Choosing the Right Hardware for BBHN Virtual Tunnels

Storage Space is King

The biggest challenge in installing extra software on nodes, such as tunnel solutions, is the amount of storage space that is available.  These devices usually have very limited storage capacity.  For example, a WRT54G has 4MB of flash memory.  This memory is where the entire operating system (OS), applications, and settings, must reside.  After the OS is loaded, we are left with very little space to store extra software (like tunnel/vpn software).   In fact, there is NOT enough space on a WRT54G to even install one of the required components of the tunnel solution.  On the other hand, a WRT54GS v2 has DOUBLE the amount of flash memory (8MB).  This is enough to install the tunnel solution, however, the BBHN project is stopping support for these Linksys devices in early 2015.  All of the Ubiquiti (UBNT) supported devices have at least 8GB of flash memory as well.

For this article, I will focus on the UBNT supported devices, since they have a longer support lifetime.

LAN and WAN ports

In order to support local LAN devices (ie. phones, PC’s, servers, RaspberryPi’s, etc), the node needs a LAN port.  This port also provides the PoE (power-over-ethernet) that is required to supply power to the node.  The WAN port provides access to the internet (or, perhaps, your local “home” network).   As long as you do not need to access the internet from your node, you really don’t need the WAN port.  However, since we are talking about virtual tunnels over the internet, we obviously need a way to get access to the WAN port.

Lonely Ethernet Ports

One of the “drawbacks” of the UBNT devices is that most only have a single ethernet ports.  Although the NanoStation models have two ports, the second port has not yet been enabled in the BBHN firmware.  There is an open ticket to support the second port.

So, our dilemma is… how can we provide LAN and PoE and WAN all over a single ethernet port?  Well, the answer lies in a feature/specification called 802.11Q VLAN.


The BBHN firmware uses this VLAN feature in order to provide “virtual lan”, or “virtual ports” over a single port on the device.  The way it works is that the firmware “tags” WAN traffic with “VLAN1” and LAN traffic is not tagged at all.  The switch will route the packets to the appropriate ports with the corresponding tags.

Recommended Hardware

Ubiquiti Nanostation M2 (or M5)
Netgear GS105E Smart Switch (see AE5CA’s article on configuring this)
** The “E” is important in the model number. **

A Final Note on Hardware

AE5CA (Clint) has a done a very nice job of comparing the various UBNT devices.  His blog article titled “Your first BBHN node should be a NanoStationM2” is comprehensive.


Quick Start Guide to AREDN

Load the AREDN firmware on the Node

  1. Download the firmware from
  2. Connect your PC to the device via CAT5 (easiest way)
  3. Go into AirOS and update the firmware
  4. Let it reboot
  5. Disconnect the CAT5, wait 5 secs, reconnect (to get a new IP address)
  6. Open your browser and go to:   http://localnode.local.mesh:8080  (The node is in PRE_MESH SETUP MODE)
  7. Hit setup
  8. Login (root/hsmm)
  9. Enter your callsign as the the nodename (plus some unique identifier like K5DLQ-UBM2-876, as an example)
  10. Enter a new password
  11. Save and reboot
  12. Disconnect the CAT5, wait 5 secs, reconnect (to get a new IP address 10.x.x.x)
  13. Open your browser and go to:   http://localnode.local.mesh:8080 (The node is now in full MESH MODE)

TIPS to Remember

  1. You cannot connect your PC/MAC via WIFI directly to the MESH!  You must use CAT5.
  2. As an alternative, you can configure a separate wifi access point for general wifi, can plug from it’s WAN port, into your configured switch alongside a mesh node.
  3. To configure for LAN and WAN access, configure your 802.11q switch as follows:
    1. VLAN0 (untagged) = LAN
    2. VLAN1 = WAN access   (can connect from your home network to this port to provide internet to the mesh node)
    3. VLAN2 = DTDLINK (device to device bridging.  For bridging a 2GHZ node to a 5GHZ node via CAT5, as an example)

Links to Note