Add New Page: You are not allowed to add pages Select section/namespace. New page title.
 

What is a shared mesh key-chain

How to use a shared mesh key-chain to sign OLSR routes

How to use a shared mesh key-chain to sign OLSR routes

To use a shared mesh keychain across multiple nodes you will need to use the following instructions to do the following.

  • add a new key-chain on a node.
  • Download that key-chain.
  • Upload that key-chain on the other nodes that will be using it.

You can find the keychain menu in “Basic –> Security –> Shared Mesh Keychain”

Add a new key-chain

  • Go to the “Basic –> Security –> Shared Mesh Keychain” menu
    • If the menu is populated with the options to “upload, download, and create” a shared mesh keychain follow the “Delete a keychain” instructions below and then continue.
  • Click the add button

  • Click the “Create a new Shared Mesh Keychain file” button.

  • Click “Save and Apply” when asked to confirm the configuration.

  • Wait for the “Applying Changes” page to redirect you back to the status page.

Download the key-chain

  • Go to the “Basic –> Security –> Shared Mesh Keychain” menu
    • If the menu shows ONLY the “help text” and “add” button follow the “Add a new key-chain” instructions above then continue.

  • Click the “Download Shared Mesh Keychain” button.

  • This will start the download of a file called serval.keyring
  • This file is your shared mesh key-chain

Upload a Keychain

  • Get a valid key-chain downloaded from the node you wish to connect to using the “Download a key-chain” instructions above
  • Go to the “Basic –> Security –> Shared Mesh Keychain” menu
    • If the menu shows ONLY the “help text” and “add” button click the “add” button then continue. This not only adds a new key, which you don't need, but configures the device to use a key-chain file, which needs to be done to upload a key.
  • In the “Upload Shared Mesh Keychain File” box click on the “Choose File” button.

  • Select a key-ring file from your device and click “Open”
  • Click the “Save” Button
  • You do not have to click the “Save and Apply” button because we have not changed any settings, we have only replaced the keyring.

Delete a Keychain

  • Go to the “Basic –> Security –> Shared Mesh Keychain” menu
    • If the menu shows ONLY the “help text” and “add” button you do not have to delete your mesh key-chain, because you do not have one enabled.

  • Click the “delete” button at the top right of the screen.

  • Click “Save and Apply” when asked to confirm the configuration.

  • Wait for the “Applying Changes” page to redirect you back to the status page.

Share the key-chain

  • Follow the “Download a key-chain” instructions above from the router with a key-chain you wish to share
  • On the second node that you wish to use a shared mesh-keychain with follow the “Upload a key-chain instructions” above
  • Test that the two nodes can share traffic with each other.
    • If the keychains are uploaded and the nodes are not routing with each other try some of the “Troubleshooting” instructions below.

How to test that a shared mesh key-chain is being used

Troubleshooting

  • Problem #1: Incompatible Dates
    • TO TEST:
      • Go to the “Advanced –> Status” Menu on both nodes

  • If the “Local Time” on both nodes is the same then this is NOT your problem.
  • If not the same go to the “Advanced –> Network –> Diagnostics” menu on one of the nodes

  • In the first box “ping” type in the ip address of the other node (which can be found on the top right of the other nodes menu header as the “Mesh IP-Address.”

  • Click the “Ping” button.

  • If the ping is successful (see below) then follow the “TO FIX” instructions below.

  • If the ping failed (see below) then this is NOT your problem.

  • TO FIX:
    • On BOTH nodes do the following
    • Go to the “Advanced –> System” menu
    • On this page, under “System Properties –> Local Time” click the “Sync with browser” button

  • Wait one to three minutes for the nodes to recognize and add each other
  • If the other node does not show up in the “Basic –> Status” menu then this is NOT your problem.
  • Problem #2 MDP mismatch & Timing issues
    • TO TEST:
      • If you have just loaded the keys on to the nodes wait at least 5 minutes. It can take at least that much time for both nodes to sync with each other.
      • SSH into one of the nodes
      • Kill the current olsrd session by typing ```killall olsrd```
      • Start a new debugging session by typing ```olsrd -d 2 -f /var/etc/olsrd.conf```
      • Once olsrd is loaded it will start to output any errors it has encountered.
      • If you get a stream of output like the following this is NOT your issue

``` [MDP] Adding signature for packet size 20 [MDP] Adding signature for packet size 40 No Internet GWs detected… [MDP] Adding signature for packet size 20 [MDP] Adding signature for packet size 20 No Internet GWs detected… ```

  • If your output is producing errors about a “timing mismatch” then your nodes are attempting to synch their times.
    • To speed up this condition do the following
      • TODO: Sorry reader, documentation still needed