AREDN® Node Help

Table of Contents:

Notes:

Status Page

This is the first page you will see when accessing http://localnode/ or http://your-node-name/. The top bar displays the node name and also a tactical name if one has been assigned. For more about tactical names see the Basic Setup section.

Below the name bar are several control buttons. Some of these buttons may not be available depending on the current configuration of your node:

The remainder of this page displays the status of other node settings. The left column contains the details of the network interfaces used on this node, the default gateway if one is available, and the SSID, Channel, and Channel Width configured on the Mesh RF interface.

The right column contains the signal strength metrics (Signal/Noise/Ratio), which are a reading of the strongest RF neighbor signal (if any). The Charts page is described below. Other values include the firmware version, the system time, the node uptime since its last boot, the load average, the available storage/memory on the node, and the number of items seen by the mesh routing daemon (olsrd).


Charts Page

This page shows RF signal information in both a realtime and an archived view. The default view shows the average signal of all connected stations in realtime.
There are several control buttons below the node name:

Below these control buttons, you will see the "Selected Device" dropdown. This control will display each RF neighbor that is heard by your node. Depending on the information known about a given neighbor, the neighbor may be listed by one of the following:

By changing the "Selected Device" value, the chart will automatically reload to show that node's information. Hovering over a data point within the chart will show additional information for that specific data point, such as:

If no traffic is being routed to the neighbor, the rate and MCS values may be '0' until data is available to measure and determine the optimal settings. An MCS value of zero (0) may also include non-802.11n encoding schemes (ie. 802.11a/b/g). The small box with three vertical dots in the upper right of the page allows you to download the current snapshot of the chart to a file on your local computer.

Data shown in the Archive charts are not stored in permanent memory on the node. The node will store approximately two days of archived data. After a reboot, this data is cleared.

Chart Zooming

Audio Controls

The current Signal to Noise Ratio (SNR) is displayed to the left of the signal chart along with several audio controls. You can click the Sound On button to hear a tonal representation of your current SNR. Higher tone pitch indicates higher SNR values. Adjust the tone Pitch and Volume with the sliders, or you can turn off the tone by clicking the Off button.


Mesh Status

The Mesh Status page lists AREDN® mesh nodes, link quality information, and the services advertised on the network. There are four sections:

Link Quality (LQ) is the percent of packets received from the neighbor in the OLSR mesh routing protocol from the perspective of the local host. OLSR packets exchange routing, advertised services, and other information including a packet sequence number to determine missing packets to characterize the quality of the link.

Neighbor Link Quality (NLQ) is the percent of packets the neighbor received from the perspective of the local host in the OLSR mesh routing protocol. The NLQ is the LQ from the neighbor's perspective.

Expected Transmissions (ETX) is a Bernoulli statistic of how many packets must be transmitted to successfully receive the round trip acknowledgement between neighbor nodes and is calculated with this formula: ETX = 1/(LQ x NLQ). Between multiple hop nodes, this is calculated by adding up the ETX for each hop. "1" is a perfect RF link between neighbors. A DtDLink is fixed at ETX="0.1" for packets traversing an Ethernet cable. OLSR selects the neighbor to send traffic to based on the lowest cost ETX path to the final destination. ETX should be interpreted with care. From a quality perspective, the ETX for Remote Nodes is not an end-to-end metric in the same way as for adjacent neighbors. For example, two nodes that are 5 hops apart with zero packet loss between them is characterized with an ETX=5. A single hop with ETX=5 (LQ and NLQ is ~45%) will stream poor quality video (if usable at all) given the packet loss, but a five hop route between nodes with ETX=5 will deliver smooth streaming quality video.

Transmitted Mbps (TxMbps) is calculated with the formula (TxMbps = rate x EWMA) where rate is the 802.11 data rate in use by the transmitter and EWMA is the Exponentially Weighted Moving Average or the current time-weighted chance that a packet at this rate will reach the remote station. If no traffic is being routed to the neighbor, this value may be '0' until data is available to measure and determine the optimal rate. For further details: Rate Control Algorithm

Link Identifiers:


Basic Setup

This is where the basic networking settings are configured for the node. You generally will not need to change any of the settings on this page other than the node name and password. Do not change any of the network settings unless you fully understand how the mesh works and why the default may not be suitable for your situation. One reason AREDN® exists is to minimize or eliminate, as much as possible, the need to manually configure these types of network settings.

The buttons on this page work as follows:

Node Name sets the hostname for the node. Hostnames can contain letters, numbers, and dashes, but cannot begin or end with a dash. Underscores, spaces, or any other characters are not allowed. Hostnames are not case sensitive, but the case you enter will be preserved. Node names are prefixed with your callsign and may contain up to 63 characters, but it is best to keep node names as short as possible while still uniquely identifying the node.

Amateur radio operators are required to properly identify all transmitting stations. Therefore, the Node Name is beaconed automatically by the node every five minutes, so the hostname must contain your callsign. Recommended hostnames follow the (callsign)-(name) format, such as ad5oo-mobile or ad5oo-lhg-tower. This is similar to the MYCALL setting you would give a packet TNC, but without the 0-15 restriction for the name part.

It is here that you can also set a tactical name for your node. A tactical name is an alias which may be helpful during an emergency deployment where (for example) several Red Cross shelters are being linked. In addition to the normal hostname you can give each node a tactical name such as shelter1, shelter2, shelter-north. Tactical names have the same restrictions as hostnames and are accessible through DNS like the main node names. To set a tactical name, put a slash after the node name then give the tactical name. For example, "ad5oo-1/shelter5".

Password is where you set the administration password for the node. It needs to be entered again in the Retype Password field to verify its accuracy. It is only required the first time the node is configured, so afterward it is not necessary to change a password unless you want to. Note that these password entries are NOT encrypted in transit, so this is best done from a direct wired connection to the node.

Node Description is where you can enter additional info about the node, for example: "This device is maintained by (callsign). Please contact email@address for more info."

The Mesh RF, LAN, and WAN columns are where the details of each of these network interfaces are set.

Mesh RF Column

The Mesh RF column shows settings for the mesh radio interface, including the IP address, netmask, SSID, Channel, and Channel Width.

The final section of the Mesh RF column will show Power & Distance settings if you have the Link Quality Manager disabled.

If you have the Link Quality Manager enabled, the final section of the Mesh RF column will show Power & Link Quality settings. Refer to the full AREDN® documentation online for more information about the Link Quality Manager.

The settings in the lower Mesh RF section can be changed without rebooting the node by clicking the Apply button, but unless they are saved they will revert to the previously values after a reboot.

LAN Column

The LAN column displays the settings for the node's Local Area Network, including the network IP Address and netmask. The DHCP checkbox allows you to enable or disable the node's DHCP server, and it shows the final octet of the starting & ending DHCP address range based on the LAN Mode that you select from the top dropdown.

The default mode is 5 Host Direct and in this mode every host on the LAN has direct access to and from the mesh (ie., the LAN shares the same address space as the mesh). Port forwarding is not needed because NAT is not used, and there is no firewall between the LAN and the mesh. This mode was created because many services do not traverse NAT, and Direct mode also reduces the amount of manual configuration needed to provide services to the mesh.

The mesh address space is automatically managed, so in Direct mode the LAN is not user configurable. Anyone familiar with configuring home routers using static IP addresses should already be comfortable with this mode. Like commercial ISP access, you do not decide for yourself what the network parameters will be. You must use the parameters which are given to you by the ISP. But unlike most commercial ISP access, there is a DHCP server available on the mesh node to configure the hosts that are attached to its LAN.

The only configurable option available in Direct mode is the size of the LAN subnet which can accommodate either 1, 5, 13, or 29 LAN hosts. The 1 host subnet can be useful for either a single server or a commercial grade router using its own NAT which is capable of more advanced routing functions than those available on a mesh node. It is important not to use a subnet larger than is necessary because the chances of an IP address conflict on the mesh increase with the size of the subnet. The LAN subnet parameters are automatically generated and depend on the IP address of the Mesh RF interface. If a conflict does occur it can be fixed by changing the Mesh RF IP address.

The other LAN Mode is NAT, which stands for Network Address Translation. In this mode the LAN is isolated from the mesh and all outgoing traffic has its source address modified to be the Mesh RF IP address of the node. This is the same way that most home routers use an ISP Internet connection, and all services provided by computers on the LAN can only be accessed through port forwarding rules. A single DMZ server can be set up to accept all incoming traffic that is not already handled by other rules or by the node itself. See Port Forwarding below for additional information.

LAN Access Point

The LAN Access Point section will appear on devices having an unused radio interface. This allows the node to provide a standard FCC Part 15 wireless access point which local computers may connect to in order to obtain LAN access on the mesh node. It is configured similar to a typical home wifi access point.

The Enable checkbox allows you to enable or disable the LAN Access Point. If your node has more than one unused radio, then you may be able to select either the 2GHz or 5GHz band from the AP band dropdown. The SSID field allows you to create an SSID for client computers to use when connecting to your node's LAN network. Select a Wifi channel from the Channel dropdown. The default encryption is WPA2 PSK, and the password length must be between 8 and 63 characters. If the key is 64 characters, it is treated as hex encoded. A single quote character may not be used.

WAN Column

The WAN column displays the settings used to connect with an upstream network, which typically can provide Internet access. In the Protocol dropdown the default connection type is DHCP client mode, which requests its network settings from the upstream DHCP server. You can select Static mode, which allows you to specify a static WAN IP address for your node as well as the appropriate netmask and default gateway address. You can also select disabled to completely disable the node's WAN.

The DNS servers are set by default to Google DNS and should not be changed under normal circumstances. Many ISP's are adopting the practice of taking you to an ISP generated web page if you incorrectly type a URL or if the host you are trying to reach no longer exists. The proper behavior is for your browser to detect these error conditions itself and report them accordingly. Google follows the rules and allows for the proper operation of the network.

Advanced WAN Access

Allow others to use my WAN: When a node has Internet access from either its WAN or LAN, that access is available to the node itself and to any computer connected to the LAN network. When this option is enabled the node will also route traffic from its Mesh RF interface onto its WAN and typically out to the Internet. By default this is disabled since it is not a good practice to allow every remote mesh device to obtain Internet access through your node. If you choose to enable this option be aware that your node is transmitting as an FCC Part 97 amateur radio, so make sure that any Internet traffic sent over the radio complies with FCC Part 97 rules. If you simply want local wireless Internet access at a location, consider using a separate standard Part 15 access point instead of enabling this option on your node.

Prevent LAN devices from accessing WAN: Normally any devices connected to the node's LAN network will also have access to its WAN. Enabling this option will cause the node not to give LAN devices access to the WAN. This means that computers on this node's LAN will only use the 10.0.0.0/8 and 172.16.0.0/12 mesh network ranges. With this setting enabled you will not be able to access the Internet, even if your node has Internet available on its WAN port. This also applies to Internet available over the mesh. Use this only if your node needs to be connected to two networks at once, such as wired to the mesh as well as WiFi to a local served agency network.

WAN Wifi Client

The WAN Wifi Client feature allows you to connect an unused radio on your node to a local Wifi AP that can provide Internet access or some other type of network access. This can be useful in situations when you have no way to cable your node to a local router for WAN Internet access. Enabling the WAN Wifi Client will disable the WAN vlan which prevents your node from using its physical Ethernet port for WAN access.

Use the Enable checkbox to enable or disable the WAN Wifi Client. Type the SSID and password that are required to make a Part 15 Wifi connection to the local Wifi Access Point. If your node has more than one unused radio interface, then the WAN Wifi client band dropdown will be displayed allowing you to select the node's radio that you want to use. The password length must be a minimum of 8 and maximum of 64 characters. If the key length is 64, it is treated as hex encoded. If the password field is empty (length = 0), then no encryption will be used to connect to an open AP. A single quote character may not be used.

Optional Settings

If you choose to specify your latitude, longitude, and gridsquare for location purposes, the lat/lon values should be in decimal format (ex. 30.444522 and -95.111234). If you will be enabling the Link Quality Manager, be sure to enter accurate GPS coordinates on your node.

You can also set the timezone where your node is located as well as entering an NTP server that the node can connect to for time updates. You must click Save Changes to save the new timezone and NTP server settings.


Port Forwarding, DHCP, Services, and Aliases

The buttons on this page works as follows:

NAT Mode Operation

The way this page works depends on whether the LAN is operating in NAT mode or Direct mode. First we will cover NAT mode, where hosts on the LAN are insulated from both the Wifi and WAN interfaces by a firewall. This makes them inaccessible from either of these interfaces unless Port Forwarding is set up. Here are some common ports that may need to be forwarded:

Port forwarding will redirect inbound connections from the Wifi, WAN, or both interfaces and forward them to an IP address and port on the LAN. The destination port number need not be the same. If you have hosts on the LAN that provide services you want to make available to the mesh, a Port Forwarding rule will be required to make that connection possible.

If you want to forward a range of ports, the Outside Port field will accept a hyphen-separated range in the form "xxxx-xxxx". When doing this, set the LAN Port to the low value of the port range. When forwarding a port range the Outside and LAN ports must match.

If you want to forward every port that is not already in use to a single computer on the LAN, choose that computer's IP Address from the DMZ Server dropdown. There can be only one DMZ Server. Be aware that this bypasses the firewall in the node, so the DMZ server should run its own firewall to prevent unauthorized access.

Example:
On the LAN of a mesh node called ad5oo-mobile there is an IP camera that is running its own web server. The address of that camera is 172.27.0.240. To make that camera available to everyone on the mesh, create a port forwarding rule on the WiFi interface whose Outside Port is 8100, with an LAN IP of 172.27.0.240 and LAN Port of 80. This takes all connections to port 8100 on ad5oo-mobile and redirects them to port 80 on 172.27.0.240. In a web browser on a remote computer connected to the mesh you would go to http://ad5oo-mobile:8100 to view the IP camera.

Note that port forwarding to an FTP server, which uses both ports 20 and 21, can be done with a single rule using port 21 if the ftp client is capable of using passive ftp mode. Web browsers are able to do this and handle ftp downloads seamlessly.

Advertised Services

When you want to let others know about services you are providing, the Advertised Services you create will appear on the Mesh Status page of all other nodes. All advertised services need a name, and no services can be advertised until at least one port forwarding rule or a DMZ server has been defined.

If your service is accessible via web browser, such as from a web or ftp server, you can make the name appear as a clickable link by checking the Link box. All links need two parameters: a protocol and a port number. Web servers use the http protocol and ftp servers use the ftp protocol. Other services may use other protocols. The port number should be the one used as the Outside Port in the forwarding rule through which the service can be accessed. In the last field you can enter an optional link suffix to a more specific path if needed, such as the name of a specific page on a web server or a directory or file on an ftp server.

DHCP Address Reservations

If you are providing services to the mesh from hosts on the LAN you will want to either override or make permanent the automatically assigned IP address for that host. The DHCP Address Reservations section is where you do that. In order for port forwarding to work, the IP address must match that of the destination host. If the LAN device is currently connected and has been given an IP address by DHCP it will be listed under Current DHCP Leases. If you click the Add button next to the lease it will be added to the DHCP Reservations list. You can leave the information as it is or edit it to suit your needs. You can also manually enter your own information into the blank fields under DHCP Reservations and click Add there to create your own entry.

For each of the sections on this page, simply entering information into the fields is not enough. The settings are not updated until the Add button is clicked. Before saving changes the new fields must be either added or cleared.

DNS Aliases

This section allows you to give a LAN host a more meaningful name than the existing hostname. Enter the Alias Name and select the host from the IP Address dropdown, then click Add. This option is more useful in Direct Mode as described below.

Direct Mode Operation

When the LAN is operating in Direct mode this page works a little differently, since in Direct mode the LAN hosts are accessed directly from the mesh and no port forwarding is involved. The Advertised Services are defined using existing LAN hosts, and this is determined by the DHCP Address Reservations that are defined. After the DHCP Reservations have been assigned, services can be advertised in the same way as before with the additional requirement of selecting the name of the host that is providing the service.

Another difference in Direct mode is that the hostnames used in DHCP Reservations are also advertised to the mesh and therefore must be unique across the entire network. For example, "raspberrypi" might be a typical server name but it is a poor choice for a mesh hostname because there can be only one host with this name on the entire mesh. Just as you used your callsign in the node name, it would also be a good idea to use it in DHCP Reservation hostnames. Therefore, "ad5oo-raspberrypi" is a good hostname since it will be unique and only the callsign holder needs to keep track of the hostnames he is assigning to his devices.

NOTE: If you do not want OLSR to propagate a LAN hostname across the mesh, you can click the Do Not Propagate checkbox. This will prevent your LAN host from being displayed on the Mesh Status pages of other mesh nodes, making it inaccessible from across the network.

The hostnames being discussed here are those that are defined under DHCP Reservations and available to the mesh, not those of the LAN hosts themselves. While it is convenient for them to be the same, there is no requirement that they must be. For example, the name "ad5oo-raspberrypi" used above can be the mesh name for a host that calls itself "skywalker". But be aware that if this host is a webserver, the webserver configuration should use the name "ad5oo-raspberrypi" because the name "skywalker" will not be known on the mesh and any pages the webserver generates itself such as error pages may use the "skywalker" name.

There are two considerations to keep in mind regarding the size of the subnet chosen for the LAN.

  1. When using a one host subnet, the DHCP Reservation used for that single host will prevent any other host from receiving a DHCP lease. So if for some reason the original host is not connected to the LAN and you need to get back into the node to reconfigure it, the easiest way is to access it from a different node on the mesh.
  2. If the node is already in Direct mode and you intend to reduce the size of the LAN subnet, you should first remove the DHCP Reservations that will fall outside of the address range you will be using. Note that the automatically generated network address will change if the subnet size is changed, and internally the DHCP Reservations are stored as offsets from the network address, so address reservations which fall within the new subnet size will be translated into the new subnet address space.

Port Forwarding

It is still possible to do Port Forwarding in Direct mode, but you will only be allowed to select the WAN interface so Port Forwarding is only meaningful for WAN-connected nodes. Enter the Outside Port being passed to your node from its upstream gateway, select a LAN host to service the requests, and enter the LAN Port on that host which is listening for those requests. Finally, click Add to add the port forwarding rule.

DNS Aliases

DNS Aliases can be very useful in Direct mode. Enter an Alias Name that will be unique across the entire network, select a LAN host from the dropdown, and click Add to add the alias to the list. Once a DNS Alias has been defined then that alias name will be progagated across the mesh, even if the specific host's DHCP Reservation has the Do Not Propagate box checked. The DNS Alias name will also appear in the host dropdown so that you can define an Advertised Service that will be progagated to the mesh under that Alias Name.

Tunnel Connections

The tunneling feature is now included by default. Click Tunnel Server to view the server settings. These include your node's tunnel server IP address and the DNS Name by which Internet connected devices can contact your server. To authorize a tunnel client connection, enter the client node name, a password that you want this client to use for authentication purposes, and an optional text description for the client connection. Click Add to add the new client to your clients list, and you can click the Enable checkbox to enable or disable this client connection. Finally, click Save Changes to save your tunnel server settings. Refer to the full AREDN® documentation online for additional information.

Click Tunnel Client to enter the settings required in order for your node to make a client connection to a tunnel server on a remote node. Enter the DNS Server Name given to you by the tunnel server owner, as well as the password and network number they have assigned to your client. You may optionally enter a comment or description. Click Add to add the new server to your list, and you can click the Enable checkbox to enable or disable this tunnel connection. Finally, click Save Changes to save your tunnel client settings. You are allowed to delete client connection information by clicking the Del button at the right of each row.

For both the tunnel client and server connections, the cloud icon at the right of each row will change color to indicate whether the connection is active (blue) or not (gray).

Administration

This section allows you to update node firmware, manage add-on packages and authorized ssh keys, or create Support Data files.

The Firmware Update section shows the current firmware version as well as the hardware type. There are three options for updating node firmware.

  1. If you have a firmware image on your computer which you previously downloaded from the AREDN® website, click the Browse button to select the firmware file to upload from your computer to your node. Click Upload and the new firmware will be uploaded and installed.

  2. If the node has Internet access (either from its WAN port or across the mesh) you can use the Download Firmware option. Click Refresh to fetch the list of available images, then select the image to download. Click Download and wait for the firmware to be downloaded and installed.

  3. If you have previously copied a new firmware image directly to your node, you can apply that new file by clicking Apply Local Firmware. This button will only be active if the node detects the new firmware file in the location and with the name shown next to the button.

If you want to upgrade your node's firmware while keeping the existing configuration settings, click the Keep Settings checkbox.

Package Management allows you to install and remove software packages on the node. Upload Package allows you to install a package file that you previously downloaded to your computer from the AREDN® website. If your node has access to the Internet, Download Package allows you to retrieve a package over the Internet from the AREDN® website. Click Refresh to populate the list of packages available for download, but do not do this unless necessary. The package information database is stored on the node and will use about 100KB of storage space, so only use this function if it is absolutely necessary.

The Remove Package list shows all packages on the node. Selecting a package and clicking Remove will remove the package. You will only be able to remove packages that you have installed. All installed packages are shown but the set that comes pre-installed is necessary for proper operation of the node and cannot be deleted.

Authorized SSH Keys are useful for both developers and anyone managing a set of nodes. It allows connecting to a node via ssh without having to enter the password. For developers, it also allows you to easily scp an updated file to the node without having to reinstall the firmware.

To generate an ssh key on a Linux system, issue the command "ssh-keygen -t rsa" and press enter at all the prompts to accept the defaults. This creates a file called ~/.ssh/id_rsa.pub, which is the file you upload to install the key on the node. If you want to remove a key you can select it and click the Remove button. The AREDN® documentation online describes this process for MS Windows computer users.


Advanced Configuration

WARNING: Changing advanced settings can be harmful to the stability, security, and performance of the node and potentially the entire mesh network. You should only continue if you are sure of what you are doing.

For specific guidance, hover over the help icon for each setting on the page.


Failsafe Feature

The failsafe feature is a method for restoring a node to an operational state after it has fully booted its firmware.