Tutorial: Administrative Mesh Network

by John Haverlack 2020-09-22

Tutorial Objectives

This tutorial covers how to:

  • Install CJDNS on Linux, Windows or Mac platforms
  • Join a test CJDNS mesh network
  • Test SSH connectivity between nodes
  • Test NoMachine remote desktop between nodes
  • Test Firefox with a remote Squid Proxy server for remote web access.

The focus of this tutorial will be on using an enrypted IPv6 mesh network (CJDNS) for remote administrative access as an alternative to VPN or SSH tunneling.

Pros of CJDNS

  • Minimal dependence on fixed IP addresses for static routes between networks
  • All traffic is encrypted
  • Resilient to intermittent network outages (this is mostly true)
  • Most IPv4 applications can be used transparently on IPv6 address without modification
  • Codebase is free, open source mature and stable
  • CJDNS runs on Windows, Mac OS X, Linux (CentOS, Debian/Ubuntu/Mint, Raspbian, and OpenWRT)
  • Community Support via Matrix/Element: https://app.element.io/#/room/!FgPvfVaiPeDNKZHaSe:matrix.org

Cons of CJDNS

  • Security depends on strict administrative control of member nodes. Each node is a potential risk vector.
  • Occasional performance issues, but typically works as good or better than direct SSH connections.
  • I've had trouble running as a service on Windows and Macs. However others report this is not an issue.
Another open alternative mesh network solution is [Ygdrasil](https://yggdrasil-network.github.io/). I've not had a chance to do hands on testing with this system so I am not equipped to provide a comparison.


Test Host

You will need a recent up-to-date Linux (CentOS/Debian/Linuxmint/Ubuntu/Raspbian), Mac OS X, or Windows 10 physical or virtual computer with:

  • > ~1 GB RAM
  • a graphical desktop environment
  • Administrative Access (to install software)
It is recommended to perform this tutorial on a local test system other than your primary desktop computer.

Optional VirtualBox Test Host

To save time, I have provided 2 Debian VirtualBox images that you may download and import ahead of time for the purposes of this tutorial.
  1. tutorial-admeshnet-cjdns.ova (SHA1Sum:0ca5d30879bc1f6f40c6566083f2d99b22e0c61f ~2.5 GB) - This Debian Desktop VirtualBox image comes will all software installed and is ready to quickly connect to our test mesh network for demonstration.
  2. tutorial-admeshnet-preinst.ova (SHA1Sum:f08d969c0fc29f48dc54cb4f70bf6175269ffcb2 ~2.4 GB ) - This Debian Desktop VirtualBox image comes without all software installed so we can do hands on training of the installation procedure.
Please contact jehaverlack@alaska.edu for the Administrative login and password for these images.
Alternately if you choose to install on a Windows or Mac computer, or other Linux system you will need to have administrative permissions and be responsible for any technical glitches that may arise. The easiest way to follow this tutorial will be to use one of the prepared VirtualBox images.
Installing VirtualBox and Importing VirtualBox OVA images.
  1. Download and install VirtualBox for your x86_64 Win,Mac,Lnx desktop/laptop computer (with > 4 GB RAM, &gh; 5 GB free disk space).
  2. Download one or both of the above VirtualBox OVA guest images.
  3. For each VirtualBox OVA guest image that you want to run
  4. Open VirtualBox, Goto the menu: File -> Import Appliance, Select your *.ova file image and follow the import process.


This tutorial will be using the following software inside our CJDNS test hosts:

To save time you might want to install Node.JS, Firefox, and NoMachine on you test host prior to the tutorial.

Tutorial Beginning

Before we begin you should have at least one test host ready to use in this tutorial:
  • One of the VirtualBox Guest images
  • A Mac, Windows, Linux, Raspberry Pi test host