Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Home Networking Megathread - Yes the OP is out of date
 
  • Post
  • Reply
ryanrs
Jul 12, 2011

 I am running some ethernet outdoors for a camera, so I figure it's time to properly split up/VLAN/etc my home network (as opposed to having everything on a dumb switch behind the NAT). I don't want someone to be able to plug into my outdoor ethernet jack and start sending stuff to my printer or w/e.

Hardware I have on hand:
- Netgear WNDR3700 v2 access point. Atheros AR7161 @ 680 MHz, 16MB flash, 64MB RAM.
- RockPro64 sbc. Rockchip RK3399 @ 1.8 GHz, 32GB eMMC, 4GB RAM.
- 2x Raspberry Pi 4.

Right now the Netgear AP WAN port is connected to Comcast cable internet roughly 120/20 Mbit/s. The AP runs NAT. One of the Raspberry Pis does adblocking DNS.

So for an upgrade, I'm thinking of sticking a quad-port Intel nic in the RockPro64 and runningOpenWRT. Maybe add a USB hard drive so it can be a NAS for the security camera?

I will also install OpenWRT on the Netgear AP, but only use it for AP-things, not routing my WAN connection.


Does this make sense? I am trying to save some money by reusing various computer parts I already have.

* # ¿ Mar 21, 2024 21:35
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 2, 2024 20:29
  • Quote
ryanrs
Jul 12, 2011

namlosh posted:

I’ve even tried changing the listen port to a lower port number from 52182(?) or whatever to something below 10000.

Try changing the port to 443, maybe AT&T will leave it alone.

It would be funny if this works.

* # ¿ Apr 7, 2024 01:58
  • Quote
ryanrs
Jul 12, 2011

 Crossposting this here in case anyone wants a super-cheap board that runs vanilla OpenWRT.
- no Gigabit
- no USB 3
- no PoE module inside (and $25 shipping to order the part from China)
- yes I2C header inside
- physically small, slightly wider than a pack of cigarettes.


My $16 travel router / MIPS dev box is up and running. I added a $13 64GB microSD card for more storage. It has 128MB of RAM, which is enough to run real software like compilers.

Power draw is 1.5W with the wifi off.


code:
536 ~$ ssh root@192.168.1.248
root@192.168.1.248's password: 


BusyBox v1.36.1 (2023-10-09 21:45:35 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.0, r23497-6637af95aa
 -----------------------------------------------------
root@OpenWrt:~# cat /proc/version 
Linux version 5.15.134 (ryan@rockpro64) (mips-openwrt-linux-musl-gcc (OpenWrt GCC 12.3.0
 r23497-6637af95aa) 12.3.0, GNU ld (GNU Binutils) 2.40.0) #0 Mon Oct 9 21:45:35 2023
root@OpenWrt:~# df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                 6.0M      6.0M         0 100% /rom
tmpfs                    59.5M     68.0K     59.5M   0% /tmp
/dev/sda1                59.7G    918.9M     58.8G   2% /overlay
overlayfs:/overlay       59.7G    918.9M     58.8G   2% /
tmpfs                   512.0K         0    512.0K   0% /dev
root@OpenWrt:~# gcc -x c -o yospos - && ./yospos | perl cowsay
#include <stdio.h>
int main(){ return 0 > puts("turn on your monitor"); }

 ______________________ 
< turn on your monitor >
 ---------------------- 
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||
root@OpenWrt:~# python
Python 3.11.6 (main, Oct  9 2023, 21:45:35) [GCC 12.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> 
root@OpenWrt:~#

* # ¿ Apr 10, 2024 02:43
  • Quote
ryanrs
Jul 12, 2011

 It's big endian just like a real computer :shobon:

code:
root@OpenWrt:~# lscpu 
Architecture:          mips
  Byte Order:          Big Endian
CPU(s):                1
  On-line CPU(s) list: 0
Model name:            -
  Model:               MIPS 24Kc V7.4
  Thread(s) per core:  1
  Core(s) per socket:  1
  Socket(s):           1
  BogoMIPS:            432.53
  Flags:               mips16
Caches (sum of all):   
  L1d:                 32 KiB (1 instance)
  L1i:                 64 KiB (1 instance)
root@OpenWrt:~#

* # ¿ Apr 10, 2024 03:15
  • Quote
ryanrs
Jul 12, 2011

 Why not? I seems to run pretty cool, imo.

e: I was thinking of using these in quantity to IoT-ify some microcontroller projects. It'll talk to the microcontroller over USB, and run the heavyweight network and security protocols. That's one of the reasons I wanted vanilla OpenWRT: no vendor dependency for updates. Amazon is currently liquidating this old hardware super cheap, which is honestly what makes it interesting.

ryanrs fucked around with this message at 05:09 on Apr 10, 2024

* # ¿ Apr 10, 2024 04:00
  • Quote
ryanrs
Jul 12, 2011

 I'm not sure how good the wireless hardware is (haven't tested it myself). But I kinda don't care for my application. It's providing 2.4 GHz spot coverage for some motion sensors in a garage. Not video, just a binary sensor.

But it is a well-supported Atheros chipset. So at least it should work properly, if not be the latest/fastest. The ethernet ports are only 100M, so you definitely won't be setting any records.

e: They're marked Amazon Renewed, but it's more like liquidating old stock / discontinued product. The units are in perfect retail packaging with cling film in place, etc. They are not used.

And you don't have to do the build-from-source adventure I went through in the other thread. Just install the sysupgrade image from here. You can do this through the as-shipped OEM OpenWRT install.

Alternatively, you can build from source, but it took me literal days to get it working because compiles take so long and I made various mistakes. But it was nice to see that it was possible, and not super hard. Also, I was doing builds on a different under-powered SoC for lols, which slowed things down.

Once you have vanilla OpenWRT running, insert a microSD card and set up Extroot.

ryanrs fucked around with this message at 08:09 on Apr 10, 2024

* # ¿ Apr 10, 2024 07:29
  • Quote
ryanrs
Jul 12, 2011

 Should my 2.4 GHz and 5 GHz wifi networks have the exact same SSID, or should I use something like Fart_24 & Fart_5? Some of my devices are 2.4-only, but there is no logical/operational distinction in use. This is for my tiny condo.

Right now I have different SSIDs for the different bands, but if I add a guest SSID then suddenly I have 4 networks in the menu, which seems excessive. (yeah, I know that doesn't really matter)

* # ¿ Apr 13, 2024 03:52
  • Quote
ryanrs
Jul 12, 2011

 How does a lovely 2.4-only device even know you're turning 5 GHz on and off?

* # ¿ Apr 13, 2024 04:59
  • Quote
ryanrs
Jul 12, 2011

 Vanilla OpenWRT on an Aruba AP-303H


e: This is not safe. There is some partition or volume info that is being lost, and it may brick your device. I'll know for sure once I un-brick mine.

Before you start, be aware that a random TTL FTDI serial cable will probably not work on these Aruba APs. I have a serial cable that works fine on my Raspberry Pi, but it would not work with the AP-303H. It will receive console output, but fails to transmit, so you can't type anything. Either buy the official $35 Aruba console cable (no), or this $18 knockoff. At least the knockoff cable costs less than the used access point.


OpenWRT: AP-303H install instructions.

Here's my variation, which overwrites all Aruba code on the NAND flash, so OpenWRT can use the whole 128MB. Assume you will never be able to go back to the Aruba software, unless you backup your flash before doing this install.

The OEM bootloader and other low-level stuff lives on a separate NOR flash chip, which we will not be touching. So you should always be able to get back to the apboot> prompt and boot off your tftp server. I don't think you can brick the AP even if you screw up a command, or cut power in the middle of flashing, etc.


Change the kernel command line to override the flash partition definition in the DeviceTree .dts. This just changed how the OpenWRT kernel sees the flash chip, it doesn't modify any data on it.
code:
Hit <Enter> to stop autoboot:  0
apboot>
apboot> setenv bootargs_openwrt "setenv bootargs console=ttyMSM0,9600n8 mtdparts=spi0.1:-(ubi)"
apboot> setenv nandboot_openwrt "run bootargs_openwrt; ubi part aos0; ubi read 0x85000000 kernel; set fdt_high 0x87000000; bootm 0x85000000"
apboot> setenv ramboot_openwrt "run bootargs_openwrt; setenv ipaddr 192.168.5.49; setenv serverip 192.168.5.30; netget; set fdt_high 0x87000000; 
bootm"
apboot> setenv bootcmd "run nandboot_openwrt"
apboot> saveenv 
Saving Environment to SPI Flash...
Erasing SPI flash...Writing to SPI flash...done
apboot> run ramboot_openwrt



Boot up OpenWRT initramfs image off your tftp server and format the flash. This is the step that destroys all the Aruba data. You can back it up first with dd.
code:
root@OpenWrt:/# ubidetach -p /dev/mtd15
[   54.122938] ubi0: detaching mtd15
[   54.123971] ubi0: mtd15 is detached
root@OpenWrt:/# ubiformat /dev/mtd15
ubiformat: mtd15 (nand), size 134217728 bytes (128.0 MiB), 1024 eraseblocks of 131072 bytes (128.0 KiB), min. I/O size 2048 bytes
ubiformat: formatting eraseblock 1023 -- 100 % complete  % complete
root@OpenWrt:/# cd /tmp
root@OpenWrt:/tmp# scp ryan@192.168.5.20:dl/openwrt-23.05.3-ipq40xx-generic-aruba_ap-303h-squashfs-sysupgrade.bin .
root@OpenWrt:/tmp# sysupgrade -n openwrt-23.05.3-ipq40xx-generic-aruba_ap-303h-squashfs-sysupgrade.bin




The Aruba bootloader (which resides in a different, smaller flash chip) will be pissed that we overwrote the Aruba partitions. But after some complaining, it does find the OpenWRT kernel and jump to it.
code:
APBoot 2.1.4.7 (build 57679)
Built: 2016-12-08 at 15:41:41

Model: AP-303H  
DRAM:  512 MiB  
Flash: Detected MX25L3205D: total 4 MiB
NAND:  Detected MX35LFxGE4AB: total 128 MiB
Power: 802.3at POE
UBI error: ubi_read_volume_table: the layout volume was not found
UBI error: ubi_init: cannot attach mtd1
UBI error: ubi_init: UBI error: cannot initialize UBI, error -22
Volume aos0 not found!
Creating dynamic volume aos0 of size 0
UBI error: ubi_create_volume: cannot create volume -1, error -23
Volume aos1 not found!
Creating dynamic volume aos1 of size 0
UBI error: ubi_create_volume: cannot create volume -1, error -23
Volume ubifs not found!
Creating dynamic volume ubifs of size 0
UBI error: ubi_create_volume: cannot create volume -1, error -23
Net:   eth0
Radio: ipq4029#0, ipq4029#1
Reset: warm
FIPS:  passed   

Hit <Enter> to stop autoboot:  0
Volume kernel not found!
Uncompressing Kernel Image ... OK
ipq: fdt fixup unable to find compatible node
[    0.000000] Booting Linux on physical CPU 0x0
[    0.000000] Linux version 5.15.150 (builder@buildhost) (arm-openwrt-linux-muslgnueabi-gcc (OpenWrt GCC 12.3.0 r23809-234f1a2efa) 12.3.0, GNU ld (GNU Binutils) 2.40.0) #0 SMP Fri Mar 22 22:09:42 2024
[    0.000000] CPU: ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
[    0.000000] CPU: div instructions available: patching division code
[    0.000000] CPU: PIPT / VIPT nonaliasing data cache, VIPT aliasing instruction cache
[    0.000000] OF: fdt: Machine model: Aruba AP-303H
code:
BusyBox v1.36.1 (2024-03-22 22:09:42 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.3, r23809-234f1a2efa
 -----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:/# df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                 4.0M      4.0M         0 100% /rom
tmpfs                   248.0M     64.0K    247.9M   0% /tmp
/dev/ubi0_2             103.7M    156.0K     98.8M   0% /overlay
overlayfs:/overlay      103.7M    156.0K     98.8M   0% /
tmpfs                   512.0K         0    512.0K   0% /dev
root@OpenWrt:/# time dd if=/dev/mtd15 of=/dev/null bs=1M
128+0 records in
128+0 records out
real    1m 19.70s
user    0m 0.00s
sys     0m 17.50s
99MB free and 1.6 MB/s. It's... sufficient.


I'm going to set this up as garage wifi, with an ip camera hanging off the downstream PoE port. These access points were originally designed for hotel rooms, so there is PoE lan port for a phone.

I also want a motion detector connected to the USB port. Normally the AP-303H does not allow both downstream PoE and USB unless it is running off a wall adapter. I guess the combined power requirements put it over the upstream 802.3at 30W limit. However, my USB device is quite low power, as is the IP camera. And I think I just deleted the Aruba code that enforces that limitation, heh.

ryanrs fucked around with this message at 06:54 on Apr 19, 2024

* # ¿ Apr 18, 2024 06:59
  • Quote
ryanrs
Jul 12, 2011

chocolateTHUNDER posted:

How did you wind up getting your hands on one of these APs? They seem pretty targeted at the hotel/hospitality industry, and I’m guessing aren’t sold direct to consumers. Second hand off a client or something like that? eBay?

Ebay search: AP-303H. They go for $20-40, depending on if you want cords and the plastic wall bracket or desk mount.

You're right, it's a weird niche device. But it means you get PoE (not present on home routers), and 3 lan ports (not present on enterprise APs). A USB port for a peripheral, like a microcontroller or USB stick or a printer, etc. Clean case not bristling with antennas. Fairly small. Good build quality.

But $20/ea is what seals the deal. Especially if you want to mess around with mesh networking or something where you want a bunch of 'em.

e: lmao Aruba is still selling these new. Buy one at Office Depot for $542.

ryanrs fucked around with this message at 01:02 on Apr 19, 2024

* # ¿ Apr 19, 2024 00:58
  • Quote
ryanrs
Jul 12, 2011

 I just got write access to the OpenWrt wiki, so all this info will find its way there in a few days. Hopefully I'll make it easier for people to put these devices to use. They are not the newest tech, but they can still be useful.

* # ¿ Apr 19, 2024 01:24
  • Quote
ryanrs
Jul 12, 2011

 Ha ha ha, oops. I wanted to test my flash backups, so I zeroed the flash and then copied it back. Now my AP won't boot.

U-boot still exists and tftp boot still works, so it's not that bad. I think there is some partition info that was lost, though. I do have a second AP of the same model I can examine and copy stuff from.

* # ¿ Apr 19, 2024 07:05
  • Quote
ryanrs
Jul 12, 2011

 Well these Aruba APs came pre-loaded with a bunch of HP code, so I wanna get rid of that. You know, like when you buy a new Windows computer and have to delete all the pre-installed junk.

Anyway, a factory reset restored the partition table. It seems like the bootloader and the OS need to agree on where the flash memory partitions are, which is reasonable I guess, though I'm still not sure how it was working the first time.

So while I can't (yet) rewrite the partition table, I can at least move OpenWrt out of the 32 MB partition and into the 64 MB partition. I'd like the whole 128MB chip, but 64 will do. It's at least big enough that I won't be hitting the limit constantly. It's a quality of life / laziness thing, more than a hard requirement.

e: I may have an explanation for earlier efforts seeming to succeed. What if the bootloader couldn't find the kernel, but I didn't check the error message before jumping to the kernel that wasn't loaded? And what if I've been doing warm reboots and the initramfs kernel image was still sitting there in RAM? Ha ha.

ryanrs fucked around with this message at 04:26 on Apr 20, 2024

* # ¿ Apr 20, 2024 01:59
  • Quote
ryanrs
Jul 12, 2011

 Wireless, but you still gotta be in the same room and within 20 ft of the AP.

It probably makes sense for dense deployments. And imagine the :10bux: if you can get the school district to buy 4 APs per classroom.

* # ¿ Apr 25, 2024 20:50
  • Quote
ryanrs
Jul 12, 2011

 60 GHz is the real reason they moved you into an open-plan office with really high ceilings

* # ¿ Apr 27, 2024 03:01
  • Quote
ryanrs
Jul 12, 2011

 How fast for the networking? If just gigabit, then even $70 Netgear GS308EP does vlans, and it's small and fanless and has a metal case and PoE (and is cheaper than the non-PoE GS308E).

So yeah, how fast and how poor?

* # ¿ Apr 27, 2024 23:07
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ May 2, 2024 20:29
  • Quote
ryanrs
Jul 12, 2011

 Then that's all you need for segmentation, assuming your router supports vlans or has an extra ethernet port that can be isolated from your home lan.

What router model?

* # ¿ May 1, 2024 17:36
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Home Networking Megathread - Yes the OP is out of date