Channel Configuration for Infrastructure Nodes
What Are Channels?
Meshtastic supports up to 8 simultaneous channels (numbered 0 - 7). Channel 0 is the primary channel used for most mesh traffic. Channels 1 - 7 can carry separately encrypted traffic for specific groups or purposes.
PSK - Pre-Shared Key
Each channel has a name and a pre-shared key (PSK). The PSK can be 0 bytes (no encryption), 16 bytes (AES-128), or 32 bytes (AES-256) - it is not always a 32-byte AES-256 key. Two nodes can communicate on a channel only if they share the same name and the same PSK (same key length and value). The PSK encrypts the channel payloads with AES (AES-128 for a 16-byte key, AES-256 for a 32-byte key).
The Default Public Key
The Default public channel (LongFast) uses a well-known, publicly published default key
(the 1-byte key AQ==, 0x01) - it is a defined weak key, not an empty/no-encryption PSK, so traffic on it is
effectively public.
Any node running Meshtastic with the default channel can participate in the public mesh.
Using a custom PSK creates a private channel readable only by nodes that hold that key.
Channel Strategy for Community Infrastructure Nodes
- Channel 0 - Default PSK: Keep the primary channel on the public Default key so all community users benefit from your repeater's coverage.
- Channel 1 - Private PSK: Adding a secondary channel with a private key for your personal use or club coordination is acceptable. The repeater will relay packets on both channels.
Remote Administration
Meshtastic supports remote administration so that nodes can send configuration commands - changing settings without
physical access to the device. In firmware 2.5 and later, the recommended method is PKC admin keys
configured under Security Config: you add the public key(s) of trusted administrator nodes to the
remote node's admin-key list, and those nodes can then administer it. The legacy admin channel
(a secondary channel named exactly admin, case-sensitive) exists only for managing pre-2.5 nodes; there is
no "Is Admin" toggle on a channel.
Setting up remote administration is strongly recommended for unattended permanent deployments.
Channel Propagation
What a relay rebroadcasts depends on its Rebroadcast Mode, not just on which channels it has configured.
Meshtastic relays based on the unencrypted packet header, so under the default ALL mode a repeater
rebroadcasts all packets that match its modem settings and frequency - including packets on channels
whose PSK it does not have and cannot decrypt. This means a private channel can be carried by a public repeater.
Only the LOCAL_ONLY or KNOWN_ONLY rebroadcast modes restrict relaying to the repeater's own
configured/known channels. (A node still has to be on the same modem preset and frequency to hear and relay at all.)
For a public community repeater, keeping only the public Default channel configured is the standard approach, but be
aware that under default ALL mode it will still relay other traffic on the same modem settings.
Changing Channels on a Deployed Node
Options for modifying channel config after deployment:
- Via remote admin (preferred for remote nodes) - send a channel update from an administrator node whose key is in the remote node's admin-key list (or, on legacy nodes, that shares the admin channel).
- Via serial/USB - connect a laptop directly to the node.
- Via Bluetooth - only if Bluetooth was left enabled.
Common pitfall: losing the admin keys / admin channel config (or disabling Bluetooth and having no USB access) leaves a remote node inaccessible without a physical site visit. Always back up admin keys and any admin-channel QR codes before deployment.
No comments to display
No comments to display