Benutzer:Torte/HHGTTG
Technical details about the Freifunk-Berlin firmware are summarized here:
Hopefully helpful gloriously tedious technical guide (to the Freifunk-Berlin-Firmware)
Networks / Interfaces / Physical devices
This can be a bit confusing (and the documentation about this surely is). If (in LuCI) you open up the menu "Network" / "Interfaces" you will see networks. Not interfaces. Networks group tougether several interfaces, whereas interfaces consist of one or more physical devices.
Example (see the menu "Network"/"Wireless"):
- "radio0" is the name of a physical device, the first WiFi-adapter on the router. If you plug in an external (USB) WiFi adapter, this will be called "radio1" and so on.
- The device "radio0" is used in the interfaces "wlan0-adhoc-2" and "wlan0-dhcp-2" (defined in "/etc/config/wireless").
- The interface "wlan0-dhcp-2" is used in the network "dhcp" (bridged with the ethernet ports for the clients).
The interface "wlan0-adhoc-2" is used in the network "wireless0" (used for meshing). These networks are defined in "/etc/config/network".
DHCP
This network is used by the clients that connect to your router via WiFi (the access point "berlin.freifunk.net") or via Ethernet (the LAN ports). There is a DHCP server running, that provides the IP-addresses for the clients. These addresses need to be taken from the Freifunk Berlin Wizard or the IP registration page, as they have to be unique in the Freifunk network.
FFUPLINK
This network exists since the firmware version "Hedy-1.0.0". It is used to give internet access to the clients. The configuration is done by scripts in the "/etc/hotplug.d/iface" directory.
- There are special policyrouting rules for the ffuplink network, that inhibit the access to your local (home) network for the clients. These rules are set up in the file "/etc/hotplug.d/iface/60-ffuplink_policyrouting" when the ffuplink interface comes up.
- In the "default" firmware, this is a virtual interface ("ffuplink_dev"), that has two endpoints: "ffuplink" and "ffuplink_wan". "ffuplink_wan" is a bridge to the WAN ethernet port (for the outward connection) and "ffuplink" for the clients. Defined in "/etc/config/network".
- The ffuplink_wan interface gets its own IP-address from your home router, i.e. your Freifunk-router will have two outbound IP-addresses: One for the WAN port and one for the FFUPLINK network.
- In the "default" firmware, a default-route is set for the ffuplink interface by the script "/etc/hotplug.d/iface/60-ffuplink"
- In the tunnel firmwares ("tunnel-berlin" or the outdated "vpn03"), the IP-address of your home router will be set in the openvpn configuration. The clients access the internet over this openvpn connection. This configuration is done by the script "/etc/hotplug.d/iface/60-ffopenvpn" when the WAN interface comes up.
TUNL0
This is an IP-over-IP tunnel for the OLSR-SmartGateway.
WAN / WAN6
This network is used for the internet access of your Freifunk router (itself). E.g. if you download packages, "ping" other hosts (using LuCI or the shell), this will be done through the WAN interface. This does not mean, that the clients have access to the internet, as they will use the "FFUPLINK" network.
WAN6 will be used, if your home router provides you with IPv6 addresses (?).
WIRELESS0
This network is used for meshing. If you are connected to other routers via the AdHoc interface (or 802.11s), that traffic will pass through this network.
Scripts
/etc/hotplug.d/iface/
The scripts in this directory are executed when interfaces have come up or gone down. Some environment variables are set with information about the interface name, the action, etc:
- ACTION: Can be one of "ifup" or "ifdown"
- DEVICE: Only set when ACTION=ifup. Contains the name of the newly set up interface, e.g. "wlan0-adhoc-2"
- HOTPLUG_TYPE: Set to the type of hotplug script. In this case "iface".
- INTERFACE: The name of the physical device that was set up or taken down.
- LOAD_STATE: ?
- board: The name of your router, e.g. "TL-WR842N-v3"
- script: The name of the current script, e.g. "/etc/hotplug.d/iface/60-ffuplink"
/etc/hotplug.d/iface/60-ffopenvpn
This script is only used in the tunnel firmwares. It checks, if the interface with the name "wan" came up and in this case updates the OpenVPN configuration with the IP-address of your home router and starts OpenVPN. If the "wan" interfaces went down, OpenVPN will be stopped.
/etc/hotplug.d/iface/60-ffuplink
This script is only used in the "default" firmware. It checks, if the interface with the name "ffuplink" came up (this is the case, when "ffuplink_wan" is activated, because the "wan" interface came up). It adds or removes a default route for this interface depending, if ACTION is "ifup" or "ifdown".
/etc/hotplug.d/iface/60-ffuplink_policyrouting
This script protects your home network from being accessible by the clients. If the interface "ffuplink" has come up, it first calculates the network address of your home network, then iterates over the interfaces from the "freifunk" firewall zone and inhibits access to the home network for each of them. Only access to the internet (the default route "0.0.0.0") will be left.
Directories
/etc/config/
Contains the OpenWRT configuration files. Its contents will be saved or restored when creating or restoring a backup using LuCI.
Some files from this directory:
- network: Definitions for the networks, interfaces and ip rules
- wireless: Definitions for the wireless network, e.g. settings for the physical devices ("radio0") and interfaces (access points, mesh points, client connections, etc.)
- openvpn: Definitions for the OpenVPN connections, e.g. BBBVPN or the uplink tunnel in the tunnel firmwares
- olsrd: Configuration of the OLSRd routing daemon, e.g. plugins to load, HNA announcements, interfaces that OLSRd is listening on, etc.
/etc/hotplug.d/
Contains scripts, that are executed, when hardware got initialized or deinitialized. Those scripts are usually residing in subdirectories according to their use.
Some examples:
- /etc/hotplug.d/iface/: Contains scripts that do additional steps after network interfaces came up or went down
- /etc/hotplug.d/firmware/: Contains scripts that are used to load firmwares, e.g. for some network chipsets
- /etc/hotplug.d/net/: ?
/overlay/
Contains the files, that have been modified. It is an OverlayFS file system that is mounted on top of the files from the firmware image. The files from the firmware image are read-only and reside (unmodified) in the directory "/rom/". The overlayfs is written to a special partition in the flash memory, i.e. its containts are preserved when restarting the router.
/tmp/
This is place for temporary files, like dhcp leases etc.. It is implemented as a ramdisk, so its contents are not preserved when restarting the router.
Firmware flavours
The different flavours are explained in details in english and german language.
default
This firmware provides direct access to the internet for the clients. It does not use a VPN tunnel.
tunnel-berlin
In this firmware, client traffic is passed through the community tunnel, so only the IP address of that tunnel will be visible to the outside world (instead of the IP address that you got from your internet provider).
vpn03
This firmware is deprecated. It uses a tunnel like the tunnel-berlin firmware.
backbone
This firmware is specialized for use in the Berlin-Backbone (BBB). Opposed to the other firmwares, it uses less policyrouting settings, has no firewall and other stuff that would only be necessary for routers in a home network.
Tunnels
BBBVPN
This tunnel can be set up to be able to access routers, that are part of the Berlin-Backbone (BBB) network. By default you cannot reach those routers if you don't have a direct connection to one of them (e.g. as a client or over a mesh interface).
See the BBB-VPN Howto for details how to set up this tunnel.
SmartGW
This tunnel is set up by OLSRd to pass internet access to other routers in a mesh network.
E.g. if you have internet access with your Freifunk router (and chose to share it), your router will be announced as a "SmartGW" via OLSR to routers, that are connected to yours in a mesh. The other router will then be able to access the internet over this tunnel.
Community tunnel / VPN03
These tunnels are used, if you want to give internet access to clients, but want to hide your private IP address.
Firewall
ffuplink
freifunk
wan
Access
WiFi / WAN / LAN / UART / JTAG
The router can be accessed by various ways:
- Network: The web interface (LuCI) and the shell (by SSH) can be accessed from WiFi clients, the WAN and the LAN interfaces.
If you misconfigured the network in a way, that you can't access the router anymore using IPv4, you can try using IPv6 as described in this guide.
|
Wichtig: As the login page and the shell are accessible to the public, make sure you use a good password for your router! |
- UART
Many routers offer serial access, but that usually requires soldering pins to the PCB and using a USB-serial adapter.
One advantage of using a serial console is still having access to the router, even if you completely misconfigured its network setup.
See the OpenWRT documentation on serial access
Also look for device specific information, e.g. the TP-Link CPE210
- JTAG
Some routers allow direct flashing using a JTAG interface. This can be a chance to "debrick" a router, e.g. if you somehow managed to upload a broken firmware.
See the OpenWRT documentation on JTAG access Also look for device specific information, e.g. the TP-Link TL-WR1043
ssh / shell / vi
It is possible to get access to a shell on the router using SSH (Windows users should download e.g. "putty" for that). Public keys for SSH access can be uploaded via the web interface or by adding them to "/etc/dropbear/authorized_keys".
On the shell you can e.g. directly modify the configuration files, restart services, etc.
The default editor is vi. Its usage is very different from what you are used from modern editors. A good starting point on the usage can be this vi introduction. But you may as well consider installing a different editor like "nano" using "opkg".
Some useful shell commands:
firstboot
The "firstboot" command clears the overlay partition, so after a reboot, the router will be completely reset to the firmware defaults. The command will ask you for confirmation before actually clearing the partition.
logread
With "logread" you can display messages from the system log. If you call it with the parameter "-f" (for "follow"), it will constantly output new messages that are written to the system log ("logread -f").
wifi
The command "wifi" will restart the wireless network, so that e.g. changes from the config file "/etc/config/wireless" will be used.
/etc/init.d/network restart
The complete network can be restarted by entering "/etc/init.d/network restart", so that e.g. changes from the config file "/etc/config/network" will be used. This command will restart the wireless network as well.
Routing
OLSRd
As of Hedy-1.0.0, Freifunk-Berlin uses OLSR v0.9.0.3 as a routing deamon, that automatically creates routes between the Freifunk nodes. It acts on OSI-layer 3, i.e. works using IP addresses.
There are plans to migrate to more recent versions of OLSR or even to different routing daemons (e.g. bmx, babel, b.a.t.m.a.n.). Due to some incompabilities between different versions of OLSR, this step will take some time.
References:
- https://wiki.openwrt.org/doc/howto/mesh.olsr
- https://en.wikipedia.org/wiki/Optimized%20Link%20State%20Routing%20Protocol
- http://www.olsr.org/
HNA
HNA is an abbreviation for "host and network association". It can be used to make devices accessible, that do not have on OLSR deamon running, e.g. managed switches. To achieve that, add the IP address of that device to the HNA list of the router, that has access to this device. Then this device will be accessible e.g. for clients connected to your router or via BBB/BBB-VPN (if configured). You can add complete networks as well as single hosts to the HNA list.
SmartGW
See SmartGW in the "Tunnels" section.
B.A.T.M.A.N.
Batman is a OSI-layer 2 routing protocal, i.e. it works using MAC addresses. Devices using the Batman routing daemon behave, as if they are connected to the same switch. This can be useful e.g. for core-router setups, where a single DHCP instance provides the IP addresses for clients, that can connect to any router in that network (they can then even switch between those routers but keep their address, this is called "roaming"). Batman modules are contained in the current firmware, but not yet used (unless you configured it).
References:
- https://wiki.openwrt.org/doc/howto/mesh.batman
- http://www.open-mesh.org/projects/batman-adv/wiki/Quick-start-guide
- https://en.wikipedia.org/wiki/B.A.T.M.A.N.
Meshing
By default, routers with a Freifunk-Berlin firmware will automatically connect to other Freifunk-Berlin routers, that are in range of the WiFi network (no other steps are necessary). That means, the remote routers will be accessible (to your router and your clients) and the internet access will be forwarded via SmartGW (if configured to share internet access). Being able to (automatically) connect to other routers, thus creating a network, that looks like a meshed web, is called "meshing".
Mesh-On-LAN
It is possible to use LAN connections for meshing as well, if you configure it. See this Mesh via LAN guide.
Mesh-On-WiFi
As of Hedy-1.0.0, meshing over WiFi works using AdHoc (IBSS) mode. The routers have to use the same WiFi channel (that should be 13) and the same ESSID (that should be "intern-ch13.freifunk.net" for 2.4GHz or "intern-ch36.freifunk.net" for 5GHz). There are plans to switch to 802.11s meshing in the future.
LUCI / LUA / UCI
LUCI
LuCI is the name of the web interface of the Freifunk-Berlin routers. It is written in the script language "lua" (that's, where the "L" comes from) and is a frontend to the uci configuration system (that gives the rest of its name).
LUA
You will find the LuCI files under the directory "/usr/lib/lua/" on your router. Some pages are compressed by removing linefeeds, etc. and some pages are compiled bytecode. To debug or inspect such pages, you can simply replace them with the uncompressed/uncompiled files from the git repository, but you will have to delete the cached pages from the directory "/tmp/luci-modulecache/" for the changes to take place.
UCI
UCI is an abbreviation for "Unified Configuration Interface" that is used by OpenWRT (and thus by the Freifunk-Berlin firmware). You can fetch or set options from the configuration files (in "/etc/config/") using uci commands. See the OpenWRT UCI documentation for more details.
Compiling
The Freifunk-Berlin firmware is based on OpenWRT. If you check out the Freifunk-Berlin sources and compile them, the OpenWRT files (specific to the version of the Freifunk-Berlin firmware) will automatically be downloaded and compiled.
More details about the OpenWRT build system.
github
The source code of the Freifunk-Berlin firmware resides on github: https://github.com/freifunk-berlin/firmware
A short introduction how to check out these files and compile them can be found in the file README.md (scroll down a bit).
There is also a Bugtracker on the github page, but you should first ask on the mailing list if your problem is really a bug or just a configuration mistake.
Similar firmwares
OpenWRT
OpenWRT is the base of the Freifunk-Berlin firmware (and others) Homepage: https://openwrt.org/
Gluon
Some communities use the gluon firmware, which is similar to the Freifunk firmware, but aims to work across different communities.
More details on Gluon.
Glossary
You can look up several Freifunk related terms in the Freifunk glossary.
