Open Infrastructure

{{toc}}

h1. Managing OpenWRT

h2. Installing and configuring Jool

* You can use one of the known NAT64 prefixes from our networks (LINK!)

** In the example below this is 2a0a:e5c0:2:10::/96

* You need to have a /96 (or better: /64) routed to the openwrt

** In the example below this is 2a0a:e5c0:17:1::/96

<pre>

opkg install kmod-jool

opkg install jool-tools

# Load the kernel module

modprobe jool_siit

# The range which will be the target for the 2nd NAT (if needed to reach a v4 ip)

jool_siit -6 2a0a:e5c0:2:10::/96

# Pick a v6 range to translate TO and a v4 range to translate from

jool_siit -e -a 2a0a:e5c0:17:1::/96 192.168.61.0/24

# Accept Router Advertisements to keep the default address

sysctl -w net.ipv6.conf.all.accept_ra=2

sysctl -w net.ipv6.conf.default.accept_ra=2

sysctl -w net.ipv6.conf.eth0.accept_ra=2

sysctl -w net.ipv6.conf.br-lan.accept_ra=2

</pre>

h2. Enabling routing with router advertisements

* By default ipv6 forwarding is on (good!)

* By default accept_ra is 0

** This does not set the route properly into the kernel -> routing is broken

* Need to modify accept_ra to 2

h2. Enabling SSH access on wan 

Enable it in the web interface

<pre> $URL/cgi-bin/luci/admin/system/admin/dropbear </pre>

OR

Dropbear uci var (not tested):

<pre>	option GatewayPorts 'on' </pre>

h2. Resetting to factory default

* See https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset

<pre>

firstboot -y && reboot now

</pre>

h2. Installing and configuring an APU as a PIB with OpenWRT

* Get the x86 64 SQUASHFS image

** https://downloads.openwrt.org/releases/19.07.3/targets/x86/64/

** combined-squashfs.img.gz

* Gunzip it

* dd it it an usb stick

* Boot the usb stick on the APU

* When booted, wget it on the APU and write it over /dev/sda

<pre>

wget ... -O - | gunzip > /dev/sda

</pre>

* Configure it using pib-setup.sh from ungleich-tools

* Create a network on the VPN server

h3. Installing openwrt (squashfs) on APU details

<pre>

opkg update

</pre> 

* Install SSL certifaicates

<pre>

opkg install libustream-openssl ca-bundle ca-certificates

</pre> 

* check the time and date if it is not correct, modify the time and date as follows 

<pre>

date -s YEARMONTHDATETIME 

</pre>

* Flashing the squashfs openwrt image into the APUs SSD (adjust to the correct version)

<pre>

wget -O - http://downloads.openwrt.org/releases/19.07.3/targets/

x86/64/openwrt-19.07.3-x86-64-combined-squashfs.img.gz | gunzip > /dev/sda 

</pre>

h3. Defaults after Openwrt installation 

* eth0 = WAN

* eth1&2 = LAN

h2. Setting up the GL-INET GL-MT300N-V2

* Go to advanced and flash the standard image

* Link: https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2

h2. Managing QMI based LTE devices

Debug commands:

<pre>

uqmi -d /dev/cdc-wdm0 --get-signal-info

uqmi -d /dev/cdc-wdm0 --get-data-status

uqmi -d /dev/cdc-wdm0 --get-current-settings

uqmi -d /dev/cdc-wdm0 --get-capabilities

uqmi -d /dev/cdc-wdm0 --get-imei

# get network cell / status

uqmi -d /dev/cdc-wdm0 --get-serving-system       

# get networks in range

uqmi -d /dev/cdc-wdm0 --network-scan

</pre>

Reset (might help to clear the NETWORK_REGISTRATION_FAILED error?)

<pre>

/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode offline

/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode reset

/bin/sleep 20

/sbin/uqmi -d /dev/cdc-wdm0 --set-device-operating-mode online

/sbin/uqmi -d /dev/cdc-wdm0 --set-autoconnect enabled

/sbin/uqmi -d /dev/cdc-wdm0 --network-register

</pre>

Setting the network mode:

<pre>

...

  --set-network-modes <modes>:      Set usable network modes (Syntax: <mode1>[,<mode2>,...])

                                    Available modes: all, lte, umts, gsm, cdma, td-scdma

...

root@vigir2:~# uqmi -d /dev/cdc-wdm0  --get-signal-info

{

	"type": "wcdma",

	"rssi": -104,

	"ecio": 17

}

root@vigir2:~# uqmi -d /dev/cdc-wdm0 --set-network-modes lte

(wait some time)

root@vigir2:~# uqmi -d /dev/cdc-wdm0  --get-signal-info

{

	"type": "lte",

	"rssi": -71,

	"rsrq": -11,

	"rsrp": -99,

	"snr": 72

}

</pre>

Roaming

<pre>

uqmi -d /dev/cdc-wdm0 --set-network-roaming off

</pre>

* See also: https://openwrt.org/docs/guide-user/network/wan/wwan/ltedongle

h2. Managing static IPv6 addresses

If using a statically routed IPv6 network, the default RA mechanism does not set an outgoing route by default. This is a bit different from "regular" Linux:

* openwrt uses user space odhcp6c

* for openwrt we need to setup a "static default route"

** do not forget to select the interface in the list

* Default Linux on the other hand needs to use accept_ra=2 if ipv6 forwarding is on

** This also works on openwrt, but it is conflicting/not the correct way to do

* **TL;DR If using openwrt with static IPv6 addresses, add a static IPv6 default route**

Alternative (currently untested) approach:

<pre>

instead of hardcoding the subnet in lan, add it as "option ip6prefix" to your wan6/dhcpv6 interface

in lan merely add "option ip6assign 64" or however much bits you want to redelegate

that should make odhcp6c/netifd aware of the additional prefix and factor that into the default route coverage

it should work as if the prefix were received via dhcpv6-pd

</pre>

(Thanks to jow in #openwrt)

h2. Temperature sensor support

We are using "temper" based usb temperature sensors. They are read using "temper-py":https://pypi.org/project/temper-py/. 

The default setup is to write to /www/temperature.txt which allows the temperature to be read from the standard webserver.

So if you own a VIIRB/VIWIB/other OpenWRT device using the "openwrt-add-temper":https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt-add-temper.sh you can see the temperature on http://ip-of-the-device/temperature.txt.

It is refreshed every 5 minutes.

h2. Device specific instructions

How to get a device into a standard openwrt environment.

h3. VIIRB

* Comes with standard openwrt and has IPv6 enabled

* Flash via ipv6 link local address (no ipv4 required)

* Flash using https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt/viirb-1-firmware-upgrade.sh

h4. factory default credentials

* root/vocore

h4. Testing

* Plugin the VIIRB into an IPv4 only network with Internet uplink

* Plugin another test device into the IPv4 network

* Power on the VIIRB

* Verify that

** The test device gets an IPv6 address from the VIIRB

** Verify using @curl -6 ifconfig.io@

** Verify that the network ID corresponds to the hexadecimal ID of the VIIRB

h4. Setup environment

* Needs IPv4 (?) for setup?

h3. VIWIB1 (yellow)

h4. Step 1: flashing

* Factory default no ipv6 link local address

* Need to flash 192.168.8.1 as the first step:

** Connect via LAN port

** Use https://code.ungleich.ch/ungleich-public/ungleich-tools/-/blob/master/openwrt/viwib-1-firmware-upgrade.sh

h4. Step 2: configuring

* Connect LAN and WAN to two different networks 

** It is important that they are different layer 2 networks as the viwib has the same mac on all interfaces

** You need WAN for upstream connectivity for installing wireguard

** The configuring (=your computer) needs to be connected to the LAN segment

h4. Step 3: Testing

* Connect the WAN port into an IPv4 or IPv6 network (both should work)

* Connect a test device to the LAN port of the VIWIB

* Verify that

** The test device gets an IPv6 address from the VIWIB

** Verify using @curl -6 ifconfig.io@

** Verify that the network ID corresponds to the hexadecimal ID of the VIWIB

** Verify that DNS64/NAT64 works correctly, visit an IPv4 only website via IPv6

h3. VIWIB2 (black)

* "Openwrt page":https://openwrt.org/toh/gl.inet/gl-ar300m

* Vendor default IP: 192.168.8.1 

** No response to IPv6 ff02::1!

** ssh open

Bootstrap:

* Connect to singl ethernet host

* Upgrade via 192.168.8.1

* Then default to regular

h3. VIGIR

h4. Initial setup

* Connect to the LAN port

* Start device

* Flash 192.168.1.1 directly

* User/pass: root / admin

h2. Firmware forced flashing

If the devices are too old / differ in the version, the following error might be seen:

<pre>

+ ssh root@192.168.1.1 'sysupgrade -n /tmp/*.bin'

Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.

root@192.168.1.1's password: 

Device zbt-wg3526 not supported by this image

Supported devices: zbtlink,zbt-wg3526-16m zbt-wg3526 zbt-wg3526-16M - Image version mismatch: image 1.1, device 1.0. Please wipe config during upgrade (force required) or reinstall. Reason: Config cannot be migrated from swconfig to DSA

Image check 'fwtool_check_image' failed.

</pre>

In that case, if it is a version mismatch, a force is required:

<pre>

ssh root@192.168.1.1 "sysupgrade -F -n /tmp/*.bin"

</pre>

h4. Testing

* Same as VIWIB

h3. MIVIR

* Standard QMI device

* Only snapshots available / no version

* See https://openwrt.org/toh/hwdata/gl.inet/gl.inet_gl-e750

* See https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=68ac3f2cddab8422d7de0ce1a78d23edf29012e7

* See https://github.com/gl-inet/GL-E750-MCU-instruction

- SoC: Qualcomm Atheros AR9531 (650MHz)

- RAM: 128 MB DDR2

- Flash: 16 MB SPI NOR (W25Q128FVSG) + 128 MB SPI NAND (GD5F1GQ4UFYIG)

- Ethernet: 10/100: 1xLAN

- Wireless: QCA9531 2.4GHz (bgn) + QCA9887 5GHz (ac)

- USB: 1x USB 2.0 port

- Switch: 1x switch

- Button: 1x reset button

- OLED Screen: 128*64 px

h3. tp link tl-wr902ac

* https://openwrt.org/toh/tp-link/tl-wr902ac_v3

<pre>

root@camera3:~# cat /proc/cpuinfo 

system type		: MediaTek MT7628AN ver:1 eco:2

machine			: TP-Link TL-WR902AC v3

processor		: 0

cpu model		: MIPS 24KEc V5.5

BogoMIPS		: 385.84

wait instruction	: yes

microsecond timers	: yes

tlb_entries		: 32

extra interrupt vector	: yes

hardware watchpoint	: yes, count: 4, address/irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb]

isa			: mips1 mips2 mips32r1 mips32r2

ASEs implemented	: mips16 dsp

Options implemented	: tlb 4kex 4k_cache prefetch mcheck ejtag llsc pindexed_dcache userlocal vint perf_cntr_intr_bit nan_legacy nan_2008 perf

shadow register sets	: 1

kscratch registers	: 0

package			: 0

core			: 0

VCED exceptions		: not available

VCEI exceptions		: not available

root@camera3:~# 

</pre>

h3. glinet microuter n-300 ("microuter")

* https://openwrt.org/toh/gl.inet/microuter-n300

* https://downloads.openwrt.org/releases/22.03.5/targets/ramips/mt76x8/openwrt-22.03.5-ramips-mt76x8-glinet_microuter-n300-squashfs-sysupgrade.bin