Showing posts with label how-to. Show all posts
Showing posts with label how-to. Show all posts

January 18, 2013

Powerline ethernet and HW design

Powerline Ethernet is a relatively new concept, that uses the existing electrical wires within a house to deliver wired networking capabilities to different parts of a house. I had been following the development of the standard with anticipation for a few years now, but I was not apparently paying attention as the technology was commercialized relatively quickly.

I came upon the commercial implementations anew, when I was looking for a solution to help extend the wireless range of my ageing router. Wireless repeaters were a potential option, but the idea of taking a degrading signal to re-broadcast it was not something that I appreciated for just an aesthetic point of view. Further, that would also constrain the location of the repeater and leave me open to the need for additional repeaters.

Enter Powerline networking and in particular a company called TP Link. After a bunch of research, I figured I was not sure if this would even work in my house and was not willing to pay the premium of a recognized brand. TP Link was a good balance between positive reviews and price.

Turns out, using the electrical wires in the house to transmit Ethernet signals is ridiculously easy.

You need a couple of pieces of hardware to get things going. The first is the base unit, that plugs into a power socket next to the broadband router. The port on that base unit plugs directly into one of the router ports. This essentially makes the entire home “live”.

You then need a client unit, that you can take anywhere in the house and plug into another power socket. Now, on that unit is an Ethernet port that effectively works as a live network port, that can route packets through the electrical wires, through the base unit, the router and out on the the internet.

If you were only looking for an extension of your wired network, you are done. If however, you are looking to have the second unit act, also, as a WiFi access point you have additional work to do.

The additional work is because the default access point is a cryptic SSID, running an unencrypted signal. I wanted it to have the same SSID and authentication parameters as my original WiFi router, so I could roam upstairs and downstairs between either access point. Figured I'd just configure the TP-Link Powerline client access point that way.

And all hell broke loose.

TP-Link essentially hard codes the configuration IP of the second access point. The address unfortunately was the same as the base of my home network. This resulted in a few hours of mental and networking gymnastics, just to be able to configure the second access points with the SSID and authentication parameters that I liked.

Which brings me to the second point of this post - good core technology but crappy hardware design. The two Powerline plugs were not elegant by any means, but they were functionally simple and effective. But an underlying assumption that one would be OK with default access point parameters, led to some questionable hardware design choices ultimately rendering an otherwise attractive product cumbersome. If only these smaller companies took some of these underlying assumptions seriously enough, there is almost no reason why their products cannot easily compete with the big dogs - in not just the marketplace, but also the social marketplace of the star counts on Amazon.com.

Seriously guys, you should just fix it.

by at 23 comments:
Labels: , , , ,

March 03, 2012

Configuring PPTP VPN

This post is the last in the series of upgrades I completed on my router running the new TomatoUSB router firmware. Most data for this post is thanks to this tutorial

Requirements:

  • A router running TomatoUSB
  • Install and configure Optware on the router
  • A way to address the router from outside the home network - like setting up a dynamic DNS maybe
  • A VPN client to connect to the router

Installation

Log onto your TomatoUSB via SSH and run the following on the shell

ipkg install poptop

That is it. Wait for ipkg to do it's thing and you are done installing.

Configuration

Edit the file /opt/etc/pptpd.conf

I installed what is called a Single-Net configuration, after logging in, the entire network is available to the VPN. This was a home network, and I wasn't going to implement any sort of zoning on it.

Ensure the following line is commented

logwtmp

Establish the list of available IP addresses. Here is what I have

localip 192.168.1.1 #This is the local IP address of the router remoteip 192.168.1.245-254 #These are the available remote IPs to be used when a remote VPN connection is made

Edit the file /opt/etc/ppp/options.pptpd

Here is what I have as the final configuration. I have removed the prompts & help text to keep it clean(er).

name pptpd #chapms-strip-domain # BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o # {{{ refuse-pap refuse-chap refuse-mschap # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft # Challenge Handshake Authentication Protocol, Version 2] authentication. require-mschap-v2 # Require MPPE 128-bit encryption # (note that MPPE requires the use of MSCHAP-V2 during authentication) require-mppe-128 # }}} # OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o # {{{ #-chap #-chapms # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft # Challenge Handshake Authentication Protocol, Version 2] authentication. #+chapms-v2 # Require MPPE encryption # (note that MPPE requires the use of MSCHAP-V2 during authentication) #mppe-40 # enable either 40-bit or 128-bit, not both #mppe-128 #mppe-stateless nomppe-stateful # }}} # Network and Routing ms-dns 192.168.1.1 #ms-dns 10.0.0.2 #ms-wins 10.0.0.3 #ms-wins 10.0.0.4 proxyarp # Logging #debug #dump # Miscellaneous lock nobsdcomp

Authentication & Credentials

Create the file /opt/etc/ppp/chap-secrets with the VPN setup credentials. My file looks like below, of course with a valid username & password.

# Username Server Password AllowedIPs myusername * myawesomepassword *

As with any password file, ensure it is only readable by root by running the following as root.

chmod 600 /opt/etc/ppp/chap-secrets

Configure Firewall

Create the file /opt/etc/config/vpn.fire and put the following in it

#!/bin/sh iptables -A INPUT -p gre -j ACCEPT iptables -A INPUT -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i ppp+ -j ACCEPT iptables -A FORWARD -i ppp+ -j ACCEPT iptables -A FORWARD -o ppp+ -j ACCEPT

Make the script executable by running the following

chmod +x /opt/etc/config/vpn.fire

Restart the firewall service

service firewall restart

Start VPN server

This is the last step. Create the file /opt/etc/config/vpn.wanup and add the following

#!/bin/sh if [ ! -f /tmp/ppp/chap-secrets ]; then mkdir -p /tmp/ppp ln -s /opt/etc/ppp/chap-secrets /tmp/ppp fi /opt/etc/init.d/S20poptop restart

Make this script executable

chmod +x /opt/etc/config/vpn.wanup

That is it, this will ensure the vpn always runs whenever the WAN comes back up. The VPN is up and running.

Testing it may end up being a bit tricky. You cannot log into the network while you are on it. I used my phone, disabled WiFi, and configured it to log in via the mobile network to ensure that the VPN was indeed accessible and working. Presto, I could log into my home network from anywhere in the world.

Check out the original post about ways to configure a VPN client on an iOS or Android device.

by at No comments:
Labels: , , ,

January 12, 2012

Dynamic DNS on my Tomato Router

Here is the problem statement - now that I had my router running a custom TomatoUSB build, I wanted to open it up to the Internet so that I could access my music and data from anywhere.

The first step though, was to establish a way to address my router via the Internet. Now, I get a dynamic IP address from my ISP; so I had to find a way to keep track of the latest address. The answer, of course, was to use a dynamic DNS (DDNS) solution, of which there are dozens available. But as it turned out, my case was more complicated than that.

I chose the FreeDNS service offered by afraid.org. Tomato firmware has native support for their dynamic DNS service built in. But more importantly the tagline on their website read “Why is it free? It's quite simple. We wanted a challenge... that's it.”.

To set my site up, I had to delegate the nameserver function for my domain to my hosting provider. My initial idea was to delegate a subdomain to the FreeDNS service, and then update the IP address directly from my router. Unfortunately my hosting provider did not allow delegation of sub-domains to a different DNS provider. In other words, they did not allow NS records to be created for their inconsequential customers like me. They only allowed A, TXT or CNAME records. CNAME records - that gave me a way out.

I created a sub-domain on one of the free domains provided by the FreeDNS service - in my case it was mooo.com. The name of the sub-domain did not really matter, any available one worked just fine. Then I set up my Tomato router to update the IP address of this sub-domain automatically.

Finally, I set-up a CNAME pointing a sub-domain from anarchius.org to the newly created sub-domain on mooo.com. Presto - sub-domain.anarchius.org now resolved to my WAN IP address. Here is how my DNS records look now:

There you are, Dynamic DNS on my Tomato router up and running, linked directly to my own domain. Bring on the possibilities.

by at 2 comments:
Labels: , , ,

December 04, 2011

TomatoUSB on Netgear 3500L

Upgrading a Netgear 3500L to the latest TomatoUSB build. This worked for me as of December 01, 2011 - with no guarantees that will work for you or at any other time.

Required ingredients:

  • The trailed DD-WRT build to perform the first upgrade. Filename: dd-wrt.v24-15704_NEWD-2_K2.6_mini-WNR3500L.chk
  • The correct TomatoUSB version - Build 54, Kernel 2.6, CPU MIPSR2 and feature-set Extras or Ext. This is what I used, but you might check the latest version here. Filename: tomato-K26USB-1.28.9054MIPSR2-beta-Ext.rar
  • WinRAR or 7-zip or a related utility to unzip the RAR file.
  • Some timer - either an app on your phone or a watch with a seconds hand.
  • A pushpin of some sort.
  • A printout of a document that looks something like this.
  • A laptop or desktop of some kind that has a working modern browser.

Procedure:

  • Ensure your firmware files are identified, available and ready to go. See above for the two files you need to keep available. Use WinRAR or 7-Zip to unzip the .rar file. You will get a .trx file along with a changelog. Rename the .trx extension to .bin.
  • Connect your computer to the router using an Ethernet cable, if you do not have extra cords, use the one which used to connect the router to the external WAN. In either case, ensure the External WAN is disconnected.
  • Set your computer to a static IP of 192.168.1.8 (Ensure you are doing this to the wired LAN connection)
  • Perform a 30-30-30 reset using your push-pin on the depressed reset button on the back of the router. You might want to use the timer to ensure you are actually keeping it depressed for 30 seconds.
  • Wait for the router to boot back up. Using your browser, head over to http://192.168.1.1, and use your default credentials login: admin and password: password to log in.
  • Using the Upgrade option on the Netgear admin menu, use the .chk file you downloaded from the DD-WRT site. Note you are not using the bigger TomatoUSB firmware yet.
  • Wait, no seriously wait. Wait till the lights get back to normal. Wait. Wait to see that you can access the new admin interface.
  • Perform the 30-30-30 reset. Wait for the router to come back up.
  • Now head back over to http://192.168.1.1. You should be automatically logged in, but instead will be asked to set an admin account with password. You can set this to be whatever you want, your firmware is just about to be flashed.
  • Go to the Administration tab and then Firmware Upgrade sub-tab. Select the TomatoUSB file that you extracted from the RAR archive and renamed to a .bin file.
  • Again wait. For all the frenzy to subside. After you can see the router administration page again, wait some more.
  • Perform another 30-30-30 reset. Wait for the router to come back up.
  • Again head back over to http://192.168.1.1. Login using the Tomato default credentials: no login required and password: admin
  • Set up basic wireless services, located under. Disconnect the Ethernet cord, reconnect the router to the WAN network, get-up sit on the couch and continue configuring your brand new router firmware.
  • And yes, keep away the push-pin, the timer and set your wired connection back to dynamic IP.

That was it, and if you have been following along, my Toshiba thrive connects beautifully to the new router via SMB and I can now access all the media I have on my RAID, wirelessly over the home WiFi network. Cloud anyone?

Freedom to hack: 1 - Closed systems:0.

by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)