Skip to content

lime-example

# The /etc/config/lime-defaults file contains the default configuration.
# To configure LibreMesh insert options in /etc/config/lime-node or /etc/config/lime-community file, these will override the default ones.
# Interface specific options have to be included in /etc/config/lime-node, if in /etc/config/lime-community they'll cause unpredictable behaviour.
#
# The options marked with "Parametrizable with %Mn, %Nn, %H"
# can include %Mn templates that will be substituted
# with the n'th byte of the primary_interface MAC
# and %Nn templates that will be replaced by the n'th (n = 1..5) network-identifier byte,
# calculated from the hash of the ap_ssid value, so that all the nodes that
# form a mesh cloud (share the same ap_ssid) will produce the same value
# and %H template that will be replaced by hostname
# For setting a specific WAN port, don't set it globally in section "config lime network", set it in interface specific configuration "config net ..." and install the lime-proto-wan package
# For setting the WAN port on the default WAN port (according OpenWrt), just install the lime-hwd-openwrt-wan package and the configuration will be autogenerated.

#########################################################
### System options

config lime system
	option hostname 'LiMe-%M4%M5%M6'		# Parametrizable with %Mn
	option domain 'thisnode.info'			# DNS domain for the L2 cloud it could be something like mycloud.mynetwork.tld, hosts that get their IP by DHCP will also get a fully qualified domain name like hostname.mycloud.mynetwork.tld
	option keep_on_upgrade 'libremesh dropbear minimum-essential /etc/sysupgrade.conf'	# Files defining the list of files and directories to backup when upgrade. Relative to /lib/upgrade/keep.d if no '/' defined.
	option root_password_policy 'DO_NOTHING'	# When configured to SET_SECRET, the root password secret will be configured as specified in root_password_secret. When set to RANDOM a strong random password will be set if root has no password, use this if your firmware is built with the ssh keys inside. DO_NOTHING does nothing, leaving the root password empty (you will have to set it manually or through FirstBootWizard).
	option root_password_secret ''			# This is the password hash as stored in /etc/shadow, it is only used when root_password_policy=SET_SECRET. You can generate the secret with 'openssl passwd -1' to be compatible with most openwrt firmwares, use a strong password with at least 10 numbers and letters, the longer the better!. For improved security use "openssl passwd -6" for SHA512 (or -5 for SHA256) but be aware that not all firmwares support this.
	option deferable_reboot_uptime_s '97200'
	option firstbootwizard_configured false
	option firstbootwizard_dismissed false		# When true fbw banner will be hidden.

#########################################################
### Network general option

config lime network
	option primary_interface eth0			# The mac address of this device will be used in different places
	option main_ipv4_address '10.%N1.0.0/16'	# Here you have 4 possibilities: set a static IP and the subnet, like '10.0.2.1/16'; parametrize with %Mn and %Nn, and set the subnet, like '10.%N1.%M5.%M6/16'; set a whole network address (not a specific IP) for getting the IP autocompleted in that network with bits from MAC address, this works also with netmasks other than /24 or /16, like '10.0.128.0/17' (but not valid network addresses, for example '192.0.128.0/16' or '192.0.129.0/17' won't get parametrized); set two different parameters, the first for subnet and the second for nodes' IP parameterization, like '10.0.128.0/16/17', this results in /16 subnet but IP of the LibreMesh routers will be auto-assigned in a /17 range (from 10.0.128.1 to 10.0.255.254).
	option anygw_dhcp_start '2'			# First IP in the subnet to be used for DHCP for clients. For example, if the subnet is 10.x.0.0/16 and you want the clients to get an IPv4 from a DHCP pool starting from 10.x.100.2, the start parameter will have to be 100 * 256 + 2 = 25602.
	option anygw_dhcp_limit '0'			# Number of IPs available for DHCP. Use zero for having the DHCP pool ranging from anygw_dhcp_start up to the end of the subnet. For example, if the subnet is 10.x.0.0/16, the start of the DHCP pool is at 10.x.100.2 and you want the DHCP pool to finish at 10.x.127.254, the limit parameter will have to be (127 - 100) * 256 + (254 - 2) + 1 = 7165. Instead, if you want the DHCP pool to go from 10.x.100.2 up to 10.x.255.254 (last valid IPv4 in the /16 subnet) you can just set the limit to zero.
	option main_ipv6_address 'fd%N1:%N2%N3:%N4%N5::/64'	# Parametrizable in the same way as main_ipv4_address. If used, the IP autocompletion will fill maximum the last 24 bits, so specifying an IP autocompletion range bigger than /104 is not useful.
	list protocols ieee80211s			# List of protocols configured by LiMe, some of these require the relative package "lime-proto-...". Note that if you set here some protocols, you overwrite the *whole* list of protocols set in /etc/config/lime-defaults
	list protocols lan
	list protocols anygw
	list protocols batadv:%N1			# Parametrizable with %Nn (which depends from ap_ssid), note that this will range between 29 and 284
#	list protocols batadv:0				# If 0 VLAN tags are disabled and the routing is done on the raw interface
	list protocols bmx6:13				# The VLAN type can be provided as a third argument, for example bmx6:13:8021q for using VLAN 802.1q instead of the default 802.1ad
	list protocols olsr:14				# Do not use a VLAN ID between 29 and 284 as this range is reserved for batadv:%N1 parameterization, maximum ID is 4095
	list protocols olsr6:15
	list protocols olsr2:16
	list protocols babeld:17
	list protocols bmx7:18
	list resolvers 4.2.2.2 # b.resolvers.Level3.net	# DNS servers node will use
	list resolvers 141.1.1.1 # cns1.cw.net		# Set every entry empty for using the upstream (ISP) DNS server
	list resolvers 2001:470:20::2 # ordns.he.net
	option bmx6_mtu '1500'				# Set MTU for bmx6 tunnel interfaces
	option bmx6_publish_ownip false			# announce also a /32 route about each node
	option bmx6_over_batman false			# Disables Bmx6 meshing on top of batman
	option bmx6_pref_gw none			# Force bmx6 to use a specific gateway to Internet (hostname must be used as identifier)
	option bmx6_wifi_rate_max 54000000
	option bmx7_mtu '1500'				# Set MTU for bmx7 tunnel interfaces
	option bmx7_publish_ownip false			# announce also a /32 route about each node
	option bmx7_over_batman false
	option bmx7_pref_gw none			# Force bmx7 to use a specific gateway to Internet (hostname must be used as identifier)
	option bmx7_wifi_rate_max 'auto'
	option bmx7_enable_pki false			# Trust only nodes in /etc/bmx7/trustedNodes when set (default is to trust all nodes)
	option batadv_orig_interval '2000'		# BATMAN-adv will send one Originator Message (OGM) packet every 2000 ms (2 s). This value should be ok for the static networks, in which the LibreMesh routers are not moving. If you have a LibreMesh node moving (e.g. in your backpack) consider decreasing this value. A smaller value means that BATMAN-adv will take less time for realizing which links are better, but will generate more background traffic on all the interfaces.
	option batadv_routing_algo 'BATMAN_IV'		# BATMAN_V uses throughput rather than packet loss (as in BATMAN_IV) for evaluating the quality of a link
	option anygw_mac 'aa:aa:aa:%N1:%N2:aa'		# Parametrizable with %Nn. Keep in mind that the ebtables rule will use a mask of ff:ff:ff:00:00:00 so br-lan will not forward anything coming in that matches the first 3 bytes of it's own anygw_mac (aa:aa:aa: by default)
#	option autoap_enabled 0				# Requires lime-ap-watchping installed. If enabled AP SSID is changed to ERROR when network issues
#	option autoap_hosts "8.8.8.8 141.1.1.1"		# Requires lime-ap-watchping installed. Hosts used to check if the network is working fine
	option use_odhcpd false

#########################################################
### WiFi general options

config lime wifi					# Settings in this section applies to all radios.
	list modes 'ap'					# This mode setup an Access Point, with the same ssid in each node for roaming purposes.
	list modes 'apname'				# This mode setup an Access Point, with specific ssid for each node.
	list modes 'ieee80211s'				# Used for mesh links between nodes.
#	list modes 'adhoc'				# See below for adhoc configuration
#	list modes 'client'				# See below for client configuration
#	option country 'ES'				# set this to your location country code, for example in Spain, setting ES allows you to use channel 13
	option ap_ssid 'LibreMesh.org'			# set here your network name, **this value is required even if AP is not used**, as it is used for calculating fields with %Nn. Connect to this network to roam across APs.
#	option ap_key 'SomeWPA2PskKey'
#	option ap_encryption 'psk2'
	option apname_ssid 'LibreMesh.org/%H'		# SSID specific to each AP. A user can connect to the named AP to avoid roaming
#	option apname_key 'SomeWPA2PskKey'
#	option apname_encryption 'psk2'
	option adhoc_ssid 'LiMe'			# SSID of the APs (nodes) when meshing in ad-hoc mode, i.e., the nodes form an IBSS. Not used when meshing in 802.11s (the default)
	option adhoc_bssid 'ca:fe:00:c0:ff:ee'
	option ieee80211s_mesh_fwding '0'		# Settings needed only for 802.11s
	option ieee80211s_mesh_id 'LiMe'		# Mesh cloud identifier (close to SSID in concept). Used by the nodes to join and participate in the mesh network.
#	option ieee80211s_encryption 'psk2/aes'		# in order to use encrypted mesh, the wpad-mini package have to be replaced with wpad-mesh-wolfssl package either manually or by the selected network-profile
#	option ieee80211s_key 'SomePsk2AESKey'
	option unstuck_interval '10'			# Interval in minutes that defines how often to run the workaround script provided by the package wifi-unstuck-wa that rescan all available frequencies in active radios.
	option unstuck_timeout '300'			# Timeout in seconds that defines how long the mentioned above workaround should go.

#########################################################
### WiFi specific band options


config lime-wifi-band '2ghz' 			# Settings in this section applies for all radios in '2ghz' (or '5ghz') band. And take presedence over 'lime wifi' section
	option channel '11'
	option htmode 'HT20'			# htmode sets the width of the channel. HT40 should have better performances in non-noisy environments. Check out the documentation in the OpenWrt wiki here: https://openwrt.org/docs/guide-user/network/wifi/basic#htmodewi-fi_channel_width
	option distance '1000'			# 1 km max distance, farther clients or peers will not be able to connect
	option adhoc_mcast_rate '24000'
	option ieee80211s_mcast_rate '24000'
#	list modes 'ap'				# For networks where only dual band routers are used,
#	list modes 'apname'			# 2.4Ghz radios can be reserved for access points.


config lime-wifi-band '5ghz'
	list channel '48' 			# May be either a list or a single option, in case of a list a channel for each radio will be selected according to radio index
	list channel '157'			# Check for allowed channels on https://en.wikipedia.org/wiki/List_of_WLAN_channels#regulatory_tables5.0ghz
	option htmode 'HT40'			# htmode sets the width of the channel. VHT80 should have better performances in non-noisy environment. Check out the valid channels list in this comment: https://github.com/libremesh/lime-packages/issues/647#issuecomment-1503968192 and check out the documentation in the OpenWrt wiki here: https://openwrt.org/docs/guide-user/network/wifi/basic#htmodewi-fi_channel_width
#	list modes 'ieee80211s'			# For networks where only dual band routers are used, the 5 GHz radio can be reserved for the node-to-node connections
	option distance '10000'			# Distance between this node/ap and the furthest connected node/client in meters, affects performances. If you are unsure of the right number, better to use a too-large distance here than a too-small one. Farther clients or peers will not be able to connect
	option adhoc_mcast_rate '6000'
	option ieee80211s_mcast_rate '6000'


#########################################################
### Configuration directed to other UCI files

config generic_uci_config uhttpd_https
	list uci_set 'uhttpd.main.redirect_https=0'	# disable automatic redirect from http to httpS web interface, decided in order to decrease the CPU usage by shared-state and ubus-lime-metrics


#########################################################
# The following interface specific options have to be included in /etc/config/lime-node, not in /etc/config/lime-community

#########################################################
### WiFi interface specific options ( override defaults options )

## use radio99 only for mesh
config wifi radio99 # you should ensure that the chosen radio name exists, for example with "wifi status" command, likely radio0 or radio1. All the other non-specified options will be taken from "config lime-wifi-band" and the general "config lime wifi" sections
	list modes 'ieee80211s'

## change ssid for radio99
config wifi radio99 # you should ensure that the chosen radio name exists, for example with "wifi status" command, likely radio0 or radio1. All the other non-specified options will be taken from "config lime-wifi-band" and the general "config lime wifi" sections
	option ap_ssid 'Special'

## disable lime-config for radio99
config wifi radio99 # you should ensure that the chosen radio name exists, for example with "wifi status" command, likely radio0 or radio1
	option modes 'manual' # If you use manual protocol you must not specify other protocol, or your configuration will be broken!

## decrease power output for radio99
# decreasing the output power is rarely a good idea, do it just if you are very sure of what you are doing
# be aware that decreasing the output power can create a "hidden node problem", see https://en.wikipedia.org/wiki/Hidden_node_problem
config wifi radio99 # you should ensure that the chosen radio name exists, for example with "wifi status" command, likely radio0 or radio1
	option txpower '14' # For knowing the current txpower, use the "iwinfo" command.

## set radio99 to do only adhoc and set the channel
config wifi radio99 # you should ensure that the chosen radio name exists, for example with "wifi status" command, likely radio0 or radio1. All the other non-specified options will be taken from "config lime-wifi-band" and the general "config lime wifi" sections
	list modes 'adhoc'
	option channel '1'
	option adhoc_ssid 'LiMe'			# Parametrizable with %M, %H
	option adhoc_bssid 'ca:fe:00:c0:ff:ee'
	option adhoc_mcast_rate '24000'

#########################################################
# If you want to use Wifi client mode just to connect to an AP offering internet
# you need two pieces of configuration: the wifi specific configuration and the
# network specific one like in the following example. If your router has an ethernet
# WAN port, you will need also the third piece of configuration for disabling it.

## set radio99 as client of access point for internet access, both the following "wifi" and "net" sections are required
config wifi radio99 # you should ensure that the chosen radio name exists, for example with "wifi status" command, likely radio0 or radio1. All the other non-specified options will be taken from "config lime-wifi-band" and the general "config lime wifi" sections
	list modes 'client'
	option channel 'auto'
	option client_ssid 'SomeWiFiNetwork'
	option client_key 'SomeWPApskPassword'
	option client_encryption 'psk2'			# psk for WPA or psk2 for WPA2
	option distance 1000				# maximum distance to AP, affects performances

config net wirelessclientWAN
	option linux_name 'wlan0-sta'			# verify the name, the client interface name could be named differently, like wlan1-sta
	list protocols 'wan'				# use wan to get Internet connectivity via DHCP

config net lm_hwd_openwrt_wan				# this interface gets created by lime-hwd-openwrt-wan package in case an ethernet WAN port is detected
	option autogenerated 'false'			# this line specify that the configuration of the WAN ethernet port has been manually edited, creating an empty configuration for it and practically disabling it

#########################################################
# If you want to use Wifi client and AP instead of mesh for building the
# backbone of your LibreMesh network (and you are using Batman-adv + Babeld)
# you will need specific wifi and net configuration both on the client and
# on the access point

## set radio99 as backbone access point (not for users connection, specific client configuration reported below) part of the LibreMesh network structure using Batman-adv and Babeld, both the following "wifi" and "net" sections are required on the AP
config wifi radio99 # you should ensure that the chosen radio name exists, for example with "wifi status" command, likely radio0 or radio1
#	list modes 'ap'					# include this if you additionally want an AP for clients on the same radio, check the maximum number of "interface combinations" with "iw phy phy0 info" command
#	list modes 'apname'
#	list modes 'ieee80211s'				# include this if you additionally want also do IEEE802.11s mesh on the same radio, check the maximum number of "interface combinations" with "iw phy phy0 info" command
	list modes 'apbb'				# apbb stands for backbone AP, for other LibreMesh routers connection rather than for users connection
	option apbb_ssid 'backbone/%H'		# clients should not connect to this AP, SSID name should point it out
#	option apbb_key 'somePassword'
#	option apbb_encryption 'psk2'

config net wirelessAPbackbone
	option linux_name 'wlan0-apbb'		# verify the name, the backbone AP interface name could be named differently, like wlan1-apbb
	list protocols 'apbb'			# backbone AP proto, needed for setting up the interface
	list protocols 'babeld:17'
	list protocols 'batadv:%N1'

## set radio99 as backbone client of a backbone access point (not for users connection, specific AP configuration reported above) using Batman-adv and Babeld, both the following "wifi" and "net" sections are required on the client
config wifi radio99 # you should ensure that the chosen radio name exists, for example with "wifi status" command, likely radio0 or radio1. All the other non-specified options will be taken from "config lime-wifi-band" and the general "config lime wifi" sections
	list modes 'client'
	option channel '11'
	option client_ssid 'backbone/LiMe-ddeeff'	# specify here the name of the specifically configured backbone AP interface you want to connect to
#	option client_key 'somePassword'
#	option client_encryption 'psk2'
	option distance 1000				# maximum distance to AP, affects performances

config net wirelessclientbackbone
	option linux_name 'wlan0-sta'			# verify the name, the client interface name could be named differently, like wlan1-sta
	list protocols 'client'				# needed for setting up the new interface
	list protocols 'babeld:17'
	list protocols 'batadv:%N1'

#########################################################
### Network interface specific options ( override general option )
### Available protocols: bmx6, bmx7, batadv, olsr, olsr6, olsr2, bgp, wan, lan, manual, static, babeld, apbb, client
### proto:vlan_number works too ( something like bmx6:13 is supported ), the VLAN type defaults to 802.1ad but 802.1q can be used specifying it with proto:vlan_number:8021q
### If you use manual do not specify other protocols, may result in an unpredictable behavior/configuration (likely you loose connection to the node)

#config net port5					# Do not put any "." in the section name
#	option linux_name 'eth1.5'			# Put here the actual name of the interface
#	list protocols 'wan'				# Some of these protocols require the relative package "lime-proto-..."
#	list protocols 'static'				# Set up a static IP (both IPv4 and IPv6 supported)
#	option static_ipv4 '192.168.1.2/24'
#	option static_gateway_ipv4 '192.168.1.1'	# in static protocol, specifying an IP for the gateway is optional. Skip this line if no default route should be added on this interface.
#	option static_ipv6 '2a00:1508:0a00::1234/64'
#	option static_gateway_ipv6 'fe80::1'		# in static protocol, specifying an IP for the gateway is optional. Skip this line if no default route should be added on this interface.

## (optional) configure lan1 for connection to other nodes, not for users connection:
config net
	option linux_name 'lan1'
	list protocols 'batadv:%N1'  #needs to be specified if the other node is in the same mesh cloud i.e. same ssid
	list protocols 'babeld:17'

## (optional) configure lan1 for users to connect to, not for connection to other nodes:
config net
	option linux_name 'lan1'
	list protocols 'lan'

#########################################################
### Ground routing specific sections
### One section for each ground routing link
### With ground routing we mean setups having LibreMesh on a router which is connected via cable(s), eventually through a switch, to some wireless routers running the original firmware in WDS (transparent bridge) Ap/Sta mode.
### Likely you want to configure as many sections of ground routing with different VLAN numbers or different switch ports as many connected devices in WDS mode.
### For a detailed description have a look at https://github.com/libremesh/lime-packages/issues/443

#config hwd_gr link1
#	option net_dev 'eth0'				# Plain ethernet device on top of which 802.1q VLAN will be constructed. In case of doubts rely on https://openwrt.org/toh/start
#	option vlan '5'					# VLAN ID to use for this ground routing link, use little one because cheap switch doesn't supports big IDs, this will be used also as 802.1q VID on tagged ports
#	option switch_dev 'switch0'			# These options regarding switch need to be set only if your ethernet device is connected to a switch chip. If the switch exists you can read its name (like switch0) in /etc/config/network file
#	option switch_cpu_port '0'			# Refer to switch port map of your device on https://openwrt.org/toh/start to know CPU port index
#	list switch_ports '4t'				# List switch ports on which you want the VLAN being passed, use the 't' suffix to specify the port being tagged, refer to https://openwrt.org/toh/start for correspondence with physical ports

#########################################################
### Proto BGP specific sections
### One section for each BGP peer

#config bgp_peer peer1
#	option remoteIP '192.0.2.6'
#	option remoteAS '65550'

#config bgp_peer peer2
#	option remoteIP '2001:db8::c001'
#	option remoteAS '65549'