draft notes on setting up new nodes to existing network
jebba
parent
bbac150674
commit
a045c9a9fc
|
|
@ -0,0 +1,219 @@
|
|||
How to set up a new node on an existing Maxwell mesh
|
||||
where you've changed default SSIDs and passwords.
|
||||
|
||||
* Existing mesh node should be powered up and happily sync'd with network.
|
||||
|
||||
* Flip power off switch to off on new unit.
|
||||
|
||||
* Plug in ethernet port 1 (furthest from power jack, next to USB) from
|
||||
existing node into new node.
|
||||
The Ethernet is plugged in port 1 between both devices.
|
||||
|
||||
* For outdoor node:
|
||||
Remove back cover.
|
||||
|
||||
* For outdoor node, viewing from back:
|
||||
"LAN" port is on left, this is for ethernet backhaul.
|
||||
"WAN" port is on right, this is for LAN clients.
|
||||
There is no real WAN port, needs to connect to something else.
|
||||
|
||||
* For outdoor node:
|
||||
Make sure ethernet cable is plugged into the left "LAN" port, for backhaul.
|
||||
|
||||
* For outdoor node:
|
||||
Put cover back on.
|
||||
|
||||
* For outdoor node:
|
||||
Plug outdoor node "LAN"/backhaul ethernet into "POE" port on PoE injector.
|
||||
|
||||
* Plug PoE injector LAN port into port 1 of existing mesh node, for configuring.
|
||||
|
||||
* Plug in power to new unit.
|
||||
Linksys EA8300, 3-Band Indoor: 12V 2A output
|
||||
Comfast EW-72, 2-Band Outdoor: PoE 48V output 0.32A, ~15 watt
|
||||
|
||||
* Power on new unit.
|
||||
|
||||
* Go to master node, e.g. http://192.168.2.1
|
||||
|
||||
* Under Haasmesh --> Monitor look for new node.
|
||||
Note, the new node may temporarily take IP 192.168.2.19 (what does 19th unit do?).
|
||||
Do not use 192.168.2.19, wait for it to get next IP, which it will a couple min later.
|
||||
|
||||
* Wait 5 minutes or so for it to get sync'd up, with both "Mesh" and "Ping" green
|
||||
for the new IP.
|
||||
Note: during this period the node is vuln to attacks as it doesn't have password and
|
||||
is using a known published (and broadcasted ?) SSID.
|
||||
|
||||
* Tag/sharpie new node with new node number, e.g. "8".
|
||||
|
||||
* ssh to master node and ping new IP address, e.g.
|
||||
ssh consumemax1
|
||||
ping 192.168.2.8
|
||||
|
||||
* ssh over to new unit from master node:
|
||||
ssh 192.168.2.8
|
||||
Maybe do something obnoxious like this to ssh in as quick as it becomes available
|
||||
(from consumemax1):
|
||||
|
||||
while true ; do ssh 192.168.2.8 ; sleep 1 ; done
|
||||
|
||||
* Check firmware versions.
|
||||
OS version should output on logging in. Current versions:
|
||||
|
||||
Linksys EA8300 Indoor 3-Band node:
|
||||
OpenWrt 19.07.4, r11208-ce6496d796
|
||||
|
||||
Comfast EW-72 Outdoor 2-Band node:
|
||||
OpenWrt SNAPSHOT, r14229-b52b4afa15
|
||||
|
||||
* Set root password.
|
||||
|
||||
passwd
|
||||
|
||||
* Get MAC address and add to ~/network/wifi/consumemax/NETWORK
|
||||
ip addr show br-lan
|
||||
|
||||
* Create a shitty RSA ssh key, ala:
|
||||
Takes forever on outdoor nodes.
|
||||
|
||||
ssh-keygen
|
||||
|
||||
* Set up port forwarding on master node for ssh to new unit.
|
||||
Network --> Firewall --> Port Forwards
|
||||
|
||||
* Name "ssh8" incrementing...
|
||||
|
||||
* Uncheck UDP. Make up new random port, used in ~/.ssh/config below.
|
||||
|
||||
* For internal IP, use new IP allocated, e.g. 192.168.2.8
|
||||
|
||||
* For internal port use 22. XXX should set new ssh dropbear ports.
|
||||
|
||||
* Set up ssh keys on workstation, ala:
|
||||
------------------------------------------------------------------------------
|
||||
Host consumemax1
|
||||
Hostname 192.168.212.1
|
||||
User root
|
||||
Port 21055
|
||||
Identityfile ~/.ssh/id_rsa-workstation
|
||||
Host consumemax2
|
||||
Hostname 192.168.212.1
|
||||
User root
|
||||
Port 22011
|
||||
Identityfile ~/.ssh/id_rsa-workstation
|
||||
...
|
||||
Host consumemax8
|
||||
Hostname 192.168.212.1
|
||||
User root
|
||||
Port 49159
|
||||
Identityfile ~/.ssh/id_rsa-workstation
|
||||
------------------------------------------------------------------------------
|
||||
The Hostname is the IP of the main router IP that gets forwarded on OPNSense firewall.
|
||||
Make up a random port number.
|
||||
Use shitty RSA keys.
|
||||
|
||||
* Copy that pub key to workstation, on workstation run:
|
||||
scp -p consumemax8:.ssh/id_rsa.pub ~/network/wifi/consumemax/dot-ssh/id_rsa.pub-8
|
||||
|
||||
* Add key to master consumemax authorized hosts:
|
||||
cat ~/network/wifi/consumemax/dot-ssh/id_rsa.pub-8 >> ~/network/wifi/consumemax/dot-ssh/authorized_keys
|
||||
chmod og-rwx ~/network/wifi/consumemax/dot-ssh/authorized_keys
|
||||
|
||||
* Copy those keys around, meh (using numbers of available nodes...XXX cruft):
|
||||
for i in 1 4 6 7 8 9 10 11 12 13 14 15 16
|
||||
do echo $i
|
||||
scp -p ~/network/wifi/consumemax/dot-ssh/authorized_keys consumemax$i:.ssh/authorized_keys
|
||||
scp -p ~/network/wifi/consumemax/dot-ssh/authorized_keys consumemax$i:/etc/dropbear/authorized_keys
|
||||
done
|
||||
|
||||
* Make sure ssh works from all hosts to new node, and get initial key.
|
||||
|
||||
for i in 1 4 6 7 8 9 10 11 12 13 14 15 16
|
||||
do echo $i
|
||||
ssh consumemax$i ssh 192.168.2.16 exit
|
||||
done
|
||||
|
||||
* Re-run above and it should run without any error/notice/info.
|
||||
|
||||
* Make sure new node can get to all hosts, and get initial key.
|
||||
First time it runs, it will output like: Warning: Permanently added '192.168.2.1' (RSA) to the list of known hosts.
|
||||
|
||||
for i in 1 4 6 7 8 9 10 11 12 13 14 15 16
|
||||
do echo $i
|
||||
ssh consumemax16 ssh 192.168.2.$i exit
|
||||
done
|
||||
|
||||
* Re-run above and it should run without any error/notice/info.
|
||||
|
||||
* Set up tunnel to node:
|
||||
cp -p ~/bin/redstone-tunnel-consumemax7 ~/bin/redstone-tunnel-consumemax8
|
||||
vim ~/bin/redstone-tunnel-consumemax8
|
||||
ssh -N -C -L 28048:localhost:80 consumemax8
|
||||
|
||||
* Go there in browser:
|
||||
Go to tunneled IP above in workstation browser:
|
||||
|
||||
http://127.0.0.1:28048
|
||||
|
||||
* Add bookmark.
|
||||
|
||||
* System --> System, sync time with browser (make sure browser is correct)!
|
||||
Leave timezone @ UTC.
|
||||
|
||||
* NOT YET, CHECK XXX set ntp server to 192.168.110.252
|
||||
|
||||
* Set hostname to "consumemax[num]" e.g. "consumemax8".
|
||||
XXX this wasn't done on all nodes.
|
||||
|
||||
* Go to Hashmesh --> Monitor
|
||||
|
||||
* Set Access Point SSID: consumemax
|
||||
and password
|
||||
|
||||
* Hidden Mesh Name: consumemesh
|
||||
and password
|
||||
|
||||
* Note, it will give errors like "Entry not found" for above, but it's ok.
|
||||
|
||||
* Disconnect backbone LAN ethernet on port 1 of new node.
|
||||
Note: on outdoor mode, disconnect "LAN" port on injector, not PoE!
|
||||
|
||||
* Wait a few seconds, hoping all above has sync'd.
|
||||
|
||||
* Power cycle new node.
|
||||
|
||||
* From another node, try to ping it:
|
||||
ssh consumemax1
|
||||
ping 192.168.2.8
|
||||
|
||||
* Once it is up, start tunnel script:
|
||||
|
||||
redstone-tunnel-consumemax8
|
||||
|
||||
* Then go to it in browser:
|
||||
|
||||
http://localhost:28048
|
||||
|
||||
* Go to System --> backups and back the thing up.
|
||||
|
||||
* Add to doc:
|
||||
vim ~/network/wifi/consumemax/NETWORK
|
||||
|
||||
* Power off new node.
|
||||
|
||||
* Optionally power back up in new location.
|
||||
|
||||
* Backup master node.
|
||||
|
||||
* Next plz.
|
||||
|
||||
##########################################
|
||||
# Misc
|
||||
# on consumemax1:
|
||||
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; do ping -c1 -4 -W 2 192.168.2.$i 1>/dev/null 2>/dev/null && echo "$i OK" || echo "$i bad" ; done
|
||||
for i in 1 4 6 7 8 9 10 11 12 13 14 15 16 ; do ping -c1 -4 -W 2 192.168.2.$i 1>/dev/null 2>/dev/null && echo "$i OK" || echo "$i bad" ; done
|
||||
|
||||
# on workstation
|
||||
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; do echo $i; ssh -o "ConnectTimeout 2" consumemax$i date || echo "$i bad" ; done
|
||||
|
||||
Loading…
Reference in New Issue