lime-example
https://github.com/libremesh/lime-packages/master/packages/lime-docs/files/www/docs/lime-example.txt
# The LibreMesh configuration is done by /etc/config/lime-* files, following this scheme:
# 0. lime-autogen - DO NOT EDIT, this contains the applied, autogenerated configuration
# 1. lime-node - node specific configuration (interfaces specific options)
# 2. lime-MAC - node specific configuration (interfaces specific options) - every node reads only it's own lime-MAC, i.e. lime-520000abc001
# 3. lime-community - community specific configuration
# 4. lime-defaults - default configuration.
# To configure LibreMesh
# - Insert options in '/etc/config/lime-node' or '/etc/config/lime-community' file
# - These will override the default ones provided by '/etc/config/lime-defaults'.
# - Interface specific options have to be included in 'lime-node', if in 'lime-community' they'll cause unpredictable behaviour.
# The options marked with "Parametrizable with %Mn, %Nn, %H", can include the templates:
# - %Mn: replaced by the n'th byte of the primary_interface MAC
# - %Nn: replaced by the n'th (n = 1..5) network-identifier byte, calculated from the hash of the ap_ssid value,
# so that all the nodes that form a mesh cloud (share the same ap_ssid) will produce the same value
# - %H: replaced by the hostname
# For setting the WAN port on the default WAN port (according OpenWrt):
# just install the 'lime-hwd-openwrt-wan' package and the configuration will be autogenerated.
# For setting a specific ethernet port as WAN
# use an interface specific configuration "config net ..." and install the 'lime-proto-wan' package
#########################################################
### System options
config lime system
option hostname 'LiMe-%M4%M5%M6' # Parametrizable with %Mn
option domain 'thisnode.info' # DNS domain for the L2 cloud it could be something like mycloud.mynetwork.tld,
# hosts that get their IP by DHCP will also get a fully qualified domain name like hostname.mycloud.mynetwork.tld
option keep_on_upgrade 'libremesh dropbear
minimum-essential /etc/sysupgrade.conf' # Files defining the list of files and directories to backup when upgrade. Relative to /lib/upgrade/keep.d if no '/' defined.
option root_password_policy 'DO_NOTHING' # Options SET_SECRET/DO_NOTHING/RANDOM:
# - SET_SECRET, the root password will be configured as specified in root_password_secret.
# - RANDOM a strong random password will be set if root has no password, use this if your firmware is built with the ssh keys inside.
# - DO_NOTHING leaves the root password empty (you will have to set it manually or through FirstBootWizard).
option root_password_secret '' # Used only when 'root_password_policy=SET_SECRET'. The password hash will be stored in /etc/shadow
# You can generate the secret with 'openssl passwd -1' to be compatible with most openwrt firmwares,
# use a strong password with at least 10 numbers and letters, the longer the better!.
# For improved security use "openssl passwd -6" for SHA512 (or -5 for SHA256) but be aware that not all firmwares support this.
option deferrable_reboot_uptime_s '97200'
option deferrable_reboot_ping_target '4.2.2.2' # Reboot scheduled by deferrable_reboot, if installed, will be deferred if the ping to this IP is succesful
option firstbootwizard_configured false
option firstbootwizard_dismissed false # When true fbw banner will be hidden.
#########################################################
### Network general option
config lime network
option primary_interface eth0 # The mac address of this device will be used in different places
option main_ipv4_address '10.%N1.0.0/16' # Here you have 4 possibilities:
# 1. set a static IP and the subnet, like '10.0.2.1/16';
# 2. parametrize with %Mn and %Nn, and set the subnet, like '10.%N1.%M5.%M6/16';
# 3. set a whole network address (not a specific IP) for getting the IP autocompleted in that network with bits from MAC address,
# this works also with netmasks other than /24 or /16, like '10.0.128.0/17'
# (but not valid network addresses, for example '192.0.128.0/16' or '192.0.129.0/17' won't get parametrized);
# 4. set two different parameters, the first for subnet and the second for nodes IP parameterization, like '10.0.128.0/16/17',
# this results in /16 subnet but IP of the LibreMesh routers will be auto-assigned in a /17 range (from 10.0.128.1 to 10.0.255.254).
option anygw_dhcp_start '2' # First IP in the subnet to be used for DHCP for clients.
# For example, if the subnet is 10.x.0.0/16 and you want the clients to get an IPv4 from a DHCP pool starting from 10.x.100.2,
# the start parameter will have to be 100 * 256 + 2 = 25602.
option anygw_dhcp_limit '0' # Number of IPs available for DHCP.
# Use zero for having the DHCP pool ranging from anygw_dhcp_start up to the end of the subnet.
# For example, if the subnet is 10.x.0.0/16, the start of the DHCP pool is at 10.x.100.2 and you want it to finish at 10.x.127.254,
# the limit parameter will have to be (127 - 100) * 256 + (254 - 2) + 1 = 7165.
option main_ipv6_address 'fd%N1:%N2%N3:%N4%N5::/64' # Parametrizable in the same way as main_ipv4_address.
# If used, the IP autocompletion will fill maximum the last 24 bits, so specifying an IP autocompletion range bigger than /104 is not useful.
# List of protocols configured by LiMe, some of these require the relative package "lime-proto-...".
# Note that if you set here some protocols, you overwrite the *whole* list of protocols set in /etc/config/lime-defaults
list protocols ieee80211s
list protocols lan
list protocols anygw
list protocols batadv:%N1 # Parametrizable with %Nn (which depends from ap_ssid), note that this will range between 29 and 284
# list protocols batadv:0 # If 0 VLAN tags are disabled and the routing is done on the raw interface
list protocols bmx6:13 # The VLAN type can be provided as a third argument, for example bmx6:13:8021q for using VLAN 802.1q instead of the default 802.1ad
list protocols olsr:14 # Do not use a VLAN ID between 29 and 284 as this range is reserved for batadv:%N1 parameterization, maximum ID is 4095
list protocols olsr6:15
list protocols olsr2:16
list protocols babeld:17
list protocols bmx7:18
# DNS servers node will use. Set every entry empty for using the upstream (ISP) DNS server
list resolvers 4.2.2.2 # b.resolvers.Level3.net
list resolvers 141.1.1.1 # cns1.cw.net
list resolvers 2001:470:20::2 # ordns.he.net
option bmx6_mtu '1500' # Set MTU for bmx6 tunnel interfaces
option bmx6_publish_ownip false # Announce also a /32 route about each node
option bmx6_over_batman false # Disables Bmx6 meshing on top of batman
option bmx6_pref_gw none # Force bmx6 to use a specific gateway to Internet (hostname must be used as identifier)
option bmx6_wifi_rate_max 54000000
option bmx7_mtu '1500' # Set MTU for bmx7 tunnel interfaces
option bmx7_publish_ownip false # Announce also a /32 route about each node
option bmx7_over_batman false
option bmx7_pref_gw none # Force bmx7 to use a specific gateway to Internet (hostname must be used as identifier)
option bmx7_wifi_rate_max 'auto'
option bmx7_enable_pki false # Trust only nodes in /etc/bmx7/trustedNodes when set (default is to trust all nodes)
option batadv_orig_interval '2000' # BATMAN-adv will send one Originator Message (OGM) packet every 2000 ms (2 seconds).
# This value should be ok for the static networks, in which the LibreMesh routers are not moving.
# If you have a LibreMesh node moving (e.g. in your backpack) consider decreasing this value.
# A smaller value means that BATMAN-adv will take less time for realizing which links are better,
# but will generate more background traffic on all the interfaces.
option batadv_routing_algo 'BATMAN_IV' # BATMAN_V uses throughput rather than packet loss (as in BATMAN_IV) for evaluating the quality of a link
option anygw_mac 'aa:aa:aa:%N1:%N2:aa' # Parametrizable with %Nn. Keep in mind that the ebtables rule will use a mask of ff:ff:ff:00:00:00
# so br-lan will not forward anything coming in that matches the first 3 bytes of it's own anygw_mac (aa:aa:aa: by default)
# option autoap_enabled 0 # Requires lime-ap-watchping installed. If enabled AP SSID is changed to ERROR when network issues
# option autoap_hosts "8.8.8.8 141.1.1.1" # Requires lime-ap-watchping installed. Hosts used to check if the network is working fine
option use_odhcpd false
#########################################################
### WiFi general options
# Settings in this section applies to all radios.
config lime wifi
list modes 'ap' # This mode setup an Access Point, with the same ssid in each node for roaming purposes.
list modes 'apname' # This mode setup an Access Point, with specific ssid for each node.
list modes 'apup' # This mode setup radio for APuP operation.
list modes 'ieee80211s' # Used for mesh links between nodes.
# list modes 'adhoc' # See below for adhoc configuration
# list modes 'client' # See below for client configuration
# option country 'ES' # Set this to your location country code, for example in Spain, setting ES allows you to use channel 13
option ap_ssid 'LibreMesh.org' # Set here your network name, **this value is required even if AP is not used**, as it is used for calculating fields with %Nn.
# Connect to this network to roam across APs.
# option ap_key 'SomeWPA2PskKey'
# option ap_encryption 'psk2'
option apname_ssid 'LibreMesh.org/%H' # SSID specific to each AP. A user can connect to the named AP to avoid roaming
# option apname_key 'SomeWPA2PskKey'
# option apname_encryption 'psk2'
option apup_ssid 'LibreMesh.org' # Set here your APuP based network name
option adhoc_ssid 'LiMe' # SSID of the APs (nodes) when meshing in ad-hoc mode, i.e., the nodes form an IBSS. Not used when meshing in 802.11s (the default)
option adhoc_bssid 'ca:fe:00:c0:ff:ee'
option ieee80211s_mesh_fwding '0' # Settings needed only for 802.11s
option ieee80211s_mesh_nolearn '1' # Disable multi-hop mesh routing capabilities of 802.11s
option ieee80211s_mesh_id 'LiMe' # Mesh cloud identifier (close to SSID in concept). Used by the nodes to join and participate in the mesh network.
# option ieee80211s_encryption 'psk2/aes' # In order to use encrypted mesh, the wpad-mini package have to be replaced with wpad-mesh-wolfssl package
# either manually or by the selected network-profile
# option ieee80211s_key 'SomePsk2AESKey'
option unstuck_interval '10' # Interval in minutes that defines how often to run the workaround script provided by the package wifi-unstuck-wa
# that rescan all available frequencies in active radios.
option unstuck_timeout '300' # Timeout in seconds that defines how long the mentioned above workaround should go.
#########################################################
### WiFi specific band options
config lime-wifi-band '2ghz' # Settings in this section applies for all radios in '2ghz' (or '5ghz') band. And take precedence over 'lime wifi' section
option channel '11'
option htmode 'HT20' # htmode sets the width of the channel. HT40 should have better performances in non-noisy environments.
# Refer to the OpenWrt wiki: https://openwrt.org/docs/guide-user/network/wifi/basic#htmodewi-fi_channel_width
option distance '1000' # 1 km max distance, farther clients or peers will not be able to connect
option adhoc_mcast_rate '24000'
option ieee80211s_mcast_rate '24000'
# list modes 'ap' # For networks where only dual band routers are used,
# list modes 'apname' # 2.4Ghz radios can be reserved for access points.
config lime-wifi-band '5ghz'
list channel '48' # May be either a list or a single option, in case of a list a channel for each radio will be selected according to radio index
list channel '157' # Check for allowed channels on https://en.wikipedia.org/wiki/List_of_WLAN_channels#regulatory_tables5.0ghz
option htmode 'HT40' # htmode sets the width of the channel. VHT80 should have better performances in non-noisy environment.
# Check out the valid channels list in this comment: https://github.com/libremesh/lime-packages/issues/647#issuecomment-1503968192
# and refer to the OpenWrt wiki here: https://openwrt.org/docs/guide-user/network/wifi/basic#htmodewi-fi_channel_width
# list modes 'ieee80211s' # For networks where only dual band routers are used, the 5 GHz radio can be reserved for the node-to-node connections
option distance '10000' # Distance between this node/ap and the furthest connected node/client in meters, affects performances.
# If you are unsure of the right number, better to use a too-large distance here than a too-small one.
# Farther clients or peers will not be able to connect
option adhoc_mcast_rate '6000'
option ieee80211s_mcast_rate '6000'
#########################################################
### Configuration directed to other UCI files
config generic_uci_config uhttpd_https
list uci_set 'uhttpd.main.redirect_https=0' # Disable automatic redirect from http to httpS web interface, decided to decrease the CPU usage by shared-state and ubus-lime-metrics
#########################################################
### WiFi interface specific options (edit lime-node or lime-MAC) override defaults wifi options
# Ensure that the chosen radio name exists, i.e. running the "wifi status" command, likely radio0 or radio1.
# All the other non-specified options will be taken from "config lime-wifi-band" and the general "config lime wifi" sections
## Use radio99 only for mesh
config wifi radio99
list modes 'ieee80211s'
## Change ssid for radio99
config wifi radio99
option ap_ssid 'Special'
## Disable lime-config for radio99
config wifi radio99
option modes 'manual' # If you use manual protocol you must not specify other protocol, or your configuration will be broken!
## Decrease power output for radio99
# This is rarely a good idea, do it just if you are very sure of what you are doing.
# Be aware that decreasing the power output can create a "hidden node problem", see https://en.wikipedia.org/wiki/Hidden_node_problem
config wifi radio99
option txpower '14' # For knowing the current txpower, use the "iwinfo" command.
## Set radio99 to do only adhoc and set the channel
config wifi radio99
list modes 'adhoc'
option channel '1'
option adhoc_ssid 'LiMe' # Parametrizable with %M, %H
option adhoc_bssid 'ca:fe:00:c0:ff:ee'
option adhoc_mcast_rate '24000'
#########################################################
### Wifi client mode (edit lime-node or lime-MAC)
# If you want to use Wifi client mode just to connect to an AP offering internet, you need two pieces of configuration:
# the wifi specific configuration and the network specific one.
# If your router has an ethernet WAN port, you will need also the third piece of configuration for disabling it.
## Set radio99 as client of access point for internet access
config wifi radio99
list modes 'client'
option channel 'auto'
option client_ssid 'SomeWiFiNetwork'
option client_key 'SomeWPApskPassword'
option client_encryption 'psk2' # psk for WPA or psk2 for WPA2
option distance 1000 # Maximum distance to AP, affects performances
config net wirelessclientWAN
option linux_name 'wlan0-sta' # Verify the name, the client interface name could be named differently, like wlan1-sta
list protocols 'wan' # Use 'wan' to get Internet connectivity via DHCP
config net lm_hwd_openwrt_wan # This interface gets created by lime-hwd-openwrt-wan package in case an ethernet WAN port is detected
option autogenerated 'false' # Specify that the configuration of the WAN ethernet port has been manually edited,
# creating an empty configuration for it and practically disabling it
#########################################################
### Wifi backbone AP (edit lime-node or lime-MAC)
# If you want to use Wifi client and AP instead of mesh for building the
# backbone of your LibreMesh network (and you are using Batman-adv + Babeld)
# you will need specific wifi and net configuration both on the client and on the access point
## Set radio99 as backbone access point
# (not for users connection, specific client configuration reported below)
# part of the LibreMesh network structure using Batman-adv and Babeld, both the following "wifi" and "net" sections are required on the AP
config wifi radio99
# list modes 'ap' # Include this if you additionally want an AP for clients on the same radio,
# check the maximum number of "interface combinations" with "iw phy phy0 info" command
# list modes 'apname'
# list modes 'ieee80211s' # Include this if you additionally want also do IEEE802.11s mesh on the same radio,
# check the maximum number of "interface combinations" with "iw phy phy0 info" command
list modes 'apbb' # apbb stands for backbone AP, for other LibreMesh routers connection rather than for users connection
option apbb_ssid 'backbone/%H' # Clients should not connect to this AP, SSID name should point it out
# option apbb_key 'somePassword'
# option apbb_encryption 'psk2'
config net wirelessAPbackbone
option linux_name 'wlan0-apbb' # Verify the name, the backbone AP interface name could be named differently, like wlan1-apbb
list protocols 'apbb' # Backbone AP proto, needed for setting up the interface
list protocols 'babeld:17'
list protocols 'batadv:%N1'
#########################################################
### Wifi backbone client (edit lime-node or lime-MAC)
## Set radio99 as backbone client of a backbone access point
# (not for users connection, specific AP configuration reported above)
# using Batman-adv and Babeld, both the following "wifi" and "net" sections are required on the client
config wifi radio99 # you should ensure that the chosen radio name exists, for example with "wifi status" command, likely radio0 or radio1.
# All the other non-specified options will be taken from "config lime-wifi-band" and the general "config lime wifi" sections
list modes 'client'
option channel '11'
option client_ssid 'backbone/LiMe-ddeeff' # Specify here the name of the specifically configured backbone AP interface you want to connect to
# option client_key 'somePassword'
# option client_encryption 'psk2'
option distance 1000 # Maximum distance to AP, affects performances
config net wirelessclientbackbone
option linux_name 'wlan0-sta' # Verify the name, the client interface name could be named differently, like wlan1-sta
list protocols 'client' # Needed for setting up the new interface
list protocols 'babeld:17'
list protocols 'batadv:%N1'
#########################################################
### Network interface specific options (edit lime-node or lime-MAC) override network general options
# Available protocols: bmx6, bmx7, batadv, olsr, olsr6, olsr2, bgp, wan, lan, manual, static, babeld, apbb, client
# proto:vlan_number - define the VLAN number i.e. bmx6:13
# proto:vlan_number:vlan_type - define the VLAN type (default is 8021ad) i.e. bmx6:13:8021q
# If you use the protocol 'manual' do not specify other protocols, may result in an unpredictable behavior/configuration (likely you loose connection to the node)
## configure the ethernet port eth1.5 as WAN with static ipv4 and ipv6 addresses
config net port5 # Do not put any "." in the section name
option linux_name 'eth1.5' # Put here the actual name of the interface
# list protocols 'wan' # Use 'wan' instead of 'static' to get Internet connectivity via DHCP
list protocols 'static' # Set up a static IP (both IPv4 and IPv6 supported)
option static_ipv4 '192.168.1.2/24'
option static_gateway_ipv4 '192.168.1.1' # In static protocol, specifying an IP for the gateway is optional. Skip this line if no default route should be added on this interface.
option static_ipv6 '2a00:1508:0a00::1234/64'
option static_gateway_ipv6 'fe80::1' # In static protocol, specifying an IP for the gateway is optional. Skip this line if no default route should be added on this interface.
## (optional) Configure lan1 for connection to other nodes, not for users connection:
config net
option linux_name 'lan1'
list protocols 'batadv:%N1' # Needs to be specified if the other node is in the same mesh cloud i.e. same ssid
list protocols 'babeld:17'
## (optional) Configure lan1 for users to connect to, not for connection to other nodes:
config net
option linux_name 'lan1'
list protocols 'lan'
#########################################################
### Ground routing specific sections (edit lime-node or lime-MAC)
# One section for each ground routing link
# With ground routing we mean setups having LibreMesh on a router which is connected via cable(s), eventually through a switch,
# to some wireless routers running the original firmware in WDS (transparent bridge) Ap/Sta mode.
# Likely you want to configure as many sections of ground routing with different VLAN numbers or different switch ports as many connected devices in WDS mode.
# For a detailed description refer to https://github.com/libremesh/lime-packages/issues/443
config hwd_gr link1
option net_dev 'eth0' # Plain ethernet device on top of which 802.1q VLAN will be constructed. In case of doubts rely on https://openwrt.org/toh/start
option vlan '5' # VLAN ID to use for this ground routing link, use little one because cheap switch doesn't supports big IDs,
# this will be used also as 802.1q VID on tagged ports
option switch_dev 'switch0' # These options regarding switch need to be set only if your ethernet device is connected to a switch chip.
# If the switch exists you can read its name (like switch0) in /etc/config/network file
option switch_cpu_port '0' # Refer to switch port map of your device on https://openwrt.org/toh/start to know CPU port index
list switch_ports '4t' # List switch ports on which you want the VLAN being passed, use the 't' suffix to specify the port being tagged,
# refer to https://openwrt.org/toh/start for correspondence with physical ports
#########################################################
### Proto BGP specific sections
# One section for each BGP peer
config bgp_peer peer1
option remoteIP '192.0.2.6'
option remoteAS '65550'
config bgp_peer peer2
option remoteIP '2001:db8::c001'
option remoteAS '65549'
#########################################################
### Watchcat specific sections
# One section for each ping-watchdog rule you want to define.
# Ping-reboot the device if gateway (or any IP) is unreachable
config hwd_watchcat default
option mode 'ping_reboot'
option pinghosts '4.2.2.2' # Default Level3 resolver
option pingperiod '30s' # Send one ping every 30 seconds
option period '6h' # Reboot if 6h continuously failing
option forcedelay '1m' # Wait up to 1m for a soft-reboot