aredn/files/www/help.html

622 lines
49 KiB
HTML
Raw Normal View History

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>AREDN&#174; Node Help</title>
<meta http-equiv='expires' content='0'>
<meta http-equiv='cache-control' content='no-cache'>
<meta http-equiv='pragma' content='no-cache'>
<link rel=StyleSheet href='/style.css' type='text/css'>
</head>
<body>
<h2>AREDN&#174; Node Help</h2>
<h3>Table of Contents:</h3>
<ul>
<li><a href='#status'>Status Page</a></li>
<li><a href='#charts'>Charts Page</a></li>
<li><a href='#meshstatus'>Mesh Status Page</a></li>
<li><a href='#setup'>Basic Setup</a></li>
<ul>
<li><a href='#meshrf'>Mesh RF Setup</a></li>
<li><a href='#lanmode'>LAN Setup</a></li>
<ul>
2019-04-06 22:03:16 -06:00
<li><a href='#lanap'>LAN Access Point</a></li>
</ul>
<li><a href='#wansettings'>WAN Setup</a></li>
<ul>
2019-04-06 22:03:16 -06:00
<li><a href='#wanclient'>WAN Wifi Client</a></li>
</ul>
<li><a href='#optionalsettings'>Optional Settings</a></li>
</ul>
<li><a href='#ports'>Port Forwarding, DHCP, Services, and DNS Aliases</a></li>
<ul>
<li><a href='#natmode'>NAT Mode Operation</a></li>
<li><a href='#directmode'>Direct Mode Operation</a></li>
</ul>
<li><a href='#tunnels'>Tunnel Setup</a></li>
<li><a href='#admin'>Administration</a></li>
<li><a href='#advancedconfig'>Advanced Configuration</a></li>
<li><a href='#failsafe'>Failsafe Feature</a></li>
</ul>
</ul>
<b>Notes:</b>
<ul>
<li>Clicking the AREDN&#174; logo will redirect to <a href='http://localnode.local.mesh'>http://localnode.local.mesh</a></li>
<li>Javascript and page redirection must be enabled in your browser for the
web interface to work.</li>
<li>Some operations can take several seconds or longer to complete. While the node is working on your request the only feedback you see will be from your browser, such as a spinner in the page header. Be patient and wait for the web interface to respond before trying to click other buttons.</li>
<li>Avoid the use of your browser's back, forward, and reload buttons. Every
page has navigation controls to take you where you want to go.</li>
<li>Having several people viewing pages on the node's web interface at the same
time should not cause any problems. However, some pages of the node's web interface are intended to be used by only one person at a time. This is especially important on the setup pages where using them from multiple browsers or multiple computers at the same time will almost certainly cause conflicts.</li>
<li>For additional information, refer to the complete online documentation at <a href="https://arednmesh.readthedocs.io/en/latest/">https://arednmesh.readthedocs.io/en/latest/</a>. </li>
</ul>
<hr>
<a name=status><h2>Status Page</h2></a>
<p>
This is the first page you will see when
accessing <b>http://localnode/</b> or <b>http://your-node-name/</b>.
The top bar displays the node name and also a tactical name if one has been
assigned. For more about tactical names see the <a href='#setup'>Basic Setup</a>
section.
</p>
<p>
Below the name bar are several control buttons. Some of these
buttons may not be available depending on the current configuration of your node:
</p>
<ul>
<li><strong>Refresh</strong> will update the page with current data.<br><br></li>
<li><strong>Mesh Status</strong> takes you to a page which shows the Neighbor and Remote nodes as well as what services are being provided through those nodes.<br><br></li>
2022-05-24 13:16:48 -06:00
<li><strong>Neighbor Status</strong> If you have Link Quality Manager (LQM) enabled, you will see a button that takes you to the Neighbor Status page. See the AREDN&#174; online documentation for a full description of Link Quality Manager. This page displays a table of RF neighbor nodes, their link quality metrics, and any actions that Link Quality Manager has taken to improve the communication between nodes. The Signal-to-Noise ratio in dB is shown for both sides of the radio link, as well as the distance between your node and the neighbor node. The distance is calculated based on the GPS coordinates (Lat/Lon) entered on each node. If no GPS coordinates were entered, then the distance cannot be calculated and that metric will not be considered in the LQM improvement process. The Link Quality is expressed as a percent and is calculated as the moving average of total sent packets over total sent packets plus retransmissions. The current status of each radio link is displayed, and the meanings of each status is shown below.
<ul>
<li>pending: LQM is collecting data and evaluating the link.</li>
<li>active: the link is viable and can be used.</li>
<li>idle: the link is usable and would be <em>active</em> but the node routing table does not yet have a route for sending traffic across the link.</li>
<li>blocked: the link is unusable and is blocked from use.</li>
<li>blocked - distance: the remote node is either too close or too distant, based on the LQM Min and Max Distance settings.</li>
<li>blocked - signal: the SNR on the link is too low to reliably pass data, based on the LQM Min SNR setting.</li>
<li>blocked - retries: the retransmission rate is too high to reliably pass data.</li>
<li>blocked - latency: the link latency is to high to reliably pass data.</li>
<li>blocked - dtd: LQM blocks the RF interface of any nodes to which a DtD link also exists.</li>
<li>blocked - dup: LQM blocks a link in cases when your node has an RF link to other nodes which themselves connect to each other via DtD. This can occur when there are multiple radios at a site using the same channel. The best remote node is chosen as the RF link for your node but the other possible RF connections are blocked as duplicates.</li>
<li>blocked - user: LQM blocks any node which you enter in the <em>User Blocked Nodes</em> field in the Advanced Configuration section.
<li>disconnected: the RF Neighbor is no longer online.</li>
</ul>
<br></li>
<li><strong>WiFi Scan</strong> Displays a list of other 802.11 signals that your
node can see. The 802.11 signals may include Access Points, neighbor nodes, and
other mesh networks (foreign ad-hoc networks). WiFi Scan only finds devices on
the same channel width as your node. When installing at a new
location, it is best practice to scan on 5, 10, and 20MHz channels to find all
802.11 signals in range. This information will help to pick a channel clear of
other interference. When multiple ad-hoc networks are visible (with different
SSIDs or channels), the ID of each 802.11 ad-hoc network is displayed but not
the individual nodes. There is also an automatic scan mode, but running a Wifi
Scan continuously is not recommended, particularly if the node is actively routing traffic. The scan is passive and only listens for other beacons through all channels. In passive mode Wifi Scan does not transmit probes on every channel, thus there is no risk of interfering with Radar stations on DFS channels, or other unintended transmissions. Multiple attempts of Wifi Scan will be necessary to find all devices in range.<br><br></li>
<li><strong>Setup</strong> takes you to the setup pages of the web
interface. You will need to supply a username and password to access those
pages. The username is always "root", and the password is the one you set on
the Basic Setup page. If the node has not yet been configured, the password is
"hsmm". Note that the password given to log in to the setup pages is NOT encrypted in transit.<br><br></li>
<li><strong>Select Theme</strong> switches display themes/styles. Black on white can be chosen when you need the best screen visibility on a laptop exposed to direct sunlight. Red on black is much
better suited for nighttime use as it helps preserve night vision.</li>
</ul>
<p>The remainder of this page displays the status of other node settings. The left column contains the details of the network interfaces used on
this node, the default gateway if one is available, and the SSID, Channel, and Channel Width configured on the Mesh RF interface.</p>
<p>The right column contains the signal strength metrics (Signal/Noise/Ratio), which are a reading of the strongest RF neighbor signal (if any). The <b>Charts</b> page is described below. Other values include the firmware version, the system time, the node uptime since its last boot, the load average, the available storage/memory on the node, and the number of items seen by the mesh routing daemon (olsrd).</p>
<hr>
<a name=charts><h2>Charts Page</h2></a>
<p>This page shows RF signal information in both a realtime and an archived view. The default view shows the average signal of all connected stations in realtime.<br>
There are several control buttons below the node name:<br>
<ul>
<li><strong>Archive</strong> takes you to the charts for any archived signal data on this node.</li>
<li><strong>Realtime</strong> takes you to the charts for realtime (current) signal data as seen from this node.</li>
<li><strong>Quit</strong> takes you back to the node status page at http://nodename/cgi-bin/status</li>
</ul>
</p>
<p>Below these control buttons, you will see the <strong>"Selected Device"</strong> dropdown. This control will display each RF neighbor that is heard by your node. Depending on the information known about a given neighbor, the neighbor may be listed by one of the following:
<ul>
<li>MAC address: 802.11 adhoc beacons received</li>
<li>IP address: IP packets received</li>
<li>Hostname: OLSR packets communicating hostname received (from any source)</li>
</ul>
<p>By changing the <strong>"Selected Device"</strong> value, the chart will automatically reload to show that node's information. Hovering over a data point within the chart will show additional information for that specific data point, such as:
<ul>
<li>Time: The time that the data point was taken</li>
<li>Signal: the RF signal level</li>
<li>Noise: the RF noise floor value</li>
<li>SNR: The absolute value of (signal - noise)</li>
<li>TX Rate: the data rate (in Mbps) used for transmitting to the selected device</li>
<li>TX MCS: the modulation and encoding scheme used for transmitting to the selected device</li>
<li>RX Rate: the data rate (in Mbps) used for receiving from the selected device</li>
<li>TX MCS: the modulation and encoding scheme used for receiving from the selected device</li>
</ul>
</p>
<p>If no traffic is being routed to the neighbor, the rate and MCS values may be '0' until data is available to measure and determine the optimal settings.
An MCS value of zero (0) may also include non-802.11n encoding schemes (ie. 802.11a/b/g). The small box with three vertical dots in the upper right of the page allows you to download the current snapshot of the chart to a file on your local computer.</p>
<p>Data shown in the Archive charts are not stored in permanent memory on the node. The node will store approximately two days of archived data. After a reboot, this data is cleared.</p>
</p>
<p><b>Chart Zooming</b></h3>
<ul>
<li>If you left-click-and-drag your mouse across a region of the chart, the chart will zoom to that specific area.</li>
<li>While zoomed, two additional icons will appear in the upper right of the chart:
<ul>
<li>PAN: allows you to move/pan the zoomed portion of the chart</li>
<li>RESET: exits from zoom mode</li>
</ul>
</li>
</ul>
</p>
<p><b>Audio Controls</b></h3>
<p>The current Signal to Noise Ratio (SNR) is displayed to the left of the signal chart along with several audio controls. You can click the Sound <em>On</em> button to hear a tonal representation of your current SNR. Higher tone pitch indicates higher SNR values. Adjust the tone Pitch and Volume with the sliders, or you can turn off the tone by clicking the <em>Off</em> button.</p>
<hr>
<a name=meshstatus><h2>Mesh Status</h2></a>
<p>
The Mesh Status page lists AREDN&#174; mesh nodes, link quality information, and the services advertised on the network. There are four sections:
</p>
<ul>
<li><strong>Local Hosts</strong> shows the local node as well as its LAN hosts (if any). It also displays the Advertised Services associated with these hosts.</li>
<li><strong>Current Neighbors</strong> is a list of direct neighbor nodes (1 hop). These links may be via RF, DtDLink (an Ethernet cable), or a tunnel (over Internet connection). The quality of the link is shown (described below) and Advertised Services are listed for the nodes and their attached LAN devices.</li>
<li><strong>Remote Nodes</strong> is a list of indirect mesh nodes (2 or more hops). Advertised Services are listed for those nodes and their attached LAN devices. Remote Nodes are sorted by ETX, referred to as "link cost" (described below).</li>
<li><strong>Previous Neighbors</strong> is a list of nodes that were previously Current Neighbors but which are no longer connected. The <em>When</em> column shows when each node was last linked as a Current Neighbor.</li>
</ul>
<p><b>Link Quality (LQ)</b> is the percent of packets received from the neighbor in the OLSR mesh routing protocol from the perspective of the local host. OLSR packets exchange routing, advertised services, and other information including a packet sequence number to determine missing packets to characterize the quality of the link.</p>
<p><b>Neighbor Link Quality (NLQ)</b> is the percent of packets the neighbor received from the perspective of the local host in the OLSR mesh routing protocol. The NLQ is the LQ from the neighbor's perspective.</p>
<p><b>Expected Transmissions (ETX)</b> is a Bernoulli statistic of how many packets must be transmitted to successfully receive the round trip acknowledgement between neighbor nodes and is calculated with this formula: ETX = 1/(LQ x NLQ). Between multiple hop nodes, this is calculated by adding up the ETX for each hop. "1" is a perfect RF link between neighbors. A DtDLink is fixed at ETX="0.1" for packets traversing an Ethernet cable. OLSR selects the neighbor to send traffic to based on the lowest cost ETX path to the final destination. ETX should be interpreted with care. From a quality perspective, the ETX for Remote Nodes is not an end-to-end metric in the same way as for adjacent neighbors. For example, two nodes that are 5 hops apart with zero packet loss between them is characterized with an ETX=5. A single hop with ETX=5 (LQ and NLQ is ~45%) will stream poor quality video (if usable at all) given the packet loss, but a five hop route between nodes with ETX=5 will deliver smooth streaming quality video.</p>
<p><b>Transmitted Mbps (TxMbps)</b> is calculated with the formula (TxMbps = rate x EWMA) where rate is the 802.11 data rate in use by the transmitter and EWMA is the Exponentially Weighted Moving Average or the current time-weighted chance that a packet at this rate will reach the remote station. If no traffic is being routed to the neighbor, this value may be '0' until data is available to measure and determine the optimal rate. For further details: <a href='http://wireless.wiki.kernel.org/en/developers/documentation/mac80211/ratecontrol/minstrel'>Rate Control Algorithm</a></p>
<p>Link Identifiers:</p>
<ul>
<li><strong>(wan)</strong> indicates the node is an Advertised Gateway. Typically this provides access to the Internet, but it may also be to an isolated network.</li>
<li><strong>(dtd)</strong> indicates the path to a neighbor across an Ethernet cable. The neighbor may be listed twice if both an RF and DtD path exists. The DtDLink path is always assigned an ETX of "0.1". All Remote Nodes have a DtDLink interface, consequently "(dtd)" is not shown for Remote Nodes.</li>
<li><strong>(tun*?)</strong> indicates the path to the neighbor is over an Internet tunnel. "?" is a number indicating the count of tunnel connections on that node.</li>
</ul>
<hr>
<a name=setup><h2>Basic Setup</h2></a>
<p>
This is where the basic networking settings are configured for the node.
You generally will not need to change any of the
settings on this page other than the node name and password.
<u>Do not change any of the network settings unless you fully understand how
the mesh works and why the default may not be suitable for your situation</u>.
One reason AREDN&#174; exists is to minimize or eliminate, as much as possible, the need to manually configure these types of network settings.
</p>
<p>The buttons on this page work as follows:</p>
<ul>
<li><strong>Save Changes</strong> will check the validity of all the
entered information and save it to flash memory if no errors are found. A
reboot is required for most changes on this page to take effect, and this should be done as soon as possible to avoid configuration mismatch problems.<br><br></li>
<li><strong>Reset Values</strong> will reload the current settings from
flash memory and undo any changes that have been made on the page prior to saving changes.<br><br></li>
<li><strong>Default Values</strong> will set all values to their defaults except the Node Name and Password. The default values are not resaved
until <em>Save Changes</em> is clicked.<br><br></li>
<li><strong>Reboot</strong> will immediately reboot the node.</li>
</ul>
<p><strong>Node Name</strong> sets the hostname for the node. Hostnames can
contain letters, numbers, and dashes, but cannot begin or end with a
dash. Underscores, spaces, or any other characters are not allowed.
Hostnames are not case sensitive, but the case you enter will be preserved. Node names are prefixed with your callsign and may contain up to 63 characters, but it is best to keep node names as short as possible while still uniquely identifying the node.</p>
<p>Amateur radio operators are required to properly identify all transmitting stations. Therefore, the Node Name is beaconed automatically by the node every five minutes, so the hostname must contain your callsign. Recommended hostnames follow the (callsign)-(name) format, such as ad5oo-mobile or ad5oo-lhg-tower. This is similar to the MYCALL setting you would give a packet TNC, but without the 0-15 restriction for the name part.</p>
<p>It is here that you can also set a tactical name for your node. A tactical
name is an alias which may be helpful during an emergency deployment where (for example) several Red Cross shelters are being linked. In addition to the normal hostname you can give each node a tactical name such as shelter1, shelter2, shelter-north. Tactical names have the same restrictions as hostnames and are
accessible through DNS like the main node names. To set a tactical name, put a slash after the node name then give the tactical name. For example, "ad5oo-1/shelter5".</p>
<p><strong>Password</strong> is where you set the administration password
for the node. It needs to be entered again in the <em>Retype Password</em> field to
verify its accuracy. It is only required the first time the node is configured, so afterward it is not necessary to change a password unless you want to. Note that these password entries are NOT encrypted in transit, so this is best done from a direct wired connection to the node.</p>
<p><strong>Node Description</strong> is where you can enter additional info about the node, for example: "This device is maintained by (callsign). Please contact email@address for more info."
<ul>
<li><em>The description is optional</em> and there are no character restrictions in the field.</li>
<li>The maximum length allowed is 210 characters.</li>
<li>HTML tags are not allowed in the description field.</li>
<li>The description displayed on the main status page is automatically word-wrapped at about 70 characters and should not split a word in the middle.</li>
</ul>
</p>
<p>The <strong>Mesh RF</strong>, <strong>LAN</strong>,
and <strong>WAN</strong> columns are where the details of each of these network
interfaces are set.</p>
<h3><a name=meshrf><b>Mesh RF Column</b></h3></a>
<p>The <strong>Mesh RF</strong> column shows settings for the mesh radio interface, including the IP address, netmask, SSID, Channel, and Channel Width.</p>
<p>
<ul>
<li><a name=channel></a>The <strong>Channel</strong> and <strong>Channel Width</strong> selection determines the center frequency and signal bandwidth. AREDN&#174; reminds operators that they must select frequencies, bandwidths, and power levels which comply with their country's amateur radio license requirements.<br><br></li>
<li><a name=power></a>The <strong>Power</strong> setting controls the maximum power the unit may transmit. A node may decrease its power output automatically as it enters higher data rates to maintain a linear spectrum. Some devices may have max power levels that change based on which channel/frequency the hardware is operating on, and in this case the max level will change when you save settings and will be capped at the max level supported by the hardware for that frequency.</li>
</ul></p>
<p>The final section of the <strong>Mesh RF</strong> column will show <strong>Power &amp; Distance</strong> settings if you have the <strong>Link Quality Manager</strong> <em>disabled</em>.</p>
<p>
<ul>
<li><strong>Tx Power</strong> allows you to select the RF output power for your node's mesh RF interface using a drop-down list.<br><br></li>
<li><a name=distance></a><strong>Distance</strong> adjusts the RF retry timer
to define how long the transmitter will wait for an acknowledgement
from a neighbor station. If the distance parameter is too short, then
the transmitter will send duplicate data packets before the acknowledgement had time to return. If the distance parameter is too long, then the
transmitter will wait extra time before considering the data lost and re-transmitting. This value is only applicable to nodes that
communicate directly over RF and not multiple hop nodes on the
broader mesh network. The value should be set to the distance in meters
to the farthest direct RF node you expect to communicate with.
<br><br>Change the distance value by moving the slider, which moves in multiples
of 1000 meters (approximately 0.62 miles). A value of '0' will cause
the radio to auto-calculate the RF retry timer based on measuring the
actual time it takes acknowledgement packets to be received. The
automatic timer is tracked using a Exponential Weighted Moving Average (EWMA).
'Auto' is the default setting.
The best way to test an optimal distance settings is to do a throughput
test directly between two nodes using iperf3 to measure the performance of thier RF
link. Try different distance settings to peak out the iperf3 throughput.<br>
<br>The maximum distance settings the ath9k wireless driver allows is dependent on the Channel Width:<br>
<ul>
<li>20MHz: 46666 meters</li>
<li>10MHz: 103030 meters</li>
<li>5MHz: 215757 meters</li>
</ul>
<br>The auto distance setting is best used on stable point to point links.
Fifty percent performance increases have been observed. Auto distance
settings do not work well with many neighbors and marginal links. In this
senario, the round trip packet timing has a very wide range of values.
Consequently the timeout value becomes inflated and inconsistent.
Static settings should be used in this situation. It is best to measure
the link with iperf3 to compare thoughput and determine the best distance setting. Refer to the AREDN&#174; online documentation for a complete explanation of this process.</li>
</ul>
<a name=linkqual></a>
<p>If you have the <strong>Link Quality Manager</strong> <em>enabled</em>, the final section of the <strong>Mesh RF</strong> column will show
<strong>Power &amp; Link Quality</strong> settings. Refer to the full AREDN&#174; documentation online for more information about the Link Quality Manager.</p>
2019-04-06 22:03:16 -06:00
<p>
<ul>
<li><strong>Tx Power</strong> allows you to select the RF output power for your node's mesh RF interface using a drop-down list.<br><br></li>
<li><strong>Max Distance</strong> is the maximum distance between nodes at which you can expect to achieve a usable radio link. The default value is 50 miles / 80 kilometers.<br><br></li>
<li><strong>Min SNR</strong> is the minimum Signal-to-Noise ratio that you require in order to reliably pass data between nodes. The default is 15 dB.<br><br></li>
<li><strong>Min Quality</strong> is the minimum Link Quality required in order to reliably pass data between nodes. The default value is 50%.<br><br></li>
</ul>
2019-04-06 22:03:16 -06:00
</p>
<p>The settings in the lower Mesh RF section can be changed without rebooting the node by clicking the <strong>Apply</strong> button, but unless they are saved they will revert to the previously values after a reboot.</p>
<h3><a name=lanmode><b>LAN Column</b></a></h3>
<p>The <strong>LAN</strong> column displays the settings for the node's Local Area Network, including the network IP Address and netmask. The DHCP checkbox allows you to enable or disable the node's DHCP server, and it shows the final octet of the starting &amp; ending DHCP address range based on the <em>LAN Mode</em> that you select from the top dropdown.</p>
<p>The default mode is <b>5 Host Direct</b> and in this mode every host
on the LAN has direct access to and from the mesh (ie., the LAN shares the same
address space as the mesh). Port forwarding is not needed because NAT is not
used, and there is no firewall between the LAN and the mesh. This mode was
created because many services do not traverse NAT, and Direct mode also reduces the amount of manual configuration needed to provide services to the mesh.</p>
<p>The mesh address space is automatically managed, so in Direct mode the LAN is not user configurable. Anyone familiar with configuring home routers using static IP addresses should already be comfortable with this mode.
Like commercial ISP access, you do not decide for yourself what the network
parameters will be. You must use the parameters which are given to you by the ISP. But
unlike most commercial ISP access, there is a DHCP server available on the mesh
node to configure the hosts that are attached to its LAN.</p>
<p>The only configurable option available in Direct mode is the size of the LAN subnet which can accommodate either 1, 5, 13, or 29 LAN hosts. The 1 host subnet can be useful for either a single server or a commercial grade router using its own NAT which is capable of more advanced routing functions than those
available on a mesh node. It is important not to use a subnet larger than is necessary because the
2019-04-06 22:03:16 -06:00
chances of an IP address conflict on the mesh increase with the size of the
subnet. The LAN subnet parameters are automatically generated and depend on
the IP address of the Mesh RF interface. If a conflict does occur it can be
fixed by changing the Mesh RF IP address.</p>
<p>The other LAN Mode is <b>NAT</b>, which stands for Network Address Translation. In
2019-04-06 22:03:16 -06:00
this mode the LAN is isolated from the mesh and all outgoing traffic has its
source address modified to be the Mesh RF IP address of the node. This is the
same way that most home routers use an ISP Internet connection, and all services
2019-04-06 22:03:16 -06:00
provided by computers on the LAN can only be accessed through port forwarding
rules. A single DMZ server can be set up to accept all incoming traffic that
is not already handled by other rules or by the node itself. See <em>Port Forwarding</em> below for additional information.</p>
<p><a name=lanap><b>LAN Access Point</b></a></p>
<p>The <strong>LAN Access Point</strong> section will appear on devices having an unused radio interface. This allows the node to provide a standard FCC Part 15 wireless access point which local computers may connect to in order to obtain LAN access on the mesh node. It is configured similar to a typical home wifi access point.</p>
<p>The <em>Enable</em> checkbox allows you to enable or disable the LAN Access Point. If your node has more than one unused radio, then you may be able to select either the 2GHz or 5GHz band from the AP band dropdown. The SSID field allows you to create an SSID for client computers to use when connecting to your node's LAN network. Select a Wifi channel from the Channel dropdown. The default encryption is WPA2 PSK, and the password length must be between 8 and 63 characters. If the key is 64 characters, it is treated as hex encoded. A single quote character may not be used.</p>
<h3><a name=wansettings><b>WAN Column</b></a></h3>
<p>The <strong>WAN</strong> column displays the settings used to
connect with an upstream network, which typically can provide Internet access.
In the <em>Protocol</em> dropdown the default connection type is DHCP client mode, which requests its network settings from the upstream DHCP server. You can select <em>Static</em> mode, which allows you to specify a static WAN IP address for your node as well as the appropriate netmask and default gateway address. You can also select <em>disabled</em> to completely disable the node's WAN.</p>
<p>The DNS servers are set by default to Google DNS and should not be changed
under normal circumstances. Many ISP's are adopting the practice of taking you to an ISP generated web page if you
incorrectly type a URL or if the host you are trying to reach no longer
exists. The proper behavior is for your browser to detect these
error conditions itself and report them accordingly. Google follows the rules and allows for the proper operation of the network.</p>
<p><b>Advanced WAN Access</b></p>
<p><a name=allowwan></a><b>Allow others to use my WAN</b>: When a node has Internet access from either its WAN or LAN, that access is available to the node itself and to any computer connected to the LAN network. When this option is enabled the node will also route traffic from its Mesh RF interface onto its WAN and typically out to the Internet. By default this is disabled since it is not a good practice to allow every remote mesh device to obtain Internet access through your node. If you choose to enable this option be aware that your node is transmitting as an FCC Part 97 amateur radio, so make sure that any Internet traffic sent over the radio complies with FCC Part 97 rules. If you simply want local wireless Internet access at a location, consider using a separate standard Part 15 access point instead of enabling this option on your node.</p>
<p><a name=preventwan></a><b>Prevent LAN devices from accessing WAN</b>: Normally any devices connected to the node's LAN network will also have access to its WAN. Enabling this option will cause the node <em>not</em> to give LAN devices access to the WAN. This means that computers on this node's LAN
will only use the 10.0.0.0/8 and 172.16.0.0/12 mesh network ranges. With this setting enabled you will not be able to access the Internet, even if your node has Internet available on its WAN port. This also applies to Internet available over the mesh. Use this only if your node needs to be connected to two networks at once, such as wired to the mesh as well as WiFi to a local served agency network.</p>
<p><a name=wanclient><b>WAN Wifi Client</b></a></p>
<p>The WAN Wifi Client feature allows you to connect an unused radio on your node to a local Wifi AP that can provide Internet access or some other type of network access. This can be useful in situations when you have no way to cable your node to a local router for WAN Internet access. Enabling the WAN Wifi Client will disable the WAN vlan which prevents your node from using its physical Ethernet port for WAN access.</p>
<p>Use the Enable checkbox to enable or disable the WAN Wifi Client. Type the SSID and password that are required to make a Part 15 Wifi connection to the local Wifi Access Point. If your node has more than one unused radio interface, then the WAN Wifi client band dropdown will be displayed allowing you to select the node's radio that you want to use. The password length must be a minimum of 8 and maximum of 64 characters. If the key length is 64, it is treated as hex encoded. If the password field is empty (length = 0), then no encryption will be used to connect to an open AP. A single quote character may not be used.</p>
<a name=optionalsettings><h3>Optional Settings</h3></a>
<p>If you choose to specify your latitude, longitude, and gridsquare for location purposes, the lat/lon values should be in decimal format (ex. 30.444522 and -95.111234). If you will be enabling the Link Quality Manager, be sure to enter accurate GPS coordinates on your node.</p>
<ul>
<li>Click the "Find Me!" button to use your location aware browser to populate the values automatically. This works very well if you are viewing the page from a mobile device with built-in GPS.</li>
<li>Use the "Apply Location Settings" button to apply the lat/lon and gridsquare values. <em>Save Changes</em> is not required to apply these settings temporarily.</li>
<li>If your node has an Internet connection available, the "Show Map" and "Upload Data to AREDN&#174; Servers" buttons will be active. The "Show Map" button will display a map that allows you to click on the position where your node is located, or to drag an existing marker to a different location on the map. Both of these activities will automatically update the lat/lon fields on the page. The "Upload Data to AREDN&#174; Servers" button will send your node information to an AREDN&#174; server on the Internet.
<br><br>By submitting this information you hereby allow AREDN&#174; to publish your node location on its mapping display and utilize the information for other purposes that AREDN&#174; deems useful, including but not limited to statistical analysis. If you wish to remove your node location from the public mapping service, simply clear/erase your node's lat/lon values, click "Apply Location Settings", and then click "Upload Data to AREDN&#174; Servers".
<br><br>To see a sample of the information that will be sent to the AREDN&#174; server, click <a href='http://localnode.local.mesh/cgi-bin/sysinfo.json?hosts=1'>here</a> and <a href='http://localnode.local.mesh:9090/topology'>here</a>. You can replace "localnode" with an actual node name to see the data from that node.</li>
</ul>
<p>You can also set the timezone where your node is located as well as entering an NTP server that the node can connect to for time updates. You must click <em>Save Changes</em> to save the new timezone and NTP server settings.</p>
<hr>
<a name=ports><h2>Port Forwarding, DHCP, Services, and Aliases</h2></a>
<p>
The buttons on this page works as follows:
</p>
<ul>
<li><strong>Save Changes</strong> will do a basic validation of the entered
data and save it to flash memory if no errors are found. The settings take effect in about 20 seconds and a reboot is NOT required. Note that the checks
performed are not comprehensive and it is possible to enter settings that will not work or possibly break the node's configuration.<br><br></li>
<li><strong>Reset Values</strong> will reload the current settings from
flash memory and undo any changes that have been made.<br><br></li>
<li><strong>Refresh</strong> will reload the page and it is useful for two things. It will update the list of DHCP leases for any new hosts that have been
configured on the LAN, and it will also validate the settings entered on the
page and incorporate changed settings that may affect the node's configuration.
You should do this before saving changes to make sure everything is set up as
intended.</li>
</ul>
<a name=natmode><h3>NAT Mode Operation</h3></a>
<p>The way this page works depends on whether the LAN is operating in NAT
mode or Direct mode. First we will cover NAT mode, where hosts on the LAN are
insulated from both the Wifi and WAN interfaces by a firewall. This
makes them inaccessible from either of these interfaces unless Port Forwarding
is set up. Here are some common ports that may need to be forwarded:
<ul>
<li>20 ftp-data </li>
<li>21 ftp - file transfer protocol </li>
<li>22 ssh - secure shell </li>
<li>23 telnet </li>
<li>25 smtp - simple mail transport protocol </li>
<li>53 dns - domain name service </li>
<li>80 http - hypertext transport protocol </li>
<li>123 ntp - network time protocol </li>
<li>698 olsr - optimized link state routing </li>
<li>1978 olsr http - olsr's web interface </li>
<li>2222 node ssh server</li>
<li>8080 node web server</li>
</ul>
</p>
<p>Port forwarding will redirect inbound
connections from the Wifi, WAN, or both interfaces and forward them to an IP
address and port on the LAN. The destination port number need not be the same. If you have hosts on the LAN that provide services you want to make available to the mesh, a Port Forwarding rule will be required to make that connection possible.</p>
<p>If you want to forward a range of ports, the <strong>Outside Port</strong>
field will accept a hyphen-separated range in the form "xxxx-xxxx". When doing this, set the <strong>LAN Port</strong> to the low value of the port range. When forwarding a port range the Outside and LAN ports must match.</p>
<p>If you want to forward every port that is not already in use to a
single computer on the LAN, choose that computer's IP Address from
the <strong>DMZ Server</strong> dropdown. There can be only one DMZ Server. Be
aware that this bypasses the firewall in the node, so the DMZ server should
run its own firewall to prevent unauthorized access.</p>
<p><em>Example</em>:
<br>On the LAN of a mesh node called ad5oo-mobile there is an IP camera that is
running its own web server. The address of that camera is 172.27.0.240. To
make that camera available to everyone on the mesh, create a port
forwarding rule on the WiFi interface whose Outside Port is 8100, with an
LAN IP of 172.27.0.240 and LAN Port of 80. This takes all connections to port
8100 on ad5oo-mobile and redirects them to port 80 on 172.27.0.240. In a web
browser on a remote computer connected to the mesh you would go to
http://ad5oo-mobile:8100 to view the IP camera.</p>
<p>Note that port forwarding to an FTP server, which uses both ports 20 and 21,
can be done with a single rule using port 21 if the ftp client is capable of
using passive ftp mode. Web browsers are able to do this and handle ftp
downloads seamlessly.</p>
<p><strong>Advertised Services</strong></p>
<p>When you want to let others know about services you are providing, the
Advertised Services you create will appear on the <em>Mesh Status</em> page of all other nodes. All advertised services need a name, and no services can be
advertised until at least one port forwarding rule or a DMZ server has been
defined.</p>
<p>If your service is accessible via web browser, such as from a web or ftp server, you can make the name appear as a clickable link by checking the <em>Link</em> box. All links need two parameters: a protocol and a port number.
Web servers use the http protocol and ftp servers use the ftp protocol. Other
services may use other protocols. The port number should be the one used as
the Outside Port in the forwarding rule through which the service can be
accessed. In the last field you can enter an optional link suffix to a more specific path if needed, such as the name of a specific page on a
web server or a directory or file on an ftp server.</p>
<p><strong>DHCP Address Reservations</strong></p>
<p>If you are providing services to the mesh from hosts on the LAN you will want
to either override or make permanent the automatically assigned IP address for
that host. The DHCP Address Reservations section is where you do that. In order for port forwarding to work, the IP address must match that of the destination host. If the LAN device is currently connected and has been given an IP address by DHCP it will
be listed under <em>Current DHCP Leases</em>. If you click the <b>Add</b> button
next to the lease it will be added to the DHCP Reservations list. You can
leave the information as it is or edit it to suit your needs. You can also manually enter your own information into the blank fields under DHCP Reservations and click <em>Add</em> there to create your own entry.</p>
<p>For each of the sections on this page, simply entering information into the
fields is not enough. The settings are not updated until the <b>Add</b> button is clicked. Before saving changes the new fields must be either added or cleared.</p>
<p><strong>DNS Aliases</strong></p>
<p>This section allows you to give a LAN host a more meaningful name than the existing hostname. Enter the Alias Name and select the host from the IP Address dropdown, then click <em>Add</em>. This option is more useful in Direct Mode as described below.</p>
<a name=directmode><h3>Direct Mode Operation</h3></a>
<p>When the LAN is operating in Direct mode this page works a
little differently, since in Direct mode the LAN hosts are accessed directly
from the mesh and no port forwarding is involved. The Advertised Services are
defined using existing LAN hosts, and this is determined by the DHCP Address
Reservations that are defined. After the DHCP Reservations have been assigned,
services can be advertised in the same way as before with the additional
requirement of selecting the name of the host that is providing the service.</p>
<p>Another difference in Direct mode is that the hostnames used in DHCP
Reservations are also advertised to the mesh and therefore <u>must be
unique</u> across the entire network. For example, "raspberrypi" might be a typical server name but it is a poor choice for a mesh hostname because there can be only one host with this name on the entire mesh. Just as you used your callsign in the node name, it would also be a good idea to use it in DHCP Reservation hostnames. Therefore, <nobr>"ad5oo-raspberrypi"</nobr> is a good hostname since it will be unique and only the callsign holder needs to keep
track of the hostnames he is assigning to his devices.</p>
<p><b>NOTE:</b> If you do not want OLSR to propagate a LAN hostname across the mesh, you can click the <b>Do Not Propagate</b> checkbox. This will prevent your LAN host from being displayed on the Mesh Status pages of other mesh nodes, making it inaccessible from across the network.</p>
<p>The hostnames being discussed here are those that are defined under DHCP
Reservations and available to the mesh, not those of the LAN hosts
themselves. While it is convenient for them to be the same, there is no
requirement that they must be. For example, the
name <nobr>"ad5oo-raspberrypi"</nobr> used above can be the mesh name for
a host that calls itself "skywalker". But be aware that if this host is a
webserver, the webserver configuration should use the
name <nobr>"ad5oo-raspberrypi"</nobr> because the name "skywalker" will not be
known on the mesh and any pages the webserver generates itself such as error
pages may use the "skywalker" name.</p>
<p>There are two considerations to keep in mind regarding the size of the subnet
chosen for the LAN.
<ol>
<li>When using a one host subnet, the DHCP Reservation
used for that single host will prevent any other host from receiving a DHCP
lease. So if for some reason the original host is not connected to the LAN
and you need to get back into the node to reconfigure it, the easiest way is
to access it from a different node on the mesh.</li>
<li>If the node is already in Direct mode and you intend to reduce the
size of the LAN subnet, you should first remove the DHCP Reservations that
will fall outside of the address range you will be using. Note that the
automatically generated network address will change if the subnet size is
changed, and internally the DHCP Reservations are stored as offsets from
the network address, so address reservations which fall within the new subnet
size will be translated into the new subnet address space.</li>
</ol></p>
<p><strong>Port Forwarding</strong></p>
<p>It is still possible to do Port Forwarding in Direct mode, but you will only be allowed to select the WAN interface so Port Forwarding is only meaningful for WAN-connected nodes. Enter the Outside Port being passed to your node from its upstream gateway, select a LAN host to service the requests, and enter the LAN Port on that host which is listening for those requests. Finally, click <em>Add</em> to add the port forwarding rule.</p>
<p><strong>DNS Aliases</strong></p>
<p>DNS Aliases can be very useful in Direct mode. Enter an Alias Name that will be unique across the entire network, select a LAN host from the dropdown, and click <em>Add</em> to add the alias to the list. Once a DNS Alias has been defined then that alias name will be progagated across the mesh, even if the specific host's DHCP Reservation has the <em>Do Not Propagate</em> box checked. The DNS Alias name will also appear in the host dropdown so that you can define an Advertised Service that will be progagated to the mesh under that Alias Name.
</p>
<a name=tunnels><h2>Tunnel Connections</h2></a>
<p>The tunneling feature is now included by default. Click <b>Tunnel Server</b> to view the server settings. These include your node's tunnel server IP address and the DNS Name by which Internet connected devices can contact your server. To authorize a tunnel client connection, enter the client node name, a password that you want this client to use for authentication purposes, and an optional text description for the client connection. Click <em>Add</em> to add the new client to your clients list, and you can click the <em>Enable</em> checkbox to enable or disable this client connection. Finally, click <em>Save Changes</em> to save your tunnel server settings. Refer to the full AREDN&#174; documentation online for additional information.</p>
<p>Click <b>Tunnel Client</b> to enter the settings required in order for your node to make a client connection to a tunnel server on a remote node. Enter the DNS Server Name given to you by the tunnel server owner, as well as the password and network number they have assigned to your client. You may optionally enter a comment or description. Click <em>Add</em> to add the new server to your list, and you can click the <em>Enable</em> checkbox to enable or disable this tunnel connection. Finally, click <em>Save Changes</em> to save your tunnel client settings. You are allowed to delete client connection information by clicking the <em>Del</em> button at the right of each row.</p>
<p>For both the tunnel client and server connections, the cloud icon at the right of each row will change color to indicate whether the connection is active (blue) or not (gray).</p>
<a name=admin><h2>Administration</h2></a>
<p>This section allows you to update node firmware, manage add-on packages and authorized ssh keys, or create Support Data files.
</p>
<p>The <strong>Firmware Update</strong> section shows the current firmware version as well as the hardware type. There are three options for updating node firmware.
<ol>
<li>If you have a firmware image on your computer which you previously downloaded from the AREDN&#174; website, click the <em>Browse</em> button to select the firmware file to upload from your computer to your node. Click <em>Upload</em> and the new firmware will be uploaded and installed.<br><br></li>
<li>If the node has Internet access (either from its WAN port or across the mesh) you can use the <em>Download Firmware</em> option. Click <em>Refresh</em> to fetch the list of available images, then select the image to download. Click <em>Download</em> and wait for the firmware to be downloaded and installed.<br><br></li>
<li>If you have previously copied a new firmware image directly to your node, you can apply that new file by clicking <em>Apply Local Firmware</em>. This button will only be active if the node detects the new firmware file in the location and with the name shown next to the button.<br><br></li>
</ol>
</p>
<p>If you want to upgrade your node's firmware while keeping the existing configuration settings, click the <em>Keep Settings</em> checkbox.</p>
<p><strong>Package Management</strong> allows you to install and remove
software packages on the node. <em>Upload Package</em> allows you to
install a package file that you previously downloaded to your computer from the AREDN&#174; website. If your node has access to the Internet, <em>Download Package</em> allows you to retrieve a package over the Internet from the AREDN&#174; website. Click <em>Refresh</em> to populate the list of packages available for download, but do not do this unless necessary. The package information database is stored on the node and will use about 100KB of storage space, so only use this function if it is absolutely necessary.</p>
<p>The <strong>Remove Package</strong> list shows all packages on the
node. Selecting a package and clicking <em>Remove</em> will remove
the package. You will only be able to remove packages that you have
installed. All installed packages are shown but the set that comes
pre-installed is necessary for proper operation of the node and cannot be
deleted.</p>
<p><strong>Authorized SSH Keys</strong> are useful for both developers
and anyone managing a set of nodes. It allows connecting to a node via ssh
without having to enter the password. For developers, it also allows you to
easily scp an updated file to the node without having to reinstall the
firmware.</p>
<p>To generate an ssh key on a Linux system, issue the command
"<strong>ssh-keygen -t rsa</strong>" and press enter at all the prompts to
accept the defaults. This creates a file
called <strong>~/.ssh/id_rsa.pub</strong>, which is the file you upload to
install the key on the node. If you want to remove a key you can select it and
click the <em>Remove</em> button. The AREDN&#174; documentation online describes this process for MS Windows computer users.</p>
<hr>
<a name=advancedconfig><h2>Advanced Configuration</h2></a>
<p><b>WARNING:</b> Changing advanced settings can be harmful to the stability, security, and performance of the node and potentially the entire mesh network.
You should only continue if you are sure of what you are doing.</p>
<p>For specific guidance, hover over the help icon for each setting on the page.</p>
<hr><a name=failsafe><h2>Failsafe Feature</h2></a>
<p>The failsafe feature is a method for restoring a node to an operational state after it has fully booted its firmware.</p>
<ul>
<li>Press and hold the reset button for 5 seconds to reset the root password to 'hsmm' and clear DHCP leases.<br><br></li>
<li>Press and hold the reset button for 15 seconds to return the node to a "firstboot" configuration. All previous configuration settings will be lost.
</li>
</ul>
</body>
</html>