220 lines
6.5 KiB
Plaintext
220 lines
6.5 KiB
Plaintext
How to set up a new node on an existing Maxwell mesh
|
|
where you've changed default SSIDs and passwords.
|
|
|
|
* Existing mesh node should be powered up and happily sync'd with network.
|
|
|
|
* Flip power off switch to off on new unit.
|
|
|
|
* Plug in ethernet port 1 (furthest from power jack, next to USB) from
|
|
existing node into new node.
|
|
The Ethernet is plugged in port 1 between both devices.
|
|
|
|
* For outdoor node:
|
|
Remove back cover.
|
|
|
|
* For outdoor node, viewing from back:
|
|
"LAN" port is on left, this is for ethernet backhaul.
|
|
"WAN" port is on right, this is for LAN clients.
|
|
There is no real WAN port, needs to connect to something else.
|
|
|
|
* For outdoor node:
|
|
Make sure ethernet cable is plugged into the left "LAN" port, for backhaul.
|
|
|
|
* For outdoor node:
|
|
Put cover back on.
|
|
|
|
* For outdoor node:
|
|
Plug outdoor node "LAN"/backhaul ethernet into "POE" port on PoE injector.
|
|
|
|
* Plug PoE injector LAN port into port 1 of existing mesh node, for configuring.
|
|
|
|
* Plug in power to new unit.
|
|
Linksys EA8300, 3-Band Indoor: 12V 2A output
|
|
Comfast EW-72, 2-Band Outdoor: PoE 48V output 0.32A, ~15 watt
|
|
|
|
* Power on new unit.
|
|
|
|
* Go to master node, e.g. http://192.168.2.1
|
|
|
|
* Under Haasmesh --> Monitor look for new node.
|
|
Note, the new node may temporarily take IP 192.168.2.19 (what does 19th unit do?).
|
|
Do not use 192.168.2.19, wait for it to get next IP, which it will a couple min later.
|
|
|
|
* Wait 5 minutes or so for it to get sync'd up, with both "Mesh" and "Ping" green
|
|
for the new IP.
|
|
Note: during this period the node is vuln to attacks as it doesn't have password and
|
|
is using a known published (and broadcasted ?) SSID.
|
|
|
|
* Tag/sharpie new node with new node number, e.g. "8".
|
|
|
|
* ssh to master node and ping new IP address, e.g.
|
|
ssh consumemax1
|
|
ping 192.168.2.8
|
|
|
|
* ssh over to new unit from master node:
|
|
ssh 192.168.2.8
|
|
Maybe do something obnoxious like this to ssh in as quick as it becomes available
|
|
(from consumemax1):
|
|
|
|
while true ; do ssh 192.168.2.8 ; sleep 1 ; done
|
|
|
|
* Check firmware versions.
|
|
OS version should output on logging in. Current versions:
|
|
|
|
Linksys EA8300 Indoor 3-Band node:
|
|
OpenWrt 19.07.4, r11208-ce6496d796
|
|
|
|
Comfast EW-72 Outdoor 2-Band node:
|
|
OpenWrt SNAPSHOT, r14229-b52b4afa15
|
|
|
|
* Set root password.
|
|
|
|
passwd
|
|
|
|
* Get MAC address and add to ~/network/wifi/consumemax/NETWORK
|
|
ip addr show br-lan
|
|
|
|
* Create a shitty RSA ssh key, ala:
|
|
Takes forever on outdoor nodes.
|
|
|
|
ssh-keygen
|
|
|
|
* Set up port forwarding on master node for ssh to new unit.
|
|
Network --> Firewall --> Port Forwards
|
|
|
|
* Name "ssh8" incrementing...
|
|
|
|
* Uncheck UDP. Make up new random port, used in ~/.ssh/config below.
|
|
|
|
* For internal IP, use new IP allocated, e.g. 192.168.2.8
|
|
|
|
* For internal port use 22. XXX should set new ssh dropbear ports.
|
|
|
|
* Set up ssh keys on workstation, ala:
|
|
------------------------------------------------------------------------------
|
|
Host consumemax1
|
|
Hostname 192.168.212.1
|
|
User root
|
|
Port 21055
|
|
Identityfile ~/.ssh/id_rsa-workstation
|
|
Host consumemax2
|
|
Hostname 192.168.212.1
|
|
User root
|
|
Port 22011
|
|
Identityfile ~/.ssh/id_rsa-workstation
|
|
...
|
|
Host consumemax8
|
|
Hostname 192.168.212.1
|
|
User root
|
|
Port 49159
|
|
Identityfile ~/.ssh/id_rsa-workstation
|
|
------------------------------------------------------------------------------
|
|
The Hostname is the IP of the main router IP that gets forwarded on OPNSense firewall.
|
|
Make up a random port number.
|
|
Use shitty RSA keys.
|
|
|
|
* Copy that pub key to workstation, on workstation run:
|
|
scp -p consumemax8:.ssh/id_rsa.pub ~/network/wifi/consumemax/dot-ssh/id_rsa.pub-8
|
|
|
|
* Add key to master consumemax authorized hosts:
|
|
cat ~/network/wifi/consumemax/dot-ssh/id_rsa.pub-8 >> ~/network/wifi/consumemax/dot-ssh/authorized_keys
|
|
chmod og-rwx ~/network/wifi/consumemax/dot-ssh/authorized_keys
|
|
|
|
* Copy those keys around, meh (using numbers of available nodes...XXX cruft):
|
|
for i in 1 4 6 7 8 9 10 11 12 13 14 15 16
|
|
do echo $i
|
|
scp -p ~/network/wifi/consumemax/dot-ssh/authorized_keys consumemax$i:.ssh/authorized_keys
|
|
scp -p ~/network/wifi/consumemax/dot-ssh/authorized_keys consumemax$i:/etc/dropbear/authorized_keys
|
|
done
|
|
|
|
* Make sure ssh works from all hosts to new node, and get initial key.
|
|
|
|
for i in 1 4 6 7 8 9 10 11 12 13 14 15 16
|
|
do echo $i
|
|
ssh consumemax$i ssh 192.168.2.16 exit
|
|
done
|
|
|
|
* Re-run above and it should run without any error/notice/info.
|
|
|
|
* Make sure new node can get to all hosts, and get initial key.
|
|
First time it runs, it will output like: Warning: Permanently added '192.168.2.1' (RSA) to the list of known hosts.
|
|
|
|
for i in 1 4 6 7 8 9 10 11 12 13 14 15 16
|
|
do echo $i
|
|
ssh consumemax16 ssh 192.168.2.$i exit
|
|
done
|
|
|
|
* Re-run above and it should run without any error/notice/info.
|
|
|
|
* Set up tunnel to node:
|
|
cp -p ~/bin/redstone-tunnel-consumemax7 ~/bin/redstone-tunnel-consumemax8
|
|
vim ~/bin/redstone-tunnel-consumemax8
|
|
ssh -N -C -L 28048:localhost:80 consumemax8
|
|
|
|
* Go there in browser:
|
|
Go to tunneled IP above in workstation browser:
|
|
|
|
http://127.0.0.1:28048
|
|
|
|
* Add bookmark.
|
|
|
|
* System --> System, sync time with browser (make sure browser is correct)!
|
|
Leave timezone @ UTC.
|
|
|
|
* NOT YET, CHECK XXX set ntp server to 192.168.110.252
|
|
|
|
* Set hostname to "consumemax[num]" e.g. "consumemax8".
|
|
XXX this wasn't done on all nodes.
|
|
|
|
* Go to Hashmesh --> Monitor
|
|
|
|
* Set Access Point SSID: consumemax
|
|
and password
|
|
|
|
* Hidden Mesh Name: consumemesh
|
|
and password
|
|
|
|
* Note, it will give errors like "Entry not found" for above, but it's ok.
|
|
|
|
* Disconnect backbone LAN ethernet on port 1 of new node.
|
|
Note: on outdoor mode, disconnect "LAN" port on injector, not PoE!
|
|
|
|
* Wait a few seconds, hoping all above has sync'd.
|
|
|
|
* Power cycle new node.
|
|
|
|
* From another node, try to ping it:
|
|
ssh consumemax1
|
|
ping 192.168.2.8
|
|
|
|
* Once it is up, start tunnel script:
|
|
|
|
redstone-tunnel-consumemax8
|
|
|
|
* Then go to it in browser:
|
|
|
|
http://localhost:28048
|
|
|
|
* Go to System --> backups and back the thing up.
|
|
|
|
* Add to doc:
|
|
vim ~/network/wifi/consumemax/NETWORK
|
|
|
|
* Power off new node.
|
|
|
|
* Optionally power back up in new location.
|
|
|
|
* Backup master node.
|
|
|
|
* Next plz.
|
|
|
|
##########################################
|
|
# Misc
|
|
# on consumemax1:
|
|
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; do ping -c1 -4 -W 2 192.168.2.$i 1>/dev/null 2>/dev/null && echo "$i OK" || echo "$i bad" ; done
|
|
for i in 1 4 6 7 8 9 10 11 12 13 14 15 16 ; do ping -c1 -4 -W 2 192.168.2.$i 1>/dev/null 2>/dev/null && echo "$i OK" || echo "$i bad" ; done
|
|
|
|
# on workstation
|
|
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ; do echo $i; ssh -o "ConnectTimeout 2" consumemax$i date || echo "$i bad" ; done
|
|
|