How Meshtastic Channels Work

Meshtastic uses a channel system for message segmentation and encryption. Each node can have up to 8 channels simultaneously, each with its own name and (optionally) its own encryption key. Channel encryption uses AES-256-CTR keyed by the channel PSK; a channel can also have no key, in which case its traffic is unencrypted. See the PSK reference for key details.

Channel Structure

• Up to 8 channels per node, indexed 0 through 7
• Channel 0 is special - it is the primary channel.channel (only one channel can be primary; channels 1-7 are secondary). Position updates and telemetry are broadcast on channel 0 by default.
• Each channel has:
  • A name (displayed in the app)
  • A pre-shared key (PSK) - the encryption key for that channel (a channel may also have no key, making it unencrypted)
  • Optional uplink/downlink MQTT settings for internet bridging

The Default Public Channel

Out of the box, Meshtastic nodes are configured with:

• Channel name: LongFast (note: "LongFast" is really the name of the default modem preset; the firmware uses it as the default channel name too, but the preset and the channel name are distinct concepts)
• PSK: AQ== - this is the single byte 0x01 (abase64 well-knownAQ==), publicwhich is firmware shorthand meaning "use the built-in default key." It is not itself the full key; allit Meshtasticis nodesan knowindex thisthat selects the publicly-known default key. Because that key byis default)public, the default channel offers no privacy.

Any node using the default LongFast channel can communicate with any other node using the same channel - the encryption provides no privacy since the key is public. This is intentional: it allows strangers to discover and communicate across the mesh.

Channel URL Scheme

Channels are shareable via URL or QR code. Example channel URL:

https://meshtastic.org/e/#CgUYAyIBAQ==

The hash after # is a base64-encoded channel configuration. To encode or decode channel configurations, use the tool at https://meshtastic.org/e/.

Sharing a channel URL (or its QR code) is the standard way to invite someone to a private channel - they scan or paste the URL and their node is automatically configured with the correct name and PSK. Important: the channel URL/QR contains the PSK in cleartext (base64) - the URL effectively is the key. Anyone who sees it can join (and decrypt) the channel. Share a private channel's URL only over a secure out-of-band path (in person, or an encrypted messenger such as Signal); never post a private channel URL in chat, email, a forum, or anywhere public.

MQTT Uplink and Downlink

Each channel can be individually configured to bridge traffic to/from an MQTT broker:

meshtastic --ch-index 0 --ch-set uplink_enabled true
meshtastic --ch-index 0 --ch-set downlink_enabled true

When uplink is enabled on a channel, packets on that channel are published to the MQTT broker. Downlink delivers MQTT messages back to the mesh. This is the basis of Meshtastic internet bridging and long-distance message delivery via the MQTT network. (Caution: enabling downlink on the default public channel lets anyone on the public broker inject messages into your local RF mesh - only enable downlink on channels you control and intend to bridge.)

Admin Channel

A designated private admin channel allows remote configuration of any node that shares the admin channel's PSK:PSK. Note: this shared-PSK admin channel is a legacy method; firmware 2.5+ uses public-key (PKC) remote administration - admin keys based on each node's X25519 public key - instead of a shared admin-channel PSK, and that is the preferred approach on modern firmware.

• Create a channel with a unique name (e.g., admin) and a strong, randomly generated PSK
• Configure it as the admin channel on all nodes you want to remotely manage
• From any node with the admin channel, you can send configuration commands to remote nodes over the mesh - no physical access required

This is essential for maintaining remote or hard-to-reach infrastructure nodes.