Introduction

To enable easy maintenance of Compute Station by non-technical people, USB based adapters are use extensively to extend its function.

Virtual Private Mesh's WiFi Mesh is vendor independent and device agnostic, all past, existing and future equipment can contribute to the building of a neighbourhood mesh.

Default WiFi mesh

Most Mesh Nodes are configured with a demonstration WiFi Mesh network, (e.g. 88.io) by default, this can be turned off from the web page of each Mesh Node, so they can take advantage of the services available on the local Campus Network immediately.

For example:

1. Infinite Disk
2. Geo Attest

Extensible Authentication Protocol

The current default Extensible Authentication Protocol (EAP) is EAP-TTLS-MSCHAPV2.

To prevent the local access point from knowing the identity of the user, community entity issues cluster uses 2 layers of authentication and 2 encryptions with 2 different user accounts.

The local cell radius server only see 2 accounts:

1. wifi@quuvoo4ohcequuox.0.88.io/

When using EAP-TTLS-MSCHAPV2 the user

1. MUST ENABLE Server Certificate Validation to prevent fake WiFi access point advertising the same SSID.
2. MUST NOT use the WiFi login username and password for anything else (e.g. create a new Dynamic Alias just for WiFi)
3. is RECOMMENDED to turn on dynamic password protection for the WiFi login password.

Mesh Speed

Currently WiFi Meshes are based Wifi 5 (802.11ac) and WiFi 6 (802.11ax) equipment.

Mesh Cell

Mesh Cells are formed by mesh radios that agreed to operate on the same set of standards.

To be counted as part of a cell, the radios must have wireless links between them.

Recommended Positioning

If the site is small and there is only one Mesh Staton, place it as much in the middle and as high as possible.

For larger sites place multiple Mesh Stations around the perimeter of the site (next to windows) to

WiFi Adapters

WiFi is a fundamental technology that Virtual Private Mesh is based on. WiFi Adapters provide wireless networking capability to equipment that do not have WiFi and add extra communication channels to those that already have built in WiFi.

Excellent information on the topic of USB WiFi Adapters is available here:

Tested Adapters

The following is a list of supported WiFi Modes, using linux command iw phy listed under Supported interface modes.

Device Legend
cf928ac = ComFast CF928AC
dwa140 = D-Link DWA-140 (Ralink)
dwa160 = D-Link DWA-160 (Atheros)
odroid3 = Odroid WiFi Module 3
odriod5 - Odroid WiFi Module 5
rpi0w = Raspberry Pi Zero W
rpi4b = Raspberry Pi 4B
rtl8188cus = No Brand RTL8188CUS
rtl8188ftv = No Brand RTL8188FTV
rtl8822bu = No Brand RTL8822BU
rtl8821cu = No brand RTL8821CU
wl167g = ASUS WL-167g (Ralink)

The following have "mesh point" support so are the best if you can get them:

1. rtl8192cu for 2GHz
   RTL8192CU, RTL8188CU, RTL8188CUS

2. mt76x2u for 5GHz
   MT7612U

OpenWrt
Openwrt is one of the many operating system supported on Mesh Stations, it has a lot of strong points, but wide ranging device support is not one of the them. Many devices that works in traditional Linux e.g. Ubuntu do NOT work in Openwrt.

Mesh Protocols

For Network Meshing between neighbours, batman-adv on top of 820.11s is the default, but extra mesh technologies e.g. OLSR may be supported by local communities.

batman-adv uses 2 main wireless mesh modes, ibss and mesh point. Differences between ibss and mesh point:

• ibss (also called adhoc mode) is peer-to-peer routing and requires the upper layer
  protocol stack (layer 3 and above) to handle multi-hop scenario.

• mesh point (also called 802.11s) is layer 2 multi-hop routing whereby your a Mesh
  STA can assist in forwarding the frame from other STAs to its destination
  if all belongs to same MBSS.

Note for 820.11s to work, the WiFi Adapter MUST have "mesh point" as "y" above, so Raspberry Pi 4B (rpi4b)'s internal WiFi adapter cannot be used. IBSS is an alternative if 802.11s is not available, but is not recommended.

WiFi Command

Linux command iw list provides detailed information on the features of wifi devices. Its output will tell you whether you WiFi equipment has rare but useful capabilities for meshing like:

1. RSN-IBSS - for ad hoc mode encryption
2. mesh point - for 802.11s support

Reference:

• wifi - How to setup an unprotected Ad Hoc (IBSS) Network and if possible with WPA encryption? - Raspberry Pi Stack Exchange

Another useful information in the output is valid interface combinations:, it tells you what WiFi capabilities can be run concurrent with your WiFi equipment.

Reference:

• wifi - Deciphering the output of iw list valid interface combinations - Unix & Linux Stack Exchange

WiFi Channels

Virtual Private Meshes (VPMs) supports at least 3 wifi channels types:

1. Mesh Channel is used to communicate with other Mesh Stations in your neighbourhood.
2. Member Channel is used to provide mesh access to other Private Cyberspace members.
3. Private Channel is used

Since Mesh Stations can connect using ethernet cables, provisioning of any WiFi channel type is optional, although normally at least one type is provisioned. For example:

1. To provide processing, storage or communication resources to the neighbourhood mesh WITHOUT connection to your own wifi network, only the Mesh Channel needs to be used. This is the safest option as your local network is completely decoupled with the neighbourhood mesh.

2GHz Cells

The 2GHz wifi frequency bands used by the 2GHz wifi is highly congested but its long range (compared to 5GHz frequency band), international acceptance and low cost means 2GHz is still a viable wifi frequency band for the Cell Mesh.

13 channel cells

For countries that allow 13 2GHz wifi channels, 4 channels are available for the cell mesh.

The 4 channels to use in those countries are 1, 5, 9, 13. With a separation of 4 channels between them, the level of interference between cells would be about -22dB (about 0.6%).

With 4 channels, all adjacent cells can be on different channels, minimising interference between cells.

11 channel cells

For countries that allow only 11 2GHz wifi channels, only 3 channels are available for the cell mesh.

The 3 channels to use in those countries are 1, 6, 11. With a separation of 5 channels between them, the level of interference between cells would be about -27dB (about 0.2%).

Source: Wireless Waffle

With only 3 channels, adjacent cells at the corners of a cell may be on the same channel, increasing interference between cells slightly.

Cell Mesh

To make it easy worldwide, by default the following channel numbers can be used:

• Channel 1 - Private Channel
• Channel 6 - Member Channel
• Channel 11 - Mesh Channel

Each cell can decide which channels to use for what but the channel width should be kept to 20MHz in the 2GHz band.

Note there have been reports that WiFi channels 12,13,14 perform poorly with ESP devices.

5GHz Channels

The 5Ghz wifi frequency bands vary widely between countries.

Other Channels

WiFi has standards on frequency bands, (e.g. 900MHz, 6GHz etc.) but due to our need to drive costs down, they are not part of VPM deployments as yet.

Batman-adv Square

The recommended mesh protocol to use in Virtual Private Mesh (VPM)'s Square Mesh is the batman-adv protocol, the same mesh protocol used in the higher level District Mesh.

Why Batman-adv ?

Some radio mesh technologies have been avaiable before batman-adv.

802.11s

802.11s is popular wifi mesh technology used by many vendors, unfortunately they all implement their versions of 802.11s their only way, preventing wifi meshes from talking to each other.

Background information on 802.11s:

• https://www.cwnp.com/uploads/802-11s_mesh_networking_v1-0.pdf
• http://www.makikiweb.com/netsig/2021_05_wireless_mesh.html

Besides compatibility problems amongst 802.11s vendors, it also does not have built-in mechanism to handle VLANs.

WDS

Another older radio mesh technology is Wireless Distribution System (WDS) which is less flexible that 802.11s in creating a mesh and does not handle loops in the network (unless compatible STP is operating in the network).

Universal

A major benefit of batman-adv is its ability to link all incompatible network links together (whether they are 802.11s, WDS, normal wifi access points or even wired ethernet cables) to form one massive mesh!

References

https://www.reddit.com/r/darknetplan/comments/68s6jp/how_to_configure_batmanadv_on_the_raspberry_pi_3/

Proprietary Features

Incompatible products from different vendors have be incorporated into the Virtual Private Mesh (VPM) without change using the protocol conversion feature of Mesh Nodes.

Virtual Private Mesh (VPM) can work with most network equipment (from Cisco to TP-Link) via their ethernet interfaces. Here we shall use the Ubiquiti equipment as an example of how non-OpenWrt equipment can be integrated into a VPM easily.

Although OpenWrt can be loaded onto some Ubiquiti equipment, tehre is normally a lag time and is not available on their newest equipment e.g. their U6 Mesh Access Point (U6mesh) which can provide Gbps speeds to a neighbourhood cell using the latest WiFi 6 technologies.

Basic Settings

Turn OFF:

• Uplink Connectivity Monitor

m1_sydney_aunsw

sydney_aunsw is one of the most densely populated district of Australia. Advanced WiFi 6 technology can provide gigabits per second bandwidth to many devices.

The m1_sydney_aunsw mesh started with U6mesh on the rooftops of 2 buildings in the City of Sydney (683 George Street and 35 Liverpool Street), those buildings have separate point-to-point radios links between them to join their U6mesh together into a cell.

If you have a U6mesh and your home or office is in the City of Sydney (Australia) you can help build out the syd2 wifi-6 cell. This cell normally operates with 40MHz-wide (e.g. channels 161 to 165) on 4 spatial streams at 5GHz, giving maximum link speed of 1.2Gbps.

Opportunistic boosting to wider channel width to achieve higher maximum link speeds (e.g. 80MHz for 2.4Gbps and 160MHz for 4.8Gbps) may occur but

with dedicated point to point links between them.

, if you have line of sight to the rooftops of the buildings at , so the cell fans out from those 2 buildings.

there is a chance that the wifi link quality between your U6 Mesh and those on the roofs is enough for you to join that syd1 wifi cell.

Unlike syd1, which allows mesh nodes of many different types (from 1 to 4 spatial streams), currently syd2 can only be built with U6 Mesh access points, all running with 4 spatial streams at full power (26 dBm).

Typically you put the U6 Mesh on a window sill so it has maximum exposure to surrounding buildings. If you cannot get a reliable radio link to other U6 Mesh in the syd2 cell, you can join as a satellite and connect to the other nodes over the internet.

Plugging Putting it on a window so it get

which is build based on Ubiquiti Cell high speed with (which is much faster than the maximum link speed of any 5G mobile cells).

Currently the cell is restricted to

Cross Vendor Compatibility

Many wifi routers in the market are built with very capable hardware but those capabilities are normally locked away by the factory software.

Virtual Private Mesh unlocks those latent capabilities by replacing the factory software with the Openwrt software.

Ubiquiti Outdoor Radio

Most outdoor wifi radios being used in Virtual Private Mesh. Here is are listing some models that we know are working.

All use Ubiquiti's own operating system.

U6 Mesh

Unlocking Hardware Capability

Many wifi routers in the market are built with very capable hardware but those capabilities are normally locked away by the factory software.

Virtual Private Mesh unlocks those latent capabilities by replacing the factory software with the Openwrt software.

Case Study

The Wavlink Aerial HD2 model describe here is just one of thousands of different wifi router models supported by Openwrt.

Wavlink Aerial HD2 is a light weight and low cost outdoor radio with power over ethernet that can be easily installed on an external wall or the roof.

However, like many other radios in that price range, its native operating system only supports simple Router, Bridge and Repeater modes, WITHOUT support for Mesh mode. So it cannot form a mesh with other wifi routers in the neighbourhood.

In a lot of cases the underlying wifi hardware actually DO have Mesh support on both 2.4GHz and 5GHz frequency bands (notice the 2 "mesh point" lines below) :

root@OpenWrt:~# iw list
Wiphy phy1
        wiphy index: 1
        max # scan SSIDs: 4
        max scan IEs length: 2247 bytes
        max # sched scan SSIDs: 0
        max # match sets: 0
        Retry short limit: 7
        Retry long limit: 4
        Coverage class: 0 (up to 0m)
        Device supports AP-side u-APSD.
        Device supports T-DLS.
        Available Antennas: TX 0x1 RX 0x1
        Configured Antennas: TX 0x1 RX 0x1
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
                 * mesh point
                 * P2P-client
                 * P2P-GO
        Band 2:
                Capabilities: 0x17e
                        HT20/HT40
                        SM Power Save disabled
                        RX Greenfield
                        RX HT20 SGI
                        RX HT40 SGI
                        RX STBC 1-stream
                        Max AMSDU length: 3839 bytes
                        No DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: No restriction (0x00)
                HT TX/RX MCS rate indexes supported: 0-7
                VHT Capabilities (0x31800120):
                        Max MPDU length: 3895
                        Supported Channel Width: neither 160 nor 80+80
                        short GI (80 MHz)
                        RX antenna pattern consistency
                        TX antenna pattern consistency
                VHT RX MCS set:
                        1 streams: MCS 0-9
                        2 streams: not supported
                        3 streams: not supported
                        4 streams: not supported
                        5 streams: not supported
                        6 streams: not supported
                        7 streams: not supported
                        8 streams: not supported
                VHT RX highest supported: 0 Mbps
                VHT TX MCS set:
                        1 streams: MCS 0-9
                        2 streams: not supported
                        3 streams: not supported
                        4 streams: not supported
                        5 streams: not supported
                        6 streams: not supported
                        7 streams: not supported
                        8 streams: not supported
                VHT TX highest supported: 0 Mbps
                Frequencies:
                        * 5180 MHz [36] (19.0 dBm)
                        * 5200 MHz [40] (18.0 dBm)
                        * 5220 MHz [44] (18.0 dBm)
                        * 5240 MHz [48] (17.0 dBm)
                        * 5260 MHz [52] (17.0 dBm) (radar detection)
                        * 5280 MHz [56] (17.0 dBm) (radar detection)
                        * 5300 MHz [60] (17.0 dBm) (radar detection)
                        * 5320 MHz [64] (17.0 dBm) (radar detection)
                        * 5500 MHz [100] (16.0 dBm) (radar detection)
                        * 5520 MHz [104] (16.0 dBm) (radar detection)
                        * 5540 MHz [108] (16.0 dBm) (radar detection)
                        * 5560 MHz [112] (16.0 dBm) (radar detection)
                        * 5580 MHz [116] (16.0 dBm) (radar detection)
                        * 5600 MHz [120] (disabled)
                        * 5620 MHz [124] (disabled)
                        * 5640 MHz [128] (disabled)
                        * 5660 MHz [132] (16.0 dBm) (radar detection)
                        * 5680 MHz [136] (16.0 dBm) (radar detection)
                        * 5700 MHz [140] (16.0 dBm) (radar detection)
                        * 5720 MHz [144] (16.0 dBm) (radar detection)
                        * 5745 MHz [149] (16.0 dBm)
                        * 5765 MHz [153] (17.0 dBm)
                        * 5785 MHz [157] (17.0 dBm)
                        * 5805 MHz [161] (18.0 dBm)
                        * 5825 MHz [165] (19.0 dBm)
                        * 5845 MHz [169] (disabled)
                        * 5865 MHz [173] (disabled)
        valid interface combinations:
                 * #{ IBSS } <= 1, #{ managed, AP, mesh point, P2P-client, P2P-GO } <= 8,
                   total <= 8, #channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz }

        HT Capability overrides:
                 * MCS: ff ff ff ff ff ff ff ff ff ff
                 * maximum A-MSDU length
                 * supported channel width
                 * short GI for 40 MHz
                 * max A-MPDU length exponent
                 * min MPDU start spacing
        max # scan plans: 1
        max scan plan interval: -1
        max scan plan iterations: 0
        Supported extended features:
                * [ VHT_IBSS ]: VHT-IBSS
                * [ RRM ]: RRM
                * [ FILS_STA ]: STA FILS (Fast Initial Link Setup)
                * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
                * [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
                * [ TXQS ]: FQ-CoDel-enabled intermediate TXQs
                * [ AIRTIME_FAIRNESS ]: airtime fairness scheduling
                * [ AQL ]: Airtime Queue Limits (AQL)
                * [ SCAN_RANDOM_SN ]: use random sequence numbers in scans
                * [ SCAN_MIN_PREQ_CONTENT ]: use probe request with only rate IEs in scans
                * [ CONTROL_PORT_NO_PREAUTH ]: disable pre-auth over nl80211 control port support
                * [ DEL_IBSS_STA ]: deletion of IBSS station support
                * [ SCAN_FREQ_KHZ ]: scan on kHz frequency support
                * [ CONTROL_PORT_OVER_NL80211_TX_STATUS ]: tx status for nl80211 control port support
Wiphy phy0
        wiphy index: 0
        max # scan SSIDs: 4
        max scan IEs length: 2257 bytes
        max # sched scan SSIDs: 0
        max # match sets: 0
        Retry short limit: 7
        Retry long limit: 4
        Coverage class: 0 (up to 0m)
        Device supports AP-side u-APSD.
        Device supports T-DLS.
        Available Antennas: TX 0x1 RX 0x1
        Configured Antennas: TX 0x1 RX 0x1
        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * monitor
                 * mesh point
                 * P2P-client
                 * P2P-GO
        Band 1:
                Capabilities: 0x17e
                        HT20/HT40
                        SM Power Save disabled
                        RX Greenfield
                        RX HT20 SGI
                        RX HT40 SGI
                        RX STBC 1-stream
                        Max AMSDU length: 3839 bytes
                        No DSSS/CCK HT40
                Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
                Minimum RX AMPDU time spacing: No restriction (0x00)
                HT TX/RX MCS rate indexes supported: 0-7
                Frequencies:
                        * 2412 MHz [1] (24.0 dBm)
                        * 2417 MHz [2] (24.0 dBm)
                        * 2422 MHz [3] (24.0 dBm)
                        * 2427 MHz [4] (24.0 dBm)
                        * 2432 MHz [5] (24.0 dBm)
                        * 2437 MHz [6] (24.0 dBm)
                        * 2442 MHz [7] (24.0 dBm)
                        * 2447 MHz [8] (24.0 dBm)
                        * 2452 MHz [9] (24.0 dBm)
                        * 2457 MHz [10] (24.0 dBm)
                        * 2462 MHz [11] (24.0 dBm)
                        * 2467 MHz [12] (24.0 dBm)
                        * 2472 MHz [13] (24.0 dBm)
                        * 2484 MHz [14] (disabled)
        valid interface combinations:
                 * #{ IBSS } <= 1, #{ managed, AP, mesh point, P2P-client, P2P-GO } <= 4,
                   total <= 4, #channels <= 1, STA/AP BI must match
        HT Capability overrides:
                 * MCS: ff ff ff ff ff ff ff ff ff ff
                 * maximum A-MSDU length
                 * supported channel width
                 * short GI for 40 MHz
                 * max A-MPDU length exponent
                 * min MPDU start spacing
        max # scan plans: 1
        max scan plan interval: -1
        max scan plan iterations: 0
        Supported extended features:
                * [ RRM ]: RRM
                * [ FILS_STA ]: STA FILS (Fast Initial Link Setup)
                * [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
                * [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
                * [ TXQS ]: FQ-CoDel-enabled intermediate TXQs
                * [ AIRTIME_FAIRNESS ]: airtime fairness scheduling
                * [ AQL ]: Airtime Queue Limits (AQL)
                * [ SCAN_RANDOM_SN ]: use random sequence numbers in scans
                * [ SCAN_MIN_PREQ_CONTENT ]: use probe request with only rate IEs in scans
                * [ CONTROL_PORT_NO_PREAUTH ]: disable pre-auth over nl80211 control port support
                * [ DEL_IBSS_STA ]: deletion of IBSS station support
                * [ SCAN_FREQ_KHZ ]: scan on kHz frequency support
                * [ CONTROL_PORT_OVER_NL80211_TX_STATUS ]: tx status for nl80211 control port support

As an example, from "valid interface combinations" entry above, this hardware can have up to 4 simultaneous interfaces (total <= 4) on the 2.4G band. Those interfaces can have up to 1 of wifi peer (IBSS) and up to 4 of wifi client (managed), wifi access point (AP), wifi mesh point (mesh point).

By replacing the original software with Openwrt, communities can take advantage of the hardware they purchased fully to built out community meshes at ultra low costs.

Other brands

Same product sold under other brands:

• outdoor_wifi_1.pdf (840.8 KB)

Improving Infrastructure Independently

Traditional ISPs take a long time to adopt new technologies or increase network capacity, with virtual private mesh individuals can improvement the infrastructure independently as required.

As can be seen in the image above, the sydney1 can rapidly increase its link capacity to sydney2 by adding an extra Litebeam AC Gen 2 radio based on the newer 802.11ac technology to complement an older Nano Station M5 radio based on 802.11n technology, by taking advantage of the same location on the roof.

60 GHz

More governments have been opening up the 60G spectrum for public use recently (e.g. Australia in 2019), enabling their citizens to contribute directly in building up the nation's infrastructure and creating national wealth WITHOUT any cost to the taxpayers!.

60 GHz's high speed, small antenna and low range means communities can install communication links quickly without interfering with radio signals from other communities.

The default point to point radio for Private Cyberspace 20.12 release is Ubiquiti Gigabeam Plus which has a good combination of size and range advantages.

Channel Width

Using wider channel width is NOT be a good idea, WiFi links should use as narrow channel as possible (20MHz instead of 40MHz instead of 80MHz instead of 160MHz).

Narrow channels means more citizens can communication with each other concurrently around you and there is an advantage in WiFi range also:

• 20 MHz is 100% of the range
• 40 MHz is 71% of the range
• 80 MHz is 50% of the range

source: Ejohnson