How To – Simple Tunnel to CVADN

Since most of us aren’t able to connect to one of the backbone nodes from home, tunneling seems useful for development, testing, and exercising our skills. With a tunnel client at your house, any device connected to that node will see the CVADN network as if you were connected via RF. There is an AREDN tunnel server running at the W4UVA backbone site and accessible over the Internet.

There are lots of options for hooking up a mesh node for tunneling at home, but most of them require a deep dive into AREDN configuration and the world of virtual local area networks (VLANs). If you don’t have a VLAN-capable Ethernet switch that all your devices are connected to, you are stuck before you even start.

The good news is that there are several AREDN-capable devices that will allow you to tunnel one computer to the mesh network without getting into VLANs. I’ll use the GL.iNET GL-AR750 (the Creta, not the “S” model) as an example. It looks like this:

GL-AR750

Because the WAN (Internet), DtD (device-to-device, for linking multiple AREDN nodes together), and LAN (local network where your computer is connected) networks are brought out to three separate Ethernet connectors, you don’t need to use VLANs. You plug the WAN port into your home network; ignore the DtD port; and plug your computer’s Ethernet into the LAN port. (Any of the AREDN devices that bring the WAN and LAN out on separate physical Ethernet ports will work. Currently, the list includes the Mikrotik hAP AC Lite, Ubiquiti AirRouter and AirRouter HP, GL.iNet GL-AR150, GL-AR300M16, and GL-AR750. See details about port assignments at https://github.com/aredn/aredn#ethernet-port-usage.)

Once you’ve chosen a device for your tunnel node, the next step is to replace the stock firmware on the device with the AREDN firmware. Instructions for all the supported devices are on the AREDN site at https://arednmesh.org,

Once you’ve loaded the AREDN firmware, configure the node as follows (the Mesh RF IP address and LAN addresses will be automatically assigned):

Basic Setup screen

A couple of things to note. First, these devices support only the 2.4 GHz radio for mesh, so if you want to play with other mesh nodes over RF at home, they’ll need to be 2.4 GHz. You can use the 5.8 GHz radio for a normal WiFi access point, though.

Second, I have found that tunneling only works if you have the LAN side configured for one of the “Host Direct” modes. I tried “NAT” and nothing worked right. Looks like either a bug or a restriction in the AREDN software due to some subtlety of which I’m unaware.

After your node is configured, you’ll want to go to the “Tunnel Client” page and follow the instructions for installing the tunnel client package. Make sure you have the WAN port plugged in to your home network, or this step won’t work. After the installation and reboot, you will see:

AREDN Tunnel Client Setup

The “Pwd” and “Network” are assigned by the tunnel server operator, so drop me a note with the exact Node Name of the AREDN node running your Tunnel Client. I’ll create credentials and tell the tunnel server to recognize you.

Once your tunnel is connected, things work just as if you were linked up via RF. We obviously can’t count on this in a real incident, but it should be very useful for keeping our skills sharp.