Daily Archives: November 8, 2012

Signposts – The installation

Leave a reply

This is a guide to the installation of Signpost on a 64 bit edition of ubuntu 12.04.

The steps of the installation process are:

1    install OCaml
2    install and set up OPAM
3    use OPAM to install the latest OCaml compiler and switch to this new compiler version
4    Add the remote repositories required for signposts to OPAM
5    Install the libraries required using OPAM
6    Download the code for signpost
7    Set up vswitch
8    Generate and place keys
9    Install iodine and set up password
10    Run Signposts

1 INSTALLING OCAML
OCaml 3.12.1 is available from the ubuntu repositories, this is not a up to date version of the compiler but it will do to bootstrap the process.

$ sudo apt-get install ocaml

2 INSTALLING & SET UP OPAM

OPAM is a useful package manager for OCaml code such as signposts. To download the initialize:

$ git clone git://github.com/OCamlPro/opam.git
$ cd opam && ./configure && make
$ sudo make install
$ opam init
$ eval ‘opam config -env’
$ echo “$ which opam && eval ‘opam config -env'” >> ~/.profile


3 SWITCH TO LATEST OCAML COMPILER
To see the compiler versions avaliable on OPAM use:

$ opam switch -list

To see the version of the OCaml compiler that is currently in use, use

$ ocaml -version

Then switch the OCaml 4.00.1 using

$ opam switch 4.00.1
$ eval ‘opam config -env’

This process may take quite a while. You can now check the version of OCaml again, it it should show that the PATH is now pointing towards a new OCaml compiler version

4 REMOTE REPOSITORIES

To view the current remote respositories that OPAM is using, enter:

$ opam remote -list

This should give you the following output:

[curl]     default     http://opam.ocamlpro.com

To add the remote respositories required for signposts enter the following:

$ opam remote -kind git -add dev https://github.com/mirage/opam-repo-dev.git
$ opam remote -kind git -add mirage git://github.com/mirage/opam-repo.git

Checking the current remote repositories as before, now returns

[git]       mirage     git://github.com/mirage/opam-repo.git
[git]   mirage-dev     git://github.com/mirage/opam-repo-dev.git
[curl]     default     http://opam.ocamlpro.com


5 INSTALL LIBRARIES

To install the required packages from OPAM and the package manager use:

$ opam install lwt cstruct mirage mirage-net ocamlgraph uri rpc oasis ssl
$ sudo apt-get install libnfnetlink-dev libnl-3-dev libnl-cli-3-dev libnl-genl-3-dev libnl-nf-3-dev libnl-route-3-dev

Some the packages here are not the most upto date, to get the updates

$ git clone https://github.com/crotsos/mirage-platform.git
$ cd mirage-platform/
$ make all install
$ git clone https://github.com/crotsos/mirage-net.git
$ cd mirage-net/
$ make all install
$ git clone https://github.com/crotsos/ocaml-openflow.git
$ cd ocaml-openflow/
$ make all install
$ git clone https://github.com/crotsos/ocaml-dns.git
$ cd ocaml-dns/
$ make all install
$ git clone https://github.com/crotsos/ocaml-crypto-keys.git
$ cd ocaml-crypto-keys/
$ make all install

In the future, you update your packages using:

$ opam update
$ opam upgrade

6 GET SIGNPOST CODE

To download a copy of the Signpost Code using:

$ git clone https://github.com/crotos/signpostd
$ cd signpostd
$ make

7 VSWITCH

$ sudo wget https://www.dropbox.com/s/4n0hwgoycm3838g/openvswitch_mod.ko?dl=1 -O /lib/modules/`uname -r`/extra/openvswitch_mod.ko
$ sudo wget https://www.dropbox.com/s/f7ivv8upe0bfurf/brcompat_mod.ko?dl=1 -O /lib/modules/`uname -r`/extra/brcompat_mod.ko
$ sudo depmod -a
$ modprobe openvswitch_mod
$ sudo modprobe brocompat_mod
$ sudo ovs-vsctl add-br br0
$ sudo ovs-vsctl add-port br0 eth0
$ sudo ifconfig eth0 up
$ sudo ifconfig br0 up
$ sudo ovs-vsctl set-fail-mode br0 standalone
$ sudo ovs-vsctl set-controller br0 tcp:localhost
$ sudo ln -s /etc/init.d/openvswitch-switch /etc/rcS.d/S10openvswitch-switch
$ sudo chmod 777 /etc/network/interfaces
$ echo “pre-up ifconfig eth0 up” >> /etc/network/interfaces

8 KEY GENERATION

For the each client we wish to add to the signposts personal cloud we need to generate a private and associated key. To generate these key we will be using onpenssl. On each client we need to generate the private key and place it into the signposd/conf directory when we need to generate the public key from this and place on the server un signpostd/conf/authorized_keys

on the client

$ openssl genrsa -out conf/signpost.pem 2046

and on the server

$ openssl rsa -in conf/signpost.pem -pubout -out conf/authorized_keys/clientname.pub

9 IODINE

To install iodine from the ubuntu package manager
sudo apt-get install iodine

OpenWrt & Linksys WRT54GL Router – Meet & Greet

Leave a reply

OpenWrt is a firmware for embedded devices used to router traffic. In this case we will be considering the use of OpenWRT in domestic routers such as the test hardware Linksys Wireless-G Broadband Router WRT54GL v1.1.

OpenWrt is Linux based so it included the Linux kernel as well as BusyBox. It has a package manager called opkg (similar to apt in ubuntu).

Before installing OpenWrt on a router, you must enable that the device is OpenWrt compatible, you can do this my ensuring the device is listed here 

HARDWARE SPECIFICATIONS

Before exploring OpenWrt, We are going to take a closer look at the hardware available:

CPU: Broadcom BCM5352 @ 200 MHz
RAM: 16 MB
Flash Memory:  4 MB

QUICK CHECK – to ensure the hardware is what we believe it to be, we can check the prefix of the serial number using the information here 

This hardware is fully supported by OpenWrt, but there have been issues with the limited amount of flash memory:
http://wiki.openwrt.org/toh/linksys/wrt54g#hardware
https://forum.openwrt.org/viewtopic.php?id=28223

The solution to this issues, has also been documented. This is to use OpenWrt 8.09 r14511 (code name “kamikaze”) instead of the most up-to date version OpenWrt 10.03.1-rc6 (code name “backfire”)

PICKING A VERSION

To start with we are going to install OpenWrt in Linksys Web GUI. There are many versions of OpenWrt available, so we need to identify to first version we will try:

  • The OpenWrt version is Kamilaze, due to a bug in backfire and instability of attitude adjustment
  • The recommended version is 8.09 within Kamilaze
  • The CPU is broadcom so the prefix is bcrm
  • For here, i can see the hardware supports both brcm-2.4 and brcm47xx
  • The difference between brcm-2.4 and brcm47xx is explained here 
  • For ease, we will download a image file, this will end with .bin
  • If both JFFS2 and SquashFS is available, use SpuashFS images
  • Look into the version history to determine with version of 8.09 is best and what is different between kamikaze, backfire and attitude adjustment

The image I am going to test is  http://downloads.openwrt.org/kamikaze/8.09/brcm-2.4/openwrt-wrt54g-squashfs.bin

INSTALLATION

Step 1: Download http://downloads.openwrt.org/kamikaze/8.09/brcm-2.4/openwrt-wrt54g-squashfs.bin to my Downloads directory
Step 2: Plug in router to mains and to computer via ethernet (use port 1 not internet port)
Step 3: Direct the browser to http://192.168.1.1 and log in
Step 4: Navigate to Administation > Firmware update, select openwrt-wrt54g-squashfs.bin and update

ALL IS LOOKING WELL 🙂

COMMUNICATION VIA WEB GUI 
Direct the browser to http://192.168.1.1, log in and your presented with the web interface luci

COMMUNICATION VIA TELNET
The router should now be telnet(able) to 192.168.1.1. To test this:
$ telnet 192.168.1.1
This returns the recipe for KAMIKAZE 🙂

Now to ensure that tftp is available to prevent bricking, enter:

  $ nvram set boot_wait=on
  $ nvram set boot_time=10
  $ nvram commit && reboot




 COMMUNICATION VIA SSH



CONFIGURING 



The network configuration is stored in /etc/config/network. The initial contents of this file for our set up is:


The content of the initial configuration file is


 #### VLAN configuration

config switch eth0

option vlan0    “0 1 2 3 5*”

option vlan1    “4 5”


#### Loopback configuration

config interface loopback

option ifname   “lo”

option proto    static

option ipaddr   127.0.0.1

option netmask  255.0.0.0


#### LAN configuration

config interface lan

option type     bridge

option ifname   “eth0.0”

option proto    static

option ipaddr   192.168.1.1

option netmask  255.255.255.0


#### WAN configuration

config interface        wan

option ifname   “eth0.1”

option proto    dhcp


Once we have edited this file, to make the new configuration take after we need to :

$ /etc/init.d/network restart


SWITCH

The switch section of the above configuration file is responsible for making one peoice of hardware, appear as several independent interfaces. The part of the configuration file which specifies the switch characteristics is:


 #### VLAN configuration

config switch eth0

option vlan0    “0 1 2 3 5*”

option vlan1    “4 5”


In the above configuration: The numbers 0-5 represent the port numbers, so VLAN0 includes ports 0 to 5* and VLAN1 includes ports 4 and 5. The * in 5*

indicates the PVID.




As shown in the above diagram, this switch separates the LAN ports and thWAN ports .


INTERFACES

The other statements in the configuration file describe the interfaces. The interfaces are logical networks, for the setting of IP address, routes and other magic.


The 3 interfaces that we have here are named loopback, lan and wan. The physical interfaces associated with these logical interfaces are lo, eth0.0 and eth0.1.