Community Owned Information Network

Welcome to the CSIR Meraka Institute's "COIN" Blog

Tuesday, November 22, 2005

The Wiki is taking shape

Thanks for all the contributions so far, please feel free to move your Blog postings over to the wiki: http://wirelessafrica.meraka.org.za/wiki/
 
Ciao!

Wednesday, November 16, 2005

New home for CSIR COIN Blog

The information on this Blog is currently being moved to a new home, which will hopefully allow for more interactivity and organisation. A link to the new home will be made available on http://wirelessafrica.meraka.org.za/ when sufficiently populated.
 

Thursday, October 13, 2005

Best collection of links I've seen for ad hoc networking

http://www.antd.nist.gov/wctg/manet/adhoclinks.html

Wednesday, October 12, 2005

wistron CM9 Altheros MiniPCI card info

Wiki on the Wistron CM9
http://melbourne.wireless.org.au/wiki/?CM9

Latest windows drivers
http://www.phoenixnetworks.net/atheros.php

Product information
http://www.wneweb.com/wireless/products/cm9.htm

Tuesday, October 11, 2005

Engineering News Article

Its amazing how a simple idea like the cantenna has grabbed the attention of the media. So far I've been interviewed on SABC Africa and by Engineering News (Tin-can bridge to digital society). One would have thought that the technical, innovative stuff we're doing with ad-hoc networking in the larger project would have more interest. I suppose that its easier to grasp the imagination with simplicity.

Sunday, October 02, 2005

Making sense of LQ ILQ and ETX in OLSR

You will see a table like this in the OLSR status screen on Freifunk

Topology entries

Destination IPLast hop IPLQILQETX
10.51.1.1310.51.1.101.001.001.00
10.51.1.2010.51.1.101.001.001.00
10.51.1.110.51.1.130.901.001.11
10.51.1.1010.51.1.131.001.001.00
10.51.1.1210.51.1.131.000.901.11
10.51.1.1410.51.1.130.901.001.11
10.51.1.2010.51.1.131.001.001.00
10.51.1.1310.51.1.141.000.901.11
10.51.1.110.51.1.200.900.751.49
10.51.1.1010.51.1.201.001.001.00
10.51.1.1210.51.1.201.001.001.00
10.51.1.1310.51.1.201.001.001.00


LQ = The percentage of packets that are succesfully sent from youself to the neighbour

ILQ = The percentage of packets that succesfully are sent from your neighbour to yourself also often called NLQ

ETX = Expected Trasnmission count = How many trasnmission attempts are required to get packets through = 1 / (LQ*ILQ)

Saturday, October 01, 2005

Getting an OpenWRT Freifunk mesh stable

After a lot of tweaking OLSR running on Linksys has had no "ping down" messages for about 5 days now. Some of the tips to getting OLSR on OpenWRT stable.

1. Lock all the nodes to 802.11B don't let it auto sense
2. If there are any v2.2 hardware devices, change the clock speed to 216MHz with the following commands1

# nvram set clkfreq=216
# nvram commit
# reboot

3. Lock the RX and TX antenna to the one you connected your external antenna too, don't use AUTO. TAKE NOTE!!! On Version 2.0 hardware Antenna A is on the left looking from the front of the linksys and and on Version 2.,2 hardware Antenna A is on the right looking from the fron of the linksys. This caught me out a few times.

Monday, September 19, 2005

International Wireless Summit 2005

International Wireless Summit 2005, Aalborg, Denmark

The international wireless summit has just kicked off and I have the privilege of being amongst some of the greatest think-tanks in the wireless arena.

The aim of the IWS is to offer a platform for establishing exchanges of information between universities, industry and science parks. The next summit will be in 2008 in Helsinki, Finland.

International Wireless Symposium aims to exchange research information. 450 papers to be presented on “hot topics”.



Prof. Ramjee Prasad giving introductory speech.

Prof. Ramjee Prasad predicts that the future of wireless comms will be based on single layer technology, not quite sure what is meant by this though.

“Personal Networks are going to be of major importance in future business…”

Thursday, September 15, 2005

Creating an ipk package

TOOLS

Get the script rightfully called ipkg-build at, among other places, ftp://ftp.handhelds.org/packages/ipkg-utils, or http://www.mizi.com/download/mz20/ipkg-build.

CREATING THE PACKAGE STRUCTURE

Say you wanna create a package called MyPackage; you further wanna package the project called MyProject. Then do the following:

  1. Create a directory called MyPackage.
  2. Inside directory MyPackage, create a directory called CONTROL.
  3. Copy your project (MyProject) to the MyPackage directory.
  4. Inside directory CONTORL creating a file called control.

NOTE:

When the package is installed on the target, the MyPAckage directory will be created with respect to root. So if you wanted your files to be installed in /usr/bin on the target system, then our project would in this case be “/usr/bin”. That is you create inside directory MyPackage a directory called /usr/bin.

FORMAT AND CONTENTS OF /CONTROL/control

--------------------------------------------------------------------------------

Package: MyPackage

Priority: optional // default

Version: 1.0 //package version

Architecture: mipsel

Maintainer: I_maintain@you.com

Source: ftp:ftp:122.122.122.122 //See Note below

Section: misc //See Note below

Description: This is an attempt to create ipkg.

------------------------------------------------------------------------------------

NOTE:

The fields Section and Source seem rather useless to me in this example and I initially left them out; however the ipkg-build script complained requiring them, so I just put them in as a workaround without knowing/”caring” of their need. There are other fields not included here which you might need for your purposes, check the web for more.

Further the comments are mine for this documentation purposes only and the script MIGHT NOT permit comments.



RUNNING THE ipkg-build SCRIPT

Now simply run (of course being outside of the directory MyPackage):

“./ipkg-build –c –o root –g root MyPackage” // as root or non-root, or

“./ipkg-build –c MyPackage” //as root

IF all’s well, a package on the current directory will be created.

NOTE:

Without the “-c” option, I could not get the package installed successfully, you can try with or without and see for yourself.

Friday, September 09, 2005

Network stats on Freifunk

See: http://wiki.freifunk-leipzig.public-ip.org/index.php/LinksysNetzwerkStatisik for info on how to install web interface packages for network stats.
 
p.s. hows your german?

Thursday, September 08, 2005

How to stop dhcp client over-writing resolv.conf

Finally I found out how to do it

Edit the /etc/dhcp3/dhclient.conf file
Find the line that says request

Comment out the line that requests for domain-name, domain-name-servers and host-name

request subnet-mask, broadcast-address, time-offset, routers,
# domain-name, domain-name-servers, host-name,
netbios-name-servers, netbios-scope;

Setting up different networking scenarios on a laptop

I have always wanted to write some good scripts that configure my laptop for home and work wireless/ethernet automatically in ubuntu and so I set about building up a set of scripts that I can call.

I have four scenarios:
1. use laptop at home with wireless access point
2. use laptop at home with ethernet
3. use laptop at work with wireless access point
4. use laptop at work with ethernet

I created two files in /etc/network: interfaces.work and interfaces.home with all the ethernet and wireless settings for home and work in this file

/etc/network/interfaces.home
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
iface eth0 inet static
address 10.3.13.102
netmask 255.255.255.0
gateway 10.3.13.1

#The wireless network interface
iface eth1 inet dhcp
wireless-essid pta-mesh
wireless-mode Ad-Hoc
wireless-channel 1
wireless-key off

/etc/network/interfaces.work
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
iface eth0 inet dhcp

# The wireless network interface
iface eth1 inet dhcp
wireless-essid icomtek
wireless_mode Managed
wireless-key off

I also created two files with my dns and domain settings for home and work in /etc/ called resolv.home and resolv.work

resolv.home
search icomtek.csir.co.za elarduspark.org.za cids.org.za
nameserver 146.64.28.1 10.3.13.1

resolv.work
search icomtek.csir.co.za cids.org.za
nameserver 146.64.28.1


Here are my scripts that configure my interfaces based on the above files

1. Setup for wireless networking at home
/usr/local/bin/homenet-wireless

#!/bin/bash
echo Setting up network for home wireless network
sudo cp /etc/network/interfaces.home /etc/network/interfaces

eth0_status=`ifconfig | grep eth0`
eth1_status=`ifconfig | grep eth1`

if [ -n "$eth0_status" ]; then
sudo ifdown eth0
fi

if [ -n "$eth1_status" ]; then
sudo ifdown eth1
fi

sudo ifup eth1

sudo cp /etc/resolv.home /etc/resolv.conf

2. Setup for ethernet networking at home
/usr/local/bin/homenet-fixed
#!/bin/bash
echo Setting up network for home ethernet
sudo cp /etc/network/interfaces.home /etc/network/interfaces
sudo cp /etc/resolv.home /etc/resolv.conf

eth0_status=`ifconfig | grep eth0`
eth1_status=`ifconfig | grep eth1`

if [ -n "$eth0_status" ]; then
sudo ifdown eth0
fi

if [ -n "$eth1_status" ]; then
sudo ifdown eth1
fi

sudo ifup eth0

3. Setup for wireless at work
/usr/local/bin/worknet-wireless
#!/bin/bash
echo Setting up network for work wireless network
sudo cp /etc/network/interfaces.work /etc/network/interfaces
sudo cp /etc/resolv.work /etc/resolv.conf

eth0_status=`ifconfig | grep eth0`
eth1_status=`ifconfig | grep eth1`

if [ -n "$eth0_status" ]; then
sudo ifdown eth0
fi

if [ -n "$eth1_status" ]; then
sudo ifdown eth1
fi

sudo ifup eth1

4. Setup for ethernet at work
/usr/local/bin/worknet-fixed
#!/bin/bash
echo Setting up network for work ethernet
sudo cp /etc/network/interfaces.work /etc/network/interfaces
sudo cp /etc/resolv.work /etc/resolv.conf

eth0_status=`ifconfig | grep eth0`
eth1_status=`ifconfig | grep eth1`

if [ -n "$eth0_status" ]; then
sudo ifdown eth0
fi

if [ -n "$eth1_status" ]; then
sudo ifdown eth1
fi

sudo ifup eth0

Wednesday, August 31, 2005

Establishing IPsec tunnel/connection between FreeBSD and Linux (openswan IPsec Cisco WRT54G Router)

Establishing IPsec tunnel/connection between FreeBSD and Linux (openswan IPsec Cisco WRT54G Router)

Below is a simple setup demonstrating steps to establish an IPsec connection/tunnel between two machines one running Ipsec/racoon (on FreeBSD) and the other running openswan Ipsec (on WRT54G running Linux) using pre-shared key: This IPsec setup example shows how to control the Private LAN_A (146.64.0.0) network access.



.........(INTERNET)

.........|

.........|

..| FreeBSD | ......10.50.1.3..............................10.50.1.80| Openswan IPsec|

.| Router_A |<========> (“NETWORK”)<=======>| Router_B |

.| 146.64.17.1 |................................................................| 10.1.13.1 |

............ ||.........................................................................||

...Private LAN_A....................................................PPrivate LAN_B

...........|.......................................................................................|...........
....Client_A (146.64.17.12) ..................................Client_B (10.1.13.130)



NOTE: Before running racoon/ipsec and openswan ipsec, ensure that all nodes can successfully reach (ping) each other.



INSTALLING OPENSWAN ON WRT54G

To install, add the following to /etc/ipkg.conf:

src openswan ftp://ftp.openswan.org/openswan/binaries/openwrt/buildroot-20040509/ipkg/

and then run:

ipkg update

ipkg install gmp mawk openswan-module openswan

NOTE: Since /etc/ipkg.conf would normally be a link to the file in /rom directory; You can simple delete the link, and then copy the file over.




CONFIGURATION (Router_A IPsec)


There are three (3) configuration files on Router_A that needs to be edited: ipsec.conf (found in /etc on FreeBSD), psk.conf.(found in /usr/local/etc/racoon/ on FreeBSD) and racoon.conf.(found in /usr/local/etc/racoon/ on FreeBSD).

Add the following two lines in ipsec.conf: (This file defines the ends points of the tunnel to be established. There’d be two lines for each LAN_B client )

spdadd 146.64.0.0/16 10.1.13.0/24 any -P out ipsec esp/tunnel/10.50.1.3-10.50.1.80/require;

spdadd 10.1.13.0/24 146.64.0.0/16 any -P in ipsec esp/tunnel/10.50.1.80-10.50.1.3/require;

Roughly; the first line says “traffic coming from 146.64.0.0 network destined for 10.1.13.0 network must be transported via an IPsec tunnel with local endpoint 10.50.1.3 and far endpoint 10.50.1.80”.

The second line says “traffic coming from 10.1.13.0 network destined for 146.64.0.0 network must/would use an IPsec tunnel with a far endpoint 10.50.1.80 and local endpoint 10.50.1.3”.

Add the following line to psk.conf (This file defines the pre-shared key to be used between Router_A and Router_B).

10.50.1.80 presharedkey

NOTE: Comments must be on a different line to the pre-shared key entry, otherwise the comments are interpreted as part of the pre-shared key.

Add the following lines to racoon.conf

path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;

remote anonymous

{

# exchange_mode aggressive,main ;

exchange_mode main ;

lifetime time 24 hour ;

proposal {

encryption_algorithm 3des ;

hash_algorithm sha1;

authentication_method pre_shared_key ;

dh_group 2 ;

}

}

sainfo anonymous

{

lifetime time 12 hour ;

encryption_algorithm 3des, blowfish, des, rijndael ;

authentication_algorithm hmac_sha1, hmac_md5 ;

compression_algorithm deflate ;

}

IMPORTANT: The IPsec version (2.3.1) used in this example did not seem to support “aggressive” exchange_mode hence “main” is specified. However, it is possible to include more than mode by separating them with comma; i.e.

exchange_mode aggressive, main ;

Both ways (specifying one or more modes) works! Further other lines with more than one values separated by comma may contain only one value as described for exchange_mode above.



CONFIGURATION (Openswan IPsec, Router_B)

There are two (2) files on Router_B that needs editing: ipsec.conf (found in /etc on Linux) and ipsec.secrets (found in /etc on Linux).

Add the following line in ipsec.secrets: (This file defines the ends points of the tunnel to be established and also the pre-shared key to be used)

10.50.1.3 10.50.1.80: PSK “presharedkey”

NOTE: 1. Place the string after PSK in quotes if it does not start with 0x (as in a hexadecimal number), otherwise openswan will complain.

2. The string after PSK must be the same as that specified in psk.conf on Router_A.

Add the following lines in ipsec.conf: (This file defines among other things, the network to be protected, authentication methods, type of connection, etc.)

config setup

interfaces="ipsec0=eth1"

klipsdebug=none

plutodebug=none

uniqueids=yes

conn %default

keyingtries=0

authby=secret #rsasig

conn crypt

left=10.50.1.80

leftid=10.50.1.80

leftsubnet=10.1.13.1/24

right=10.50.1.3

rightid=10.50.1.3

rightsubnet=146.64.8.8/16

auto=start

type=tunnel

NOTE: The name of our connection is called “crypt”. Under “config setup”, the line interfaces=”ipsec0=eth1” must refer to a real interface (ifconfig will show available interfaces) and also must be the interface through which the data to be protected will travel, in case of more than one NIC. The line “auto=start” says, the connection “crypt” must be brought up when openswan ipsec starts up; to bring up the connection manually either comment out the line or specify “auto=ignore”. The explanation given for ipsec.conf on Router_A is pretty much the same as for Router_B.



STARTING UP IPsec and Racoon (FreeBSD).

At this point all machines are able to reach (ping) each other successfully. Next ensure ipsec and racoon are not running. On my machine I do:

verdi2istc#/etc/rc.d/ipsec stop

Clearing ipsec manual keys/policies.

to stop ipsec if it was already running; and do

verdi2istc# setkey -P -D

No SPD entries.

To ensure there are no IPsec SA/SP database entries; and next do

verdi2istc#killall racoon

to stop racoon.

Next issue

verdi2istc# /etc/rc.d/ipsec restart

to start ipsec, and to verify ipsec started successfully then do

verdi2istd# setkey -P -D

10.1.13.0/24[any] 146.64.0.0/16[any] any

in ipsec

esp/tunnel/10.50.1.80-10.50.1.3/require

created: Aug 30 09:27:39 2005 lastused: Aug 30 09:27:39 2005

lifetime: 0(s) validtime: 0(s)

spid=16531 seq=1 pid=583

refcnt=1

146.64.0.0/16[any] 10.1.13.0/24[any] any

out ipsec

esp/tunnel/10.50.1.3-10.50.1.80/require

created: Aug 30 09:27:39 2005 lastused: Aug 30 09:27:39 2005

lifetime: 0(s) validtime: 0(s)

spid=16530 seq=0 pid=583

refcnt=1

From Router_A, type either racoon (to run in the backgroung) or racoon –F

verdi2istd#racoon

or to fun in foreground type

verdi2istd#racoon -F -d

Foreground mode.

2005-08-30 09:51:59: INFO: main.c:172:main(): @(#)package version freebsd-20040818a

2005-08-30 09:51:59: INFO: main.c:174:main(): @(#)internal version 20001216 sakane@kame.net

2005-08-30 09:51:59: INFO: main.c:175:main(): @(#)This product linked OpenSSL 0.9.7d 17 Mar 2004 (http://www.openssl.org/)

2005-08-30 09:51:59: DEBUG: pfkey.c:434:pfkey_init(): call pfkey_send_register for AH

2005-08-30 09:51:59: DEBUG: pfkey.c:434:pfkey_init(): call pfkey_send_register for ESP

2005-08-30 09:51:59: DEBUG: pfkey.c:434:pfkey_init(): call pfkey_send_register for IPCOMP

2005-08-30 09:51:59: DEBUG: cftoken.l:578:yycf_set_buffer(): reading config file /usr/local/etc/racoon/racoon.conf

2005-08-30 09:51:59: DEBUG: pfkey.c:2379:pk_checkalg(): compression algorithm can not be checked because sadb message doesn't support it.

2005-08-30 09:51:59: DEBUG: grabmyaddr.c:206:grab_myaddrs(): my interface: 10.50.1.3 (ath0)

2005-08-30 09:51:59: DEBUG: grabmyaddr.c:206:grab_myaddrs(): my interface: fe80::202:6fff:fe21:2e71%ath0 (ath0)

2005-08-30 09:51:59: DEBUG: grabmyaddr.c:206:grab_myaddrs(): my interface: 146.64.8.1 (sis0)

2005-08-30 09:51:59: DEBUG: grabmyaddr.c:206:grab_myaddrs(): my interface: fe80::200:24ff:fec2:b684%sis0 (sis0)

2005-08-30 09:51:59: DEBUG: grabmyaddr.c:206:grab_myaddrs(): my interface: 127.0.0.1 (lo0)

2005-08-30 09:51:59: DEBUG: grabmyaddr.c:206:grab_myaddrs(): my interface: ::1 (lo0)

2005-08-30 09:51:59: DEBUG: grabmyaddr.c:206:grab_myaddrs(): my interface: fe80::1%lo0 (lo0)

2005-08-30 09:51:59: DEBUG: grabmyaddr.c:474:autoconf_myaddrsport(): configuring default isakmp port.

2005-08-30 09:52:00: DEBUG: grabmyaddr.c:496:autoconf_myaddrsport(): 7 addrs are configured successfully

2005-08-30 09:52:00: INFO: isakmp.c:1368:isakmp_open(): fe80::1%lo0[500] used as isakmp port (fd=5)

2005-08-30 09:52:00: INFO: isakmp.c:1368:isakmp_open(): ::1[500] used as isakmp port (fd=6)

2005-08-30 09:52:00: INFO: isakmp.c:1368:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=7)

2005-08-30 09:52:00: INFO: isakmp.c:1368:isakmp_open(): fe80::200:24ff:fec2:b684%sis0[500] used as isakmp port (fd=8)

2005-08-30 09:52:00: INFO: isakmp.c:1368:isakmp_open(): 146.64.8.1[500] used as isakmp port (fd=9)

2005-08-30 09:52:00: INFO: isakmp.c:1368:isakmp_open(): fe80::202:6fff:fe21:2e71%ath0[500] used as isakmp port (fd=10)

2005-08-30 09:52:00: INFO: isakmp.c:1368:isakmp_open(): 10.50.1.3[500] used as isakmp port (fd=11)

2005-08-30 09:52:00: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey X_SPDDUMP message

2005-08-30 09:52:00: DEBUG: pfkey.c:197:pfkey_handler(): get pfkey X_SPDDUMP message

2005-08-30 09:52:00: DEBUG: policy.c:184:cmpspidxstrict(): sub:0xbfbfea30: 146.64.0.0/16[0] 10.1.13.0/24[0] proto=any dir=out

2005-08-30 09:52:00: DEBUG: policy.c:185:cmpspidxstrict(): db :0x809dc08: 10.1.13.0/24[0] 146.64.0.0/16[0] proto=any dir=in

The –d option is for debug, to see more output add extra –d.

IMPORTANT: At this point if all went well Client_A should not be reachable (try ping) from Router_B and Client_B; meaning private LAN_A is now protected. However, Router_A and Router_B should be able reach/see each other. Do not continue until this is accomplished.



STARTING UP OPENSWAN IPSEC

Now, on Router_B do:

root@Lawrence:/# ipsec setup restart

ipsec_setup: Stopping Openswan IPsec...

ipsec_setup: Starting Openswan IPsec 2.3.1...

verify that the IPsec tunnel has been established correctly by issuing:

root@Lawrence:/# ipsec whack --status

000 interface ipsec0/eth1 10.50.1.80

000 %myid = (none)

000 debug none

000

000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=168, keysizemax=168

000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256

000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128

000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160

000

000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128

000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192

000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20

000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16

000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024

000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536

000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048

000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072

000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096

000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144

000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192

000

000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}

000

000 "crypt": 10.1.13.0/24===10.50.1.80...10.50.1.3===146.64.0.0/16; erouted; eroute owner: #2

000 "crypt": srcip=unset; dstip=unset

000 "crypt": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0

000 "crypt": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,16; interface: eth1;

000 "crypt": newest ISAKMP SA: #1; newest IPsec SA: #2;

000 "crypt": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024

000

000 #2: "crypt":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27961s; newest IPSEC; eroute owner

000 #2: "crypt" esp.2ec9213@10.50.1.3 esp.aa7dc439@10.50.1.80 tun.1002@10.50.1.3 tun.1001@10.50.1.80

000 #1: "crypt":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2625s; newest ISAKMP; nodpd

000

root@Lawrence:/#

At this point Client_A should be reachable by Client_B. On each/either Router do a tcpdump; and any packets with ESP indicates that the setup tunnel is currently handling data from the clients.

NOTE: ESP packets will only appear if there are packets from either client to the other client.



DEBUGGING (Openswan IPsec)

Earlier I showed how to stop a connection from being started up automatically by openswan. IPsec. So now with ipsec running but our connection “crypt” NOT up, we will debug the starting up of the connection (crypt). To debug the key exchange with racoon, first create a script with following content:

ipsec pluto --debug-all

ipsec whack \

--name crypt \

--tunnel \

--host 10.50.1.80 \

--nexthop 10.50.1.3 \

--client 10.1.13.1/24 \

--updown 'ipsec _updown' --id 10.50.1.80 \

--to \

--host 10.50.1.3 \

--client 146.64.8.1/16 \

--updown 'ipsec _updown' --id 10.50.1.3 \

--psk \

--esp 3des-md5,3des-sha1 \

--ike 3des-md5,3des-sha1 \

--encrypt

ipsec whack --listen

ipsec whack --route --name crypt

ipsec whack --initiate --name crypt

Running this script will show the various key exchange messages. The messages are pretty much clear to see what it’s happening.

Thursday, August 11, 2005

Setting up DHCP with OLSR

There have been so many misleading postings on this - I will finally set the record straight.

You will need to reserve a block of IP's for non OLSR wireless clients that want to connect onto the mesh network such as a laptop. Here is an example setup:

Wireless router 1:
Wireless IP: 10.51.1.13
LAN IP: 10.3.13.1
Subnet for Wireless DHCP clients: 10.51.1.64/28 (This would mean that 16 machines could potentially connect to this wireless router. The IP leases will be in the range from 10.51.1.64 to 10.51.1.79)

Wireless router 2:
Wireless IP: 10.51.1.14
LAN IP: 10.3.14.1
Subnet for Wireless DHCP clients : 10.51.1.80/28 (IP leases will be in the range from 10.51.1.80 to 10.51.1.93)

To set this up On Friefunk firmware
Wireless Router 1:
OLSR:
OLSR DHCP: 10.51.1.64/28

Wireless Router 2:
OLSR:
OLSR DHCP: 10.51.1.80/28


Most people gave strange values for OLSR DHCP in their postings the most common one was:
OLSR DHCP: 10.51.1.80/28, 255.255.255.240

The subnet mask after the comma (255.255.255.240) is an alternative to the slash format /28. Why does everyone have this reduntant subnet mask on their postings???

Monday, August 08, 2005

good info on checking linksys hardware version

Finally some good info about finding the version number from outside markings and using NVRAM settings - info from www.openwrt.org

Linksys WRT54G

  1. Hardware versions
      1. Identification by S/N
    1. WRT54G v1.0
    2. WRT54G v1.1
    3. WRT54G v2.0
    4. WRT54G v2.2
    5. WRT54G v3.0 & WRT54G v3.1
    6. WRT54G v4.00
  2. Table summary
  3. Hardware hacking

1. Hardware versions

There are currently seven versions of the WRT54G (v1.0, v1.1, v2.0, v2.2, v3.0, v3.1, v4.00). With the exception of v4.00 devices (it is currently marked as untested for White Russian RC1), the WRT54G units are supported by OpenWrt 1.0 (White Russian) and later. boot_wait is off by default on these routers, so you should turn it on. The version number is found on the label on the bottom of the front part of the case below the Linksys logo.

1.0.1. Identification by S/N

Useful for identifying shrinkwrapped units. The S/N can be found on the box, below the UPC barcode.

(!) Please contribute to this list. (!)

OpenWRT

Model

S/N

CVS

EXP

WRT54G v1.1

CDF20xxxxxxx

(./)

(./)

CDF30xxxxxxx

WRT54G v2

CDF50xxxxxxx

(./)

(./)

WRT54G v2.2

CDF70xxxxxxx

{X}

(./)

WRT54G v3

CDF80xxxxxxx

{X}

(./)

WRT54G v3.1 (AU?)

CDF90xxxxxxx

{X}

(./)

1.1. WRT54G v1.0

The WRT54G v1.0 is based on the Broadcom 4710 board. It has a 125MHz CPU, 4Mb flash and 16Mb SDRAM. The wireless NIC is a mini-PCI card. The switch is an ADM6996.

1.2. WRT54G v1.1

The WRT54G v1.1 is based on the Broadcom 4710 board. It has a 125MHz CPU, 4Mb flash and 16Mb SDRAM. The wireless NIC is soldered to the board. The switch is an ADM6996.

Hardware informations (nvram) :

boardtype=bcm94710dev
1.3. WRT54G v2.0

The WRT54G v2.0 is based on the Broadcom 4712 board. It has a 200MHz CPU, 4Mb flash and 16Mb SDRAM. The wireless NIC is integrated to the board. The switch is an ADM6996.

Hardware informations (nvram) :

boardtype=0x0101
boardflags=0x0188
1.4. WRT54G v2.2

The WRT54G v2.2 is based on the Broadcom 4712 board. It has a 200MHz CPU, 4Mb flash and 16Mb DDR-SDRAM. The wireless NIC is integrated to the board. The switch is a BCM5325.

Hardware informations (nvram) :

boardtype=0x0708
boardflags=0x0118
1.5. WRT54G v3.0 & WRT54G v3.1

This unit is just like the V2.2 Except it has an extra reboot button on the left front panel behind a Cisco logo.

1.6. WRT54G v4.00

Please add information for this revision.

Hardware informations (nvram) :

boardrev=0x10
boardtype=0x0708
boardflags2=0
boardflags=0x0118
boardnum=42

/!\ To take the front cover off of this unit you must first remove the small screws under the rubber covers of the front feet!

2. Table summary

how to get info :

* board info: nvram show | grep board | sort
* cpu model: cat /proc/cpuinfo | grep cpu

Model

boardrev

boardtype

boardflags

boardflags2

boardnum

wl0_corerev

cpu model

WRT54G v1.1

-

bcm94710dev

-

-

42

5

BCM4710 V0.0

WRT54G v2.0

-

0x0101

0x0188

-

-

-

BCM3302 V0.7

WRT54G v2.2

-

0x0708

0x0118

-

-

7

-

WRT54G v3.0

0x10

0x0708

0x0118

0

42

7

BCM3302 V0.7

WRT54G v3.1 (AU?)

0x10

0x0708

0x0118

0

42

7

BCM3302 V0.7

WRT54G v4.0

0x10

0x0708

0x0118

0

42

7

BCM3302 V0.7

WRT54GS v1.0

0x10

0x0101

0x0388

0

42

7

BCM3302 V0.7

WRT54GS v1.1

0x10

0x0708

0x0318

0

42

-

-

Buffalo WBR-54G

0x10

bcm94710ap

0x0188

2

42

-

-

Toshiba WRC1000

-

bcm94710r4

-

-

100

-

-

Buffalo WBR2-G54S

0x10

0x0101

0x0188

0

00

-

-

Asus WL-500G Deluxe

0x10

bcm95365r

-

-

45

5

BCM3302 V0.7

*other variables (nvram) of interest : boot_ver, pmon_ver, firmware_version, os_version

please complete this table. Look at this thread : [WWW] http://openwrt.org/forum/viewtopic.php?pid=8127#p8127 May be this table should move up to OpenWrtDocs/Hardware.

3. Hardware hacking

There are revision XH units of the WRT54G v2.0. These units have 32Mb of memory, but they are locked to 16Mb. You can unlock the remaining memory with changing some of the variables. Afterburner (aka. Speedbooster) mode can be enabled with some variables, too.

/!\ However, there are no guaranties, that these will work, and changing the memory configuration on a non-XH unit will give You a brick. Check the forums for more info.

If you have a look at the WRT54G v2.2 board, you can find on the left corner, near the power LED, an empty place for a 4 pins button. On the board it is printed as SW2. This is the second reset button you can find on WRT54G v3.0, except that it has not been soldered.

Thursday, July 14, 2005

Running Kismet-Drone on a Linksys WRT54G

Install either the kismet or kismet_drone package. Then edit /etc/kismet_drone.conf and change the source from wrt54g,eth1,wrt45g to wrt54g,prism0,wrt54g.

Then run kismet from your host, pc and off u go!

Monday, July 04, 2005

a few tips with olsr on openwrt freifunk

I had this problem with the OLSR web interface on the Freifunk openwrt implementation. If entered the following for the HNA4 field

HNA4: 10.3.13.1 255.255.255.0

Which should advertise the whole 10.3.13.x net it would advertise the 10.0.0.0 net. I discovered that it needs the subnet mask in this format instead

HNA4: 10.3.13.1/24

A few other things I learnt

1. NVRAM variable ff_hna4 stores the HNA4 setting
2. /etc/olsr.conf is ignored by freifunk
3. /rom/etc/olsrd.conf stores a permanent copy of the olsrd setup
4. /var/etc/olsrd.conf is a symbolic link to /tmp/etc/olsrd.conf ... this file is copied from /rom/etc/olsrd.conf into RAM (ramfs filesystem) and is the one called by olsrd.

ps -A will reveal that olsrd is called as follows

olsrd -f /var/etc/olsrd.conf -d 0

Tuesday, June 28, 2005

Linksys WRT54G hardware differences

This has been bothering me - there are 5 different hardware versions of the WRT54G wireless router (1.0, 1.1, 2.0, 2.2, 3.0) and many of the open firmware platforms like openwrt or sveasoft (The betrayer of the word open) only run on particular hardware versions. The main changes are the processor, amount of RAM/FLASH, the wireless hardware and the ethernet hardware

Check out all the differences here
http://www.linksysinfo.org/modules.php?name=Content&pa=showpage&pid=6

We have ordered three batches of Linksys hardware - I must check which hardware platforms we have

My Linksys on my roof gave the following results

Result of the command
$>cat /proc/cpuinfo

system type : Broadcom BCM947XX
processor : 0
cpu model : BCM3302 V0.7
BogoMIPS : 199.47
wait instruction : no
microsecond timers : yes
tlb_entries : 32
extra interrupt vector : no
hardware watchpoint : no
VCED exceptions : not available
VCEI exceptions : not available
dcache hits : 3472555964
dcache misses : 1631950511
icache hits : 264142837
icache misses : 2075639807
instructions : 0

Some of the possible clue NVRAM settings when running the command
$>NVRAM show

boardrev=0x10
bootver-v2.3
boardnum=42

Thursday, June 23, 2005

Setting up OLSR mesh on a Linksys

Setting up OLSR mesh on a Linksys ( Assumes a stock standard Linksys out of the box)

1. Download freifunk firmware from (http://www.freifunk.net/wiki/FreifunkFirmwareEnglish) - openwrt-g-freifunk-1.0.2-en.bin

2. Set boot wait on linksys

Web method:

Navigate to web page were you can send pings and type each of these lines one line at a time

;cp${IFS}*/*/nvram${IFS}/tmp/n
;*/n${IFS}set${IFS}boot_wait=on
;*/n${IFS}commit
;*/n${IFS}show>tmp/ping.log

NVRAM method:

telnet into box and type the following

nvram set boot_wait=on
nvram commit
reboot

3. Upload firmware

Give yourself a fixed IP in the 192.168.1.x range e.g. 192.168.1.100

Use tftp to upload firmware

tftp 192.168.1.1
tftp> binary
tftp> rexmt 1
tftp> trace
Packet tracing on.
tftp> put openwrt-g-freifunk-1.0.2-en.bin

Wait for the power light to stop flashing
Power cycle the box

4. Check that the web interface is working. Visit the site http://192.168.1.1 on your web browser - you should see the main freifunk web interface appear

5. Set up the wireless interface

WLAN protocol: Static
Ip Address: 192.168.2.5
Netmask: 255.255.255.0
WLAN Mode: Ad Hoc (Peer to Peer)
ESSID: mesh
Channel: 6
TX Power: 100

6. Set up the LAN interface

LAN protocol: Static
LAN IP: 192.168.4.1
LAN Netmask: 255.255.255.0
Disable NAT: yes
Disable Firewall: yes

7. Set up the WAN interface

WAN Protocol: DHCP
Host name: Lawrence

8. Set up OLSR

HNA4: 192.168.4.1 255.255.255.0

9. Restart the Linksys

You should now be given an IP address in the 192.168.3.x range
You should be able to connect to another mesh access point and even get a default gateway to an internet point, if one exists

Monday, June 20, 2005

How the ETX metric in OLSR is calculated

The ETX of a link is the predicted number of data transmissions required to send a packet over that link, including retransmissions. The ETX of a route is the sum of the ETX for each link in the route. For example, the ETX of a three-hop route with perfect links is three; the ETX of a one-hop route with a 50% delivery ratio is two.

The ETX of a link is calculated using the forward and reverse delivery ratios of the link. The forward delivery ratio, df , is the measured probability that a data packet successfully arrives at the recipient; the reverse delivery ratio, dr , is the probability that the ACK packet is successfully received. The expected probability that a transmission is successfully received and acknowledged is df x dr .

A sender will retransmit a packet that is not successfully acknowledged. Because each attempt to transmit a packet can be considered a Bernoulli trial, the expected number of transmissions is:

ETX = 1/ (df x dr)


For a full description of how df and dr is actually calculated see MIT's publication site

Mesh scalability by modifying the MAC layer in Altheros

This is a great article that discusses the whole issue of loss of performance in a single radio mesh network with many hops. Modifying the MAC layer on our 50 Altheros cards we are getting for the massive mesh could prove a very novel way of dealing with the inherent problems in the WiFi spec when trying to build large mesh networks

Getting Kismet working with IPW2200 driver

Thanks to ubuntu forums for this linkLink

Tuesday, June 14, 2005

Drawing(almost realtime) pretty network topology pictures with

 
Tried it, works well'ish.

Regards,
Yusuf Kaka

________________________________________________________________________________

Mobile Platforms Engineer

CSIR - Meraka Institute (African Advanced Institute for ICT)
Web Address: www.csir.co.za or www.meraka.co.za
________________________________________________________________________________



Monday, May 16, 2005

Howto: Mesh Network on a WRT54G using OLSRd

I followed the instructions here: Howto: Mesh Network on a WRT54G using OLSRd and now have a mesh node (AngelNET_mesh) running OLSR.
I used channel SSID AngelNET_mesh, channel 11, 64bit wep, key: 1234567890

Running Kismet-Drone on a Linksys WRT54G (OpenWRT)

Install either the kismet or kismet_drone package. Then edit /etc/kismet_drone.conf and change the source from wrt54g,eth1,wrt45g to wrt54g,prism0,wrt54g.
Edit /etc/kismet.conf on your host pc, include the line: source=kismet_drone,10.168.1.1:3501,drone
then run kismet and off u go!

Wednesday, April 06, 2005

Linksys Disaster Recovery

Theres nothing like learning the hard way! As a result of my usual "If it ain't broke, it hasn't been fixed enough" approach to life, I fiddled with the Linksys until it innevitably went into a coma/ vegetative state. How did I manage this you ask? Simple, I started by doing a firmware upgrade using the wrong sveasoft image, which resulted in a moderately upset linksys which refused to talk to me on the web interface. With the help of our trusted Android (Andrew), I managed to do a reset-hold/ ping / tftp recovery and then flashed the poor bugger with OpenWRT, which according to OpenWRT is still not supported by them for the version 2.2 Linksys, which I subsequently found out I was using! So alas, all that remained was a perfectly dead Linksys, not responding to anything. It was time to go in, screwdrivers a blazing. I shorted out pins 15 and 16 and started up the Linksys, this created a crc error which was detected on boot, this then started up an emergency TFTP server which allowed me to ping and finally tftp the original Linksys firmware back onto it!

More details on the recovery processes can be found here:
OpenWrtDocs/Troubleshooting - OpenWrt

Whew!

Tuesday, April 05, 2005

War-Driving: Using Kismet and a GPS

This article ""Configuring and Using Kismet"" has a nice tutorial on how to setup Kismet and your GPS on Linux. Also look at the related links on the site for some info on hacking the Linksys!

Saturday, April 02, 2005

How to get ubuntu to automatically start programs when user logs in

If you want ubuntu to automatically login aparticular user and start user programs after login

From Gnome, Select Computer, System Configuration, Login Screen Setup.
Under Auomatic Login, Select check box: Login a user automatically on first bootup. Choose a user under: Automatic login username

To start programs automatically when user logs in edit the following script
~/.gnome2/session-manual

Here is my example:


[Default]
num_clients=3
0,RestartStyleHint=3
0,Priority=50
0,RestartCommand=x11vnc -shared -forever
1,RestartStyleHint=3
1,Priority=50
1,RestartCommand=mount /mnt/win_c
2,RestartStyleHint=3
2,Priority=50
2,RestartCommand=mount /mnt/win_d

Wednesday, March 23, 2005

IPsec and VPN's

There are several ways to isolate users/groups in a network. One of the neatest ways however is by setting up VPN's (virtual private networks). This is where IPsec comes in.IPsec is a protocol which sits on top of the Internet Protocol (IP) layer. It allows two or more hosts to communicate in a secure manner (hence the name).

There are several online guides to setting up IPsec VPN's:

Creating a VPN between two networks, separated by the Internet, using FreeBSD gateways.

Linux:
Linux IPsec HOWTO
IPsec tools

Windows:
Setting up a windows XP client
IPsec and you

Mixing Different Clients and Servers (Windows/Linux):
Jacco's networking stuff
OpenSwan setup for Linux server and Linux/Windows clients
FreeSwan setup for Linux server and Linux/Windows clients

Example System:
IPSec Secure Tunnel at Mathnet

Friday, March 18, 2005

OLSR

It seems that Mobilemesh is dying a slow painful death and its time to look for something else. OLSR seems to be a suitable replacement and it has been compiled for WRT54G! See: http://www.seattlewireless.net/index.cgi/OpenWrt and http://www.olsr.org/index.cgi?action=download

Interesting Blog on Mesh

Click Here

Thursday, February 10, 2005

Setting up WDS on the linksys

Wow it's been a while since a posting on this blog ... it's time to start testing out some linksys ideas again.

Always wanted to test the performance of WDS vs pure mesh. HEre are some good links on setting up WDS

1. The sveasoft WDS tutroial - a little old - April 2004
2. Tutorial with some nice picures
3. Good overall technical information on WDS from Orinioco


Saturday, November 20, 2004

Lets add wireless cameras to the mesh

So far the best chepaest solution is again from our friends at Linksys

The WVC54G

The Linksys Wireless-G Internet Video Camera sends live video with sound through the Internet to a web. it contains its own web server, so it can connect directly to a network, either over Wireless-G (802.11g) networking, or over 10/100 Ethernet cable. MPEG-4 video compression produces a high-quality, high-framerate, up to 640x480 audio/video stream.

Quick price search on Froogle revealed price range from: $180 to $200, a Froogle price search on our WRT54G gave a price range of $70 to $85.

With the current price of the Linksys WRT54G at R700, my estimate is that we will get this wireless web enabled camera for around R1800 in South Africa - still checking with BuillionIT and Westcon.

I searched Eagles web site for similar products and they range from R5500 to R10000.

And guess what: I downloaded the source for the wireless camera - looks like linksys are sticking to their GPL ethic for all their products - this is a huge advantage - it means we can play with compressions ratios, the web interface, the camera settings - basically turn the box into anything we want

Wednesday, November 03, 2004

linksys: adding files to the code.bin firmware

Community I developed a script to add custom files into the Linksys filesystem. This was needed, for example, to add ripd.conf and zebra.conf to /usr/local/etc for the zebra routing daemon.

This is how it works ($LINKSYS_SRC is the directory of your linksys source code eg. /home/djohnson/downloads/linksys/sveasoft/Alchemy-2.3.4/)

1. Copy the script (
makeimage.sh) to $LINKSYS_SRC/src/router
2. Copy files that you need to the $LINKSYS_SRC/src/router/mipsel-uclibc/target directory (you can make directories and add/delete files in here)
3. Execute the makeimage.sh script from the $LINKSYS_SRC/src/router directory
4. A new code.bin will be built which can be uploaded to the linksys box

The makeimage.sh script looks as follows:

#$include .config
#iLINUIXDIR=(shell pwd)
#echo $LINUXDIR
#export LINUXDIR
#export PLATFORMDIR := $(TOP)/$(PLATFORM)
#export INSTALLDIR := $(PLATFORMDIR)/install
#export TARGETDIR := $(PLATFORMDIR)/target

../linux/linux/scripts/squashfs/mksquashfs mipsel-uclibc/target mipsel-uclibc/target.squashfs -noappend
cp ../linux/linux/arch/mips/brcm-boards/bcm947xx/compressed/vmlinuz mipsel-uclibc
../../tools/trx -o mipsel-uclibc/linux.trx mipsel-uclibc/vmlinuz mipsel-uclibc/target.squashfs

cp ../linux/linux/arch/mips/brcm-boards/bcm947xx/compressed/zImage mipsel-uclibc
dd conv=sync bs=64k < mipsel-uclibc/zImage > mipsel-uclibc/linux.bin
cat mipsel-uclibc/target.squashfs >> mipsel-uclibc/linux.bin

cp mipsel-uclibc/linux.trx ../../image/linux.trx
cp ../../image/linux.trx ../../image/code.bin

De-bricking Linksys WRT54G

Thanks Andrew for the help on this one

1. Enter directory with code.bin
2. Start tftp
3. >connect 192.168.1.1
4. >binary
5. >trace
6. >rexmt 1
7. >status

Should display
Connect to 192.168.1.1
Mode: octet Verbose: on Tracing: on
Rexmt-interval: 1 seconds, Max-timout: 25 seconds

8. put code.bin
9. Power cycle the Linksys - Hopefully it should upload the new firmware
10. Hold down the reset button until power light flashes

Linksys WRT54G specs summary

Specs

Ports:

* WAN: One 10/100 RJ-45 port for WAN connectivity
* LAN: Four 10/100 RJ-45 Auto-MDI(X) switched ports
* WLAN: 54mbps 802.11g on a MiniPCI card (1.0)/built-in (1.1) with dual external RP-TNC antenna ports

LED Indicators (1.0):

* Power, DMZ, Diag
* WLAN: Act, Link
* LAN: Link/Act, Full/Col, 100
* Internet: Link/Act, Full/Col, 100

Channels: 1-11 (USA)

System requirements: One PC (200MHz or Faster Processor) with: 64MB RAM, Internet Explorer 4.0 or Netscape Navigator 4.7 or Higher for Web-based Configuration, CD-ROM Drive, Microsoft Windows 98, Me, 2000, or XP, a 802.11g or 802.11b Wireless Adapter with TCP/IP Protocol Installed or Network Adapter with Category 5 Ethernet network cable and TCP/IP Protocol installed

In the box: Wireless-G Broadband Router, Power Adapter, Setup CD-ROM with User Guide, Ethernet Network Cable, Quick Installation guide, Registration Card

Device details:

* Width: 7.32 inches
* Height: 1.89 inches
* Depth: 6.89 inches
* Warranty, parts: 1-year limite
* Warranty, labor: 1-year limited

Transmit Power: 15 dBm (Can be increased to 20db/84mw) (FIX: 84mw=19.24db) Info: 15db=31mW 17db=50mW 20db=100mW

Receiver Sensitivity (unconfirmed):

* -65db for ofdm 802.11g 54 megs
* -80db for dsss 802.11b 11 megs

Power (1.0?): 5V @ 2.0A, center

Power (2.0): 12V @ 1.0A, center positive. (Regulated internally down to 3.3V by an AnaChip? 1501-33, so the unit should be very tolerant of input fluctuations from 5 to 40 volts. Get the polarity right and it'll make do with whatever you give it.)

To turn on ripd and zebra, go to Advanced -> Routing -> Dynamic Routing and click Apply."

Thursday, October 28, 2004

How to set up Linksys as a RIP2 router with client mode

How to set up Linksys as a RIP2 router with client mode

1. Load Alchemy pre-release 5.2.3 onto the linksys

2. Set the Linksys Wireless interface to Client mode and set SSID to "pta-mesh"

Using the web interface select Wireless - Basic Settings
Wireless Mode : Client
SSID: pta-mesh
Select Save Settings - continue

3. Choose your IP addresses for the Wireless interface and the LAN interface

I chose the following
WAN interface: 10.50.1.13
LAN interface: 10.3.11.1

Using the Web interface select Setup - Basic Setup
Internet Connection Type: Static IP
Internet IP Address: 10.50.1.13
Subnet Mask: 255.255.255.0
Router Name: Something you like eg. david_home
Local IP Address: 10.3.11.1
Subnet Mask: 255.255.255.0

Select Save Settings - continue

4. Add router configuration files to the target directory

Enter the router directory ($LINKSYS/src/router)
# cd /mipsel-uclibc/target
# mkdir /usr/local
# mkdir /usr/local/etc

Download my RIP configuration files for linksys
ripd.conf
zebra.conf

Copy these files to $LINKSYS/src/router/mipsel-uclibc/target/usr/local/etc

Download my image making script which will build files in the code.bin image
makeimage.sh

Copy this script to $LINKSYS/src/router
Run the script
./makeimage.sh

You should now have a code.bin with the router config files in /usr/local/etc
Upload this new firmware to the linksys

5. Add commands to rc_startup to startup RIP, Flush iptables (so that RIP messages can arrive on RIP port) and remove NAT

zebra -d -f /usr/local/etc/zebra.conf
ripd -d -f /usr/local/etc/ripd.conf
iptables -F
iptables -F -t nat

8. You should now have a rip enabled linksys client - Try ping the network connected to the wireless interface from a machine connected to the LAN


Things to improve in this recipe
1. Don't flush all iptables - just enable the port for RIP routing
2. Find location in Makefile where the code.bin image is made - don't need my custom script

Thursday, October 21, 2004

Compiling Satori 4.0 with latest tool chain

To compile using the latest toolchain:

1) Apply this patch (also fixes zebra):
http://www.greyskydesigns.com/~lonewolf/satori_fix.patch

Code:
lonewolf@lonewolf:/data4/wrt54g/satori/WRT54G$ patch -p1 --dry-run
patching file src/router/rc/writeimage.c
patching file src/router/zebra/Makefile
patching file src/router/zebra/lib/Makefile
patching file src/router/zebra/ospfd/Makefile
patching file src/router/zebra/ripd/Makefile
patching file src/router/zebra/zebra/Makefile
lonewolf@lonewolf:/data4/wrt54g/satori/WRT54G$ patch -p1
patching file src/router/rc/writeimage.c
patching file src/router/zebra/Makefile
patching file src/router/zebra/lib/Makefile
patching file src/router/zebra/ospfd/Makefile
patching file src/router/zebra/ripd/Makefile
patching file src/router/zebra/zebra/Makefile
lonewolf@lonewolf:/data4/wrt54g/satori/WRT54G.orig$


2) Run 'make'

3) When 'make' errors out, run 'for i in src/router/iproute2/lib/*.a; do mipsel-uclibc-ranlib $i; done'

4) Run make again

5) for i in src/router/iproute2/tc/*.a; do mipsel-uclibc-ranlib $i; done

6) make yet again

Check out here for the forum discussion at sveasoft on the topic