This code provides provisioning and authentication services for a Wi-Fi mesh network employing BATMAN-adv at layer-2 on Ubuntu, and is based on the configuration provided here, from: Technology Innovation Institute (TII).
The Server side authenticates nodes validating certificates based on the Elliptic Curve Integrated Encryption Scheme (ECIES). The code can be found here.
Initially, the client sends a request to join the mesh network. This request is attached with node certificates. Once the server validates the certificate, it encrypts the mesh parameters and sends them back to the requested node. The client detects the OS that is running (Ubuntu or OpenWRT) and sets the specific configuration of the mesh network.
To get started, either
- Copy the install.sh script to the home folder of your mounted Ubuntu drive.
- On your host machine, copy download the install.sh script from this repo into your home folder.
Once you have done this, startup your host machine and run install.sh.
cd ~
sudo ./install.shThis script will do the following...
- Give you the option to connect to an access point (N.B. This should be the same network as your server).
- Download all required packages.
- Clone this repository (https://github.com/tiiuae/sc-mesh-secure-deployment.git)
Once this process is complete, you should now have a git repo called sc-mesh-secure-deployment in your home directory alongside the install.sh script.
cd sc-mesh-secure-deploymentUsing the configure.sh script, you can now set up two different configurations, server and client, as well as either connect to an access point or set your machine up as an access point.
./configure.sh --helpYour server will provide the necessary authentication certificates for you mesh network, as well as avahi services to allow clients to autodiscover the authentication server and automatically fetch these certificates. The configure.sh script should guide you through the process. The server must be executed on the /home//sc-mesh-secure-deployment path. To set your machine up as a server, please run...
./configure.sh -sLikewise, the configure.sh script should guide you through the process of setting your host up as a mesh client.
- It will automatically try to discover the server through avahi in order to fetch the certificates (make sure you are connected to the same network as the server during this process!).
- The FIRST node to connect to the server will automatically be set up as the mesh gateway, thus providing the mesh with internet access.
To set your machine up as a client, please run...
sudo ./configure.sh -cPlease note that when the configuration is complete the node will reboot and automatically connect to the BATMAN-adv L2 network. You now have three options:
- Leave the client as a L2 router with BATMAN-adv.
- Set a secondary wlan interface as a Wi-Fi Access Point to allow you to connect STA devices to the network.
- Set a secondary wlan interface to connect to a Wi-Fi AP and act as gateway.
To set your client up as an access point, the configuration script has an -ap option that allows you to either connect to or create an Access Point. Run the configuration script as follows...
./configure.sh -apOn the server open a web browser and type...
http://127.0.0.1:5000A web page with the authenticated and no-authenticated nodes should be displayed
