101 flashing & setup of a freifunk-Berlin router (Holger)

Overview

• What is freifunk? https://berlin.freifunk.net/
• pico peering agreement
• select ur setup
• get ur hardware
• get ur key for a tunnel if u depend on ur internet connection and devices or connect without a tunnel
• get ur ip-addresses
• get ur firmware image
• flash ur firmware image
• go thru the wizard
• be happy with ur freifunk router
• test ur ip

Choose ur setup

e.g.

• share ur internet connection with guests and neighbours - ur freifunk router is connected to ur internet connection
• take internet from freifunk mesh - ur router is connected to freifunk mesh an supplies internet to local lan clients
• build a link between two places - preferably at 5 GHz above city roofs

here we will share our internet thru a tunnel, in regard to advanced setup where we got the pass for a closed pub wifi

get hardware

• we choose poka yoke GL.iNet GL-AR150
• u can take a 2 × 2 MIMO model GL-MT300 as well, german test
• or other up to ur knowledge and choice

get ur key

• comm-tunnel url
• we need a realtime key maker (perry?)

get ur ip-addresses

• ip dealer

get ur firmware image

• link

flash ur firmware image

• dialogue

go thru the wizard

• name ur router
• insert known values

be happy

• enjoy happy surfin with ur friends
• admire how many guests u provide with internet
• some views at protocols and statistics

duration

• estimated 1 hour
• with a group of four having their own workshop, 2 hours

Advanced (Torte)

• your router is available to the public
  • use good passwords (->web login)
  • when doing advanced stuff: check that your home network is not reachable
• What is WAN, LAN/DHCP, MESH
• What is BBB + Services (Usecase 1: Access FF-Router from non-FF hotspot)
• Usecase 2: You want a guest network that is separated from your home network
• For advanced topics:
  • People without any knowledge of vi/ssh/shell might group together around someone who knows these tools.
  • vi tutorials: http://heather.cs.ucdavis.edu/~matloff/UnixAndC/Editors/ViIntro.html
  • ssh / shell

Use WiFi as uplink

• WiFi-Client not usable in bridge
  • see http://web.archive.org/web/20110925231256/http://kerneltrap.org/mailarchive/linux-ath5k-devel/2010/3/21/6871733
  • alternative: "openwrt relayd" pseudobridge (complicated): https://wiki.openwrt.org/doc/recipes/relayclient

tunnel firmware

Simple: Replace WAN with WWAN

• Disadvantage: No automatic switching between WAN/WWAN
• Advantage: All within LuCi, no shell required
• Steps:
  • scan for AP
  • Join network (creates network name "wwan")
  • edit WAN: Disable bridge, remove eth0, add wwan
  • remove WWAN (optional)

Advanced: Both WAN and WWAN

• Advantage: Automatically uses WAN or WWAN - whichever you plug in
• Steps:
  • scan for AP
  • Join network (creates network name "wwan")
  • edit /etc/hotplug.d/iface/60-ffopenvpn: Add "wwan"

no-tunnel firmware

• Disadvantage: No automatic switching between WAN/WWAN
• Steps:
  • "/etc/config/network": rename "ffuplink" to "ffuplink_bak" (to be able to switch back later).
    One time in "ffuplink_dev" and two times in "ffuplink"
  • "/etc/init.d/network restart": update interface name
  • scan for AP
  • Join network (create network name "ffuplink", firewall zone "ffuplink")
  • edit "/etc/config/wireless". In section with "ffuplink" add "option ifname ffuplink"
  • edit "/etc/hotplug.d/iface/60-ffuplink"
    • look for "network_get_gateway gateway wan"
    • simply change "wan" to "ffuplink"
    • or add below:

 if [ -z "$gateway" ]; then
   network_get_gateway gateway ffuplink
 fi

• • "/etc/init.d/network restart"
  • Done.
• To switch back to WAN:
  • rename "ffuplink" to "ffuplink_bak" in /etc/config/wireless
  • rename "ffuplink_bak" to "ffuplink" in /etc/config/network
  • (if you used the simple approach) rename "ffuplink" to "wan" in /etc/hotplug.d/iface/60-ffuplink

time schedule

minutes	content
5	Intro (Who am I, what do we do, security)
5	Reset button, open, serial interface
3	Reset, restore backup, reboot
3	Explain networks, interfaces, physical devices
5	office presentation: mesh & co.
...	... (sum:21, total:21)
10	setup wifi uplink
5	revert to wan uplink
...	... (sum:15, total:36)
5	login via ssh, /etc/config, vi
12	modify 60-ffopenvpn, explain logread/grep, demonstrate wan/wwan
...	... (sum:17, total:53)
5	flash "default" firmware
4	setup "default" firmware, check inet access/ip
6	force fixed MAC address of ffuplink_dev
15	rename ffuplink to ffuplink_bak, setup wifi-uplink as ffuplink, modify 60-ffuplink
5	explain how to revert and 60-ffuplink-policyrouting
...	... (sum:35, total:88)
5	mention "openwrt relayd", wiki page for step-by-step instructions
...	... (sum:5, total:93)

Caveats

• policyrouting only protects the network of the uplink
  • Example: [HomeRouter=192.168.2.1/24]->[Mobile:Tethering=192.168.43.1/24]->[FreifunkRouter]->[Client]
    • In this case, 192.168.2.1/24 can be reached from the client, because only 192.168.43.1/24 is regarded to be the secured home network

this section is intentionally left blank for ur notes

• just checked my edimax "stick"
• lsusb gives "Bus 001 Device 005: ID 7392:7811 Edimax Technology Co., Ltd EW-7811Un 802.11n Wireless Adapter [Realtek RTL8188CUS]"
• wrt-setup.md looks promising
  • You need to download the rt8192cu module for this. It is not in our Freifunk-firmware, so you can try to download it from openwrt (will require "--force-depends" on installation). But there is a chance, that our kernel lacks some required symbols, because unused symbols are stripped. Just try it out, it may work.

• Open questions
  • When, where?
  • Who registers us for the workshop?
  • Do we have a beamer? Can we use it (room size, light, ...)?
  • Do we have a whiteboard?
  • How do we demonstrate wifi connection (e.g. separate laptop; mobile phone)?
  • Limit tx power
  • Rename "berlin.freifunk.net" to "berlin-ht.freifunk.net" on the demonstration router, to ensure we connect to the correct device
  • Disable meshing when we want to prove that we really use our uplink

• Torte takes to workshop:
  • Laptop (xubuntu)
  • Mobile phone (for uplink)
  • Power strip 6 sockets; (used 4: Mobile; Laptop; AR150; WR842; )
  • LAN-cables (5-6)
  • Routers
    • WR842 (fixed setup; our previous barfly router; for uplink)
    • AR150-torte (fixed setup; our current barfly router; for demonstration, e.g. USB-WiFi)
    • AR150-bts (for flashing/playing)
    • USB-WiFi Adapter (working with AR150-torte; rt73)
    • USB-Serial adapter (AR150 has serial pins on the pcb by factory)
  • I've set up (and checked) a wr842 to use my mobile as uplink (tethering) and bring these to the workshop. So this router can simulate the home router with inet access that you can use as uplink using the WAN port and I can use it as WWAN uplink. Unless you have a simpler idea.

links

Firmware

• https://berlin.freifunk.net/ → Mitmachen → Starterkit → First link
• https://wiki.freifunk.net/Berlin:Firmware#Unterst.C3.BCtzte_Hardware
• https://buildbot.berlin.freifunk.net/buildbot/

OpenWRT

• https://openwrt.org

Putty

• https://putty.org/

VI tutorial

• http://heather.cs.ucdavis.edu/~matloff/UnixAndC/Editors/ViIntro.html

WiFi client not usable in bridge

• http://web.archive.org/web/20110925231256/http://kerneltrap.org/mailarchive/linux-ath5k-devel/2010/3/21/6871733

OpenWRT relayd (pseudobridge)

• https://wiki.openwrt.org/doc/recipes/relayclient