.0.0/0 for the network.

This added the Hna4 setting to the OLSR.conf file, and that allowed me to ping IP addresses via telnet from the R7000P (node router), but not from the computer directly. Pinging URLs still doesn’t work, I think I need to change the local DNS for the router, but I’m not sure what to set it to (will try the local IP of the host router, 192.168.1.1).

[edit]

I set the local DNS for the node router to the IP of the host router: 192.168.1.1, I think this is the correct setting, however I am still only able to ping IP addresses (from the node router via telnet, not from the attached computer).





Last edited by Fried Chicken on Thu Jun 20, 2019 6:03; edited 4 times in total
Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Wed Jun 19, 2019 20:17    Post subject: Reply with quote
It just occurred to me that I didn’t change the interfaces according to my system when Enabling NAT according to the DD-WRT OLSR wiki.

I just pasted the following code in:
Code:
iptables -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE
iptables -t nat -A POSTROUTING -o $(nvram get wl0_ifname) -s $(nvram get eth1_ipaddr)/$(nvram get eth1_netmask) -d $(nvram get eth1_ipaddr)/$(nvram get eth1_netmask) -j MASQUERADE
iptables -t nat -A POSTROUTING -o $(nvram get lan_ifname) -s $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -j MASQUERADE


Unfortunately, I don’t know exactly how I need to change these, but I imagine this this could be useful.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4415
Location: Netherlands

PostPosted: Thu Jun 20, 2019 9:11    Post subject: Reply with quote
An interesting excercise. (I would just pull a cable or use power line adapters or a client bridge, but this is more fun Smile )

I have no experience with OLRS routing so not much help from me.

Just some observatons.

To me it is a routed setup, in that case should you not setup router 2 on its own subnet with its own DHCP server?
You have chosen a diffent subnet (192.168.2.1 /24) but if so leave gateway and local DNS empty and enable DHCP.

Just my thoughts, could be totally wrong.

NAT is not necessary on router 2 per se, if packets are routed out from router 2 to router 1 you can set the following rule on router 1 to NAT the traffic of router 2 out on the internet (router 1 has the internet connection if I am not mistaken?)
This assumes that OLSR has established a route from router 1 to router 2, if not then NAT is necessary on router 2

Code:
iptables -t nat -A POSTROUTING -o $(nvram get wan_iface)  -j MASQUERADE

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Thu Jun 20, 2019 18:27    Post subject: Reply with quote
egc wrote:
An interesting excercise. (I would just pull a cable or use power line adapters or a client bridge, but this is more fun Smile )

I have no experience with OLRS routing so not much help from me.

Just some observatons.

To me it is a routed setup, in that case should you not setup router 2 on its own subnet with its own DHCP server?
You have chosen a diffent subnet (192.168.2.1 /24) but if so leave gateway and local DNS empty and enable DHCP.

Just my thoughts, could be totally wrong.

NAT is not necessary on router 2 per se, if packets are routed out from router 2 to router 1 you can set the following rule on router 1 to NAT the traffic of router 2 out on the internet (router 1 has the internet connection if I am not mistaken?)
This assumes that OLSR has established a route from router 1 to router 2, if not then NAT is necessary on router 2

Code:
iptables -t nat -A POSTROUTING -o $(nvram get wan_iface)  -j MASQUERADE


As per the instructions I found, I set up the 2nd router as a DHCP forwarder (see basic settings router 2). Each with its own subnet.

The overall setup is as such:

Code:

(modem) --> Router 1 (host) <---(OLSR wireless)---> Router 2 (node)
                               |                                                        |
                       (ethernet)                                           (ethernet)
                               |                                                        |
                         Desktop                                                Laptop


Regarding setting the iptables; what does that do? Like, what are iptables?
The dd-wrt WIki on OLSR says I need to run the following (which I’ve already tried, but probably with the wrong interfaces):
Code:

iptables -t nat -A POSTROUTING -o $(nvram get wan_ifname) -j MASQUERADE
iptables -t nat -A POSTROUTING -o $(nvram get wl0_ifname) -s $(nvram get eth1_ipaddr)/$(nvram get eth1_netmask) -d $(nvram get eth1_ipaddr)/$(nvram get eth1_netmask) -j MASQUERADE
iptables -t nat -A POSTROUTING -o $(nvram get lan_ifname) -s $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -d $(nvram get lan_ipaddr)/$(nvram get lan_netmask) -j MASQUERADE
Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Thu Jun 20, 2019 19:11    Post subject: Implementation of WPA2 for Mesh Networking Reply with quote
egc wrote:
To me it is a routed setup, in that case should you not setup router 2 on its own subnet with its own DHCP server?
You have chosen a diffent subnet (192.168.2.1 /24) but if so leave gateway and local DNS empty and enable DHCP.


Holy Shit thanks for that, I have Internet!. Somewhere somehow I read I needed to set the 2nd router up as a “DHCP Forwarder”. I undid that, set it as a DHCP Server, and I now have Internet across the network at 440/30 mbps. I’m also able to see the respective computers. All this is only over ethernet, not WiFi.

Now I need to get WPA2 security. Prior posts/attempts have only gotten WEP to work (unacceptable).

There is little documentation available. I turned on WPA2 and now the devices no longer communicate with one another.

I found the following page that might give me some insight:
https://perso.crans.org/raffo/papers/phdthesis/thesisch4.html
https://perso.crans.org/raffo/papers/phdthesis/thesisch5.html#x19-670005

Quote:
Among the security solutions examined up to now, only a few could be applied or adapted to OLSR. For instance, SAODV is based on AODV and is aimed at protecting the route discovery mechanism, which in a proactive routing protocol such as OLSR would not make sense. The purpose of TIK is primarily to provide defense against the wormhole attack; furthermore, this protocol requires a tight synchronization between nodes, which is not easy to obtain in an ad hoc environment. The MAE architecture can be applied to OLSR, as well as to other routing protocols; however, our aim is to find a dedicated security architecture that can be interfaced with the functioning of OLSR so that the OLSR mechanisms are fully exploited. For instance, a clever use of the OLSR Duplicate Set can permit a loose synchronization: we illustrate this in our security solution for OLSR, discussed in Chapter 5.

They are from Daniele Raffo’s PhD Thesis. Perhaps there’s some insight here.


[s]
vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv this was the wrong approach (probably)vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

From the OpenWRT guide on WPA2, it says I need to install wpad and authsae for WPA2 over Ad-Hoc

They suggest running the following commands (again, this is OpenWRT):
Code:

opkg update
 
opkg install luci-app-olsr luci-app-olsr-services luci-app-olsr-viz olsrd olsrd-mod-arprefresh olsrd-mod-bmf olsrd-mod-dot-draw olsrd-mod-dyn-gw olsrd-mod-dyn-gw-plain olsrd-mod-httpinfo olsrd-mod-mdns olsrd-mod-nameservice olsrd-mod-p2pd olsrd-mod-pgraph olsrd-mod-secure olsrd-mod-txtinfo olsrd-mod-watchdog olsrd-mod-quagga wireless-tools luci-lib-json kmod-ipip wpad authsae


There is no opkg on DD-WRT

Further reading has brought me to the Ipkg Tutorial with the stated goal "to merge the code base of DD-WRT with the OpenWRT firmware”.

Right now I’m hesitant to go down this route. My concern is that it will make implementation more difficult on “virgin” DD-WRT installs. Ditto for backing up settings for easy re-implementation.

The DD-WRT wiki on OLSR says there”s a plugn “olsrd-mod-secure” that does “Message signing plugin to secure routing domain”.
I don’t know what these plugins do, nor how to run them, nor if this “olsrd-mod-secure” is the right path to go down.

[update]

It looks like I need to go down this road if I want OLSR to work over WPA2.
This is where some help on router best practices comes in.

It looks like I need to:


Before I try that I will see if there’s a way of doing it w/o OpenWRT packages.


Here’s the dive in.
Once I got the jffs mounted, I did:
Code:
mkdir /jffs/opt
mount --bind /jffs/opt /opt
bootstrap


I got the list downloaded for my appropriate Kong firmware. Unfortunately wpad and authsae don’t seem to be available:
Code:
Unknown package 'authsae'.
Collected errors:
 * opkg_install_cmd: Cannot install package authsae.


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


It was worth a try I guess, although I could have guessed this might happen.

I’ve hit a dead end. I can get the bridge to work using WEP, however stepping up to WPA caused it to stop working. Also, with WEP security, bandwidth dropped by a factor of about 20, from 400 mbps to about 20. Upload was also stuck around 20.

I think I chased the wrong goose thinking I need openWRT packages to make it work. I think I need to look at WPA2 security on adhoc networks.

Here’s some information I found on that
https://wiki.archlinux.org/index.php/Ad-hoc_networking

It looks like I might need to create a wpa_supplicant.conf file that’s shared with both routers.
This thread suggests creating an edited wpa_supplicant.conf file, sticking it on the jffs partition, then writing a startup script that moves that config to /tmp and restarts wpa_supplicant. This assumes a shared wpa_supplicant.conf will allow WPA2 networking to happen.

Here is some guide for what a wpa_supplicant.conf file can include.

Here is my custom wpa_supplicant.conf file
[code]
ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel

# use 'ap_scan=2' on all devices connected to the network
# this is unnecessary if you only want the network to be created when no other networks are available
ap_scan=2

network={
ssid="XXXXXXXX test"
mode=1
frequency=5680
proto=WPA2/IEEE 802.11i
key_mgmt=WPA2-PSK
pairwise=CCMP
group=CCMP
psk="XXXXXXXXX"
ieee80211w=2
auth_alg=OPEN
}

I'm not sure about the ctrl_interface what I should put there. This is the resource I used to set it up in conjunction with the link above on wpa_supplicant in adhoc networks.
Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Fri Jun 21, 2019 23:14    Post subject: Reply with quote
So while the wireless security question remains on the backburner, I think it’s worth exploring another approach. Ad-Hoc networks suck for home routing. Some devices just don’t connect to Ad-Hoc networks. Under the Mac the OLSR network appears as a “device” and not a normal access point.

A paper published by Vishnu Navda, Anand Kashyap, and Samir Das in New York. They demonstrates a method of implementing Mesh Networks in Infrastructure Mode (using OLSR no less!):
https://www3.cs.stonybrook.edu/~samir/Pubs/imesh-wowmom05.pdf


How people keep all these numbers and words in their head is beyond me, but I want to lay it out here for clarity:

AP = Access Point
WDS = Wireless Distribution System
HNA = Host and Network Association

From what I gather reading this paper, rather than using Bridging, a layer-2 alternative to routing, they use a layer-3 (software) solution. More on layer 2 vs layer 3 here. This gives a multihop network routable at the IP layer.

They make handoff work using a “Transparent Mobile IP” or TMIP protocol that uses a “Mobile Location Register” or MLR that keps information about the AP each device connected to (called the “home” AP).

If this hasn’t been implemented in DD-WRT, I don’t see myself going down this route.

Here is what I believe is a key takeaway from the Paper:
Quote:
The OLSR protocol runs on all WDS interfaces at every AP. Note that separate logical WDS interfaces are created for each neighboring AP. The AP does not run OLSR on its client side interface (the logical interface the client associates to – typically wlan0) as the client is unaware of the routing. The link between the AP and mobile station is treated as an external route to the mesh network. The OLSR protocol advertises such external routes via the so-called HNA (Host and Network Association) messages [5] designed specifically to inject external routes to the mesh network.


They have OLSR on logical WDS interfaces, but doesn’t run OLSR on the client side interface (typically wlan0). The link between the AP and Connected device is an external route to the mesh network that the OLSR advertises over HNA.

Here are figures from the paper (reproduced with permission from the author):


Fried Chicken
DD-WRT Novice


Joined: 12 Jun 2019
Posts: 42

PostPosted: Wed Jun 26, 2019 16:16    Post subject: Reply with quote
I’m putting this project on hold for a bit.

From what I understand, WPA2 needs to be set up with what I found.

An OLSR mesh needs to be set up based on the research paper; within the router setting up the appropriate interfaces so each router can act in Access Point mode and not Ad-Hoc mode.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum