AlexanderPeters.nl

bloggerdeblog!

Fonera and OpenWrt

Geplaatst op: 23 November 2014 | Geen reacties
Van de free-wifi redactie

Recently I discovered that I still had a Fonera FON2100 WiFi router lying around. These simple routers (one ethernet port and one antenna) were distributed by the FON organisation quite some years ago so that people can open up their wireless network to the FON community. I wanted to use this device in my home network as access point. The standard Fonera software has however limited configuration possibilities and it is not possible to switch off the public network sharing. Since the Fonera software is a derivative of the openly availably OpenWrt, there is the possibility to ‘hack’ the device and install OpenWrt.

I used the following guides:

This post merely adds some remarks based on this information and in general come basic knowledge about network configuration and working with an Linux/Unix environment over SSH or Telnet is assumed.

First setup

The first step is to set up your Fonera. You can access it either through the wifi or via the ethernet connection (via a direct connection via your existing network, note that the device expects to get a IP via DHCP on the WAN port). The default IP when accessing via WiFi is 192.168.10.1. Default credentials are u: root and p: admin

Enabling SSH

In order to enable Telnet to access the bootloader (RedBoot), we need SSH access. This can easily be enabled by a vulnerability in firmware version 0.7.0r4 up to 0.7.1r1 that enables injection of commands in the webinterface. If you don’t have the right firmware version, please refer to the mentioned sources for other methods to enable SSH, or for serial access instead.

Log into the Fonera webinterface and use the following two HTML forms to enable SSH access (change the IP to the IP that you are currently accessing the router at). Note that because the form uses one of the configuration pages to inject the commands, my router lost the right network settings on the WAN port.

 

<html>
<head>
</head>
<body>
<form method="post" action="http://192.168.10.1/cgi-bin/webif/connection.sh" enctype="multipart/form-data">
<input name="username" value="$(/usr/sbin/iptables -I INPUT 1 -p tcp --dport 22 -j ACCEPT)" size="60">
<input type="submit" name="submit" value="Submit" onClick="{this.form.wifimode.value='&quot;;' + this.form.wifimode.value +';&quot;'}">
</form>
</body>
</html>
<html>
<head>
</head>
<body>
<form method="post" action="http://192.168.10.1/cgi-bin/webif/connection.sh" enctype="multipart/form-data">
<input name="username" value="$(/etc/init.d/dropbear)" size="60">
<input type="submit" name="submit" value="Submit" onClick="{this.form.wifimode.value='&quot;;' + this.form.wifimode.value +';&quot;'}">
</form>
</body>
</html>

Now you can log in via SSH (using the same credentials as for the webinterface). In order to permanently enable SSH:

mv /etc/init.d/dropbear /etc/init.d/S50dropbear
vi /etc/firewall.user

The last command opens the firewall configuration in the VI editor. Uncomment the two lines related to port 22 (SSH). Save with VI commands ESC followed by “:wq”

/etc/init.d/S50dropbear
/etc/firewall.user

SSH is now permanently enabled.

Enable Telnet

Now we should enable Telnet to access the bootloader. You can follow the steps described in the OpenWrt guide.  Note that the files openwrt-ar531x-2.4-vmlinux-CAMICIA.lzma and out.hex that are used in this guide are hosted on http://ipkg.k1k2.de/hack/ are not available anymore. Alternative locations are available here and I hosted the files as well here. You can transfer these files to the router using SCP instead of wget from the old download location. In case you have issues with executing one of the commands, make sure you type vmlinux.bin.l7 correctly (l7, not 17).

Access the bootloader by Telnet and install OpenWrt

After rebooting the device, you can Telnet into the bootloader via the ethernet connection on port 9000, within a few seconds after booting. Note that the device takes the default IP of 192.168.1.254 (so you might have to adjust your network settings).  You can follow the guide. In order to transfer the OpenWrt files you have to start a TFTP server that listens to the IP you set via telnet as the host. OpenWrt has their new versions also available for the Atheros platform (that is the platform of the Fonera device). However, I noticed that the latest versions make the device very unstable and slow. Therefore I recommend to stick to version 10.03.1 and download the relevant files of that version.

After loading the OpenWrt images and a reboot, OpenWrt is ready to be configured at 192.168.1.1 via the webinterface (and SSH). Just a few steps are needed to start using the device as WiFi AP and so far it has been running smoothly here.

Fonera 2100 successfully running OpenWrt

Fonera 2100 successfully running OpenWrt

Reacties

Reageer





AlexanderPeters.nl

Welcome! On this blog I post stuff that might be interesting for others or just random posts on daily life stuff. Some of my posts are in English, maar soms ook gewoon in het Nederlands, net waar ik zin in heb. Enjoy!

RSS feed

Last(.fm) played songs

  • Океан Ельзи - Без меж
  • Океан Ельзи - Осінь
  • Cold War Kids - Restless

140 characters