Continuing where I left off with my OpenWRT mesh nodes, after installing the OS, the next step is to get a mesh-enabled userspace on them.
One can use iw to create an open mesh, and the authsae daemon for secure mesh, and OpenWRT already ships both of those, so just installing those packages is really all that is required.
However, I’m currently working on a patchset to add mesh support to wpa_supplicant, which could be useful for platforms where wpa_s is already present and running yet another daemon just for secure mesh is unpalatable. Here’s the recipe I’m using to keep the latest version on the device and use it for day-to-day activities.
Since OpenWRT can use git as a package source and already does so for hostapd, building a custom wpa_supplicant is mainly a matter of just changing the git repository url and config. I made the following changes in the package/network/services/hostapd directory:
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/host index 6872742..5985339 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -10,10 +10,10 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd PKG_VERSION:=2014-06-03 PKG_RELEASE:=1 -PKG_REV:=84df167554569af8c87f0a8ac1fb508192417d8e +PKG_REV:=prepare-submit-v12 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git +PKG_SOURCE_URL:=https://github.com/cozybit/wpa_supplicant.git PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE_VERSION:=$(PKG_REV) PKG_SOURCE_PROTO:=git diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/packa index bbfaa73..4d9e00e 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -407,3 +407,9 @@ CONFIG_NO_RANDOM_POOL=y NEED_80211_COMMON=y CONFIG_IBSS_RSN=y + +CONFIG_AP=y +CONFIG_P2P=y +CONFIG_TDLS=y +CONFIG_SAE=y +CONFIG_MESH=y
(Offhand, I don’t know if P2P and TDLS are really required, but as it matches my existing config, we’ll go with that.)
You’ll also need to enable CONFIG_WPA_SUPPLICANT_OPENSSL=y in the OpenWRT menuconfig in order for SAE to link properly.
Rebuilding from scratch looks like this:
rm dl/hostapd-*.tar.bz2 make package/hostapd/{download,prepare,clean,compile,install} V=s
Once built, I have a simple script which copies over the bin/x86_64/packages/{hostapd*,wpa-s*}
files and then runs opkg install on each of the nodes.
To start the mesh, I use the following script:
#!/bin/bash pubip=`ip route get 8.8.8.8 | awk 'NR==1 {print $NF}'` last8=`echo $pubip | awk -F . '{print $4}'` meship=10.10.1.$last8 iface=wlan0 cat<<__EOM > wpa_s.conf network={ ssid="your-meshid-here" mode=5 frequency=2412 key_mgmt=SAE psk="your-pw-here" } __EOM ip addr flush $iface ip link set $iface down iw dev $iface set type mp ip link set $iface up ip addr add $meship/24 dev $iface killall wpa_supplicant wpa_supplicant -dd -i $iface -c wpa_s.conf >wpa_s.log 2>&1 &
In response to the previous blog post, Johannes Berg pointed out that running nfsroot and PXE booting these devices would be even easier than futzing with USB sticks and copying binaries back and forth. Unfortunately, the BIOS on these machines doesn’t appear to support netboot, and at least for now, I can’t be bothered to figure out how to do it from within grub. At any rate, I find this setup makes for a fairly painless compile / deploy / test cycle.