meshtastic

1. services

After reading this LWN review and being poked a few times by friends, I started playing around with meshtastic.

Range

I have, for a brief moment, seen a couple of nodes 20km away. I suspect it's because a fellow meshtastic user was traveling nearby and relaying those signals, as I haven't seen any more signals in a while.

I assume I can reach about 1-2km away in the city, but I have yet to get solid confirmation on this. I don't have an antenna high up yet so this is just with handheld devices.

In theory, range is line of sight which, if you're on top of mountains across the Adriatic sea, is over 300 kilometers. Meshtastic keeps track of records like those.

In practice, you can expect single or double-digit range depending on your hardware and prominence.

The site planner can help you show what you should be able to see. Combine with one of the maps, you should get a good idea of what you should be seeing.

Scalability

I have serious concerns about the scalability of the Meshtastic algorithm. It is basically "rebroadcast everything you get, up to three hops" and while they are pretty good at "marketing" it, my hunch is that this won't scale to a dense, thousand-node busy network, especially since everything (including direct messages) is on a common carrier.

@nullagent has a long rant about this on Mastodon that confirms my hunch and made me write this section. A few quotes:

Floodfill can't scale.

That's the core issue with meshtastic.

All the nodes repeat what they hear, kinda like "the people's mic" at a protest. This strategy is great if we all want to hear ONE person's speech across a whole crowd.

But try the people's mic with 10's hundreds or thousands of different bi-directional conversations and things get messy.

We're all shouting to hear and expecting the person next to us to repeat. But all they hear is noise and very rarely a few words here & there

I -frequently- run out of hops NOT network!

The broadcast algo eats up all the hops in the core downtown and rarely makes it out the otherside with low hop limit or even with the max

More concerning is his criticism of the core team culture:

The project is run in the usual tech-bro seeming ways and are rude ass fuck to new comers with less experience / platform than I who've made the -same- observations about floodfill's limits.

The core team is dying on the hill of the shitiest routing algo possible because they I guess don't want to read anything about routing research.

Bruh... I worked in a networking research lab in the early 2000's, almost every excuse this team has made is bullshit.

So when I have spent time and money learning an open source project, encouraged friends to also go learn and spend money.... and then the core team is rude as fuck to them when they have polite and honest feedback.... yea fuck that noise.

Meshtastic is gonna fail on the same dumb hill as many tech-bro led projects, fighting their community over dumbshit.

It's a perfectly fine toy of a project to learn LoRa but please know better is possible and we don't have to deal with these assholes.

He points at Meshcore and Reticulum as possible replacements.

Hardware

Below are some Meshtastic-compatible devices I found interesting.

Those are mostly taken from official device list, which you should consult for recommendations, particularly on chipset tradeoffs (e.g. ESP32 uses more battery, but is cheaper).

I explain below some tests I've made with various devices.

SenseCAP Card Tracker T1000-E

The SenseCAP Card Tracker T1000-E is a neat little device:

• LoRa
• WiFi
• BLE 5.1
• GNSS
• temperature sensor
• accelerometer
• IP65-rated
• 85 * 55 * 6.5 mm
• 32g
• -20℃ to +60℃
• magnetic USB-A charging cable
• 700mAh battery

It has no display or keyboard, only a single button, a LED, and a "buzzer", kind of like the old PC speakers.

It's about the size of a credit card, but thicker (it won't fit in your wallet, but will definitely fit in your pocket).

My first battery test run lasted 3 days at which point it dropped from about 50% battery to zero in about an hour. Possibly the battery controller learning some things about itself. Their website specs it at 2 days battery. The battery recharged in a little over an hour (1h15m or so).

Only downside is it requires a phone, but it's a great device to start with as you can just shove it outside for three days and see what you pick up.

Make sure you configure the device: this will bring you environment sensors and a neat trick to find the device if lost, see below.

Note that the intro guide has crucial information about the device, but know that those are the functions of the main button:

Button action	Description	Buzzer
Press once	Power on	Rising melody
Press twice	Update node/location info	-
Press three times	Switch on/off the GPS	-
Press and hold for 5s	Power off	Falling melody

Fun story

I lost that device one day! I had put it on top of a doorframe on the second floor to get better range, but when i came back at lunch, it wasn't there! I looked around on the floor, couldn't find it... but my phone could reach it over Bluetooth, so it was still around somewhere!

So i followed the upstream guide to setup the sensors, which includes a setting to use the "buzzer" to make sounds when new messages are received. So I started sending messages to the card from another Meshtastic device (the T-Deck+), which made the thing "buzz", and I could hear it!

It wasn't on the second floor anymore though. After about 2 minutes and 10 "ping" messages sent, I found it! It had fallen two floors down, in the basement stairwell, and here it was ringing... phew!

Seems like it survived the fall too. Amazing little device, and Meshtastic success!

T-Deck Plus

The T-Deck Plus is another unique platform:

• 2.4GHz Wifi
• BLE 5
• Arduino / ESP32
• GPS
• TF Card reader
• Microphone / speaker
• 2.8" IPS LCD
• blackberry-like keybord, trackball
• 20mm x 72mm x 115mm
• 2000mAh battery
• 80$

The "meshtastic" firmware that comes with it is just bad, definitely not worth paying for. There's a "pre release" "technical preview" (2.6.0.f7afa9a) that is much better (see below), although writing this I have just noticed than the 2.6.3 "alpha" release. I have actually performed the following upgrades so far:

• stock to 2.6.0.f7afa9a ("pre-release")
• 2.6.0.f7afa9a to 2.6.2.31c0e8f (second to last "alpha", 2.6.3.640e731 is latest as of 2025-03-27)

I have tried flashing at 115200 at first but 921600 seems to work fine too over USB. USB-C to USB-C does not work though, I need a USB-C to USB-A cable, bizarrely.

I couldn't use the GPS at first, and filed an issue which was promptly fixed: you need to enable it: from the UI, hold the "pin" logo in the main screen, this will turn on GPS and reboot. Same with wifi, one row below: hold the wifi icon and it will turn on WiFi and reboot.

There seems to be an issue with the remote control interface: I have found that I need to reboot in "programming mode" to get access to the Bluetooth interface to control it from my phone. According to this issue this might be fixed in newer firmware, but I have a fairly recent one and it didn't work. It could be a conflict with WiFi as well. According to the Meshtastic docs though, it's just the way it is.

Note that the device works as normal in programming mode: it's just the user interface that's different, but it otherwise receives, relays and sends packets fine, which is useful if you wan to do a range test.

All in all, this is a pretty amazing machine and one of the rare systems that allows communication without any other external device (like a phone or computer), which is really great. The new UI is fantastic, and you even have a rudimentary map showing remote nodes with offline maps

One improvement I want to do is to add an external antenna to increase the range, because as it is now it's not great. Apparently, there's an on-board ipex connector, so I'd just need a IPEX/SMA connector and a LoRa antenna.

Other devices

Those I haven't tested yet:

• T-Echo: e-ink display, GPS, BT 5.0, no wifi, only three buttons, NFC, 850mAh battery, temperature/pressure sensor, 55$
• T-Beam Supreme: 1.3" OLED display, 18650 battery socket, magnetometer, 2.4GHz WiFi, BLE 5, GNSS, no case, 52$, the T-Beam SoftRF is similar but without a display and cheaper, 30$
• T-Deck Pro: 3.1" e-ink touch screen, 4G module, WiFi 2.4GHz, BLE 5, GPS, TF Card, mic, speaker, keypad, see also the T5 e-paper s3 pro
• WisMesh Pocket V2: GNSS, 1.3" OLED, acceleration sensor, power button, 3200mAh battery, USB-C powered, 100$
• WisMesh Solar Repeater: solar, battery, mast-mountable, unclear if it can be setup without solar and if it supports MQTT/ethernet, 300$
• WishMesh Solar Repeater Mini: solar, battery, mast-mountable, cheaper, 100$
• WisMesh Ethernet Gateway: no battery, no solar, but ethernet and PoE, asked about converting this to solar, seems like a project but possible, HTTP-based management not possible, so configuration still has to go through Bluetooth, but monitoring is possible over MQTT, and of course the gateway receives and relays messages over LoRa/Meshtastic!
• Seeedstudio XIAO ESP32S3 & Wio-SX1262 Kit: tiny, cheap, - 40℃ ~ 100℃, WiFi 2.4GHz, BLE 5.0 / Mesh, reset/boot button, 22x23x57mm, 37g, exposed GPIO ports, unclear if has a battery, 20$
• the HELTEC v3 might be a more reliable bet as it's listed more prominently in Meshtastic docs, also 20$ with the case (but no battery, and battery doesn't fit in the case), they also have an eink dev board
• the RAK19003 base kit is also nice. it's more expensive (28$, without a case), but a case can be printed but it's tricky because there are many (83!) design files in there, useful if you already order from RAK wireless and need extra kits and know your way around DIY builds. you need to also buy:
  • 4 × M3x20mm socket head cap screws (this kit covers this and the nuts)
  • 4 × M3 nuts
  • 2 × M2.5 screws (not part of the above kit, length unclear, here are M2.5x6mm or this kit3)
  • 1 × battery (Amazon, possibly the same as Abra, optional?)
  • there's also an optional battery cutoff switch, couldn't find an equivalent on Abra
• Lamp hack
• Antennas vary as well
• Power is a whole other question, see power consumption measurements and old reseaulibre power notes

Devices without cases typically have 3D designs that can be downloaded and printed or bought, see this list.

Software

Flashing special firmware

There are special "technical preview" or "pre-release" firmware available at https://flasher.meshtastic.org but only after you enter the Konami code (yes, really), which is, of course:

↑ ↑ ↓ ↓ ← → ← → b a

Yes, on your keyboard. Yes, in the web browser. The back of the page will turn black and the extra firmware will be shown in the second column. Funky.

In any case, flashing firmware like this only works in Chromium because Firefox doesn't support WebUSB (which is perhaps a good thing).

Note that you can also flash firmware without a web UI, but the flasher web UI is still useful to download the right firmware.

Linux

There's a commandline client and Python library that can be used to talk to devices. There's even a rudimentary GTK client. Both are packaged in Debian.

There's also TUIs like contact (messaging), connect (LoRa-less client), control (configuration).

Mobile apps

There's also an Android app, also shipped on F-Droid.

And yes, there's also an iOS app.

Note that those won't work without a LoRa transmitter, to which you typically connect over Bluetooth.

MQTT

Meshtastic devices can typically connect to a MQTT gateway or broker, see the MQTT module configuration. This allows meshtastic users to connect to other users not reachable over LoRa through the internet instead, essentially.

This can be used to extend the mesh around obstacles (like a mountain) or across cities (or stupid things like borders).

In MQTT, you can "scope" traffic by using a "topic". Those are hierarchical. For example, by default meshtastic will setup the topic msh/US if you're in the US region, but you could make that msh/CA or msh/CA/YUL to restrict your scope to YUL (Montreal) nodes. Someone looking at msh or msh/CA would see your traffic, but you wouldn't see theirs.

You could use an entirely different hierarchy like foo/ for yourself, but you are relying on someone not guessing that topic to avoid discovery.

Note that you can still encrypt packets as they go through, but packets have a signature that can reveal metadata.

For MQTT to work, your device needs to have internet access, either through WiFi or Ethernet. If you're connected over Bluetooth, you can also enable the "Client Proxy" mode which will make your phone relay the traffic to the MQTT server instead of the device.

You can run your own MQTT server with opensource implementations. Debian ships with mosquitto (C, well maintained), for example. See also Wikipedia's comparison page, which includes, of course, a Rust rewrite called RMQTT (not packaged in Debian).

Note that brokers can typically relay messages between them. For example, mosquitto supports the concept of bridges so you could use a local broker for your own purposes and relay messages to the official brokers (or a subset of them).

The mqtt(7) manual page provided by mosquitto is pretty good as well.

Public gateways

• Canada MQTT: mqtt.mt.gt
• Meshtastic: mqtt.meshtastic.org
• Liam Cottle's map: mqtt.meshtastic.liamcottle.net
• Mosquitto test server: https://test.mosquitto.org/ (not specific to Meshtastic!)
• HiveMQ public broker: broker.hivemq.com, see their documentation

Privacy and security

Default security is pretty much non-existent: in the default channel, packets are encrypted, but with a known key.

Other channels seem to use pretty solid encryption, but there's likely metadata leakage ("who is talking to who") in cleartext over the airwaves that can be easily sniffed by anyone in range. Joining a MQTT server makes that even easier to sniff.

Also note that Meshtastic only does encryption: you don't get things like forward-secrecy, authentication, or integrity, see the encryption section. This sounds minor, but this is a significant threat vector as, for example, if someone knows you wrote "hi" to a channel, even if they don't have the encryption key, they can replay that "hi" by sending the exact same encrypted packet. Security is hard. It seems like Reticulum does this better.

Nodes often transmit other telemetry like GPS location, temperature, and other sensors, by default. GPS location precision can be reduced (say "I'm in Montreal" instead of "I'm at 1234 boulevard Saint-Laurent") or completely turned off, but it might still possible to triangulate device's positions, as with any typical radio transmission. LoRa signals are "bursty" and low power, so that's more difficult than, say, classic ham radio signals though.

There's a Meshtastic ZPS project that tries to implement GPS-less localization, but it's using external positioning systems and WiFi/Bluetooth scans instead of a GPS, so it's not triangulation per se.

Weak default Bluetooth pairing codes (the "PIN") are often luggage-strength like 1234 or 123456. They should be changed unless you're okay with anyone within range taking control of your devices.

Physical access to the devices also likely leads to full compromise as devices can generally be put in "DFU" (Device firmware upgrade) mode relatively easily.

Relays

• Matrix
• IRC

Monitoring

• https://dash.mt.gt/
• https://github.com/artiommocrenco/meshtastic-prometheus-exporter
• https://github.com/tcivie/meshtastic-metrics-exporter

Maps

• https://meshmap.net/
• https://meshtastic.liamcottle.net/ (AKA https://meshmap.app/)
• https://site.meshtastic.org/
• Canada mesh map

Links

• https://www.meshtastic.org/
• LWN review (2025)
• Another meshtastic guide

Fellow meshes

• Canadaverse mesh wiki
• meshtQuebec (Telegram group)
• Puget Mesh: Seattle area, they have their own MQTT server and map, 2274 nodes as of 2025-03-26

See also the official list of local groups.

Alternative LoRa networks

• https://mycelium-mesh.net/ (dead?)
• Reticulum, talks over LoRa but also packet radio, WiFi, i2p, etc, see sidebande, meshchat, nomadnet
• Meshcore, similar to Meshtastic, but different routing algorithm