wavectl configure-hub¶

Configure GL.iNet routers as Waveshift hub devices via SSH.

Synopsis¶

{{ ... }}
wavectl configure-hub [options]

Description¶

The configure-hub command configures hub routers via SSH with network settings and WireGuard configuration.

Note: Uses AWS profile from wavectl.json for retrieving WireGuard configuration

Configuration Updates: - Network configuration (LAN IP and WireGuard settings) - DHCP configuration with site-specific IP addresses - Device scanner script with optional site ID - System time synchronisation

Options¶

Option	Type	Description	Default
`--config`	string	Configuration file path	`infra.json`
`--site`	int	Site number to configure (-1 for interactive)	-
`--router-ip`	string	Hub router IP	`10.34.0.1`
`--site-id`	string	Optional site ID UUID	-
`--ssh-user`	string	SSH username	`root`
`--ssh-password`	string	SSH password	`Waveshift2025!`
`--interactive`	bool	Run in interactive mode (auto-enabled if no site specified)	-

Examples¶

Configure Hub Router¶

# Configure hub router for site 0
wavectl configure-hub --site 0

# Configure with custom router IP
wavectl configure-hub --site 1 --router-ip 192.168.1.1

# Configure with specific site ID
wavectl configure-hub --site 1 --site-id "uuid-here"

# Interactive mode
wavectl configure-hub --interactive

Expected Output:

Starting hub router configuration...
Configuring site 0 (IP: 10.34.0.1, Access Server: 0)
Using site ID from config: 58b4ff01-c664-47e0-8d3c-0c6d7bc538af
Connecting to hub router... |
Successfully connected to router at 10.34.0.1
Connecting to hub router... done
Updating router configuration... -
Rebooting router to apply changes...
✅ Router configuration completed successfully!
Router will reboot and be available at new IP: 10.34.0.1

Custom Authentication¶

# Use custom SSH credentials
wavectl configure-hub --site 1 --ssh-user admin --ssh-password mypassword

# Configure with custom router IP and credentials
wavectl configure-hub --site 1 --router-ip 10.34.0.1 --ssh-user root --ssh-password gl-inet

Advanced Usage¶

# Use specific site ID instead of site number
wavectl configure-hub --site 1 --site-id "550e8400-e29b-41d4-a716-446655440000"

# Custom configuration file
wavectl configure-hub --site 1 --config /path/to/config.json

Configuration Process¶

Step 1: SSH Connection¶

Establishes SSH connection to router at 10.34.0.1
Verifies router accessibility and credentials (root/Waveshift2025!)
Connects to OpenWrt router running WaveShift firmware
Displays router information and firmware version

Step 2: DHCP Configuration¶

Updates DHCP server settings
Configures IP range for site network
Sets DNS servers for internal resolution
Applies network configuration changes

Step 3: WireGuard Setup¶

Installs/updates WireGuard configuration
Uses site-specific private key from config
Configures server endpoint and routing
Enables WireGuard interface

Step 4: Device Scanner Installation¶

Installs device discovery script
Configures site ID for device tracking
Sets up periodic scanning schedule
Enables device reporting to Waveshift

Step 5: Router Reboot¶

Applies all configuration changes
Reboots router to ensure clean state
Router becomes available at configured IP address
Connection may be temporarily lost during reboot (normal behavior)

Router Requirements¶

Supported Models¶

Recommended Models - GL.iNet Slate (GL-AR750S): Ideal for site deployments - GL.iNet Brume2 (GL-MT6000): High-performance main hub - GL.iNet Beryl (GL-MT1300): Compact site router - GL.iNet Convexa-B (GL-B1300): Enterprise-grade option

Compatibility - Most GL.iNet routers with OpenWrt firmware - WireGuard support required - SSH access enabled

Network Configuration¶

Default Router Settings - Management IP: 10.34.0.1 (default for Waveshift routers) - Network Range: Site-specific (10.8.X.0/24) - DHCP Range: 10.8.X.10 - 10.8.X.200 - SSH Port: 22

Post-Configuration - Site Network: 10.8.X.0/24 (where X is site number) - Gateway IP: 10.8.X.1 - DHCP Range: 10.8.X.10 - 10.8.X.200 - DNS Servers: Waveshift internal DNS

SSH Configuration¶

Default Credentials¶

GL.iNet routers typically use: - Username: root - Password: Waveshift2025! (or router-specific default)

Custom Credentials¶

# Common GL.iNet defaults
wavectl configure-hub --site 0 --router-ip 10.34.0.1 --ssh-user root --ssh-password gl-inet

# Custom enterprise credentials
wavectl configure-hub --site 0 --router-ip 10.34.0.1 --ssh-user admin --ssh-password enterprise-password

SSH Key Authentication¶

For enhanced security, configure SSH key authentication on routers:

# Copy SSH key to router (manual step)
ssh-copy-id root@10.34.0.1

# Configure without password (if key auth is set up)
wavectl configure-hub --site 0 --router-ip 10.34.0.1 --ssh-password ""

Site Selection¶

Using Site Number¶

# Configure the first site (site 1)
wavectl configure-hub --site 1

# Configure the third site (site 2)
wavectl configure-hub --site 2

Using Site ID¶

# Use specific UUID (overrides site number)
wavectl configure-hub --site-id 550e8400-e29b-41d4-a716-446655440000 --router-ip 10.34.0.1

Site Selection Logic¶

If --site-id is provided, uses that specific site
If --site is provided, uses site by number from config
Site must exist in configuration file
Site must have WireGuard keys generated

Configuration Details¶

DHCP Server Setup¶

The router DHCP configuration is updated to:

# Example DHCP configuration for Site 0
option domain-name "waveshift.local";
option domain-name-servers 10.0.1.10;

subnet 10.8.0.0 netmask 255.255.255.0 {
    range 10.8.0.10 10.8.0.200;
    option routers 10.8.0.1;
    option broadcast-address 10.8.0.255;
}

WireGuard Configuration¶

# Example WireGuard config for Site 0
[Interface]
PrivateKey = <site_private_key>
Address = 10.8.0.1/24
ListenPort = 51820

[Peer]
PublicKey = <waveshift_server_public_key>
Endpoint = <waveshift_public_ip>:51820
AllowedIPs = 10.0.0.0/8
PersistentKeepalive = 25

Device Scanner Script¶

The device scanner script performs:

Network Discovery: Scans site network for devices
Device Identification: Collects MAC addresses, IP addresses
Reporting: Sends device information to Waveshift
Scheduling: Runs periodically via cron

#!/bin/bash
# Device scanner script (simplified)
SITE_ID="550e8400-e29b-41d4-a716-446655440000"
API_ENDPOINT="https://waveshift.internal/api/devices"

# Scan network and report devices
nmap -sn 10.8.0.0/24 | grep -E "Nmap scan report" | \
    while read line; do
        # Extract and report device information
        # Send to Waveshift API with site ID
    done

Batch Configuration¶

Multiple Routers¶

# Configure multiple sites sequentially
for site in {1..4}; do
    wavectl configure-hub --site $site
done

# Configure with different router IPs if needed
wavectl configure-hub --site 1 --router-ip 192.168.1.1
wavectl configure-hub --site 2 --router-ip 192.168.2.1
wavectl configure-hub --site 3 --router-ip 192.168.3.1

Automation Scripts¶

#!/bin/bash
# Automated hub configuration script

SITES=(1 2 3 4 5)

for site in "${SITES[@]}"; do
    echo "Configuring Site $site"
    wavectl configure-hub --site "$site"

    if [ $? -eq 0 ]; then
        echo "✅ Site ${SITES[$i]} configured successfully"
    else
        echo "❌ Failed to configure Site ${SITES[$i]}"
    fi
done

Troubleshooting¶

SSH Connection Issues¶

Host Key Verification If you encounter SSH host key warnings:

# Remove old host keys (if router was reset)
rm ~/.ssh/known_hosts

# Or remove specific host
ssh-keygen -R 10.34.0.1

Connection Authentication

# Test SSH connection manually
ssh root@10.34.0.1

# Expected prompt:
# The authenticity of host '10.34.0.1 (10.34.0.1)' can't be established.
# ED25519 key fingerprint is SHA256:RDtM8r7ZjglW6yhIbVgaJ2MBOTu0+7kDuOEi72JoM2U.
# Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
# root@10.34.0.1's password: [enter: Waveshift2025!]

SSH Connection Failed

# Test SSH connectivity manually
ssh root@10.34.0.1

# Check if SSH is enabled on router
nmap -p 22 10.34.0.1

# Verify router IP address
ping 10.34.0.1

Authentication Failed

# Try with custom router IP
wavectl configure-hub --site 1 --router-ip 10.34.0.1

# Try with different credentials
wavectl configure-hub --site 1 --ssh-user admin --ssh-password "different-password"

Configuration Issues¶

Site Not Found

# Verify site exists in configuration
cat infra.json | jq '.sites[] | select(.site_number == 0)'

# Add site if missing
wavectl sites --add 1

WireGuard Setup Failed

# Check if WireGuard is installed on router
ssh root@10.34.0.1 "opkg list-installed | grep wireguard"

# Install WireGuard if missing
ssh root@10.34.0.1 "opkg update && opkg install wireguard"

Router Reboot Issues

# Manual reboot if automatic reboot fails
ssh root@10.34.0.1 "reboot"

# Check router status after reboot
ping 10.34.0.1

Network Conflicts¶

IP Address Conflicts

# Check for existing networks using 10.8.X.0/24
ip route | grep "10.8"

# Use different site numbers if conflicts exist
wavectl configure-hub --site 10 --router-ip 10.34.0.1  # Uses 10.8.10.0/24

Security Considerations¶

SSH Security¶

Change default router passwords
Use SSH key authentication when possible
Restrict SSH access to management networks
Regular firmware updates

Network Security¶

WireGuard provides encrypted tunnels
Site networks are isolated by default
Device scanner uses authenticated API calls
All traffic routed through Waveshift infrastructure

Verification¶

Post-Configuration Checks¶

# Verify WireGuard is running
ssh root@10.34.0.1 "wg show"

# Check DHCP configuration
ssh root@10.34.0.1 "cat /etc/config/dhcp"

# Verify device scanner
ssh root@10.34.0.1 "crontab -l | grep device-scanner"

# Test connectivity to Waveshift
ssh root@10.34.0.1 "ping -c 3 waveshift.internal"

Expected Results¶

After successful configuration:

WireGuard Active: VPN tunnel established
DHCP Updated: Site network configuration applied
Device Scanner: Running and reporting devices
Connectivity: Router can reach Waveshift services

Exit Codes¶

0: Router configured successfully
1: Error (SSH failure, configuration error, etc.)