- Table of contents
- Managing OpenWRT
- Installing and configuring Jool
- Enabling routing with router advertisements
- Enabling SSH access on wan
- Resetting to factory default
- Installing and configuring an APU as a PIB with OpenWRT
- Setting up the GL-INET GL-MT300N-V2
- Managing QMI based LTE devices
- Managing static IPv6 addresses
- Temperature sensor support
- Device specific instructions
- Firmware forced flashing
Managing OpenWRT¶
Installing and configuring Jool¶
- You can use one of the known NAT64 prefixes from our networks (LINK!)
- In the example below this is 2a0a:e5c0:2:10::/96
- You need to have a /96 (or better: /64) routed to the openwrt
- In the example below this is 2a0a:e5c0:17:1::/96
opkg install kmod-jool opkg install jool-tools # Load the kernel module modprobe jool_siit # The range which will be the target for the 2nd NAT (if needed to reach a v4 ip) jool_siit -6 2a0a:e5c0:2:10::/96 # Pick a v6 range to translate TO and a v4 range to translate from jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24 # Accept Router Advertisements to keep the default address sysctl -w net.ipv6.conf.all.accept_ra=2 sysctl -w net.ipv6.conf.default.accept_ra=2 sysctl -w net.ipv6.conf.eth0.accept_ra=2 sysctl -w net.ipv6.conf.br-lan.accept_ra=2
Enabling routing with router advertisements¶
- By default ipv6 forwarding is on (good!)
- By default accept_ra is 0
- This does not set the route properly into the kernel -> routing is broken
- Need to modify accept_ra to 2
Enabling SSH access on wan¶
Enable it in the web interface
$URL/cgi-bin/luci/admin/system/admin/dropbear
OR
Dropbear uci var (not tested):
option GatewayPorts 'on'
Resetting to factory default¶
firstboot -y && reboot now
Installing and configuring an APU as a PIB with OpenWRT¶
- Get the x86 64 SQUASHFS image
- https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/
- combined-squashfs.img.gz
- Gunzip it
- dd it it an usb stick
- Boot the usb stick on the APU
- When booted, wget it on the APU and write it over /dev/sda
wget ... -O - | gunzip > /dev/sda
- Configure it using pib-setup.sh from ungleich-tools
- Create a network on the VPN server
Installing openwrt (squashfs) on APU details¶
opkg update
- Install SSL certifaicates
opkg install libustream-openssl ca-bundle ca-certificates
- check the time and date if it is not correct, modify the time and date as follows
date -s YEARMONTHDATETIME
- Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version)
wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/ x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda
Defaults after Openwrt installation¶
- eth0 = WAN
- eth1&2 = LAN
Setting up the GL-INET GL-MT300N-V2¶
- Go to advanced and flash the standard image
- Link: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2
Managing QMI based LTE devices¶
Debug commands:
uqmi -d /dev/cdc-wdm0 --get-signal-info uqmi -d /dev/cdc-wdm0 --get-data-status uqmi -d /dev/cdc-wdm0 --get-current-settings uqmi -d /dev/cdc-wdm0 --get-capabilities uqmi -d /dev/cdc-wdm0 --get-imei # get network cell / status uqmi -d /dev/cdc-wdm0 --get-serving-system # get networks in range uqmi -d /dev/cdc-wdm0 --network-scan
Reset (might help to clear the NETWORK_REGISTRATION_FAILED error?)
/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode offline /sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode reset /bin/sleep 20 /sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode online /sbin/uqmi -d /dev/cdc-wdm0 --set-autoconnect enabled /sbin/uqmi -d /dev/cdc-wdm0 --network-register
Setting the network mode:
... --set-network-modes <modes>: Set usable network modes (Syntax: <mode1>[,<mode2>,...]) Available modes: all, lte, umts, gsm, cdma, td-scdma ... root@vigir2:~# uqmi -d /dev/cdc-wdm0 --get-signal-info { "type": "wcdma", "rssi": -104, "ecio": 17 } root@vigir2:~# uqmi -d /dev/cdc-wdm0 --set-network-modes lte (wait some time) root@vigir2:~# uqmi -d /dev/cdc-wdm0 --get-signal-info { "type": "lte", "rssi": -71, "rsrq": -11, "rsrp": -99, "snr": 72 }
Roaming
uqmi -d /dev/cdc-wdm0 --set-network-roaming off
Managing static IPv6 addresses¶
If using a statically routed IPv6 network, the default RA mechanism does not set an outgoing route by default. This is a bit different from "regular" Linux:
- openwrt uses user space odhcp6c
- for openwrt we need to setup a "static default route"
- do not forget to select the interface in the list
- Default Linux on the other hand needs to use accept_ra=2 if ipv6 forwarding is on
- This also works on openwrt, but it is conflicting/not the correct way to do
- TL;DR If using openwrt with static IPv6 addresses, add a static IPv6 default route
Alternative (currently untested) approach:
instead of hardcoding the subnet in lan, add it as "option ip6prefix" to your wan6/dhcpv6 interface in lan merely add "option ip6assign 64" or however much bits you want to redelegate that should make odhcp6c/netifd aware of the additional prefix and factor that into the default route coverage it should work as if the prefix were received via dhcpv6-pd
(Thanks to jow in #openwrt)
Temperature sensor support¶
We are using "temper" based usb temperature sensors. They are read using temper-py.
The default setup is to write to /www/temperature.txt which allows the temperature to be read from the standard webserver.
So if you own a VIIRB/VIWIB/other OpenWRT device using the openwrt-add-temper you can see the temperature on http://ip-of-the-device/temperature.txt.
It is refreshed every 5 minutes.
Device specific instructions¶
How to get a device into a standard openwrt environment.
VIIRB¶
- Comes with standard openwrt and has IPv6 enabled
- Flash via ipv6 link local address (no ipv4 required)
- Flash using https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt/viirb-1-firmware-upgrade.sh
factory default credentials¶
- root/vocore
Testing¶
- Plugin the VIIRB into an IPv4 only network with Internet uplink
- Plugin another test device into the IPv4 network
- Power on the VIIRB
- Verify that
- The test device gets an IPv6 address from the VIIRB
- Verify using
curl -6 ifconfig.io
- Verify that the network ID corresponds to the hexadecimal ID of the VIIRB
Setup environment¶
- Needs IPv4 (?) for setup?
VIWIB1 (yellow)¶
Step 1: flashing¶
- Factory default no ipv6 link local address
- Need to flash 192.168.8.1 as the first step:
Step 2: configuring¶
- Connect LAN and WAN to two different networks
- It is important that they are different layer 2 networks as the viwib has the same mac on all interfaces
- You need WAN for upstream connectivity for installing wireguard
- The configuring (=your computer) needs to be connected to the LAN segment
Step 3: Testing¶
- Connect the WAN port into an IPv4 or IPv6 network (both should work)
- Connect a test device to the LAN port of the VIWIB
- Verify that
- The test device gets an IPv6 address from the VIWIB
- Verify using
curl -6 ifconfig.io
- Verify that the network ID corresponds to the hexadecimal ID of the VIWIB
- Verify that DNS64/NAT64 works correctly, visit an IPv4 only website via IPv6
VIWIB2 (black)¶
- Openwrt page
- Vendor default IP: 192.168.8.1
- No response to IPv6 ff02::1!
- ssh open
Bootstrap:
- Connect to singl ethernet host
- Upgrade via 192.168.8.1
- Then default to regular
VIGIR¶
Initial setup¶
- Connect to the LAN port
- Start device
- Flash 192.168.1.1 directly
- User/pass: root / admin
Firmware forced flashing¶
If the devices are too old / differ in the version, the following error might be seen:
+ ssh root@192.168.1.1 'sysupgrade -n /tmp/*.bin' Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts. root@192.168.1.1's password: Device zbt-wg3526 not supported by this image Supported devices: zbtlink,zbt-wg3526-16m zbt-wg3526 zbt-wg3526-16M - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA Image check 'fwtool_check_image' failed.
In that case, if it is a version mismatch, a force is required:
ssh root@192.168.1.1 "sysupgrade -F -n /tmp/*.bin"
Testing¶
- Same as VIWIB
MIVIR¶
- Standard QMI device
- Only snapshots available / no version
- See https://openwrt.org/toh/hwdata/gl.inet/gl.inet_gl-e750
- See https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=68ac3f2cddab8422d7de0ce1a78d23edf29012e7
- See https://github.com/gl-inet/GL-E750-MCU-instruction
- SoC: Qualcomm Atheros AR9531 (650MHz)
- RAM: 128 MB DDR2
- Flash: 16 MB SPI NOR (W25Q128FVSG) + 128 MB SPI NAND (GD5F1GQ4UFYIG)
- Ethernet: 10/100: 1xLAN
- Wireless: QCA9531 2.4GHz (bgn) + QCA9887 5GHz (ac)
- USB: 1x USB 2.0 port
- Switch: 1x switch
- Button: 1x reset button
- OLED Screen: 128*64 px
tp link tl-wr902ac¶
root@camera3:~# cat /proc/cpuinfo system type : MediaTek MT7628AN ver:1 eco:2 machine : TP-Link TL-WR902AC v3 processor : 0 cpu model : MIPS 24KEc V5.5 BogoMIPS : 385.84 wait instruction : yes microsecond timers : yes tlb_entries : 32 extra interrupt vector : yes hardware watchpoint : yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb] isa : mips1 mips2 mips32r1 mips32r2 ASEs implemented : mips16 dsp Options implemented : tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal vint perf_cntr_intr_bit nan_legacy nan_2008 perf shadow register sets : 1 kscratch registers : 0 package : 0 core : 0 VCED exceptions : not available VCEI exceptions : not available root@camera3:~#
glinet microuter n-300 ("microuter")¶
Updated by Nico Schottelius 4 months ago · 34 revisions