Project

General

Profile

Actions

Managing OpenWRT

Installing and configuring Jool

  • You can use one of the known NAT64 prefixes from our networks (LINK!)
    • In the example below this is 2a0a:e5c0:2:10::/96
  • You need to have a /96 (or better: /64) routed to the openwrt
    • In the example below this is 2a0a:e5c0:17:1::/96
opkg install kmod-jool
opkg install jool-tools

# Load the kernel module
modprobe jool_siit

# The range which will be the target for the 2nd NAT (if needed to reach a v4 ip)
jool_siit -6 2a0a:e5c0:2:10::/96

# Pick a v6 range to translate TO and a v4 range to translate from
jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24

# Accept Router Advertisements to keep the default address
sysctl -w net.ipv6.conf.all.accept_ra=2
sysctl -w net.ipv6.conf.default.accept_ra=2
sysctl -w net.ipv6.conf.eth0.accept_ra=2
sysctl -w net.ipv6.conf.br-lan.accept_ra=2

Enabling routing with router advertisements

  • By default ipv6 forwarding is on (good!)
  • By default accept_ra is 0
    • This does not set the route properly into the kernel -> routing is broken
  • Need to modify accept_ra to 2

Enabling SSH access on wan

Enable it in the web interface

 $URL/cgi-bin/luci/admin/system/admin/dropbear 

OR

Dropbear uci var (not tested):

    option GatewayPorts 'on' 

Resetting to factory default

firstboot -y && reboot now

Installing and configuring an APU as a PIB with OpenWRT

wget ... -O - | gunzip > /dev/sda
  • Configure it using pib-setup.sh from ungleich-tools
  • Create a network on the VPN server

Installing openwrt (squashfs) on APU details

opkg update
  • Install SSL certifaicates
opkg install libustream-openssl ca-bundle ca-certificates
  • check the time and date if it is not correct, modify the time and date as follows
    date -s YEARMONTHDATETIME 
    
  • Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version)
wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/
x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda 

Defaults after Openwrt installation

  • eth0 = WAN
  • eth1&2 = LAN

Setting up the GL-INET GL-MT300N-V2

Managing QMI based LTE devices

Debug commands:

uqmi -d /dev/cdc-wdm0 --get-signal-info
uqmi -d /dev/cdc-wdm0 --get-data-status
uqmi -d /dev/cdc-wdm0 --get-current-settings
uqmi -d /dev/cdc-wdm0 --get-capabilities

uqmi -d /dev/cdc-wdm0 --get-imei

# get network cell / status
uqmi -d /dev/cdc-wdm0 --get-serving-system       

# get networks in range
uqmi -d /dev/cdc-wdm0 --network-scan

Reset (might help to clear the NETWORK_REGISTRATION_FAILED error?)

/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode offline
/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode reset
/bin/sleep 20
/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode online
/sbin/uqmi -d /dev/cdc-wdm0 --set-autoconnect enabled
/sbin/uqmi -d /dev/cdc-wdm0 --network-register

Setting the network mode:

...
  --set-network-modes <modes>:      Set usable network modes (Syntax: <mode1>[,<mode2>,...])
                                    Available modes: all, lte, umts, gsm, cdma, td-scdma
...

root@vigir2:~# uqmi -d /dev/cdc-wdm0  --get-signal-info
{
    "type": "wcdma",
    "rssi": -104,
    "ecio": 17
}
root@vigir2:~# uqmi -d /dev/cdc-wdm0 --set-network-modes lte

(wait some time)
root@vigir2:~# uqmi -d /dev/cdc-wdm0  --get-signal-info
{
    "type": "lte",
    "rssi": -71,
    "rsrq": -11,
    "rsrp": -99,
    "snr": 72
}

Roaming

uqmi -d /dev/cdc-wdm0 --set-network-roaming off

Managing static IPv6 addresses

If using a statically routed IPv6 network, the default RA mechanism does not set an outgoing route by default. This is a bit different from "regular" Linux:

  • openwrt uses user space odhcp6c
  • for openwrt we need to setup a "static default route"
    • do not forget to select the interface in the list
  • Default Linux on the other hand needs to use accept_ra=2 if ipv6 forwarding is on
    • This also works on openwrt, but it is conflicting/not the correct way to do
  • TL;DR If using openwrt with static IPv6 addresses, add a static IPv6 default route

Alternative (currently untested) approach:

instead of hardcoding the subnet in lan, add it as "option ip6prefix" to your wan6/dhcpv6 interface
in lan merely add "option ip6assign 64" or however much bits you want to redelegate
that should make odhcp6c/netifd aware of the additional prefix and factor that into the default route coverage
it should work as if the prefix were received via dhcpv6-pd

(Thanks to jow in #openwrt)

Temperature sensor support

We are using "temper" based usb temperature sensors. They are read using temper-py.
The default setup is to write to /www/temperature.txt which allows the temperature to be read from the standard webserver.

So if you own a VIIRB/VIWIB/other OpenWRT device using the openwrt-add-temper you can see the temperature on http://ip-of-the-device/temperature.txt.

It is refreshed every 5 minutes.

Device specific instructions

How to get a device into a standard openwrt environment.

VIIRB

factory default credentials

  • root/vocore

Testing

  • Plugin the VIIRB into an IPv4 only network with Internet uplink
  • Plugin another test device into the IPv4 network
  • Power on the VIIRB
  • Verify that
    • The test device gets an IPv6 address from the VIIRB
    • Verify using curl -6 ifconfig.io
    • Verify that the network ID corresponds to the hexadecimal ID of the VIIRB

Setup environment

  • Needs IPv4 (?) for setup?

VIWIB1 (yellow)

Step 1: flashing

Step 2: configuring

  • Connect LAN and WAN to two different networks
    • It is important that they are different layer 2 networks as the viwib has the same mac on all interfaces
    • You need WAN for upstream connectivity for installing wireguard
    • The configuring (=your computer) needs to be connected to the LAN segment

Step 3: Testing

  • Connect the WAN port into an IPv4 or IPv6 network (both should work)
  • Connect a test device to the LAN port of the VIWIB
  • Verify that
    • The test device gets an IPv6 address from the VIWIB
    • Verify using curl -6 ifconfig.io
    • Verify that the network ID corresponds to the hexadecimal ID of the VIWIB
    • Verify that DNS64/NAT64 works correctly, visit an IPv4 only website via IPv6

VIWIB2 (black)

  • Openwrt page
  • Vendor default IP: 192.168.8.1
    • No response to IPv6 ff02::1!
    • ssh open

Bootstrap:

  • Connect to singl ethernet host
  • Upgrade via 192.168.8.1
  • Then default to regular

VIGIR

Initial setup

  • Connect to the LAN port
  • Start device
  • Flash 192.168.1.1 directly
  • User/pass: root / admin

Firmware forced flashing

If the devices are too old / differ in the version, the following error might be seen:

+ ssh root@192.168.1.1 'sysupgrade -n /tmp/*.bin'
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
root@192.168.1.1's password: 
Device zbt-wg3526 not supported by this image
Supported devices: zbtlink,zbt-wg3526-16m zbt-wg3526 zbt-wg3526-16M - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA
Image check 'fwtool_check_image' failed.

In that case, if it is a version mismatch, a force is required:

ssh root@192.168.1.1 "sysupgrade -F -n /tmp/*.bin" 

Testing

  • Same as VIWIB

MIVIR

- SoC: Qualcomm Atheros AR9531 (650MHz)
- RAM: 128 MB DDR2
- Flash: 16 MB SPI NOR (W25Q128FVSG) + 128 MB SPI NAND (GD5F1GQ4UFYIG)
- Ethernet: 10/100: 1xLAN
- Wireless: QCA9531 2.4GHz (bgn) + QCA9887 5GHz (ac)
- USB: 1x USB 2.0 port
- Switch: 1x switch
- Button: 1x reset button
- OLED Screen: 128*64 px

tp link tl-wr902ac

root@camera3:~# cat /proc/cpuinfo 
system type        : MediaTek MT7628AN ver:1 eco:2
machine            : TP-Link TL-WR902AC v3
processor        : 0
cpu model        : MIPS 24KEc V5.5
BogoMIPS        : 385.84
wait instruction    : yes
microsecond timers    : yes
tlb_entries        : 32
extra interrupt vector    : yes
hardware watchpoint    : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]
isa            : mips1 mips2 mips32r1 mips32r2
ASEs implemented    : mips16 dsp
Options implemented    : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal vint perf_cntr_intr_bit nan_legacy nan_2008 perf
shadow register sets    : 1
kscratch registers    : 0
package            : 0
core            : 0
VCED exceptions        : not available
VCEI exceptions        : not available

root@camera3:~# 

glinet microuter n-300 ("microuter")

Updated by Nico Schottelius 4 months ago · 34 revisions