From 7a6173bf7b7c031fab86173adb37bea0efe754f4 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 25 Oct 2017 20:14:45 +0100 Subject: [PATCH] Describe vpn connection of meshes --- doc/EN/mesh.org | 22 ++---- website/EN/mesh.html | 155 +++++++++++++++++++------------------------ 2 files changed, 73 insertions(+), 104 deletions(-) diff --git a/doc/EN/mesh.org b/doc/EN/mesh.org index c4847301..52250d21 100644 --- a/doc/EN/mesh.org +++ b/doc/EN/mesh.org @@ -242,27 +242,13 @@ sudo openvpn myclient.ovpn Where /myclient.ovpn/ comes from your VPN provider and with the password "/freedombone/". ** Connecting two meshes over the internet via a VPN tunnel -Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together. VPN configuration, pem and stunnel files exist within the home directory. Edit the configuration with: +Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together. -#+begin_src bash -nano ~/client.ovpn -#+end_src +In your home directory on a system connected via ethernet to an internet router you'll find a file called *vpn.tar.gz*. If you want another mesh to be able to connect to yours then send them this file and get them to uncompress it into their home directory also on an internet gateway machine. If they have an external IP address or domain name for your router then they will be able to VPN connect using the *Connect Meshes* icon. They should also forward port 653 from their internet router to the mesh gateway machine. -Edit the IP address or domain for the mesh that you wish to connect to within the /route/ command: +You should create a new *vpn.tar.gz* file for every other mesh which wants to be able to connect to yours. If you are prompted for a password it is 'freedombone'. -#+begin_src bash -route [mesh IP or domain] 255.255.255.255 net_gateway -#+end_src - -Then you can connect to the other mesh with: - -#+begin_src bash -cd /home/fbone -sudo stunnel stunnel-client.conf -sudo openvpn client.ovpn -#+end_src - -Using the password "/freedombone/". From a deep packet inspection point of view the traffic going over the internet will just look like any other TLS connection to a server. +From a deep packet inspection point of view the traffic going over the internet between mesh gateways will just look like any other TLS connection to a server. ** Mobile devices (phones, etc) To allow mobile devices to connect to the mesh you will need a second wifi adapter connected to your laptop/netbook/SBC. Plug in a second wifi adapter then reboot the system. The second adaptor will then create a wifi hotspot which mobile devices can connect to. The hotspot name also contains its local IP address (eg. "/mesh-192.168.1.83/"). diff --git a/website/EN/mesh.html b/website/EN/mesh.html index 5db019ba..b05e69a1 100644 --- a/website/EN/mesh.html +++ b/website/EN/mesh.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + @@ -274,13 +274,13 @@ for the JavaScript code in this tag. -What the system can do +What the system can do - -Disk Images +Disk Images - -Building Disk Images +Building Disk Images - -How to use it +How to use it @@ -324,9 +324,9 @@ The Freedombone mesh roughly follows MondoNet's ten social specifications:
  • Evolvable: The network should be built with future development in mind. The platform should be flexible enough to support technologies, protocols and modes of usage that have not yet been developed.
  • -
    -

    What the system can do

    -
    +
    +

    What the system can do

    +
    • Discovery of other users on the network
    • Text based chat, one-to-one and in groups
    • @@ -351,13 +351,13 @@ This system should be quite scalable. Both qTox and IPFS are based upon distribu
    -
    -

    Disk Images

    -
    +
    +

    Disk Images

    +
    -
    -

    Writing many images quickly

    -
    +
    +

    Writing many images quickly

    +

    There may be situations where you need to write the same disk image to multiple drives at the same time in order to maximize rate of deployment. In the instructions given below the dd command is used for writing to the target drive, but to write to multiple drives you can use a tool such as GNOME MultiWriter.

    @@ -385,9 +385,9 @@ The MultiWriter tool is also available within mesh client images, so that you ca

    -
    -

    Client images

    -
    +
    +

    Client images

    +
    @@ -436,16 +436,16 @@ sudo dd bs=1M -

    Router images

    -
    +
    +

    Router images

    +

    Routers are intended to build network coverage for an area using small and low cost hardware. You can bolt them to walls or leave them on window ledges. They don't have any user interface and their only job is to haul network traffic across the mesh and to enable peers to find each other via running bootstrap nodes for Tox and IPFS. Copy the image to a microSD card and insert it into the router, plug in an Atheros wifi dongle and power on. That should be all you need to do.

    -
    -

    Beaglebone Black

    -
    +
    +

    Beaglebone Black

    +
    @@ -482,9 +482,9 @@ There is still a software freedom issue with the Beaglebone Black, but it doesn'
    -
    -

    Building Disk Images

    -
    +
    +

    Building Disk Images

    +

    It's better not to trust images downloaded from random places on the interwebs. Chances are that unless you are in the web of trust of the above GPG signatures then they don't mean very much to you. If you actually want something trustworthy then build the images from scratch. It will take some time. Here's how to do it.

    @@ -572,9 +572,9 @@ The resulting image can be copied to a microSD card, inserted into a Beaglebone
    -
    -

    Customisation

    -
    +
    +

    Customisation

    +

    If you want to make your own specially branded version, such as for a particular event, then to change the default desktop backgrounds edit the images within img/backgrounds and to change the available avatars and desktop icons edit the images within img/avatars. Re-create disk images using the instructions shown previously.

    @@ -584,9 +584,9 @@ If you need particular dconf commands to alter desktop appearance or beha

    -
    -

    How to use it

    -
    +
    +

    How to use it

    +

    When you first boot from the USB drive the system will create some encryption keys, assign a unique network address to the system and then reboot itself. When that's done you should see a prompt asking for a username. This username just makes it easy for others to initially find you on the mesh and will appear in the list of users.

    @@ -596,9 +596,9 @@ After a minute or two if you are within wifi range and there is at least one oth

    -
    -

    Boot trouble

    -
    +
    +

    Boot trouble

    +

    If the system doesn't boot and reports an error which includes /dev/mapper/loop0p1 then reboot with Ctrl-Alt-Del and when you see the grub menu press e and manually change /dev/mapper/loop0p1 to /dev/sdb1, then press Ctrl-x. If that doesn't work then reboot and try /dev/sdc1 instead.

    @@ -608,9 +608,9 @@ After the system has booted successfully the problem should resolve itself on su

    -
    -

    Set the Date

    -
    +
    +

    Set the Date

    +

    On the ordinary internet the date and time of your system would be set automatically via NTP. But this is not the internet and so you will need to manually ensure that your date and time settings are correct. You might need to periodically do this if your clock drifts. It's not essential that the time on your system be highly accurate, but if it drifts too far or goes back to epoch then things could become a little confusing in regard to the order of blog posts.

    @@ -620,9 +620,9 @@ On the ordinary internet the date and time of your system would be set automatic

    -
    -

    Check network status

    -
    +
    +

    Check network status

    +

    Unlike with ordinary wifi, on the mesh you don't get a signal strength icon and so it's not simple to see if you have a good connection.

    @@ -645,9 +645,9 @@ When you are finished close the window and then select the Network Restart
    -
    -

    Connecting to the internet

    -
    +
    +

    Connecting to the internet

    +

    If you need to be able to access the internet from the mesh then connect one of the peers to an internet router using an ethernet cable, then reboot it. Other peers in the mesh, including any attached mobile devices, will then be able to access the internet using the ethernet attached peer as a gateway. Freifunk works in a similar way.

    @@ -670,47 +670,30 @@ Where myclient.ovpn comes from your VPN provider and with the password "<

    -
    -

    Connecting two meshes over the internet via a VPN tunnel

    -
    +
    +

    Connecting two meshes over the internet via a VPN tunnel

    +

    -Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together. VPN configuration, pem and stunnel files exist within the home directory. Edit the configuration with: +Maybe the internet exists, but you don't care about getting any content from it and just want to use it as a way to connect mesh networks from different geographical locations together.

    -
    -
    nano ~/client.ovpn
    -
    -
    -

    -Edit the IP address or domain for the mesh that you wish to connect to within the route command: +In your home directory on a system connected via ethernet to an internet router you'll find a file called vpn.tar.gz. If you want another mesh to be able to connect to yours then send them this file and get them to uncompress it into their home directory also on an internet gateway machine. If they have an external IP address or domain name for your router then they will be able to VPN connect using the Connect Meshes icon. They should also forward port 653 from their internet router to the mesh gateway machine.

    -
    -
    route [mesh IP or domain] 255.255.255.255 net_gateway
    -
    -
    -

    -Then you can connect to the other mesh with: +You should create a new vpn.tar.gz file for every other mesh which wants to be able to connect to yours. If you are prompted for a password it is 'freedombone'.

    -
    -
    cd /home/fbone
    -sudo stunnel stunnel-client.conf
    -sudo openvpn client.ovpn
    -
    -
    -

    -Using the password "freedombone". From a deep packet inspection point of view the traffic going over the internet will just look like any other TLS connection to a server. +From a deep packet inspection point of view the traffic going over the internet between mesh gateways will just look like any other TLS connection to a server.

    -
    -

    Mobile devices (phones, etc)

    -
    +
    +

    Mobile devices (phones, etc)

    +

    To allow mobile devices to connect to the mesh you will need a second wifi adapter connected to your laptop/netbook/SBC. Plug in a second wifi adapter then reboot the system. The second adaptor will then create a wifi hotspot which mobile devices can connect to. The hotspot name also contains its local IP address (eg. "mesh-192.168.1.83").

    @@ -732,9 +715,9 @@ On some android devices you may need to move the downloaded APK file from the
    -
    -

    Chat System

    -
    +
    +

    Chat System

    +

    Ensure that you're within wifi range of at least one other mesh peer (could be a router or client) and then you should see that the Chat and Other Users icons appear. Select the users icon and you should see a list of users on the mesh. Select the Chat icon and once you are connected you should see the status light turn green. If after a few minutes you don't get the green status light then try closing and re-opening the Tox chat application. Select the plus button to add a friend and then copy and paste in a Tox ID from the users list.

    @@ -793,9 +776,9 @@ At present video doesn't work reliably, but text and voice chat do work well.
    -
    -

    Collaborative document editing

    -
    +
    +

    Collaborative document editing

    +

    The mesh system includes the ability to collaboratively edit various sorts of documents using CryptPad. CryptPad is an almost peer-to-peer system in that it is designed for a client/server environment but that the server aspect of it is very minimal and limited to orchestrating the connected clients. With CryptPad installed on each mesh peer it effectively enables peer-to-peer collaborative editing. Documents are ephemeral and forgotten unless they're exported or copy-pasted to permanent storage.

    @@ -826,9 +809,9 @@ If you have the chat system running you can then copy and paste the URL for your
    -
    -

    Social Network

    -
    +
    +

    Social Network

    +

    Patchwork is available as a social networking system for the mesh. Like all social network systems it has a stream of posts and you can follow or unfollow other users. You can also send private messages to other users with end-to-end encryption.

    @@ -863,9 +846,9 @@ The Secure Scuttlebutt protocol which Patchwork is based upon is intended to be
    -
    -

    Sharing Files

    -
    +
    +

    Sharing Files

    +

    You can make files publicly available on the network simply by dragging and dropping them into the Public folder on the desktop. To view the files belonging to another user select the desktop icon called Visit a site and enter the username or Tox ID of the other user.

    @@ -880,9 +863,9 @@ You can make files publicly available on the network simply by dragging and drop
    -
    -

    Blogging

    -
    +
    +

    Blogging

    +

    To create a blog post select the Blog icon on the desktop and then use the up and down cursor keys, space bar and enter key to add a new entry. Edit the title of the entry and add your text. You can also include photos if you wish - just copy them to the CreateBlog/content/images directory and then link to them as shown.