-
Notifications
You must be signed in to change notification settings - Fork 0
/
How To Mesh Router.page
56 lines (34 loc) · 2.27 KB
/
How To Mesh Router.page
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# How to Mesh Router
## Preparation
### Packages
The required packages are:
#. [Strongswan](https://stew.paranoidlabs.org/strongswan-5.5.1-1-x86_64.pkg.tar.xz)
#. [OpenNHRP](https://stew.paranoidlabs.org/opennhrp-0.14-1-x86_64.pkg.tar.xz)
* You also need [desist](https://github.com/Dean4Devil/desist), however that is not available as a package at the moment
#. [Bird](https://www.archlinux.org/packages/extra/x86_64/bird/)
Strongswan and OpenNHRP are also available from the plabs repository
### Certificates
Get yourself a [Machine Certificate]().
## Setting up strongswan
This article is not meant as an explanation as to why this works the way it does, see [DMVPN]() for that.
### Configuration
Download the attached `swanctl.conf` and `hub-common.conf` and drop them into your `/etc/swanctl/` directory.
### Certificates
#. Download the `RootCA`, `IntermediateCA` and `TechnologyCA` -Certificates from [pki.paranoidlabs.org](https://pki.paranoidlabs.org) and drop them into `/etc/swanctl/x509ca/`.
#. Download the `revoc.crt` and drop it into `/etc/swanctl/x509/`.
#. Rename your machine certificate to `mesh.der` and drop it into `/etc/swanctl/x509/`.
#. Drop your machine private key into either `/etc/swanctl/ecdsa/` or `/etc/swanctl/rsa/`, depending on it's type (if you are not sure which type you have, its most likely ECDSA).
## Setting up OpenNHRP
#. Download the attached opennrhp.conf and drop it into `/etc/opennhrp/`.
### Desist
#. Clone desist's repository
#. If you do not have clang installed, change the first line of the Makefile into `CC = gcc`
#. Compile using `make`
#. Move the created binary `desist` to `/etc/opennhrp/opennhrp-script`, replacing the existing script.
### Systemd
If you are using systemd, download the attached `opennrhp.service` and place it into `/etc/systemd/system/` (If you are using a more recent version of the OpenNHRP package it may come with a service file already - in that case *please* inform an admin to update this page.)
## Setting up Bird
#. Download the attached `bird.conf` and move it to `/etc/bird.conf`
#. **Change your Router ID!** Otherwise stuff **will** break and it will do so horribly.
#. Change interface names if necessary.
You can then set up additional dynamic routing, however this is out of the scope of this document.