Openwrt dmesg human timestamp

To viel on busybox dmesg with human readable time for debug do:

$vi /root/dmesg.sh

insert:
base=$(cut -d '.' -f1 /proc/uptime);
seconds=$(date +%s); 
dmesg | sed 's/\]//;s/\[//;s/\([^.]\)\.\([^ ]*\)\(.*\)/\1\n\3/' | 
while read first; do 
read second; 
first=`date +"%d/%m/%Y %H:%M:%S" --date="@$(($seconds - $base + $first))"`;
printf "[%s] %s\n" "$first" "$second"; 
done 
exit 0

run it sh dmesg.sh..

System Echo:

...
[16/03/2018 14:55:18] br-lan: port 3(wlan1) entered blocking state
[16/03/2018 14:55:18] br-lan: port 3(wlan1) entered disabled state
[16/03/2018 14:55:18] device wlan1 entered promiscuous mode
[16/03/2018 14:55:18] br-lan: port 3(wlan1) entered blocking state
[16/03/2018 14:55:18] br-lan: port 3(wlan1) entered forwarding state
[16/03/2018 14:55:19] br-lan: port 2(wlan0) entered blocking state
[16/03/2018 14:55:19] br-lan: port 2(wlan0) entered forwarding state
[16/03/2018 15:34:17] device wlan1 left promiscuous mode
[16/03/2018 15:34:17] br-lan: port 3(wlan1) entered disabled state
[16/03/2018 15:34:17] device wlan0 left promiscuous mode
[16/03/2018 15:34:17] br-lan: port 2(wlan0) entered disabled state
[16/03/2018 15:34:24] br-lan: port 2(wlan0) entered blocking state
[16/03/2018 15:34:24] br-lan: port 2(wlan0) entered disabled state
[16/03/2018 15:34:24] device wlan0 entered promiscuous mode
[16/03/2018 15:34:24] br-lan: port 3(wlan1) entered blocking state
[16/03/2018 15:34:24] br-lan: port 3(wlan1) entered disabled state
[16/03/2018 15:34:24] device wlan1 entered promiscuous mode
[16/03/2018 15:34:24] br-lan: port 3(wlan1) entered blocking state
[16/03/2018 15:34:24] br-lan: port 3(wlan1) entered forwarding state
[16/03/2018 15:34:25] br-lan: port 2(wlan0) entered blocking state
[16/03/2018 15:34:25] br-lan: port 2(wlan0) entered forwarding state
...

LEDE OPENWRT WIFI USB SETUP

Test Setup

  • Futro S500 with USB Wifi Dongle Realtek RTL8192CU
  • PCI Riser Card with Realtek Gigabit
  • LEDE 17.XX Trunk Kernel 4.14
  • Download latest Version from openwrt.org select x86/64
  • extract the compressed image (*ext4*img.gz) and dump it with “dd” to CF-Card 1GB

Sample for Clean Setup like TP-Link Router Firmware:

You need to install this packages by “opkg update && opkg install package name && reboot”:


base-files - 184-r6198-ba5f700
busybox - 1.27.2-3
dnsmasq - 2.79rc1-1
dropbear - 2017.75-5
e2fsprogs - 1.43.7-1
firewall - 2017-11-07-c4309372-2
fstools - 2018-02-11-3d239815-1
fwtool - 1
hostapd - 2017-08-24-c2d4f2eb-6
hostapd-common - 2017-08-24-c2d4f2eb-6
hostapd-utils - 2017-08-24-c2d4f2eb-6
iftop - 2017-02-06-35af3cf6-1
ip6tables - 1.6.1-2
iptables - 1.6.1-2
iw - 4.9-1
iwinfo - 2018-02-15-223e09bf-1
jshn - 2018-02-08-bb0c830b-1
jsonfilter - 2016-07-02-dea067ad-1
kernel - 4.14.20-1-eb9f2f64337015eea1a75123f71f272a
kmod-button-hotplug - 4.14.20-3
kmod-cfg80211 - 4.14.20+2017-11-01-4
kmod-e1000 - 4.14.20-1
kmod-e1000e - 4.14.20-1
kmod-hwmon-core - 4.14.20-1
kmod-i2c-algo-bit - 4.14.20-1
kmod-i2c-core - 4.14.20-1
kmod-igb - 4.14.20-1
kmod-input-core - 4.14.20-1
kmod-ip6tables - 4.14.20-1
kmod-ipt-conntrack - 4.14.20-1
kmod-ipt-core - 4.14.20-1
kmod-ipt-nat - 4.14.20-1
kmod-lib-crc-ccitt - 4.14.20-1
kmod-mac80211 - 4.14.20+2017-11-01-4
kmod-mii - 4.14.20-1
kmod-nf-conntrack - 4.14.20-1
kmod-nf-conntrack6 - 4.14.20-1
kmod-nf-ipt - 4.14.20-1
kmod-nf-ipt6 - 4.14.20-1
kmod-nf-nat - 4.14.20-1
kmod-nf-reject - 4.14.20-1
kmod-nf-reject6 - 4.14.20-1
kmod-nls-base - 4.14.20-1
kmod-ppp - 4.14.20-1
kmod-pppoe - 4.14.20-1
kmod-pppox - 4.14.20-1
kmod-pps - 4.14.20-1
kmod-ptp - 4.14.20-1
kmod-r8169 - 4.14.20-1
kmod-rtl8192c-common - 4.14.20+2017-11-01-4
kmod-rtl8192cu - 4.14.20+2017-11-01-4
kmod-rtlwifi - 4.14.20+2017-11-01-4
kmod-rtlwifi-usb - 4.14.20+2017-11-01-4
kmod-slhc - 4.14.20-1
kmod-usb-core - 4.14.20-1
kmod-usb-ehci - 4.14.20-1
kmod-usb-uhci - 4.14.20-1
kmod-usb-wdm - 4.14.20-1
kmod-usb2 - 4.14.20-1
kmod-usb2-pci - 4.14.20-1
lede-keyring - 2017-01-20-a50b7529-1
libblkid - 2.30.2-2
libblobmsg-json - 2018-02-08-bb0c830b-1
libc - 1.1.18-1
libext2fs - 1.43.7-1
libf2fs - 1.9.0-1
libgcc - 5.5.0-1
libip4tc - 1.6.1-2
libip6tc - 1.6.1-2
libiwinfo - 2018-02-15-223e09bf-1
libiwinfo-lua - 2018-02-15-223e09bf-1
libjson-c - 0.12.1-1
libjson-script - 2018-02-08-bb0c830b-1
libkmod - 20-1
liblua - 5.1.5-1
libmbedtls - 2.7.0-1
libncurses - 6.0-1
libnl-tiny - 0.1-5
libpcap - 1.8.1-1
libpthread - 1.1.18-1
librt - 1.1.18-1
libsmartcols - 2.30.2-2
libubox - 2018-02-08-bb0c830b-1
libubus - 2018-01-16-5bae22eb-1
libubus-lua - 2018-01-16-5bae22eb-1
libuci - 2018-01-01-5beb95da-1
libuci-lua - 2018-01-01-5beb95da-1
libuclient - 2017-11-02-4b87d831-1
libusb-1.0 - 1.0.21-1
libustream-mbedtls - 2016-07-02-ec80adaa-2
libuuid - 2.30.2-2
libxtables - 1.6.1-2
logd - 2018-02-14-128bc35f-1
lua - 5.1.5-1
luci - git-18.047.57952-461df8b-1
luci-app-firewall - git-18.047.57952-461df8b-1
luci-base - git-18.047.57952-461df8b-1
luci-lib-ip - git-18.047.57952-461df8b-1
luci-lib-jsonc - git-18.047.57952-461df8b-1
luci-lib-nixio - git-18.047.57952-461df8b-1
luci-mod-admin-full - git-18.047.57952-461df8b-1
luci-proto-ipv6 - git-18.047.57952-461df8b-1
luci-proto-ppp - git-18.047.57952-461df8b-1
luci-ssl - git-18.047.57952-461df8b-1
luci-theme-bootstrap - git-18.047.57952-461df8b-1
mkf2fs - 1.9.0-1
mtd - 21
netifd - 2018-02-05-1be329c6-3
odhcp6c - 2017-09-05-1f93bd4c-8
odhcpd-ipv6only - 1.3-1
opkg - 2017-12-07-3b417b9f-2
partx-utils - 2.30.2-2
pciutils - 3.5.6-1
ppp - 2.4.7-12
ppp-mod-pppoe - 2.4.7-12
procd - 2018-01-23-653629f1-2
px5g-mbedtls - 4
r8169-firmware - 2017-09-06-a61ac5cf-1
rpcd - 2017-12-07-cfe1e75c-1
rpcd-mod-rrdns - 20170710
rtl8192cu-firmware - 2017-09-06-a61ac5cf-1
terminfo - 6.0-1
ubox - 2018-02-14-128bc35f-1
ubus - 2018-01-16-5bae22eb-1
ubusd - 2018-01-16-5bae22eb-1
uci - 2018-01-01-5beb95da-1
uclient-fetch - 2017-11-02-4b87d831-1
uhttpd - 2017-11-04-a235636a-1
uhttpd-mod-ubus - 2017-11-04-a235636a-1
usbutils - 007-7
usign - 2015-07-04-ef641914-1
wireless-regdb - 2017-10-20-4343d359
wpa-supplicant - 2017-08-24-c2d4f2eb-6
zlib - 1.2.11-2

  • To Test if the System see successful the Dongle enter on console “lsusb” and “lsmod |grep 81”
  • Login on on LAN port via Cable open Admin Website (LUCI) to https://192.168.1.1
  • If Wifi doesnt work then a package is missed like hostapd or wpa-supplicant
  • Kernel will post NO ERRORS on Log if packages are missed !!

Freifunk: Openwrt Router Setup Mesh Wifi Meshing

Many of Users have asked me what are the Advantages of using Freifunk WIFI Routers at Home?

freifunk

One of  my answer’s is that the Freifunk OS Openwrt SUPPORT the “MESH” Technology! This is mostly offered by high end WIFI Accesspoint’s or Industrial Devices. Mesh is a Communication Protocol where minimum 2 Devices handle WIFI Access Connections to a WIFI Endpoint (Client, like a Tablet)

There are 3 supported “Mesh” Types:

  • Mesh connects between LAN Ports
  • Mesh connects between WAN Ports
  • Mesh connects between WIFI (default)

Here you see a Mesh Map of a Mesh Network (Public Admin Webpage Meshviewer):

Mesh Network Freifunk

Advantage by Mesh over Wifi (Default):

  • If you Setup 3 Routers at Home this opens a Mesh over Wifi like a triangle:
  • Mesh Openwrt 3 Routers
  • If here a user move the Client between the Rooms of a Home, he don’t need to switch the to the strongest Signal of Wifi, cause the Mesh handles the Access to best signal.
  • If you use more Routers, you get a “Crossover Mesh” like this, which offers “Failover Mesh Network”
  • Mesh Openwrt Crossover Network
  • These Mesh connects can be easy done by, Wifi to Wifi, LAN to LAN or WAN to WAN Ports (both over a Cable)!
  • For WAN/LAN usage you must enable switches at the Advanced Admin Interface of the Freifunk Software!
  • Remark: Enabled LAN/WAN MESH disable WIFI MESH!
  • To connect successful all Routers, boot first the Router 1 with direct Internet Access! Then the Satellite Routers!

More Infos and Details read the Freifunk Wiki Meshing Mesh Network Openwrt

 

Freifunk: Setup Router Software Bugfix

If you want to share Public Wifi at home for friends and you don’t want to share the Wifi Password, you can setup cheap a Public Openwrt Wifi Router as Access Point.

freifunk

Advantages:

  • Public Setup needs no Wifi Password
  • You are not responsible, cause the Internet is pulled thru a VPN of Freifunk Network
  • It’s anonymous!
  • It’s free of Charge!
  • Supported by a big Community
  • Can installed on very cheap old Routers like the TP-Link 841 (find the Singleband Router on Amaz or EbXX 12$ or Powerfull Dualband Router TP Link C7 at 50$)
  • Can by used at EVERY Freifunk MESH Wifi Access Network (Mobile Home Usage without Internet like LTE)
  • It’s save
  • Can be used with Solar Power or 9v Battery

Device:

freifunk router

Howto:

  • Go to the next Freifunk Community Downloads to get a Firmware , see on Sticker which Version the Router is,  select then Firmware Version, like TP 841 Vers. 8.1 needs v8 (remark there are 2 Version the .bin and the sysupgrade.bin use always the .bin=gluon-fffd-3-142-20151030150319-tp-link-tl-wr841n-nd-v8.bin)
  • Keep this Firmware on Backup !!! Its useful if the Router hangs on Changes! Or if the File is PURGED cause version Change! Older sometimes more STABLE!
  • Power up the Router, login on TP-Link Web as admin, go Firmware Update, select the gluon-file, reboot and wait.
  • Connect a PC with DHCP NET to the Router LAN (yellow Ports)
  • Set SSH-Admin Password on Advanced first, select other Tabs on Advanced to Change first things you need. Remark Enable ” MESH on WAN or LAN” disabel MESH on WIFI which is default!!! This let 2 Routers stop meshing over Wifi if you like to use a Router at Office and a Router on the Garden without LAN Cables!!
  • Select now Back to BASIC Tab and set Changes, like Geodata and Bandwith is useful, cause Geodata allow find next Router on a Meshmap!
  • Save and Exit! Remark a “long HEX KEY” MUST be shown (red framed)!! If NOT reflash the Firmware cause SETUP FAILED!!! for FACTORY RESET!
  • freifunk setup success screen
  • Test the Router after boot with Wifi Access, and Access on LAN 2-4!! LAN 1 offers only MESH Function.
  • Emergency Access is possible by power on Router wait 60seconds then press RESET for min. 10 seconds, connect a PC to LAN2 and set IP 192.168.1.2 to the PC, the Router listen on 192.168.1.1 via telnet!! To do a Software RESET enter firstboot and confirm by YES, BUT this doesn’t work clean at my Routers, i reflashed successful and this is more clean.

Administration:

  • Go to the Meshviewer Map, look for your Router Name and pick up the IPv6 address, this Map is useful to check your Setup from Internet!
  • Open a Linux Terminal ot Putty and enter ssh root@ip-v6 to reach the Router Console
  • By this Commands you can change remotely anything Freifunk-Commands-Howto

Remarks:

  • The MAJOR Advance is that EVERY Router with this OS can taken to a OTHER Area, and he can CONNECT to EVERY other Freifunk MESH NETWORKs!
  • The TP-841 Router use 9V and can be used at MOBILE HOMES at foreign Citys
  • At Home the Router offers a anonymous Office Internet Access, with Linux/TAILS on RAM very secure for researches

Bugfix:

  • If the HexKey after setup is NOT seen then the Setup is failed, i have seen this on some setups. This can be a result of Browser Javascript Errors like your Browsers uses Adblockers. To fix it take a fresh firefox default profile without any ADDONS enabled!
  • Take the gluon-fffd-3-142-20151030150319-tp-link-tl-wr841n-nd-v8.bin a NON-SYSUPGRADE .bin File which seems more clean. Its found on the Freifunk Firmware Fresh Setupon a other path.

Security: Harden DSL Routers and Networks against attacks

Last days there was a high count of news about the Bot Attacks against T-Com Telekom Router devices. To understand the behavior about this up comming security problems you should know following points :

  • Every network supported device can be a goal for a attack ( Routers, Modems, PC, Fridges,IP-TV, IP Switches, IP-Cams…)
  • You have to update the OS for each device monthly, if not supported by the manufacter, then dont buy!
  • Try to get Opensource Hardware with Opensource Software for full access (ssh / console) to have full control
  • Reduce the count of devices who are connected direct to the web!
  • If you must use a ISP Modem / DSL Router of your ISP Provider, then install a second Opensource Router with Firewall behind for more security
  • Use small Firewalls to seperate WIFI and LAN Networks!
  • DISABLE if possible “auto update” and “ISP Remote Control” at the DSL Router / Modem cause more and more comfort functions are hacked to break the systems.
  • Updates must be tested on non productive Routers!
  • Keep clean backups of fresh installed Routers / Modems and restore the backup every 3 month to overwrite bad possible changes!!
  • Connect the Routers to a clocktimer to unplug and hard reboot the Router every night! (againts RAM Hacks)
  • Control every month the Router logs and ISP-Settings ( IP-Phones) cause hackers want to route calls to asia!
  • Dont trust blind every commercial hardware! much bugs like open doors, default passwords are set!
  • Test your System with free tools like “nmap” Portscan and “iftop”
  • Change Passwords, WIFI Passwords, Wifi-IDs! min. 12 signs

Openwrt : Openwrt 15.XX loses settings if the ROM Root Filesystem is full

On openwrt 15.XX i have seen if you installed additional Sofware via opkg and the /overlay path is nearby full you can’t save any settings via Luci Webinterface (blue Info box right upper corner) or the Router reboots hard automatic into failsave mode (lost all settings / factory reset)

Workaround:

  • You can install a external usb stick on most routers and move the “/overlay” folder to it
  • You should always Download the “backup-settings.tgz” from Software Menu to get the Router easy  and fast online again on last working state.
  • If the rootfs (root filesystem and overlay path) is nearby full, YOU CANT remove installed packages by “opkg” packet manager, cause the ROM is readonly! For this reset the router and restore easy from “backup-settings.tgz”.
  • If the external USB Drive loses connect to the Router (Power failure) and you use Samba as NAS Server the /overlay path can run full too!! and the Router can crash and reset too!! This shows openwrt should NEVER be used for secure routing jobs AND NAS Operations ! Cause it can you lock out!

Result: openwrt is a nice opensource router os which allows you to control and active monitor your internet connections with realtime graphs (WebUI+Console) and blocking rules. It should always be used behind a black boxed ISP router of your provider to get a private area!

Openwrt: Turn older Router into Wifi Accesspoint Repeater Extender Solar Powered

At the Summer Time you need perhaps a Wifi Extender for your Garden??

Solution:

  • TP Link 841/N (low power/Battery 9V/Solar /Type-N-allows external planar Antennas!!), 3600+4300 (USB-NAS/CIFS/SFTP/Classroom Library with USB Strorage)
  • Openwrt 15.XX Calmer as OS with Firewall, Webinterface and REALTIME Monitor for Traffic and Connections!
  • Easy Setup, replace the OS by the TP-Link-Updater, reboot and Login to Openwrt
  • You got professional Options!
  • works as Firewall, Extender, Repeater, WIFI-to-WIFI Bridge, LAN-to-WIFI Bridge, NTP-Server, DNS/DHCP Server
  • can isolate connected WIFI Clients
  • can handle different WIFI SSIDs / Networks on same Hardware
  • modded Hardware can be used with 5Volts of Power! (841 removed Resistor)
  • runs Freifunk OS for Public Free WIFI Guestnet (without Password Login and VPN to Public Internet Gateways for anonymous Web Access)
  • free security updates, backup and restore of settings!
  • free support by published Wikis, many Manuals on Internet and of course by me
  • free Download od the Sofware at openwrt.org

freifunk