The address of the vpn interface is calculated in the style of
modified EUI-64, based on a virtual mac address. This virtual mac
address consists of 0x00 as first byte and the other five bytes
are taken from the first bytes of md5sum(base64 encoded public key).
The algorithm was taken by the ffmuc, with a slight difference. ffmuc
calculated the result of md5sum(base64 encoded public key + '\n')
which was interpreted as accidential fault and therefore dropped.
Example:
- Public-Key: "gP3VJnTTvnQut+z4O+m0N9RgMyXbgyUbUkF3E3TKX2w="
- Address: "fe80::02ca:b8ff:fedc:2eb3"
The following interfaces are used for wireguard:
- wg_mesh -> wireguard interface
- mesh-vpn -> vxlan iface on top of wg_mesh
If you use this new feature, make sure the NTP servers in your site
config are publicly reachable. This is necessary, since wireguard
requires correct time before the vpn connection is established.
Therefore gluon performs ntp time synchronisation via WAN before it
establishes the vpn connection. Therefore the NTP servers have to
be publicly reachable (and not only via mesh).
Hardware
--------
MediaTek MT7621AT
256M DDR3
32M SPI-NOR
MediaTek MT7603 2T2R 802.11n 2.4GHz
MediaTek MT7915 2T2R 802.11ax 5GHz
Not Working
-----------
- Bluetooth (connected to UART3)
UART
----
UART is located in the lower left corner of the board. Pinout is
0 - 3V3 (don't connect)
1 - RX
2 - TX
3 - GND
Console is 115200 8N1.
Boot
----
1. Connect to the serial console and connect power.
2. Double-press ESC when prompted
3. Set the fdt address
$ fdt addr $(fdtcontroladdr)
4. Remove the signature node from the control FDT
$ fdt rm /signature
5. Transfer and boot the OpenWrt initramfs image to the device.
Make sure to name the file C0A80114.img and have it reachable at
192.168.1.1/24
$ tftpboot; bootm
Installation
------------
1. Connect to the booted device at 192.168.1.20 using username/password
"ubnt".
2. Update the bootloader environment.
$ fw_setenv devmode TRUE
$ fw_setenv boot_openwrt "fdt addr \$(fdtcontroladdr);
fdt rm /signature; bootubnt"
$ fw_setenv bootcmd "run boot_openwrt"
3. Transfer the OpenWrt sysupgrade image to the device using SCP.
4. Check the mtd partition number for bs / kernel0 / kernel1
$ cat /proc/mtd
5. Set the bootselect flag to boot from kernel0
$ dd if=/dev/zero bs=1 count=1 of=/dev/mtdblock4
6. Write the OpenWrt sysupgrade image to both kernel0 as well as kernel1
$ dd if=openwrt.bin of=/dev/mtdblock6
$ dd if=openwrt.bin of=/dev/mtdblock7
7. Reboot the device. It should boot into OpenWrt.
Before this commit, some *.po files contained the same translation
twice within the same file. While this did not led to errors in
gluon yet, it is still invalid. This commit fixes that and removes
the duplicates.
- Move site check for prefix4 and extra_prefixes6 to gluon-core, so the
rules don't need to be duplicated in several packages. This also fixes
gluon-respondd not checking extra_prefixes6 at all when
gluon-ebtables-source-filter is not installed as well.
- A redundant check for prefix6 is removed from gluon-l3roamd (this was
already checked by gluon-core)
- A separate check for prefix4 remains in gluon-client-bridge, as the
setting in mandatory there
* ath79-generic: add support for Onion Omega
support was previously dropped in
commit 45c84a117b ("ar71xx: drop target")
* fixup! ath79-generic: add support for Onion Omega
* fixup! ath79-generic: add support for Onion Omega
- [x] must be flashable from vendor firmware
- [ ] webinterface
- [ ] tftp
- [x] other: Console port available. Manufacturer specific cable required.
Tutorial in OpenWRT commit message https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=c6e972c8772a628a1a2f2e5590d7c6f4acef9ab0
- [x] must support upgrade mechanism
- [x] must have working sysupgrade
- [x] must keep/forget configuration (if applicable)
*think `sysupgrade [-n]` or `firstboot`*
- [x] must have working autoupdate
root@Aruba-AP-303H:~# lua -e 'print(require("platform_info").get_image_name())'
aruba-ap-303h
- [x] reset/wps/phone button must return device into config mode
- [x] primary mac should match address on device label (or packaging) (https://gluon.readthedocs.io/en/latest/dev/hardware.html#notes)
- wired network
- [x] should support all network ports on the device
- [x] must have correct port assignment (WAN/LAN)
- wifi (if applicable)
- [x] association with AP must be possible on all radios
- [x] association with 802.11s mesh must be working on all radios
- [x] ap/mesh mode must work in parallel on all radios
- led mapping
- power/sys led (_critical, because led definitions are setup on firstboot only_)
- [x] lit while the device is on
- [x] should display config mode blink sequence
(https://gluon.readthedocs.io/en/latest/features/configmode.html)
- radio leds
- [x] should map to their respective radio
- [x] should show activity
- switchport leds
- [x] should map to their respective port (or switch, if only one led present)
- [x] should show link state and activity
- outdoor devices only
- [ ] added board name to `is_outdoor_device` function in `package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua`
- ToDo (upstream):
- enable PoE pass through on interface E3
system.poe_passthrough=gpio_switch
system.poe_passthrough.name='PoE Passthrough'
system.poe_passthrough.gpio_pin='446'
system.poe_passthrough.value='0' (0 is active)
e294a22 batman-adv: Refresh patches with quilt
519ef4a batman-adv: Merge bugfixes from 2021.2
8d93475 olsrd: add filtergw plugin
76a7bc7 olsrd: update to 2021-06-21
3912935 olsrd: use SPDX
69e2fe6 bird2: Fix bus error on OSPF on IPQ806X
fa1791dbc htop: Add HTOP_LMSENSORS config option
19998f14f banip: update 0.7.10
36ffcd66f xray-core: fix build under go 1.17
2b17d1ca9 golang: Update to 1.17
0e3c2d959 gpsd: bump to 3.23
3b73213bf yq: Update to 4.12.1
954eba88a auc: update to version 0.2.4
af4098118 yq: Update to 4.12.0
cec17047d apr: patch CVE-2021-35940
1c982c63a nextdns: Update to version 1.36.0
4adf9a1c1 mosquitto: allow auth options with per listener settings
c4f61bf57 mosquitto: init: support more UCI options
6c9d59571 airos-dfs-reset: add airos-dfs-reset
baceb237a [openwrt-21.02] delve: Update to 1.7.1
0bd7e25f2 phantap: update to latest commit
06011c690 travelmate: update to 2.0.6
3733d0a7d travelmate: update to 2.0.5-3
d89bb6bec https-dns-proxy: patch CMakeList.txt to use OpenWrt CFLAGS
8b5002a6e dnscrypt-proxy2: Upgrade to 2.1.0
ffb8b452a c-ares: update to version 1.17.2
ce0c9af93 mc: add a missing Syntax file
f5669e3a6 mblaze: new package
af616fc58 hwdata: update to version 0.350
0240320e8 tvheadend: update to v4.2.8, remove static ffmpeg
4ddc4a613 tvheadend: fix compilation with GCC 9 and 10
fdee10fde python3-setuptools: add _distutils_hack
affb4038c zabbix: Call killall with the -s
d0444c0f5 git: update to 2.33.0
e583b7e3e mc: update to 2.8.27
542aa086e curl: update to 7.78.0
dd49c191a auc: update to version 0.2.0
395f55203 unixodbc: use 'install' when copying host binaries
b3c416b2d perl: perlmod.mk: use 'install' for host binaries
5665c3bdf stubby: Add multi WAN support for procd trigger
1ca9b3c98 stubby: remove maintainer
39b401638 stubby: remove libidn2 and libunwind dependencies
57eab26bb stubby: bump to 0.4.0
cb7030229 sqm-scripts: bump to v1.5.1
eed183c5f travelmate: update to 2.0.5-2
3eab47600 travelmate: update to 2.0.5
20ff270f2 django: bump to version 3.2.6
b3cfba1de dockerd: Updated to 20.10.8
832671029 docker: Updated to 20.10.8
6fb2beb6a containerd: Updated to 1.4.9 for docker 20.10.8
f815bdd72 runc: Updated to 1.0.1 for docker 20.10.8
10b295626 whois: update to 5.5.9
6f82209e4 whois: update to 5.5.8
eda1e1045 gitlab-runner: update to 14.0.1
aa4171673 clamav: update to 0.103.3
2fc25208a irssi: add test.sh
8de166f42 irssi: update to 1.2.3
e264d6689 atlas-sw-probe: fix copypaste error and clean tmp dir on exit
9cb317541 Flash: update to version 2.0.1
eb5e13d37 Jinja2: update to version 3.0.1
573338fe4 Werkzeug: update to version 2.0.1
d1007d29f MarkupSafe: update to version 2.0.1
9fa4ce04a click: update to version 8.0.1
735f9ed87 itsdangerous: update to version 2.0.1
979464c6a net/snort3: Include default configs and snort2lua
dccb98855 knot-resolver: update to version 5.4.0
e38772510 knot: update to version 3.1.0
a2819fab7 golang: Update to 1.16.7
1a3687049 python-twisted: Update to 21.7.0, refresh patches
78a25390b libxslt: fix compilation because of wrong libxml2 check in configure script
beba98240 simple-adblock: update to 1.8.7-6
51de4b108 php7: update to 7.4.22
38fc5d866 libxml2: update to 2.9.12
e928ef733 php8: add CI runtime test
91be67942 php8: update to 8.0.9
bc6d77a7c node: bump to 14.17.4
af5c3af0c curl: enable HTTP/2 support by default
3cb1894b8 https-dns-proxy: update to 2021-07-29-01
c4a323903 nextdns: Update to version 1.35.0
bda6773b9 dawn: update to 2021-07-27
25a0a5cc4 travelmate: update to 2.0.4
877b65214 adblock: bugfix 4.1.3-3
11455c0fd librouteros: don't build docs
2c7ad7ca6 yq: Update to 4.11.2
fefd88227 syslog-ng: update to version 3.33.2
17c4b0332 ddns-scripts: use https for google ipv6 ddns url
d2cb8f4ee erlang: disable PIE
fc598339c yggdrasil: bump to 0.4.0
4ea887e64 vpnbypass: updates to 1.3.2-1
5e69e4108 Revert "net/miniupnpd: ext_ip_reserved_ignore support"
117c6bf76 knot: update to version 3.0.8
1c69a5270 knot: update to version 3.0.7
17809e28a yq: Update to 4.11.0
eabde6aab delve: Update to 1.7.0
ec9700fee golang: Update to 1.16.6
f7ba01cdd sane-backends: use macros (properly), remove chmod
041e28776 sane-backends: fix usbid file generation
48576dba7 vpn-policy-routing: update to 0.3.5-1
a0183d3f6 stress-ng: bump to version 0.12.10
0805c1199 stress-ng: bump to version 0.12.07
43a391e5f stress-ng: bump to version 0.12.06
752da2a8b stress-ng: bump to version 0.12.04
23925c77a ruby: update to 3.0.2
dd1930f03 dawn: update to 2021-07-11
c6fcfda21 dawn: update to 2021-07-08
8aeb26b41 yq: Update to 4.9.8
cc78ba6b5 addrwatch: Various fixes
6a24f88c3 yggdrasil: allow HTTPS connections
0a5ab6882 yggdrasil: bump to 0.3.16
79417f0a3 python-cffi: bump to version 1.14.6
02a0c8a4f python-simplejson: bump to version 3.17.3
1954ed36a openvpn: enable LZO support by default for OpenSSL variant
827fa8e21 syslog-ng: disable mqtt
f58494968 mwan3: bump PKG_VERSION to 2.10.11
7e71550f1 mwan3: add troublshoot command from LuCI
4f5b05ab8 mwan3: cleanup help output
588d781df syslog-ng: update to version 3.33.1
56d7a225e apache: update to 2.4.48
e11d70d0c transmission: add new syscalls to seccomp filter
ee11ce67a netdata: update to version 1.30.1
3ac73fa18 wsdd2: update to git 2021-06-28
7723235f4 samba4: update to 4.14.5
a2a9702f8 softethervpn5: update to 5.02.5180
104af774c rpcbind: update to 1.2.6
90341aa79 libtirpc: update to 1.3.2
c66b3dc45 lxc: add patch to switch GPG server
a5a176d86 yq: Update to 4.9.7
4bc55dd04 python3: do a simple ls on pip & setuptools if not selected for build
ef50ed85a python3: update to version 3.9.6
033b04ee7 mwan3: use default routes from additional tables
790a49c09 libuv: fix CVE-2021-22918
c605f4cb4 django: bump to version 3.2.5
63ca71937 nextdns: Update to version 1.34.2
57ed36db4 tessdata: uncompress tarball only once to speed up builds
3d7d41f71 tessdata: update to 2.1.0
7d9210015 openconnect: backport iconv/intl fix
5201d8739 python-dateutil: add setuptools-scm build dep
c2657a2e9 adblock: update 4.1.3-2
8e1a8026b crun: update to 0.20
15b873947 crun: bump to version 0.19.1
dae7bdd91 crun: Don't build on arc
08abbfd9b crun: add package crun
0f395b994 auc: update to version 0.1.8
51dd1c1fd delve: add package
3fef9fffa cache-domains: Fixed missing wildcard entries
24e67d6fa nextdns: Update to version 1.33.11
4692a31be travelmate: startup fixes
29eab35c6 openvpn: update to 2.5.3
1216b02d4 tcpreplay: bump to version 4.3.4
56e4da231 python-lxml: bump to version 4.6.3
535bcdb57 pillow: bump to version 8.1.2
1e01952ce ddns-scripts: get l3 device for bind network using curl
99f838dd6 ddns-scripts: Fix for domains with dash
12cd69329 ddns-scripts: Fix for wildcard subdomain
94efa1c612 fritz-tools: fix returning wrong values due to strncmp usage
d9be07169e mbedtls: update to 2.16.11
f407b2f43c mvebu: armada-37xx: add patch to forbid cpufreq for 1.2 GHz
b254bd697d Revert "mvebu: 5.4 fix DVFS caused random boot crashes"
4003eeab35 dnsmasq: reset EXTRA_MOUNT in the right place
6ca34c5c0c dnsmasq: fix more dnsmasq jail issues
b88ab44036 dnsmasq: rework jail mounts
8ef5894197 dnsmasq: use local option for local domain parameter
da5fd91073 dnsmasq: add ignore hosts dir to dnsmasq init script
9531e70708 OpenWrt v21.02.0-rc4: revert to branch defaults
134ac824c5 OpenWrt v21.02.0-rc4: adjust config defaults
2d5ee43dc6 kernel: bump 5.4 to 5.4.137
Fixes the display of client counts, which are numbers and not strings
in the respondd data.
Fixes: 3a885a1b22 ("gluon-status-page: make "gateway nexthop" a link (#2278)")
Do not depend on the respondd-airtime module just to get the configured
channels. This removes the display of the frequency in addition to the
channel, as it is not readily available.
In addition, the translation string is improved to allow for text after
the channel number.
This code is usually running on an embedded CPU without FPU. In
addtition to its inefficience, the algorithm is also much harder to
understand.
Replace the logarithm formula with a simple loop.