From: "Linus Lüssing" <linus.luessing@web.de>
To: The list for a Better Approach To Mobile Ad-hoc Networking
<b.a.t.m.a.n@lists.open-mesh.org>
Subject: Re: [B.A.T.M.A.N.] Problems connecting VPN and WLAN with Batman-adv
Date: Fri, 2 Apr 2010 13:50:32 +0200 [thread overview]
Message-ID: <20100402115032.GA4984@Linus-Debian> (raw)
In-Reply-To: <201004021217.05045.clemens-john@gmx.de>
[-- Attachment #1: Type: text/plain, Size: 8605 bytes --]
> I use Fonera and Dlink Dir300 wich have a atheros chip inside.
Ah, great, those Dlink routers are the ones I'm using here too :).
> Yes the vpn network is created over lan.
> The VPN is created by an central openvpn server in tap mode and ping inside
> the vpn works without batman.
> The VPN is used to connect several mesh clouds which can´t sea each other
> wireless.
> Ping from one Mesh device to another meshdevice on the other side of the vpn
> tunnel works. I think because they are both in the 10.18.1.0/24 network.
>
> But the devices which are connected to the vpn network have a ip from
> 10.18.0.0/24 and should also be reachable from the 10.18.1.0/24 (wlan) network
> and this doesnt work so far.
Yes, you're right, if a host has a /24 subnet and wants to be able
to reach another host on a different /24 subnet, then they need an
extra (default) route entry in their routing table. In your setup,
why aren't you just using a /16 subnet instead if you want them to
reach each other over direct links without any routing?
> I can ping the mac adresses inside the vpn from the wlan network with batctl
> but not with normal ipv4 ping.
>
> > From the configuration now, it looks like you're having another
> > batman-adv on the other side of the vpn as you've assigned tap0 to
> > batman. So keep in mind that the recipient on the other side of the tunnel
> > will get batman-adv ethernet frames only which encapsulate the
> > payload - there has to be a batman-adv on the other side to unwrap
> > the IP packets again.
> > And if there is a batman-adv on the other side of the tunnel, make
> > sure the vpn itself is transporting whole ethernet frames and not
> > only ip packets (in tinc this is "switched" mode for instance or
> > in OpenVPN having "dev tap" and not "dev tun").
>
> Yes the setup is like you describe it.
Ups, ok, sooo, you want the complex stuff :)? Just want to note,
that this has not extensively been tested yet, I had just tried it
here with a friend and this test for one tunnel worked unexpectetly
good. However, we don't know yet if there might occure some
undesired things in larger scales. But if you are up to an
adventure and want to share your experiences with this, great :).
I think I'll better write a little description and article in our
wiki about how our test setup looks like as there seem to be some more
people getting interested in it.
And I also want to point out, that establishing such vpn inter
cloud links with the routers themselves has the following
downside: With tinc + those DIR300 routers, we measured a maximum
total throughput of 300kB/s which might be or might not be what
you are looking for. This is because VPN software is copying the
data from kernel to userspace and back a couple of times. Haven't
measured anything with OpenVPN though, but as far as I know they
are also doing this copying (there is no kernel module for OpenVPN
afaik).
Cheers, Linus
>
> I just give you an output of my devices on a Dir300 connected to vpn and wlan.
> Maybe this can be usefull for you.
>
> root@OpenWrt:~# ifconfig
> ath0 Link encap:Ethernet HWaddr 00:24:01:17:B7:55
> inet6 addr: fe80::224:1ff:fe17:b755/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:367 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 B) TX bytes:25573 (24.9 KiB)
>
> ath1 Link encap:Ethernet HWaddr 06:24:01:17:B7:55
> inet6 addr: fe80::424:1ff:fe17:b755/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:4979 errors:0 dropped:85 overruns:0 frame:0
> TX packets:2736 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:359248 (350.8 KiB) TX bytes:224416 (219.1 KiB)
>
> bat0 Link encap:Ethernet HWaddr 3A:53:93:D9:7D:15
> inet6 addr: fe80::3853:93ff:fed9:7d15/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1476 Metric:1
> RX packets:586 errors:0 dropped:0 overruns:0 frame:0
> TX packets:168 errors:0 dropped:15 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:34784 (33.9 KiB) TX bytes:27239 (26.6 KiB)
>
> br-mesh Link encap:Ethernet HWaddr 00:24:01:17:B7:55
> inet addr:10.18.1.101 Bcast:10.18.1.255 Mask:255.255.255.0
> inet6 addr: fe80::bca2:f0ff:fe00:96c8/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:586 errors:0 dropped:0 overruns:0 frame:0
> TX packets:176 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:34784 (33.9 KiB) TX bytes:28219 (27.5 KiB)
>
> eth0 Link encap:Ethernet HWaddr 00:24:01:17:B7:56
> inet addr:192.168.178.59 Bcast:192.168.178.255 Mask:255.255.255.0
> inet6 addr: fe80::224:1ff:fe17:b756/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:12931 errors:0 dropped:0 overruns:0 frame:0
> TX packets:3442 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1952051 (1.8 MiB) TX bytes:454599 (443.9 KiB)
> Interrupt:4 Base address:0x1000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:4 errors:0 dropped:0 overruns:0 frame:0
> TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:486 (486.0 B) TX bytes:486 (486.0 B)
>
> tap0 Link encap:Ethernet HWaddr 8E:61:AE:E8:03:4A
> inet addr:10.18.0.8 Bcast:10.18.0.255 Mask:255.255.255.0
> inet6 addr: fe80::8c61:aeff:fee8:34a/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:11484 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2232 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:726488 (709.4 KiB) TX bytes:164026 (160.1 KiB)
>
> wifi0 Link encap:UNSPEC HWaddr 00-24-01-17-
> B7-55-00-00-00-00-00-00-00-00-00-00
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:13256 errors:0 dropped:0 overruns:0 frame:197
> TX packets:3131 errors:8 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:195
> RX bytes:1887585 (1.7 MiB) TX bytes:321699 (314.1 KiB)
> Interrupt:3 Memory:b0000000-b000ffff
>
> > > My configs look like this:
> > >
> > > ---------------
> > > /etc/conf/network
> > > ---------------
> > > config 'interface' 'loopback'
> > >
> > > option 'ifname' 'lo'
> > > option 'proto' 'static'
> > > option 'ipaddr' '127.0.0.1'
> > > option 'netmask' '255.0.0.0'
> > >
> > > config 'interface' 'lan'
> > >
> > > option 'proto' 'dhcp'
> > > option 'ifname' 'eth0'
> > >
> > > config 'interface' 'mesh'
> > >
> > > option 'type' 'bridge'
> > > option 'ifname' 'ath0 bat0'
> > > option 'proto' 'static'
> > > option 'ipaddr' '10.18.1.101'
> > > option 'netmask' '255.255.255.0'
> > >
> > > config 'interface' 'vpn'
> > >
> > > option 'proto' 'none'
> > > option 'ifname' 'tap0'
> > >
> > > ---------------
> > > /etc/conf/wireless
> > > ---------------
> > > config wifi-device wifi0
> > >
> > > option type atheros
> > > option channel 6
> > >
> > > config wifi-iface
> > >
> > > option device wifi0
> > > option mode ahdemo
> > > option bssid 02:CA:FF:EE:BA:BE
> > >
> > > config wifi-iface
> > >
> > > option device wifi0
> > > option mode ap
> > > option ssid oldenburg.freifunk.net
> > >
> > > ---------------
> > > /etc/conf/batman-adv-kernelland
> > > ---------------
> > > config batman-adv-kernelland general
> > >
> > > option interface 'ath1 tap0'
> > > option originator_interval
> > > option log_level
> > >
> > > thanks
> > > Floh1111
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2010-04-02 11:50 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-01 22:54 [B.A.T.M.A.N.] Problems connecting VPN and WLAN with Batman-adv Clemens John
2010-04-02 6:52 ` Linus Lüssing
2010-04-02 10:17 ` Clemens John
2010-04-02 11:50 ` Linus Lüssing [this message]
2010-04-02 12:27 ` Clemens John
2010-04-02 16:00 ` Marek Lindner
2010-04-02 16:25 ` Bjoern Franke
2010-04-03 4:54 ` Marek Lindner
2010-04-04 15:41 ` Clemens John
2010-04-04 15:54 ` Marek Lindner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100402115032.GA4984@Linus-Debian \
--to=linus.luessing@web.de \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox