====== WHITE BOX v1.1 ====== ===== Hardware required ===== * Buspirate (for serial console) * Fonera FON2100A/B/C ===== Setting up TFTP ===== Download the [[http://downloads.openwrt.org/backfire/10.03.1-rc5/atheros/|OpenWRT Backfire]] installation files: * [[http://downloads.openwrt.org/backfire/10.03.1-rc5/atheros/openwrt-atheros-vmlinux.lzma|openwrt-atheros-vmlinux.lzma]] * [[http://downloads.openwrt.org/backfire/10.03.1-rc5/atheros/openwrt-atheros-root.squashfs|openwrt-atheros-root.squashfs]] Setup atftpd or dnsmasq TFTP and put the above files on there. ===== Serial console via transparent UART bridge on Buspirate ===== Pinout of the Fonera Serial Port: ,-----------,-------------------------------------//--- | power | +3.3V o o -> Buspirate GND | connector | n/a o o n/a |-----------' n/a o o -> Buspirate MISO | n/a o o -> Buspirate MOSI | n/a o o n/a | Setup Buspirate in transparent UART bridge mode 9600 8N1 HiZ and connect to it via gtkterm or similar. ===== Flashing OpenWRT Firmware ===== Boot Fonera and hit ^C to enter RedBoot console. Connect Fonera via Ethernet to host computer and configure the hosts IP to be 192.168.1.2. Then execute the following commands on the serial console (note: flashing takes a long time... several minutes): RedBoot> ip_address -l 192.168.1.1/24 -h 192.168.1.2 RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma RedBoot> fis init RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7 RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs RedBoot> fis create rootfs RedBoot> reset ===== Setup Password and ssh access ===== Wait until Fonera rebooted, once that's done hit ENTER to get a shell. Now set a password which should also start dropbear sshd to allow you to login via ssh. OpenWRT#> passwd ===== Configure Network ===== * Enable DHCP on br-lan interface so you can simply plug it into your network. * Enable WiFi Edit /etc/config/dhcp and set the ignore option on the following block to disable DHCP entirely (this is done because there's already a DHCP server in the shackspace network). config dhcp lan option interface lan option ignore 1 Now make sure that you are connected to something that has internet access and DHCP running. Reboot the Fonera and verify you can ping outside hosts. ===== Install Support for SD Card over GPIO ===== # opkg update # opkg install kmod-mmc-over-gpio # opkg install luci-app-mmc-over-gpio http://wiki.openwrt.org/doc/howto/mmc_over_gpio GPIO Pin Mapping (via LuCI web-interface or "uci set"): ^Parameter ^Setting ^ |Name |default | |DI_pin |1 | |DO_pin |3 | |CLK_pin |4 | |CS_pin |7 | |Mode |0 | Pinout of the SW1 connector on the Fonera: .-----------,-------,-----------,---//--- | power | | serial | | connector | | connector | |-----------' '-----------' | | o SW1.1, GPIO3 -> SD/MMC MISO | o SW1.2, GPIO4 -> SD/MMC SCK | o SW1.3, n/a | o SW1.4, +3.3V -> SD/MMC VCC | o SW1.5, GPIO1 -> SD/MMC MOSI | o SW1.6, GPIO7 -> SD/MMC /CS | | o o GND -> SD/MMC GND (either of the 5 pins is okay) | o | o o '------------//---- Note: GPIO3 and GPIO1 could be switched but the connection to the SD card is labeled correctly. ====== Software & Configuration ====== ===== Serial Port Configuration: stty ===== # opkg update # opkg install coreutils-stty ===== init.sh ===== On systems without persistent storage (like the old dd-wrt version used with portal 1.0) this script can be used to setup the environment at boot time. On the current system which does have a persistent overlay filesystem, the init.sh script can be used to do most of the initial setup. TODO: check if serial port configuration (stty) is persistent across reboots. ===== SSH Keyfile Auth for root ===== Put the root SSH public key into /etc/dropbear/authorized_keys. //This is done by init.sh.// ===== Disable Password-Logins ===== Once SSH keys are setup and deployed, disable PasswordAuth in /etc/config/dropbear. ===== Network ===== * remove wlan0 from the 'lan' bridge * create new zone 'portalwlan' * enable DHCP server * iface static 192.168.1.1/24 * leave 'lan' zone as-is * no DHCP server * iface static 192.168.0.1/24 ===== Services ===== Disable LuCI web-interface # /etc/init.d/uhttpd disable # /etc/init.d/uhttpd stop Disable password-based logins in /etc/config/dropbear option PasswordAuth 'off' ===== Notable Tidbits ===== * open/close users must have UID != 0\\ Make sure the UID of the open/close users is different from '0'. Otherwise dropbear will expect your keyfile to be /etc/dropbear/authorized_keys. For UIDs other than '0' you can use ~/.ssh/authorized_keys.\\ //This is taken care of by by init.sh.//