Inhaltsverzeichnis
WHITE BOX v1.1
Hardware required
- Buspirate (for serial console)
- Fonera FON2100A/B/C
Setting up TFTP
Download the OpenWRT Backfire installation files:
Setup atftpd or dnsmasq TFTP and put the above files on there.
Serial console via transparent UART bridge on Buspirate
Pinout of the Fonera Serial Port:
,-----------,-------------------------------------//--- | power | +3.3V o o -> Buspirate GND | connector | n/a o o n/a |-----------' n/a o o -> Buspirate MISO | n/a o o -> Buspirate MOSI | n/a o o n/a |
Setup Buspirate in transparent UART bridge mode 9600 8N1 HiZ and connect to it via gtkterm or similar.
Flashing OpenWRT Firmware
Boot Fonera and hit ^C to enter RedBoot console.
Connect Fonera via Ethernet to host computer and configure the hosts IP to be 192.168.1.2. Then execute the following commands on the serial console (note: flashing takes a long time… several minutes):
RedBoot> ip_address -l 192.168.1.1/24 -h 192.168.1.2 RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma RedBoot> fis init RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7 RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs RedBoot> fis create rootfs RedBoot> reset
Setup Password and ssh access
Wait until Fonera rebooted, once that's done hit ENTER to get a shell. Now set a password which should also start dropbear sshd to allow you to login via ssh.
OpenWRT#> passwd
Configure Network
- Enable DHCP on br-lan interface so you can simply plug it into your network.
- Enable WiFi
Edit /etc/config/dhcp and set the ignore option on the following block to disable DHCP entirely (this is done because there's already a DHCP server in the shackspace network).
config dhcp lan option interface lan option ignore 1
Now make sure that you are connected to something that has internet access and DHCP running. Reboot the Fonera and verify you can ping outside hosts.
Install Support for SD Card over GPIO
# opkg update # opkg install kmod-mmc-over-gpio # opkg install luci-app-mmc-over-gpio
http://wiki.openwrt.org/doc/howto/mmc_over_gpio
GPIO Pin Mapping (via LuCI web-interface or „uci set“):
Parameter | Setting |
---|---|
Name | default |
DI_pin | 1 |
DO_pin | 3 |
CLK_pin | 4 |
CS_pin | 7 |
Mode | 0 |
Pinout of the SW1 connector on the Fonera:
.-----------,-------,-----------,---//--- | power | | serial | | connector | | connector | |-----------' '-----------' | | o SW1.1, GPIO3 -> SD/MMC MISO | o SW1.2, GPIO4 -> SD/MMC SCK | o SW1.3, n/a | o SW1.4, +3.3V -> SD/MMC VCC | o SW1.5, GPIO1 -> SD/MMC MOSI | o SW1.6, GPIO7 -> SD/MMC /CS | | o o GND -> SD/MMC GND (either of the 5 pins is okay) | o | o o '------------//----
Note: GPIO3 and GPIO1 could be switched but the connection to the SD card is labeled correctly.
Software & Configuration
Serial Port Configuration: stty
# opkg update # opkg install coreutils-stty
init.sh
On systems without persistent storage (like the old dd-wrt version used with portal 1.0) this script can be used to setup the environment at boot time. On the current system which does have a persistent overlay filesystem, the init.sh script can be used to do most of the initial setup.
TODO: check if serial port configuration (stty) is persistent across reboots.
SSH Keyfile Auth for root
Put the root SSH public key into /etc/dropbear/authorized_keys. This is done by init.sh.
Disable Password-Logins
Once SSH keys are setup and deployed, disable PasswordAuth in /etc/config/dropbear.
Network
- remove wlan0 from the 'lan' bridge
- create new zone 'portalwlan'
- enable DHCP server
- iface static 192.168.1.1/24
- leave 'lan' zone as-is
- no DHCP server
- iface static 192.168.0.1/24
Services
Disable LuCI web-interface
# /etc/init.d/uhttpd disable # /etc/init.d/uhttpd stop
Disable password-based logins in /etc/config/dropbear
option PasswordAuth 'off'
Notable Tidbits
- open/close users must have UID != 0
Make sure the UID of the open/close users is different from '0'. Otherwise dropbear will expect your keyfile to be /etc/dropbear/authorized_keys. For UIDs other than '0' you can use ~/.ssh/authorized_keys.
This is taken care of by by init.sh.