Notes
Overview
This page is for notes that don't belong anywhere else
Telekom FTTH
Configuring and OpenWRT router for Telekom FTTH.
Put your router/modem/shitbox from Telekom into bridge mode. Unfortunately it will expose the connection as a PPPoE instead of pain Ethernet with DHCP.
TLDR: You need to tag the packets on your WAN port with VLAN 71:
Configure
Using the info from the letter you should have gotten2:
- Username:
${Anschlusskennung}${Zugangsnummer}${Mitbenutzernummer}@t-online.de - Password:
${Kennwort} - Protocol: PPPoE
If you enable "easy login" in the Telekom Kundenportal, you can use invalid or no credentials for the PAP/CHAP auth.
These examples are using a Turris Omnia router. Your interface names may be different.
Configure with uci:
$ uci set network.wan.proto='ppoe'
$ uci set network.wan.ipv6='auto'
$ uci set network.wan.username='${Anschlusskennung}${Zugangsnummer}${Mitbenutzernummer}@t-online.de'
$ uci set network.wan.password='${Kennwort}'
$ uci set network.wan.device='eth2.7'
Editing config file /etc/config/network:
config interface 'wan'
option proto 'pppoe'
option ipv6 'auto'
option password '${Kennwort}'
option device 'eth2.7'
option username '${Anschlusskennung}${Zugangsnummer}${Mitbenutzernummer}@t-online.de'
option metric '0'
option peerdns '0'
list dns '${dns_server}'
config switch_vlan
option device 'switch0'
option vlan '7'
option ports '1t 6t'
References
EdgeOS / EdgeRouter
These things work like Cisco devices, enter configuration to change the config:
root@edge:~$ configure
[edit]
root@edge#
To show or dump the whole config, enter show:
# show
firewall {
...
}
interfaces {
...
}
port-forward {
...
}
service {
...
}
system {
...
}
[edit]
To inspect parts of the config,
# show firewall
...
[edit]
# show service dhcp-server hostfile-update
>hostfile-update enable
[edit]
When you are done, commit and save changes:
root@edge# commit
[edit]
root@edge# save
Saving configuration to '/config/config.boot'...
Done
[edit]
root@edge# exit
exit
root@edge:~$
The running config is written to /config/config.boot, which is just a
textfile (easy backups).
DHCP
Act as an authoritative DNS for the zone configured in the DHCP server, recognizing local hostnames3:
set service dhcp-server hostfile-update enable
DNS
Forward DNS requests4 for $zone to $resolver:
set service dns forwarding options server=/${zone}/${resolver}
Show DNS forwardings servers and metrics:
show dns forwarding nameservers
show dns forwarding statistics
Enable DNS forwarding on $interface:
set service dns forwarding dhcp $interface
Forward DNS to $ip:
set service dns forwarding name-server $ip>
Override $address with $ip
set service dns forwarding options address=/$address/$ip
Bind DNS to $interface:
set service dns forwarding listen-on $interface
Bind to all interfaces except $interface:
delete service dns forwarding listen-on
set service dns forwarding except-interface $interface
References
Unifi Access points (and switches)
The access points are running some stripped down Linux. If you set your ssh key
in the Network Console, you can ssh to them as the user admin. You'll get
dropped into a BusyBox shell in /etc/persistent and can poke around.
They only present an RSA host key. If your OpenSSH doesn't accept it by default, you'll first have to enable it:
Host acess-point
User admin
HostkeyAlgorithms +ssh-rsa
They ship with vi, with vim deceptively symlinked to it:
# alias vim
vim='vi'
Some firmwares have some Unifi-specific tools, though these seem to be mostly gone from the firmware on newer access points. On older firmwares you can sometimes them.
ubnt-systoolubnt-device-infoubnt-tools
All firmwares ship with useful standard network utilities like tcpdump,
scp, arp, ip, ping and etc.
Persist filesystem changes
The /etc/persistent path name is not a lie. But if you write to the
filesystem and reboot, your changes will be gone. You need to use cfgmtd
to actually persist your changes.
# cfgmtd -h
Usage: cfgmtd [options]
-t <type> - Configuration type to use [1(active)|2(backup)]. (Default: 1(active))
-f <config file> - Configuration file to use. (Default: /tmp/system.cfg)
-p <persistent directory> - Directory to persistent dir. (Default: none)
-w - Write to flash action.
-r - Read from flash action.
-c - Clear flash action.
-o <mtd|file name> - Use mtd or file name. (Default: /dev/mmcblk0p9)
-n - No check size when specify -o. (Default: Check)
-h - This message.
# cfgmtd -w -p /etc/persistent
You dont have a lot of space to play with though. :)
Control the LED
The access points have both a blue and white LED, but only the blue LED is configurable in the controller (models prior to AC Lite supposedly had an RGB LED).
They show up under /sys/class/leds/ubnt:{white,blue}:dome on AC Lite access
points. On newer U6 access points they seem to be at /sys/class/leds/ubnt:{white,blue}:personality
instead.
Turn on the white LED
The brightness file accepts a value between 0-255. Turning on the white LED
is just writing 0 to brightness for the blue LED (turning it off) and
writing 255 to brightness for the white LED (turning it on). For a dimmer
light, use a lower number.
On U6 access points:
# echo 0 > /sys/class/leds/ubnt\:blue\:personality/brightness
# echo 255 > /sys/class/leds/ubnt\:white\:personality/brightness
On AC Lite:
# echo 0 > /sys/class/leds/ubnt\:blue\:dome/brightness
# echo 255 > /sys/class/leds/ubnt\:white\:dome/brightness
Turn the LEDs off
Just write 0 to the brightness file for both. For U6:
# echo 0 > /sys/class/leds/ubnt\:white\:personality/brightness
# echo 0 > /sys/class/leds/ubnt\:blue\:personality/brightness
Use ubnt:{white,blue}:dome on AC Lites and etc.
Adopt an AP over SSH
You can ssh to an AP and initate the adoption process:
# mca-cli-op set-inform http://${controller_host}:8080/inform
Some firmwares come with a set-inform binary, but mca-cli-op seems to ship
with all firmwares (that I have seen).
The current controller URL is saved in a text file /etc/persistent/cfg/mgmt:
# grep "mgmt\.servers" cfg/mgmt
mgmt.servers.1.url=http://${controller_host}:8080/inform
Most other controller-configurable settings seem to be persisted in that file,
as well as the authentication key it uses for the Adoption protocol (they use
plain HTTP on port 8080 without SSL, but the HTTP traffic itself gets
encrypted).
Clear the config
This clears the config on the AP, and has the same effect as pressing the phsysical reset button:
# set-default
The access point gets rebooted, and comes up with the factory settings.