libremesh / network-profiles Goto Github PK

Hello :)

I am experiencing some weird behavior, that causes my builds to be broken in some way, that it is missing the actual configuration from the community profile in the wireless config file.
I was trying different things including modifying profiles and creating my own community profile.

Here is a full build and flash log: https://gist.github.com/janphilippi/738785a43eca9176590ea250f6b55b21

Here is the output of uci show right after the flash process and reboot: https://gist.github.com/janphilippi/20b0ce484dc4a7334679eecdb8fb1ff0

The config files are pretty empty (specially /etc/config/wireless): https://gist.github.com/janphilippi/574e0f023e469df38c835596cb29b6e8

Expected result:
Wireless networks configured and starting on boot.

Actual result:
Config file is empty and wireless networks are not starting on boot.

in addition to #7 it could be useful to make the routers aware of the used network-profile so it can ask a possible update server to include the profile.

Is this already implemented and I'm missing something?

• 80% targets of http://fw.qmp.cat/stable/
• bmx6 firmware
  • bmx6 uses vlan12
  • with bmx6 luci app installed
  • with a simple web form:
    • name of node
    • IPv4/CIDR
    • wifi channel (would be nice to have an hyperlink to wifi scan)

init behavior:

• On LAN zone there is a DHCP and the router has IPv4 172.30.22.1
• On WAN zone / to the community network, it uses a random IPv4 (where is the random algorithm? help @p4u @rogerpueyo) so it can communicate temporarily with other nodes and access shared Internet. After that, we try to take a valid guifi IPv4 so it can connect to all guifi network

As explained in the mailing list [0], some people willing to share their Internet connection don't join community networks when they know hosts in the community will be able to access hosts in their private home network.

I would like to have a network profile where hosts in the community network cannot access hosts of a home network that is sharing its Internet connection.

I understand this may be considered an anti-feature request because I'm actually asking to deny some connections. But, we need it in our poor community because:

• It'd let the whole community use the Internet connections of those who do not feel comfortable by exposing their home network.
• It'd let those mistrustful/unskilled/paranoid/security-conscious people become community members!

For the time being our community network address is just a subrange of the 10.0.0.0/8 network. We plan to communicate in the future with other subranges of the 10.0.0.0/8 network too.
So, I would be happy if I could have a network profile:

• Allowing access to public addresses and to 10.0.0.0/8
• Denying access to any host within 192.168.0.0/16 and 172.16.0.0/12 private networks
• Using all shared Internet gateways, including those within networks 192.168.0.0/16 and 172.16.0.0/12

But I do not know how to configure it. Do I have to configure /etc/firewall.user? Any tip is welcome.

@ilario also suggested some things in the list [1] I did not understand.

[0] https://lists.libremesh.org/pipermail/lime-users/2017-November/001011.html
[1] https://lists.libremesh.org/pipermail/lime-users/2017-November/001013.html

Hello!

I don't want to be in the Libremesh mailing list but I do need permission to edit the EspaiVeinal network profile while I'm helping @amuuza, so can I ask for it through this issue?

Thanks!

Thanks to @aparcar work, we have Github actions doing the continuous integration and compiling the packages. See the action here:
https://github.com/libremesh/network-profiles/blob/master/.github/workflows/build.yml

Up to now, the packages get uploaded here:
https://github.com/libremesh/lime-feed/tree/gh-pages/profiles

and the direction to include in OPKG configuration or SDK configuration for using this as a binary repository is:
http://feed.libremesh.org/profiles/

The communities should create their minimal Makefile like this:
https://github.com/libremesh/network-profiles/blob/master/libremesh/encrypt-11s/Makefile

which will complement a basic Makefile which can be seen here:
https://github.com/libremesh/network-profiles/blob/master/profile.mk

as you can see, the profile.mk file defines that the files to be copied in the filesystem root have to be included in a directory named root/, like this:
https://github.com/libremesh/network-profiles/tree/master/libremesh/encrypt-11s

so the communities should also move their files following this scheme.

I'm working on an image on demand server creating images based on various parameter.
A community parameter could auto integrate a network profile in the build image. The problem I'm facing right now is that there is no versioning of these profiles.
I came up with to solutions:

• Use the git commit hash of a folder as version, if the installed hash is different to the current git, update the profiles. This is more like a work around
• We could auto create packages of network profiles. These could be installed in a generic way and the package generator could increment a version counter whenever a profiles changes.

Ideas for a better solution?

https://github.com/libremesh/network-profiles/tree/master/wunderkammer/common
@panosnethood created a lime_zero image like this:
./cooker -c ar71xx/generic -p tl-mr3020-v1 --flavor=lime_zero --community=wunderkammer/common

Neither him or me can access the image through ssh

When setting

option ieee80211s_encryption 'psk2+aes' 
option ieee80211s_key 'someotherpassword'

the AP drops. I can still access the node through the LAN, just not by WiFi.

Node is an Ubiquiti Nanosation M5, firmware was created by chef:

Distributions: LibreMesh
Release: 17.06
Model: Ubiquiti Nano M XW
Target: ar71xx
Subtarget: generic

/etc/config/lime:

config lime 'system'
        option hostname 'LiMe-%M4%M5%M6'
        option domain 'lan'

config lime 'network'
        list protocols 'ieee80211s'
        list protocols 'lan'
        list protocols 'anygw'
        list protocols 'batadv:%N1'
        list protocols 'bmx6:13'
        list protocols 'olsr:14'
        list protocols 'olsr6:15'
        list protocols 'olsr2:16'
        list protocols 'babeld:17'
        option primary_interface 'eth0'
        list resolvers '4.2.2.2'
        list resolvers '141.1.1.1'
        list resolvers '2001:470:20::2'
        option main_ipv4_address '10.%N1.0.0/16'
        option main_ipv6_address '2a00:1508:0a%N1:%N200::/64'
        option anygw_mac 'aa:aa:aa:%N1:%N2:aa'
        option anygw_dhcp_start '2'
        option anygw_dhcp_limit '0'
        option bmx6_pref_gw 'none'
        option bmx6_over_batman 'false'
        option bmx6_mtu '1500'

config lime 'wifi'
        list modes 'ap'
        list modes 'apname'
        list modes 'ieee80211s'
        option apname_ssid 'LibreMesh.org/%H'
        option ap_ssid 'LibreMesh.org'
        option ieee80211s_mesh_id 'LiMe'
        option channel_2ghz '11'
        option adhoc_ssid 'LiMe'
        option adhoc_mcast_rate_5ghz '6000'
        option distance '1000'
        option htmode_5ghz 'HT40'
        option ieee80211s_mesh_fwding '0'
        option adhoc_mcast_rate_2ghz '24000'
        option channel_5ghz '48'
        option adhoc_bssid 'ca:fe:00:c0:ff:ee'
        option ieee80211s_encryption 'psk2+aes' 
        option ieee80211s_key 'someotherpassword'

config net 'lm_hwd_openwrt_wan'
        option autogenerated 'true'
        list protocols 'ieee80211s'
        list protocols 'anygw'
        list protocols 'batadv:%N1'
        list protocols 'bmx6:0'
        list protocols 'olsr:14'
        list protocols 'olsr6:15'
        list protocols 'olsr2:16'
        list protocols 'babeld:17'
        list protocols 'wan'
        option linux_name 'eth0.2'

freifunk gluon (a german mesh firmware, just like libremesh) is using batman-adv. sometimes on an wifi-vlan (only in leipzig, gadow, altmark), but mostly without vlan.

to have a libremesh network-profile to wifi-compatiblity would enable this libremesh-node to act as the dhcp-server and batman-adv-server for a (f.i. offline capable) gluon-meshnet.

See the last comments on: libremesh/lime-packages#1028

The Github Actions on this repository currently fail.
This is because it still uses @aparcar server instead than the lime-feed repository.
What has to be edited is:

Right now, there are differences between the libremesh/default lime-community file https://github.com/libremesh/network-profiles/blob/master/libremesh/default/root/etc/config/lime-community and the lime-defaults one included in lime-system.
We need to remember to keep it updated.
Same thing with the libremesh/suggested-packages profile and the website.

On OpenWrt 22.03:

error: recursive dependency detected!
	symbol PACKAGE_profile-freifunk-80211s-sae-bmx7-batadv depends on PACKAGE_uhttpd
	symbol PACKAGE_uhttpd is selected by PACKAGE_prometheus-node-exporter-lua
	symbol PACKAGE_prometheus-node-exporter-lua is selected by PACKAGE_altermundi-grafana
	symbol PACKAGE_altermundi-grafana depends on PACKAGE_iw
	symbol PACKAGE_iw is selected by PACKAGE_kmod-cfg80211
	symbol PACKAGE_kmod-cfg80211 is selected by PACKAGE_kmod-batman-adv
	symbol PACKAGE_kmod-batman-adv is selected by PACKAGE_lime-proto-batadv
	symbol PACKAGE_lime-proto-batadv is selected by PACKAGE_profile-freifunk-80211s-sae-bmx7-batadv
For a resolution refer to Documentation/kbuild/kconfig-language.rst
subsection "Kconfig recursive dependency limitations"

On OpenWrt 19.07:

error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
	symbol PACKAGE_profile-freifunk-80211s-sae-bmx7-batadv depends on PACKAGE_kmod-cfg80211
	symbol PACKAGE_kmod-cfg80211 is selected by PACKAGE_kmod-batman-adv
	symbol PACKAGE_kmod-batman-adv is selected by PACKAGE_lime-proto-batadv
	symbol PACKAGE_lime-proto-batadv is selected by PACKAGE_profile-freifunk-80211s-sae-bmx7-batadv

Using the libremesh/encrypt-11s network profile selects the wpad-mesh package but also the wpad-mini package is installed even if useless in this case.
Refer to the discussion on libremesh/chef#8

hello everybody. my issue is.
if i try to use one of the freifunk profile whith bmx7
"profile-freifunk-80211s-sae-bmx7-batadv" or "profile-freifunk-80211s-sae-bmx7-only"
it say "asu.build.PackageSelectionError"
if i uns the profile "profile-freifunk-80211s-sae-batadv-only" works fine!
https://chef.libremesh.org/?version=21.02.2&target=ath79%2Fgeneric&id=tplink_tl-wdr3600-v1
i wont to use bmx7 so there is my problem.

As you maybe noticed, lime-full meta packages has been eliminated, see libremesh/lime-packages#513, libremesh/lime-packages#512, and libremesh/lime-packages#331.
Seems that just one community included it explicitly in the list of selected packages @nordurljosahvida.
lime-full thus should be replaced by the packages which were selected by it:

• lime-basic (beware that also this meta package risks to be removed, consider adding the individual packages)
• lime-debug
• luci
• lime-docs
• lime-app

If you compile a profile without the root/ folder, like the libremesh/suggested-packages one, you get an error like:

cp -fpR -r ./root/* /home/ilario/software/openwrt19/build_dir/target-mipsel_24kc_musl/profile-libremesh-suggested-packages/.pkgdir/profile-libremesh-suggested-packages/
cp: cannot stat './root/*': No such file or directory
make[3]: *** [../../profile.mk:64: /home/ilario/software/openwrt19/build_dir/target-mipsel_24kc_musl/profile-libremesh-suggested-packages/.pkgdir/profile-libremesh-suggested-packages.installed] Error 1

adding an empty root/ directory is an annoying thing to do in git, so it would be better if profile.mk could check if the root directory exists here: