WormHole

TableOfContents

back to http://scratchpad.wikia.com/wiki/Sasecurity

adfaf
Yes, I have that option changed and now I'm waiting for a quiet time to reboot the main gateway node. I'll likely do it middle of the week - middle of the night. I hate rebooting gateways! I'll let everyone know if that works for me. Plus, once I have this lined up, I'll update the Wiki on the new(er) procedure. It seems out of date.

> Just to confirm, Feeed has had wormholing working for well over a year now. > > As it went a bit mad, when LW changed the default for "Maintain Dynamic DNS Entry" from Yes to No. That had us chasing our tails a bit > (although LW did not say this, I would thank the guy who pinged all the > Wiana addresses and posted the live ones here for that - pr*t!) > > Anyway, yes it worked, and is still working with a good mixture of builds > here. > > Note that the "Maintain Dynamic dns Entry" option only appears on a Gateway > Node

> I didn't reply as Ian replyed with the correct instructions although I would > use Wormhole Transport TCP not UDP. > > The key is the DNS setting. > > Sorry im using qcode to do it, I just asumed the same way would work

> > > Hmmm.. > > > > > > Still not working. According to Wiki, I leave "wormhole hub address" > > > blank on the hub - that makes sense. I put in the real-world static > > > IP (not Wiana IP anymore) of my primary gateway (has full > > > connectivity) in that field on the other gateway node that I wish to > > > have connecting back to the hub. > > > > > > The primary gateway (dual radio unit) now shows TWO 10.x.x.x > > > interfaces, so that tells me that it has created an interface, which > > > is showing up as br5. However, the tunnel just doesn't seem to be > > > forming. I can not ping or ssh from one gateway to the other. > > > > > > I must be missing something. This is one area that the Wiki needs to > > > be cleaned up a bit - it's rather vague. Maybe I can figure it out > > > and add those updates once it becomes apparent.

> > >> Its much moe relaible not to use the wiana ip / ddns service for > > >> this. Just use the lan seting and point each gateway directly to > > >> the public ip for the other one.

> > >>> I have 2 gateways that I want to link by a wormhole connection. I > > >>> followed the instructions in the Wiki: > > >>> > > >>> I have checked "Wormhole Capable" on both nodes. I have assigned > > >>> each the same "wormhole key". I made wormhole type "internet" on > > >>> both nodes. I set wormhole transport to "tcp" on each node. I > > >>> chose the one with full IP connectivity to be my hub, and on the > > >>> other I put the Wiana IP address (1.x.x.x) in the wormhole hub > > >>> address field. > > >>> > > >>> But I don't have a wormhole :( > > >>> > > >>> This has me wondering - should "wormhole capable" be turned on > > >>> ONLY on the node with full connectivity? Should I use UDP vs. TCP, > > >>> or will it matter as long as both are the same? My primary gateway > > >>> has two wlan interfaces, will this cause a problem (because the > > >>> other node now shows a 10.x.x.x interface - which the primary > > >>> gateway already had)? > > >>> > > >>> I've looked around at ifconfig and I'm not seeing any connection > > >>> that would be used as a wormhole - it's all the various tun's, > > >>> eth's, wlan's and such. I would assume it would be a tun > > >>> connection, but I'm not seeing one with the cell ID for the backup > > >>> gateway. > > >>> > > >>> Any ideas on what has me messed up?

Subject:	RE: [MeshAPuser] Wormhole connections

Just to confirm, Feeed has had wormholing working for well over a year now. As Craig said, it went a bit mad, when LW changed the default for "Maintain Dynamic DNS Entry" from Yes to No. That had us chasing our tails a bit (although LW did not say this, I would thank the guy who pinged all the Wiana addresses and posted the live ones here for that - pr*t!)

Note that the "Maintain Dynamic dns Entry" option only appears on a Gateway Node

I didn't reply as Ian replyed with the correct instructions although I would use Wormhole Transport TCP not UDP.

The key is the DNS setting. > Sorry im using qcode to do it, I just asumed the same way would work > on the lw distro.

Wormhole connections
> > Still not working. According to Wiki, I leave "wormhole hub address" > > blank on the hub - that makes sense. I put in the real-world static > > IP (not Wiana IP anymore) of my primary gateway (has full > > connectivity) in that field on the other gateway node that I wish to > > have connecting back to the hub. > > > > The primary gateway (dual radio unit) now shows TWO 10.x.x.x > > interfaces, so that tells me that it has created an interface, which > > is showing up as br5. However, the tunnel just doesn't seem to be > > forming. I can not ping or ssh from one gateway to the other. > > > > I must be missing something. This is one area that the Wiki needs to > > be cleaned up a bit - it's rather vague. Maybe I can figure it out > > and add those updates once it becomes apparent.

> >> Its much moe relaible not to use the wiana ip / ddns service for > >> this. Just use the lan seting and point each gateway directly to > >> the public ip for the other one.

> >>> I have 2 gateways that I want to link by a wormhole connection. I > >>> followed the instructions in the Wiki: > >>> > >>> I have checked "Wormhole Capable" on both nodes. I have assigned > >>> each the same "wormhole key". I made wormhole type "internet" on > >>> both nodes. I set wormhole transport to "tcp" on each node. I > >>> chose the one with full IP connectivity to be my hub, and on the > >>> other I put the Wiana IP address (1.x.x.x) in the wormhole hub > >>> address field. > >>> > >>> But I don't have a wormhole :( > >>> > >>> This has me wondering - should "wormhole capable" be turned on > >>> ONLY on the node with full connectivity? Should I use UDP vs. TCP, > >>> or will it matter as long as both are the same? My primary gateway > >>> has two wlan interfaces, will this cause a problem (because the > >>> other node now shows a 10.x.x.x interface - which the primary > >>> gateway already had)? > >>> > >>> I've looked around at ifconfig and I'm not seeing any connection > >>> that would be used as a wormhole - it's all the various tun's, > >>> eth's, wlan's and such. I would assume it would be a tun > >>> connection, but I'm not seeing one with the cell ID for the backup > >>> gateway. > >>> > >>> Any ideas on what has me messed up?

I didn't reply as Ian replyed with the correct instructions although I would use Wormhole Transport TCP not UDP.

The key is the DNS setting.

> Sorry im using qcode to do it, I just asumed the same way would work on the > lw distro.

> > Still not working. According to Wiki, I leave "wormhole hub address" blank > > on the hub - that makes sense. I put in the real-world static IP (not > > Wiana IP anymore) of my primary gateway (has full connectivity) in that > > field on the other gateway node that I wish to have connecting back to the > > hub. > > > > The primary gateway (dual radio unit) now shows TWO 10.x.x.x interfaces, > > so that tells me that it has created an interface, which is showing up as > > br5. However, the tunnel just doesn't seem to be forming. I can not ping > > or ssh from one gateway to the other. > > > > I must be missing something. This is one area that the Wiki needs to be > > cleaned up a bit - it's rather vague. Maybe I can figure it out and add > > those updates once it becomes apparent. > > > > Best regards, > > Kb > > > > On Jun 18, 2005, at 12:18 AM, Tim Schaeffer wrote: > > > >> Its much moe relaible not to use the wiana ip / ddns service for this. > >> Just use the lan seting and point each gateway directly to the public ip > >> for the other one.

> >>> I have 2 gateways that I want to link by a wormhole connection. I > >>> followed the instructions in the Wiki: > >>> > >>> I have checked "Wormhole Capable" on both nodes. I have assigned each > >>> the same "wormhole key". I made wormhole type "internet" on both nodes. > >>> I set wormhole transport to "tcp" on each node. I chose the one with > >>> full IP connectivity to be my hub, and on the other I put the Wiana IP > >>> address (1.x.x.x) in the wormhole hub address field. > >>> > >>> But I don't have a wormhole :( > >>> > >>> This has me wondering - should "wormhole capable" be turned on ONLY on > >>> the node with full connectivity? Should I use UDP vs. TCP, or will it > >>> matter as long as both are the same? My primary gateway has two wlan > >>> interfaces, will this cause a problem (because the other node now shows > >>> a 10.x.x.x interface - which the primary gateway already had)? > >>> > >>> I've looked around at ifconfig and I'm not seeing any connection that > >>> would be used as a wormhole - it's all the various tun's, eth's, wlan's > >>> and such. I would assume it would be a tun connection, but I'm not > >>> seeing one with the cell ID for the backup gateway. > >>> > >>> Any ideas on what has me messed up?

Sorry im using qcode to do it, I just asumed the same way would work on the lw distro.

> Still not working. According to Wiki, I leave "wormhole hub address" blank > on the hub - that makes sense. I put in the real-world static IP (not > Wiana IP anymore) of my primary gateway (has full connectivity) in that > field on the other gateway node that I wish to have connecting back to the > hub. > > The primary gateway (dual radio unit) now shows TWO 10.x.x.x interfaces, > so that tells me that it has created an interface, which is showing up as > br5. However, the tunnel just doesn't seem to be forming. I can not ping > or ssh from one gateway to the other. > > I must be missing something. This is one area that the Wiki needs to be > cleaned up a bit - it's rather vague. Maybe I can figure it out and add > those updates once it becomes apparent.

>> Its much moe relaible not to use the wiana ip / ddns service for this. >> Just use the lan seting and point each gateway directly to the public ip >> for the other one.

>>> I have 2 gateways that I want to link by a wormhole connection. I >>> followed the instructions in the Wiki: >>> >>> I have checked "Wormhole Capable" on both nodes. I have assigned each >>> the same "wormhole key". I made wormhole type "internet" on both nodes. >>> I set wormhole transport to "tcp" on each node. I chose the one with >>> full IP connectivity to be my hub, and on the other I put the Wiana IP >>> address (1.x.x.x) in the wormhole hub address field. >>> >>> But I don't have a wormhole :( >>> >>> This has me wondering - should "wormhole capable" be turned on ONLY on >>> the node with full connectivity? Should I use UDP vs. TCP, or will it >>> matter as long as both are the same? My primary gateway has two wlan >>> interfaces, will this cause a problem (because the other node now shows >>> a 10.x.x.x interface - which the primary gateway already had)? >>> >>> I've looked around at ifconfig and I'm not seeing any connection that >>> would be used as a wormhole - it's all the various tun's, eth's, wlan's >>> and such. I would assume it would be a tun connection, but I'm not >>> seeing one with the cell ID for the backup gateway. >>> >>> Any ideas on what has me messed up?

Its as hot here as the Carribean so Im in the sun at moment. I have the instructions needed to setup the wormhole which I will find and post in a couple of hours. A few builds ago the wormhole feature changed/broke. From what I see you have mostly all the correct settings. > Still not working. According to Wiki, I leave "wormhole hub address" > blank on the hub - that makes sense. I put in the real-world static IP > (not Wiana IP anymore) of my primary gateway (has full connectivity) in > that field on the other gateway node that I wish to have connecting > back to the hub. > > The primary gateway (dual radio unit) now shows TWO 10.x.x.x > interfaces, so that tells me that it has created an interface, which is > showing up as br5. However, the tunnel just doesn't seem to be forming. > I can not ping or ssh from one gateway to the other. > > I must be missing something. This is one area that the Wiki needs to be > cleaned up a bit - it's rather vague. Maybe I can figure it out and add > those updates once it becomes apparent.

> > Its much moe relaible not to use the wiana ip / ddns service for this. > > Just use the lan seting and point each gateway directly to the public > > ip for the other one.

> >> I have 2 gateways that I want to link by a wormhole connection. I > >> followed the instructions in the Wiki: > >> > >> I have checked "Wormhole Capable" on both nodes. I have assigned each > >> the same "wormhole key". I made wormhole type "internet" on both > >> nodes. I set wormhole transport to "tcp" on each node. I chose the > >> one with full IP connectivity to be my hub, and on the other I put > >> the Wiana IP address (1.x.x.x) in the wormhole hub address field. > >> > >> But I don't have a wormhole :( > >> > >> This has me wondering - should "wormhole capable" be turned on ONLY > >> on the node with full connectivity? Should I use UDP vs. TCP, or will > >> it matter as long as both are the same? My primary gateway has two > >> wlan interfaces, will this cause a problem (because the other node > >> now shows a 10.x.x.x interface - which the primary gateway already > >> had)? > >> > >> I've looked around at ifconfig and I'm not seeing any connection that > >> would be used as a wormhole - it's all the various tun's, eth's, > >> wlan's and such. I would assume it would be a tun connection, but I'm > >> not seeing one with the cell ID for the backup gateway. > >> > >> Any ideas on what has me messed up?

Wormholing does work! We use at www.sussexnetshare.net Must change on hub only from default Maintain dynamic dns entry No to yes and also made sure port 51010 is open on the hubs router. Need a name for the wormhole which is used on all the nodes. Leave blank on hub Wormhole hub address: Say yes to wormhole capable and use wormhole type internet and  probably Udp

On all the other gateway nodes you need the same wormhole name, yes to wormhole capable, and wiana IP addreess for the hub wormhole in the wormhole hub address. You need default no on maintain dynamic dns entry on all the other gateways.

I hope this helps. At the moment we are restricting the wormhole only to be open on gateway nodes as seems to be consuming a lot of bandwidth

> Are you saying wormhole works for you if the dns settings for the worming > nodes are STATIC and you are using public IP of the hub.. Been trying to > get > wormholing working for ages.. Everyone else rekons it just doesn't work.. > > Joel.. Jon any comments..?

>> Its much moe relaible not to use the wiana ip / ddns service for this. >> Just >> use the lan seting and point each gateway directly to the public ip for >> the >> other one.

>>> I have 2 gateways that I want to link by a wormhole connection. I >>> followed >>> the instructions in the Wiki: >>> >>> I have checked "Wormhole Capable" on both nodes. I have assigned each >>> the >>> same "wormhole key". I made wormhole type "internet" on both nodes. I >>> set >>> wormhole transport to "tcp" on each node. I chose the one with full IP >>> connectivity to be my hub, and on the other I put the Wiana IP address >>> (1.x.x.x) in the wormhole hub address field. >>> >>> But I don't have a wormhole :( >>> >>> This has me wondering - should "wormhole capable" be turned on ONLY on >>> the >>> node with full connectivity? Should I use UDP vs. TCP, or will it matter >>> as long as both are the same? My primary gateway has two wlan >>> interfaces, >>> will this cause a problem (because the other node now shows a 10.x.x.x >>> interface - which the primary gateway already had)? >>> >>> I've looked around at ifconfig and I'm not seeing any connection that >>> would be used as a wormhole - it's all the various tun's, eth's, wlan's >>> and such. I would assume it would be a tun connection, but I'm not >>> seeing >>> one with the cell ID for the backup gateway. >>> >>> Any ideas on what has me messed up?

edit me
MeshBox access via wiana

On Tuesday 13 July 2004 16:29, Nick Boyle wrote:

> I'm also trying to connect to my network from my work network (i.e. not > physically connected to the mesh). I can't ping my mesh network or get > putty to connect. I am trying to connect to my uplink as you say.

If you want to establish a full IP tunnel between 2 remote networks, you should use wormhole capabilities of locust. In your case, I suppose your uplink is behind a nat/router/firewall appliance. It's on this device that you must enable some kind of port or IP forwarding to your uplink 192.168.x.x adress. You must understand that 1.x.x.x/8 locust ips are not public or routable at all. You will never ping a meshbox from the internet by pinging 1.x.x.x You could use any other class A, it would do the same, as these IP should never go out of the mesh network.(well in the fact, I suppose it will break some things if you depend on wiana) I suppose the coders have chosen this subnet because the 3 RFC1918 subnets were already used for routing internals.

Wormhol Firewall to outside world
It seems to be perfectly safe to attach your meshbox straight to the outside    world without a firewall.  Three methods to gain access to it remotely: -    1. Give the Mesh AP a fixed internal IP address on the same subnet as your     router, and look in the configuration of your router to forward port 22 (SSH) to    your meshbox.  2. Give the MeshAP a fixed internal IP address etc etc, and type the ETH0 IP    address of MeshAP into the DMZ on your router and activate it, so that all ports    are open to your meshbox    3. Use the Wormhole function to create a path to MeshAP on an external IP     address and SSH to it through the wormhole     don’t forget to change the Meshbox default password.  Ques:     On one network I'm shepherding, the backhaul arrives via an SDSL modem, then goes    into a router, then a server running a Checkpoint firewall, then into the gateway     meshbox. It does so mostly because the meshbox replaced a legacy network which    didn't have a firewall. <BR> Would it be safe/wise to simply connect (CAT5) directly from the router to the   <BR> meshbox. If I did this, how would I ssh to that meshbox rather than ssh'ing to    <BR> the server and thence to the meshbox ? <BR>

It seems to be perfectly safe to attach your meshbox straight to the outside world without a firewall. Three methods to gain access to it remotely: - 1. Give the Mesh AP a fixed internal IP address on the same subnet as your router, and look in the configuration of your router to forward port 22 (SSH) to your meshbox. 2. Or: Give the MeshAP a fixed internal IP address etc etc, and type the ETH0 IP address of MeshAP into the DMZ on your router and activate it, so that all ports are open to your meshbox 3. Or: Use the Wormhole function to create a path to MeshAP on an external IP address and SSH to it through the wormhole

On one network I'm shepherding, the backhaul arrives via an SDSL modem, then goes into a router, then a server running a Checkpoint firewall, then into the gateway meshbox. It does so mostly because the meshbox replaced a legacy network which didn't have a firewall.

Would it be safe/wise to simply connect (CAT5) directly from the router to the meshbox. If I did this, how would I ssh to that meshbox rather than ssh'ing to the server and thence to the meshbox ?

WormholeHubaddress
Are you saying wormhole works for you if the dns settings for the worming nodes are STATIC and you are using public IP of the hub.. Been trying to get wormholing working for ages.. Everyone else rekons it just doesn't work..

Still not working. According to Wiki, I leave wormhole hub address blank on the hub - that makes sense. I put in the real-world static IP (not Wiana IP anymore) of my primary gateway (has full connectivity) in that field on the other gateway node that I wish to have connecting back to the hub.

The primary gateway (dual radio unit) now shows TWO 10.x.x.x interfaces, so that tells me that it has created an interface, which is showing up as br5. However, the tunnel just doesn't seem to be forming. I can not ping or ssh from one gateway to the other.

I must be missing something. This is one area that the Wiki needs to be cleaned up a bit - it's rather vague. Maybe I can figure it out and add those updates once it becomes apparent.

Best regards, Kb

On Jun 18, 2005, at 12:18 AM, Tim Schaeffer wrote:

Its much moe relaible not to use the wiana ip / ddns service for this. Just use the lan seting and point each gateway directly to the public ip for the other one.

Its much moe relaible not to use the wiana ip / ddns service for this. Just use the lan seting and point each gateway directly to the public ip for the other one.

{{{ > Hi everyone, > > I have 2 gateways that I want to link by a wormhole connection. I followed > the instructions in the Wiki: > > I have checked "Wormhole Capable" on both nodes. I have assigned each the > same "wormhole key". I made wormhole type "internet" on both nodes. I set > wormhole transport to "tcp" on each node. I chose the one with full IP > connectivity to be my hub, and on the other I put the Wiana IP address > (1.x.x.x) in the wormhole hub address field. > > But I don't have a wormhole :( > > This has me wondering - should "wormhole capable" be turned on ONLY on the > node with full connectivity? Should I use UDP vs. TCP, or will it matter > as long as both are the same? My primary gateway has two wlan interfaces, > will this cause a problem (because the other node now shows a 10.x.x.x > interface - which the primary gateway already had)? > > I've looked around at ifconfig and I'm not seeing any connection that > would be used as a wormhole - it's all the various tun's, eth's, wlan's > and such. I would assume it would be a tun connection, but I'm not seeing > one with the cell ID for the backup gateway. > > Any ideas on what has me messed up? > > Best regards, > Kb > >

adfas f
OK, I got mine working a little bit, seems to not be very stable though. I did not get a chance to check the type of connection behind a NAT router, but it seems that if you are behind a firewall, port forwarding is in order. Over all, ‘Keep Dynamic DNS Entry On’ was the key to getting anything going and UDP didn’t work. Although no ports are being blocked across the systems, only seeing sporatic wormhole connectivity to a single hub.

=
ANS: we use: Lan not p2p and the transport type is TCP, I can ssh to wiana ip address's via a 5.8ghz p2p link that runs from the mesh boxes ethernet ports.

QUES: I have a main network and a stand alone mesh box away from the main mesh. Both mesh boxes that I am trying to create the wormhole between are gateways, they are not behind any routers or firewalls as they are using the PPPOE option that comes with Mesh Pro. If anyone has managed to get one to work, helpful tips would be appreaciated.

=
=== }}}