Build Status

The following instructions will help you set up an encrypted mesh network on Raspberry Pi’s. It takes about 15 minutes to set up a node with the Pi 3. Obviously, to have a mesh you will need more than one node.

Many models of Orange Pi hardware running Armbian are also supported. The same installation steps can be followed, except you would flash the SD card with Armbian instead of Raspbian. See Hardware Table for the full list of supported hardware.

Set Up

  1. Make sure you have the following items:

  2. Flash the SD card with Raspbian Stretch Lite.

  3. Create an empty file named ssh to enable SSH when the Pi boots:

     $ touch /path/to/sd/boot/ssh
  4. Plug the SD card and USB WiFi adapter into the Pi.

  5. Plug the Pi into your router, so it has connectivity to the Internet. SSH into the Pi with ssh pi@raspberrypi.local and password raspberry.

    Optional: There are other ways to connect, such as connecting the Pi to your computer and sharing Internet to it. Or if you have multiple Pi’s connected to your router, find its IP with nmap -sn 192.168.X.0/24 (where 192.168.X is your subnet) and SSH to the local IP assigned to the Pi you want to address ssh pi@192.168.X.Y.

  6. In your SSH session, run passwd and change your login password. It is very important to choose a strong password so others cannot remotely access your Pi.

  7. Run the following, then let the installation complete. After about 5 minutes the Pi will reboot:

     $ wget && chmod +x install && ./install

    The installation script can also install many optional features such as distributed applications and network analysis tools that are useful but non-essential to run a node. You can use flags to selectively enable them, or use the following command to install all optional features:


Optional Features

Feature Flag HTTP Service Port Description
WITH_MESH_POINT None Set to true if you have a suitable USB WiFi adapter and want to configure it as a 802.11s Mesh Point interface.
WITH_WIFI_AP None Set to true if you have a Raspberry Pi 3 and want to configure the on-board WiFi as an Access Point. The default configuration routes all traffic to the Ethernet port eth0.
WITH_IPFS 80: HTTP-to-IPFS gateway at /ipfs/HASH Set to true if you want to install IPFS.
WITH_PROMETHEUS_NODE_EXPORTER 9100: Node Exporter UI Set to true if you want to install Prometheus Node Exporter to report network metrics.
WITH_PROMETHEUS_SERVER 9090: Prometheus Server UI Set to true if you want to install Prometheus Server to collect network metrics. Requires Prometheus Node Exporter.
WITH_GRAFANA 3000: Grafana UI (login: admin/admin) Set to true if you want to install Grafana to display network metrics. Requires Prometheus Server.
WITH_H_DNS None Set to true if you want to use Hyperboria-compatible DNS servers: fc4d:c8e5:9efe:9ac2:8e72:fcf7:6ce8:39dc and fc6e:691e:dfaa:b992:a10a:7b49:5a1a:5e09
WITH_H_NTP None Set to true if you want to use a Hyperboria-compatible NTP server: fc4d:c8e5:9efe:9ac2:8e72:fcf7:6ce8:39dc
WITH_FAKE_HWCLOCK None Set to true if you want to force hwclock to store its time every 5 minutes.
WITH_EXTRA_TOOLS None Set to true if you want to install non-essential tools useful for network analysis: vim socat oping bmon iperf3

If you are connected to the WiFi Access Point, all HTTP services are available via as well as the cjdns IPv6. To connect with the cjdns address, first note your node’s fc00::/8 address from status, then navigate to http://[fcaa:bbbb:cccc:dddd:eeee:0000:1111:2222]:PORT from your browser.

Check Status

  1. Give the Pi about 15 seconds to reboot and SSH back into it. You should find the status of your mesh node automatically printed. You can also print this anytime by running status.

  2. Verify that cjdns Service is active, and Mesh Interface (if applicable). The NODE section should display a single IPv6 address, that’s the identity of your Pi in the cjdns mesh. The PEERS section should indicate a list of IPv6 addresses that are active peers to your node. This list will be empty, until you have another nearby node with the same set up.

Network Benchmark

You can benchmark the network throughput with more than one node. Let’s name our two Pi’s Hillary and Friend.

  1. SSH to Friend and note its IPv6.

  2. Run iperf3 -s to start listening. Do not end the SSH session.

  3. In another Terminal session, SSH to Hillary and run iperf3 -c FRIEND_IPV6. You should start seeing Hillary sending encrypted packets to her Friend. See phillymesh/cjdns-optimizations for expected throughput.

Update & Uninstall

To uninstall the services, run ./prototype-cjdns-pi/scripts/uninstall.

If you are updating, run the same uninstall script, but keep all configuration files and data directories when prompted, remove the prototype-cjdns-pi directory along with the install script, then repeat the last installation step.

Experimental Support for Orange Pi

We are adding support for Orange Pi boards and have tested with the Orange Pi Zero (Armbian nightly), Orange Pi One (Armbian nightly), and Orange Pi Lite (Armbian nightly). Instead of flashing Raspbian, start with the Armbian nightly images linked above, then follow the same installation steps as the Raspberry Pi.

Hardware Table

List of tested hardware:

Hardware Base OS CJDNS Benchmark (salsa20/poly1305, switching) USB Ethernet Notes
Raspberry Pi 3 Raspbian Lite 350k, 100k 2 10/100  
Raspberry Pi 2 Raspbian Lite 150k, 50k 2 10/100  
Raspberry Pi 1 A+ Raspbian Lite 35k, - 1 None  
Raspberry Pi 1 B+ Raspbian Lite 35k, - 2 10/100  
Raspberry Pi Zero Raspbian Lite 68k, 30k 1* None *Need OTG Cable
Orange Pi Lite Armbian Nightly 198k, 76k 2 None  
Orange Pi One Armbian Nightly 198k, 76k 1 10/100  
Orange Pi Zero Armbian Nightly 148k, 56k 1 (+2*) 10/100 *Additional USB available via headers
Orange Pi Zero Plus 2 H5 Armbian Nightly 142k, 92K 0 (+2*) None *USB available via headers


You can install from a specific tag or branch, such as develop, with:

$ wget && chmod +x install && TAG_PROTOTYPE_CJDNS_PI=develop ./install

If you are developing on a forked repository, such as me/prototype-cjdns-pi, then:

$ wget && chmod +x install && GIT_PROTOTYPE_CJDNS_PI="" TAG_PROTOTYPE_CJDNS_PI=develop ./install

To add a new module, use scripts/ipfs/ as an example to:

  • Create a WITH_NEW_MODULE tag
  • Create scripts/new-module/install and scripts/new-module/uninstall
  • Make corresponding references in the main install, install2, status, uninstall files


  • Your computer can be a node too! It will mesh with the Pi’s over your router. See the cjdns repository on how to set this up.

  • Original plan for this repository and early benchmark results are available in the doc folder.