Fun with La Fonera

FON is the largest WiFi community in the world. FON is a Community of people making WiFi universal and free. FON’s vision is WiFi everywhere made possible by the members of the Community, Foneros. Read all about it on www.fon.com.

The fun part comes where FON has developed it’s own Wifi routers that can be bought for cheap.

These routers are fairly easy to hack and allow other firmware to be put on it. However you can also download the source code of the original firmware and add your own software to it. That what’s this article is all about. Modifying your FON but keeping the FON community alive!.

Hacking the Fonera

Gaining access 

There are several ways to get access to the firmware of your Fonera. Thanks to Stefan Tomanek and Michael Kebe it is very easy to enable ssh access on your Fonera, see http://stefans.datenbruch.de/lafonera/.
With ssh enabled you can use LaFonera Software Flashing guide

You can find more information about flashing at:
– http://wiki.openwrt.org/OpenWrtDocs/Hardware/Fon/Fonera
– http://www.fonerahacks.com

If you plan to flash your Fonera more often it realy is worthwile to solder yourself a serial interface. This is discribed at http://www.dd-wrt.com/wiki/index.php/LaFonera_Hardware_Serial-Cable-Port

My Fonera had a new circuitboard:

From the DB9 connector with MAX 3232 chip there are four wires that lead to a four pin connector on the circuitboard.

Yellow is +3.3V
Black is Ground
Brown is RX
Yellow is TX

Looks pretty good after spending some time:

Using Redboot and tftp to flash your Fonera

You need a PC, serial cable from PC to Fonera and a running tfp server (like tftpd)

Start Hyper terminal and make a connection with the following settings:

Next power on La Fonera. Hyper terminal should show output like:

+Ethernet eth0: MAC address 00:18:84:82:f8:50
IP: 192.168.1.1/255.255.255.0, Gateway: 0.0.0.0
Default server: 192.168.1.254RedBoot(tm) bootstrap and debug environment [ROMRAM]
Non-certified release, version V1.00 – built 10:37:27, Dec 12 2006Copyright (C) 2000, 2001, 2002, 2003, 2004 Red Hat, Inc.Board: FON1
RAM: 0x80000000-0x81000000, [0x80040aa0-0x80fe1000] available
FLASH: 0xa8000000 – 0xa87f0000, 128 blocks of 0x00010000 bytes each.
== Executing boot script in 2.000 seconds – enter ^C to abort

Press ^C within 2 seconds:

^C
RedBoot>

Now tell RedBoot what Ip to use which IP to find a tftp server:

RedBoot> ip_address -h 192.168.39.200 -l 192.168.39.116/24
IP: 192.168.39.116/255.255.255.0, Gateway: 0.0.0.0
Default server: 192.168.39.200

Load the kernel image:

RedBoot> load -r -b %{FREEMEMLO} fon-7.1.5-jh-0.1-vmlinux.lzma
Using default protocol (TFTP)
Raw file loaded 0x80040c00-0x800c0bff, assumed entry at 0x80040c00

Initialise fis:

RedBoot> fis init
About to initialize [format] FLASH image system – continue (y/n)? y
*** Initialize FLASH Image System
… Erase from 0xa87e0000-0xa87f0000: .
… Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

Create the kernel in flash memory:

RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7
… Erase from 0xa8030000-0xa80b0000: ……..
… Program from 0x80040c00-0x800c0c00 at 0xa8030000: ……..
… Erase from 0xa87e0000-0xa87f0000: .
… Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

 

RedBoot> fis free
0xA80B0000 .. 0xA87E0000

Load the rootfs image:

RedBoot> load -r -b %{FREEMEMLO} fon-7.1.5-jh-0.1-root.squashfs
Using default protocol (TFTP)
Raw file loaded 0x80040c00-0x801c0bff, assumed entry at 0x80040c00

0xA87E0000 minus 0xA80B0000 = 0x00730000. use that to create the rootfs:

RedBoot> fis create -l 0x00730000 rootfs
… Erase from 0xa80b0000-0xa87e0000: ……………………………………
……………………………………………………………….
… Program from 0x80040c00-0x801c0c00 at 0xa80b0000: ……………………
… Erase from 0xa87e0000-0xa87f0000: .
… Program from 0x80ff0000-0x81000000 at 0xa87e0000: .

Reboot the router:

RedBoot> reset
… Resetting.

Mounting network drives using standard firmware

Using the original fonera source code I compiled some packages that are normally not available for La Fonera. The packages should work if you have a 2.4.32 kernel. Check it with:
# cat /proc/version
Linux version 2.4.32 (iurgi@ropero) (gcc version 3.4.6 (OpenWrt-2.0)) #9 jue nov 23 12:11:45 UTC 2006

For this you have got to have console acces.

Mounting a Windows network share using CIFS

1)Log on to La Fonera
2)Install kmod-fs-cifs:

# ipkg install http://www.circuitdb.com/fon/0.7.1-r5/packages/kmod-fs-cifs_2.4.32-ar531x-1_mips.ipk
Downloading http://www.circuitdb.com/fon/0.7.1-r5/packages/kmod-fs-cifs_2.4.32-ar531x-1_mips.ipk
Installing kmod-fs-cifs (2.4.32-ar531x-1) to root…
Configuring kmod-fs-cifs
Done.

3)Mount a share:

# mount -t cifs DataShare /mnt -o unc=”\\\\192.168.1.200\\Data (E)”,ip=192.168.1.200,user=<username>,pass=<password>
#

The name after -t cifs command can be anything you like to identify the share.
I found out that this also worked in my share as i have no restrictions on my share:

# mount -t cifs DataShare /mnt -o unc=”\\\\192.168.1.200\\Data (E)”,user=dummy
#

4)View the mount points:

# mount
/dev/root on /rom type squashfs (ro)
none on /dev type devfs (rw)
none on /proc type proc (rw)
none on /tmp type tmpfs (rw,nosuid,nodev)
none on /dev/pts type devpts (rw)
/dev/mtdblock/3 on /jffs type jffs2 (rw)
/ on / type mini_fo (rw)
DataShare on /mnt type cifs (rw,nodiratime,unc=\\192.168.1.200\Data)

5)Look at the data:

# ls /mnt
Audio System Volume Information Documents Video
Downloads Photos Mail RECYCLER
svn

6)Unmount:

# umount /mnt
#

Mounting NFS (Network File System)

1)Log on to La Fonera
2)Install kmod-fs-nfs:

# ipkg install http://www.circuitdb.com/fon/0.7.1-r5/packages/kmod-fs-nfs_2.4.32-ar531x-1_mips.ipk
Downloading http://www.circuitdb.com/fon/0.7.1-r5/packages/kmod-fs-nfs_2.4.32-ar531x-1_mips.ipk
Installing kmod-fs-nfs (2.4.32-ar531x-1) to root…
Configuring kmod-fs-nfs
Done.

3)Mount a share:

# mount -t nfs 192.168.1.254:/var/data /mnt
#

4)View the mount points:

# mount
/dev/root on /rom type squashfs (ro)
none on /dev type devfs (rw)
none on /proc type proc (rw)
none on /tmp type tmpfs (rw,nosuid,nodev)
none on /dev/pts type devpts (rw)
/dev/mtdblock/3 on /jffs type jffs2 (rw)
/ on / type mini_fo (rw)
192.168.1.254:/var/data on /mnt type nfs (rw,v3,rsize=32768,wsize=32768,hard,udp
,lock,addr=192.168.1.254)

5)Look at the data:

# ls /mnt
Audio System Volume Information Documents Video
Downloads Photos Mail RECYCLER
svn

6)Unmount:

# umount /mnt
#

Compiling from source

Get the fonera source from:

# wget http://download.fon.com/firmware/fonera/latest/fonera.tar.bz2

Make a directory to unpack the source code to:

# mkdir fon-src

Unpack the source into the new directory:

# cd fon-src

 

# tar -jxvf ../fonera.tar.bz2

Read the README file and see that you need to have installed gcc, binutils, patch, bzip2, flex, bison,
make, gettext, pkg-config, unzip, libz-dev and libc headers.
So install them if required. I found out that g++ is also required so install that as well.

Now let’s configure:

# make menuconfig

Even if you don’t want to make any changes run make menuconfig then exit ans save when asked.

Compile with:

# make

To get more output compile with:

# make V=99

Then all you need to do is flash your Fonera using the root.squashfs and vmlinuz.lzma files that can be found in bin/

With thanks to http://imil.net/docs/fonera-build.txt

CircuitDB’s firmware patch

What is in it?

Our patch adds extra functionality to La Fonera’s orginal firmware while keeping the internet sharing functions.

jh patch adds the following functionality:
– Enabled ssh server. It’s accesible through both wireless networks and on WAN network.
– Disabled the serial console. This allows you to use the serial port for other purposes.
– Added setserial package and enabled stty in busybox config to change your serial port settings.
– OpenVPN server.

Download

Current version of our patch is jh-0.1 is tested on La Fonera Version 0.7.1 rev 5 source code. Our patch can be downloaded here: fonera-jh-0.2.patch or download the compiled firmware image here: fonera-jh-0.2.
Check teh end of this article for old versions and the changelog.

Compiling the firmware with a jh patch

Get the fonera source from:

# wget http://download.fon.com/firmware/fonera/latest/fonera.tar.bz2

Download the patch from www.CircuitDB.com:

# wget http://www.circuitdb.com/fon/patches/fon-jh-<VERSION>-patch.tar.gz

and unpack it:

# tar -zxvf fon-jh-<VERSION>-patch.tar.gz

Make a directory to unpack the source code to:

# mkdir fon-src

Unpack the source into the new directory:

# cd fon-src
# tar -jxvf ../fonera.tar.bz2

Read the README file and see that you need to have installed gcc, binutils, patch, bzip2, flex, bison,
make, gettext, pkg-config, unzip, libz-dev and libc headers.
So install them if required. I found out that g++ is also required so install that as well.

Apply the patch:

#  patch -p1 < ../fonera-jh-<VERSION>.patch

Now let’s configure:

# make menuconfig

Even if you don’t want to make any changes run make menuconfig then exit ans save when asked.

By default automatic updating is disabled. Read the next paragraph if you want to change it.

Compile with:

# make

To get more output compile with:

# make V=99

Then all you need to do is flash your Fonera using the root.squashfs and vmlinuz.lzma files that can be found in bin/

About the automatic updates…

To enable automatic updating before compiling uncomment the last line in package/base-files/default/bin/thinclient. i.e. remove the ‘#’:

. /tmp/.thinclient.sh  $1

It can also be done after installing on La Fonera, simply edit /bin/thinclient.

OpenVPN on La Fonera

OpenVPN is a full-featured open source VPN (Virtual Private Network). To set up an OpenVPN server Fonera you need:
– A Fonera router….
– Fonera firmware with jh patch version 0.2 or higher
– An ssh client like PuTTY.
– Something to copy files from La Fonera to you VPN clients like WinSCP
– OpenVPN client software. On windows I use OpenVPN GUI for Windows
– Have a fixed IP on the WAN interface of your Fonera and open port 1194 from your internet router to this IP.

Generating certificates and keys

First thing to do is to generate some certificates and keys so only authenticated clients can login to your network.
Run the following command to set some evironmental variables:

# /etc/easy-rsa/vars

Optionally edit /etc/easy-rsa/vars before running to set your own default parameters.

Next run clean-all to be really sure that old keys and certificates are removed:

# clean-all

Then build the certificate authority (CA) certificate and key:

# build-ca

A certificate and private key for the server also has to be generated:

# build-key-server server

Be sure that you enter “server” as Common Name and answer with “y” twice, once to sign the certificate and once to commit. Please note that you do not need to fill in a password or company name.

For each client you have to generate a unique key and certificate:

# build-key client1

Be sure that you enter a unique name as Common Name for each client and again answer with “y” twice, once to sign the certificate and once to commit. Please note that you do not need to fill in a password or company name.

Last file to generate is the Diffie Hellman parameter file

# build-dh

This will take a long time (approx 1 hour and 10 minutes), so get some coffee…

Setting up the bridge

You can either run a routed or bridged VPN. I choose to deliver the jh patch with a bridged VPN configured as default. A bridged VPN really makes the client part of the server network. A routed VPN requires extra configuration on the firewall. Read more about it on http://openvpn.net

The jh patch comes with a bridge script (/etc/init.d/bridge). This script allows you to start and stop the bridge. It also set the IP addres of the WAN interface to a fixed IP.

In the bridge script, set eth_ip, eth_netmask, eth_broadcast and eth_gateway to the appropriate values:

# vi /etc/init.d/bridge

Then test the bridge by running:

# /etc/init.d/bridge start

Your ssh connection will now freeze or disconnect. Try and (re)connect to the ip address you just configured.
If that fails reboot your Fonera by unplugging it. Rebooting will bring back the original network configuration. Check the changes you made in /etc/init.d/bridge and try again.

Next check your bridge which should show you that bridge br0 is bridging eth0 and tap0:

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.00188482f850       no              eth0
tap0

If you are sure the bridge script is working fine rename it to automatically run it at boot time.

# cd /etc/init.d/
# mv bridge S41bridge

Editing the server configuration file

Edit the OpenVPN config file:

# vi /etc/openvpn/server.conf

Your most likely want to change the line with the ip address openvpn should listen on and the line which starts with server-bridge. Please make sure that the ip address ranges of openVPN do not overlap the dhcp server in your network.

You can now start the OpenVPN server:

# /etc/init.d/openvpn start

Or, to get some output use:

# openvpn –config /etc/openvpn/server.conf

Don’t forget to configure your internet router to route incoming connection on port 1194 to the Fonera. Now you are ready to test your VPN.

Client configuration

Download and install OpenVPN GUI for Windows on a client. client.ovpn is an example config file. Also copy ca.crt and the client crt and key file from /etc/easy-rsa/keys/ on your Fonera to the client.
I use WinSCP to copy files from my Fonera to a windows system.

A final touch

If everything works you can rename /etc/init.d/openvpn to make it start up at boot time.

# cd /etc/init.d/
# mv openvpn S50openvpn

Downloads & Changelog

Current version 

fonera-jh-0.2.patch
fonera-jh-0.2

Old versions

Changelog

jh-0.2: 

  • Added OpenVPN server
  • Fixed file permissions

jh-0.1:

  • Enabled ssh server. It’s accesible through both wireless networks and on WAN network.
  • Fonera update functionality. This is not included in the orgininal source.
  • Disabled the serial console. This allows you to use the serial port for other purposes.
  • Added setserial package and enabled stty in busybox config to change your serial port settings.

Leave a Reply

Your email address will not be published. Required fields are marked *