Freifunk: Setup Router Software Bugfix

If you want to share Public Wifi at home for friends and you don’t want to share the Wifi Password, you can setup cheap a Public Openwrt Wifi Router as Access Point.

freifunk

Advantages:

  • Public Setup needs no Wifi Password
  • You are not responsible, cause the Internet is pulled thru a VPN of Freifunk Network
  • It’s anonymous!
  • It’s free of Charge!
  • Supported by a big Community
  • Can installed on very cheap old Routers like the TP-Link 841 (find the Singleband Router on Amaz or EbXX 12$ or Powerfull Dualband Router TP Link C7 at 50$)
  • Can by used at EVERY Freifunk MESH Wifi Access Network (Mobile Home Usage without Internet like LTE)
  • It’s save
  • Can be used with Solar Power or 9v Battery

Device:

freifunk router

Howto:

  • Go to the next Freifunk Community Downloads to get a Firmware , see on Sticker which Version the Router is,  select then Firmware Version, like TP 841 Vers. 8.1 needs v8 (remark there are 2 Version the .bin and the sysupgrade.bin use always the .bin=gluon-fffd-3-142-20151030150319-tp-link-tl-wr841n-nd-v8.bin)
  • Keep this Firmware on Backup !!! Its useful if the Router hangs on Changes! Or if the File is PURGED cause version Change! Older sometimes more STABLE!
  • Power up the Router, login on TP-Link Web as admin, go Firmware Update, select the gluon-file, reboot and wait.
  • Connect a PC with DHCP NET to the Router LAN (yellow Ports)
  • Set SSH-Admin Password on Advanced first, select other Tabs on Advanced to Change first things you need. Remark Enable “ MESH on WAN or LAN“ disabel MESH on WIFI which is default!!! This let 2 Routers stop meshing over Wifi if you like to use a Router at Office and a Router on the Garden without LAN Cables!!
  • Select now Back to BASIC Tab and set Changes, like Geodata and Bandwith is useful, cause Geodata allow find next Router on a Meshmap!
  • Save and Exit! Remark a „long HEX KEY“ MUST be shown (red framed)!! If NOT reflash the Firmware cause SETUP FAILED!!! for FACTORY RESET!
  • freifunk setup success screen
  • Test the Router after boot with Wifi Access, and Access on LAN 2-4!! LAN 1 offers only MESH Function.
  • Emergency Access is possible by power on Router wait 60seconds then press RESET for min. 10 seconds, connect a PC to LAN2 and set IP 192.168.1.2 to the PC, the Router listen on 192.168.1.1 via telnet!! To do a Software RESET enter firstboot and confirm by YES, BUT this doesn’t work clean at my Routers, i reflashed successful and this is more clean.

Administration:

  • Go to the Meshviewer Map, look for your Router Name and pick up the IPv6 address, this Map is useful to check your Setup from Internet!
  • Open a Linux Terminal ot Putty and enter ssh root@ip-v6 to reach the Router Console
  • By this Commands you can change remotely anything Freifunk-Commands-Howto

Remarks:

  • The MAJOR Advance is that EVERY Router with this OS can taken to a OTHER Area, and he can CONNECT to EVERY other Freifunk MESH NETWORKs!
  • The TP-841 Router use 9V and can be used at MOBILE HOMES at foreign Citys
  • At Home the Router offers a anonymous Office Internet Access, with Linux/TAILS on RAM very secure for researches

Bugfix:

  • If the HexKey after setup is NOT seen then the Setup is failed, i have seen this on some setups. This can be a result of Browser Javascript Errors like your Browsers uses Adblockers. To fix it take a fresh firefox default profile without any ADDONS enabled!
  • Take the gluon-fffd-3-142-20151030150319-tp-link-tl-wr841n-nd-v8.bin a NON-SYSUPGRADE .bin File which seems more clean. Its found on the Freifunk Firmware Fresh Setupon a other path.

Owncloud: Howto harden owncloud access with a ssh tunnel and squid

If you want to use a private secure owncloud (WebDAV Space Server) as Backup for all your devices you can harden the access thru a openssh Login with key auth and a squid as relay.

  • Install apache2, php5, mysql-Server, openssh, squid3
  • config Apache2 to listen on https://localhost:443
  • setup squid3  and config the Proxy to listen only on localhost:3128
  • install owncloud to /var/WWW with forced „https“ settings at the config.php
  • create ssh-keys to auth with password protected key to the SSH Server

If done, you can access the private Backup-Server via a Terminal/ Putty with the Tunneling Options

  1. $ssh -L 3128:localhost:3128 username@owncloudserver.home
  2. Open your Browser on your Client/PC with enabled Proxy usage = localhost 3128
  3. Connect the WebDAV by the URL https://localhost/ the owncloud Login should be displayed! Same with the WebDAV URL possible!

Advantage? You have a two factor protected Owncloud Access, with encryption inside a encrypted SSH Tunnel! Nobody should see files which are transmitted! Thats a tube inside a tube ..

 

Security Bug smeserver-phpmyadmin-multiuser-2.11.3-3.el4.sme.noarch.rpm

If you use:
smeserver-phpmyadmin-multiuser-2.11.3-3.el4.sme.noarch.rpm
and run db configuration setprop access private
the Login Interfaces is public !!!
Please take newer version:
smeserver-phpmyadmin-multiuser-2.11.9-XX.el4.sme.noarch.rpm