LEDE OPENWRT WIFI USB SETUP

Test Setup

  • Futro S500 with USB Wifi Dongle Realtek RTL8192CU
  • PCI Riser Card with Realtek Gigabit
  • LEDE 17.XX Trunk Kernel 4.14
  • Download latest Version from openwrt.org select x86/64
  • extract the compressed image (*ext4*img.gz) and dump it with “dd” to CF-Card 1GB

Sample for Clean Setup like TP-Link Router Firmware:

You need to install this packages by “opkg update && opkg install package name && reboot”:


base-files - 184-r6198-ba5f700
busybox - 1.27.2-3
dnsmasq - 2.79rc1-1
dropbear - 2017.75-5
e2fsprogs - 1.43.7-1
firewall - 2017-11-07-c4309372-2
fstools - 2018-02-11-3d239815-1
fwtool - 1
hostapd - 2017-08-24-c2d4f2eb-6
hostapd-common - 2017-08-24-c2d4f2eb-6
hostapd-utils - 2017-08-24-c2d4f2eb-6
iftop - 2017-02-06-35af3cf6-1
ip6tables - 1.6.1-2
iptables - 1.6.1-2
iw - 4.9-1
iwinfo - 2018-02-15-223e09bf-1
jshn - 2018-02-08-bb0c830b-1
jsonfilter - 2016-07-02-dea067ad-1
kernel - 4.14.20-1-eb9f2f64337015eea1a75123f71f272a
kmod-button-hotplug - 4.14.20-3
kmod-cfg80211 - 4.14.20+2017-11-01-4
kmod-e1000 - 4.14.20-1
kmod-e1000e - 4.14.20-1
kmod-hwmon-core - 4.14.20-1
kmod-i2c-algo-bit - 4.14.20-1
kmod-i2c-core - 4.14.20-1
kmod-igb - 4.14.20-1
kmod-input-core - 4.14.20-1
kmod-ip6tables - 4.14.20-1
kmod-ipt-conntrack - 4.14.20-1
kmod-ipt-core - 4.14.20-1
kmod-ipt-nat - 4.14.20-1
kmod-lib-crc-ccitt - 4.14.20-1
kmod-mac80211 - 4.14.20+2017-11-01-4
kmod-mii - 4.14.20-1
kmod-nf-conntrack - 4.14.20-1
kmod-nf-conntrack6 - 4.14.20-1
kmod-nf-ipt - 4.14.20-1
kmod-nf-ipt6 - 4.14.20-1
kmod-nf-nat - 4.14.20-1
kmod-nf-reject - 4.14.20-1
kmod-nf-reject6 - 4.14.20-1
kmod-nls-base - 4.14.20-1
kmod-ppp - 4.14.20-1
kmod-pppoe - 4.14.20-1
kmod-pppox - 4.14.20-1
kmod-pps - 4.14.20-1
kmod-ptp - 4.14.20-1
kmod-r8169 - 4.14.20-1
kmod-rtl8192c-common - 4.14.20+2017-11-01-4
kmod-rtl8192cu - 4.14.20+2017-11-01-4
kmod-rtlwifi - 4.14.20+2017-11-01-4
kmod-rtlwifi-usb - 4.14.20+2017-11-01-4
kmod-slhc - 4.14.20-1
kmod-usb-core - 4.14.20-1
kmod-usb-ehci - 4.14.20-1
kmod-usb-uhci - 4.14.20-1
kmod-usb-wdm - 4.14.20-1
kmod-usb2 - 4.14.20-1
kmod-usb2-pci - 4.14.20-1
lede-keyring - 2017-01-20-a50b7529-1
libblkid - 2.30.2-2
libblobmsg-json - 2018-02-08-bb0c830b-1
libc - 1.1.18-1
libext2fs - 1.43.7-1
libf2fs - 1.9.0-1
libgcc - 5.5.0-1
libip4tc - 1.6.1-2
libip6tc - 1.6.1-2
libiwinfo - 2018-02-15-223e09bf-1
libiwinfo-lua - 2018-02-15-223e09bf-1
libjson-c - 0.12.1-1
libjson-script - 2018-02-08-bb0c830b-1
libkmod - 20-1
liblua - 5.1.5-1
libmbedtls - 2.7.0-1
libncurses - 6.0-1
libnl-tiny - 0.1-5
libpcap - 1.8.1-1
libpthread - 1.1.18-1
librt - 1.1.18-1
libsmartcols - 2.30.2-2
libubox - 2018-02-08-bb0c830b-1
libubus - 2018-01-16-5bae22eb-1
libubus-lua - 2018-01-16-5bae22eb-1
libuci - 2018-01-01-5beb95da-1
libuci-lua - 2018-01-01-5beb95da-1
libuclient - 2017-11-02-4b87d831-1
libusb-1.0 - 1.0.21-1
libustream-mbedtls - 2016-07-02-ec80adaa-2
libuuid - 2.30.2-2
libxtables - 1.6.1-2
logd - 2018-02-14-128bc35f-1
lua - 5.1.5-1
luci - git-18.047.57952-461df8b-1
luci-app-firewall - git-18.047.57952-461df8b-1
luci-base - git-18.047.57952-461df8b-1
luci-lib-ip - git-18.047.57952-461df8b-1
luci-lib-jsonc - git-18.047.57952-461df8b-1
luci-lib-nixio - git-18.047.57952-461df8b-1
luci-mod-admin-full - git-18.047.57952-461df8b-1
luci-proto-ipv6 - git-18.047.57952-461df8b-1
luci-proto-ppp - git-18.047.57952-461df8b-1
luci-ssl - git-18.047.57952-461df8b-1
luci-theme-bootstrap - git-18.047.57952-461df8b-1
mkf2fs - 1.9.0-1
mtd - 21
netifd - 2018-02-05-1be329c6-3
odhcp6c - 2017-09-05-1f93bd4c-8
odhcpd-ipv6only - 1.3-1
opkg - 2017-12-07-3b417b9f-2
partx-utils - 2.30.2-2
pciutils - 3.5.6-1
ppp - 2.4.7-12
ppp-mod-pppoe - 2.4.7-12
procd - 2018-01-23-653629f1-2
px5g-mbedtls - 4
r8169-firmware - 2017-09-06-a61ac5cf-1
rpcd - 2017-12-07-cfe1e75c-1
rpcd-mod-rrdns - 20170710
rtl8192cu-firmware - 2017-09-06-a61ac5cf-1
terminfo - 6.0-1
ubox - 2018-02-14-128bc35f-1
ubus - 2018-01-16-5bae22eb-1
ubusd - 2018-01-16-5bae22eb-1
uci - 2018-01-01-5beb95da-1
uclient-fetch - 2017-11-02-4b87d831-1
uhttpd - 2017-11-04-a235636a-1
uhttpd-mod-ubus - 2017-11-04-a235636a-1
usbutils - 007-7
usign - 2015-07-04-ef641914-1
wireless-regdb - 2017-10-20-4343d359
wpa-supplicant - 2017-08-24-c2d4f2eb-6
zlib - 1.2.11-2

  • To Test if the System see successful the Dongle enter on console “lsusb” and “lsmod |grep 81”
  • Login on on LAN port via Cable open Admin Website (LUCI) to https://192.168.1.1
  • If Wifi doesnt work then a package is missed like hostapd or wpa-supplicant
  • Kernel will post NO ERRORS on Log if packages are missed !!

Nextcloud Owncloud Calling Home

I did a deeper firewall test on my fresh installed OpenWRT Router and activated a “Ads Blacklist” after this my owncloud Share Login loops!

Result:

  • Seems that some IP’s of the “Update Check Tool” Servers, which is installed inside the PHP-Kit is blacklisted.
  • So it seems the Code calls home! ¬†With this option its possible to count and collect IPs of Setups! Perhaps checkout unpatched Versions!
  • I didn’t check deeper, but the behavior was clear without viewing the codes.

After publish this Info via Twitter:

 

nextcloud owncloud calling home

REMARKS:

  • No Company / Developer works for “free”
  • After Setup of PHP-Kits do a IP Firewall Traffic checkout
  • If you don’t need the PHP Kit reachable via Internet block the IP Device at your Router from Internet Access!
  • Prefer Standard Tools like SFTP/SCP with Key Auth to transfer Files, less unsecure cause only one application active!!
  • PHP Kits Logins can often be scanned by Search Indexes by “Search by Title” of the Login Webinterface!!

For me i decided to purge the package and use System Standard Tool “SFTP with SSH Key Auth” and on my Phone a Totalcommander with SFTP Plugin!

 

 

Android Browser Traffic Waste

If you use a Smartphone or Tablet be sure that the Browser like Firefox, Icecat Opera are not active at “minimize” mode, if the Website code uses a “auto” refresh code the Browser will endless load the sites on Background! This burns your Data Limit to zero..

Howto:

  • Swipe unused apps to Top of Screen!
  • Control by tapping onto the Square Button!
  • Use Data Traffic Control Apps default addon tool of Huawei

ENFORCE Google to DuckDuckgo SEARCH

If you want to enforce the use of DuckDuckgo.com instead of google.com do:

Edit at the PC the “hosts” File on:

Linux /etc/hosts
Windows C:\Windows\System32\drivers\etc

insert at last:

54.229.105.92  google.com  #ip of duckduckgo or 176.34.131.233
54.229.105.203 google.com #ip of duckduckgo
176.34.131.233 bing.com #ip of duckduckgo or 176.34.131.233
176.34.131.233 yahoo.com #ip of duckduckgo or 176.34.131.233

..reboot and test on a Browser Session after google.com you see duckduckgo.com

Remark:

  • Most DSL Routers do offer the edit of the hosts File too, do same there and ALL devices redirected!
  • Don’t forget to reboot!
  • This Solution works only on IPv4 Networks, to enforce the local net, disable IPv6 forwarding on your ISP Router!
  • Test the “addressbar” search, there the redir does not work, cause compiled in IP’s or IPv6 broadcast, then remove uneeded Search Engines on the Browser Settings!
  • Use the free fork of Firefox named icecat Browser

BIG DATA COMPANYS ABUSE POWER

If have read the latest News about the Big Data Collector and his for FREE shared Browser, you see that the big data Company’s abuses their power to block Websites from their Buisiness.

With the next upcoming Releases they prevent fast access to public News Sites or other Blogs and enforces the Website Owners to ACCEPT the NEW RULES.

You see that most FREE Software IS NOT REALLY FREE Software, cause it’s a Tool to take CONTROL over the normal USERS!

To PREVENT this POLITICS try to use ALTERNATE SOFTWARE like the ICECAT Browser, sometimes it’s more useful to have a CLOSER look at the SOFTWARE you use at you DAILY Office.

..get back the CONTROL over your SYSTEMS!!

Nextcloud Owncloud Opensource Risk’s

If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks:

Based on this Article

You must know:

  • Details of Security about your current used PHP Versions (7.X)
  • Details of your used Database Version (MySQL..)
  • Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter)
  • See ALWAYS PHP-Kits of opensource with the trust of NON HARDENED SOFTWARE (prefer NON-PUBLIC ACCESS)
  • You can ACCESS this Software thru SSH TUNNELS with a local running non-caching PROXY (privoxy)
  • Use the SSH Tunnels on unknown Ports and Login via Key Files which must be unlocked by LONG PASSWORDS
  • Public ACCESS is ALWAYS a RISK if YOU didn’t have the KNOWLEDGE of the SOURCE CODE!

Howto read here