FreedomBox for Communities/Network Configuration

From Wikibooks, open books for an open world
Jump to navigation Jump to search

FreedomBox acts as the centre piece in a community network providing Wi-Fi coverage over large areas. FreedomBox receives the Internet connectivity then distributes it along with various other digital services to all the devices in the network.

This section describes configuring various network devices in the community network.

Overall network setup in FreedomBox for Communities

Putting the Network Together[edit | edit source]

FreedomBox must have two Ethernet network interfaces.

  1. One network interface is used to connect to the Internet. The Internet connection may be provided by the ISP via an Ethernet cable, optic fibre cable, cable connection, an ADSL modem or via a 3G/4G dongle. Alternatively, if no ISP is available, a long distance point-to-point wireless network can be established so as to receive Internet connection.
  2. The second network interface is used to share that Internet connection with all the devices in the network. The cable from this network interface can be connected to a network switch. Various Wi-Fi access points can also be connected to this switch from their WAN ports. An alternative setup is to connect FreedomBox port directly to a Wi-Fi access point's WAN port and then configure all other Wi-Fi access points as repeaters of that access point in a Mesh mode.

This setup ensures the following:

  • FreedomBox provides it's services over the public Internet if possible. It allows community members travelling outside the community Wi-Fi area to continue to access the services. Also services meant to be available for public consumption are available to visitors on the Internet.
  • Wi-Fi access points support seamless roaming.
  • Internet connection can be fairly distributed to the community members when it is scarce.

Configuring FreedomBox[edit | edit source]

Both the Ethernet network interfaces on FreedomBox must be configured. First step is to identify the names of each network interfaces. Network interface names stay stable over time and look like ensp0 or eth0. This identification can be done via trial and error while configuring the network interface.

Configuring Internet Connection[edit | edit source]

Configuration parameters for FreedomBox WAN connection so that it would receive Internet connection from an ISP

This connection is responsible for providing Internet connectivity to FreedomBox server. Create a new connection or edit an existing connection in System, Networks page with the following parameters.

  • Set the name of the connection to be FreedomBox WAN (or whatever else you choose).
  • Select the network interface you have identified as connected to ISP's Internet connection as the Physical Interface.
  • Select firewall zone as External. This has two purposes. Services that are supposed to be available only within the community will not be available exposed to users on the Internet. Second, the Internet connection on this interface will be shared with users on the internal network.
  • Leave the remaining options as it is. Typically ISP's internet connection allocates IP addresses and provide remaining parameters when connection is established. This happens automatically.

Configuring LAN Connection[edit | edit source]

Configuration parameters for FreedomBox LAN connection so that it would distribute it's Internet connection to clients on LAN

This connection is responsible for automatically configuring devices on the internal network and then share the Internet connectivity with them. Create a new connection or edit an existing connection in System, Networks page with the following parameters.

  • Set the name of the connection to be FreedomBox LAN (or whatever else you choose).
  • Select the network interface you have identified as connected to ISP's Internet connection as the Physical Interface.
  • Select firewall zone as Internal. Services that are supposed to be available only within the community will be available only on this internal network.
  • Select the IPv4 Addressing Method as Shared.
  • Enter the IPv4 Address as 10.42.1.1.

Configuring DHCP Leases and Range[edit | edit source]

There is a problem with network manager, the daemon used by FreedomBox to configure network interfaces, that it has a hard coded maximum for number of leases it gives out to devices in the network. This value is 50. This means that more than 50 devices can't be given IP addresses in the network using DHCP. This will typically result in a device trying to connect to Wi-Fi and then getting stuck at Obtaining IP Address.

There is another problem with network manager. It has a hard-coded limit of about 240 IP addresses that it can provide. When say 10.42.0.1/24 is set as the IP address for a shared connection, then the server itself takes 10.42.0.1 as the IP address and other machines in the network are allocated 10.42.0.10 to 10.42.0.254. This range can't be increased from network manager itself. Even when the IP address 10.42.0.1/16 is set, it still only allocates IPs from the range 10.42.0.10 to 10.42.0.254. This will typically result in a device trying to connect to Wi-Fi and then getting stuck at Obtaining IP Address after more than 240 devices have connected to the network.

  1. Both these problems can be fixed by setting special configuration for increasing the number of DHCP leases and selecting the IP address range: 
    cat << EOF > /etc/NetworkManager/dnsmasq-shared.d/lease.conf
dhcp-lease-max=10000
EOF
cat << EOF > /etc/NetworkManager/dnsmasq-shared.d/range.conf
dhcp-range=10.42.1.1,10.42.255.254,60m
EOF
  2. Then apply the changes by restarting the system, restart Network Manager or by activating the network connection again: 
    nmcli connection down "FreedomBox LAN"
nmcli connection up "FreedomBox LAN"

Configuring Wi-Fi Access Point[edit | edit source]

Wi-Fi access points can be setup to provide Wi-Fi coverage across the entire community area. There are two primary ways to connect all Wi-Fi access points into a single network that is connected to FreedomBox.

  • Back-haul mode: Each Wi-Fi access point is configured with same access point name and password. See more about this in roaming mode setup. Then their WAN ports are connected via an Ethernet/fibre network that is spread across the entire community area. This setup yields maximum bandwidth and is more resilient in some cases. However, setting up Ethernet/fibre network in large areas is be expensive and challenging.
  • Mesh mode: Another way to setup Wi-Fi access points to is use the Wi-Fi signal of one of the access points to setup the second access point. The second access point can receive the Wi-Fi signal from upstream access point and create its own Wi-Fi coverage area at the same time. This needs a special feature for relaying in the access point hardware called Mesh Mode. When planning to deploy in mesh mode, ensure that the access point hardware supports this feature during the evaluation phase.
  • To provide Wi-Fi to a large area, multiple access points may be deployed in mesh mode to avoid deploying a back-haul connection
    To provide Wi-Fi to a large area, multiple access points may be deployed in mesh mode to avoid deploying a back-haul connection
  • To provide Wi-Fi to a large area, multiple access points may be deployed in back-haul mode to provide best performance
    To provide Wi-Fi to a large area, multiple access points may be deployed in back-haul mode to provide best performance

Configuring Internet Connection[edit | edit source]

Internet connectivity for the community network setup can be made in many ways depending on the available connectivity options.

  • Ethernet connection: If the ISP provides Internet connectivity via an Ethernet cable, then this will typically be from a nearby router and no other additional equipment is needed. Plug-in the Ethernet cable directly to FreedomBox WAN port and configure FreedomBox as described above.
  • Fibre-to-the-home connection: If the ISP provides Internet connectivity via an optical fibre, they will typically install a fibre to Ethernet converter on the subscriber premises. Plug-in the Ethernet cable directly to FreedomBox WAN port and configure FreedomBox as described above. You won't likely have to configure the converter itself. However, if necessary following the instructions similar to configuring the ADSL modem described in another section and adapt them for these fibre converters.
  • Cable connection: If the ISP provides Internet connectivity via a Cable connection, follow the instructions above the configure FreedomBox. Then follow instructions similar to configuring the ADSL modem as described in another section and adapt them for cable modems.
  • ADSL connection: If the ISP provides Internet connectivity via an ADSL connection, follow the instructions above to configure FreedomBox. Then configure the ADSL modem as described in another section.
  • Point-to-point wireless link: If there is no connectivity available in the area, but there is a line of sight to an area that has Internet connectivity, then one of the possible ways to connect to the Internet is via a point-to-point wireless link. This is described in detail in another section. FreedomBox must be configured as described above but with a static IP address for ease of debugging. Then configure the Internet connection itself, if needed as described in this section.
Retrieved from "https://en.wikibooks.org/w/index.php?title=FreedomBox_for_Communities/Network_Configuration&oldid=3822348"