CUCC Expedition Handbook

Hut Network Configuration

If the internet is not working, the first thing to check is that
the black WiFi antennae are still upright and have not been knocked sideways.


Networking Software - configuration nerding

First, make sure you understand the physical cabling:


Hut Network - click for instructions

Expo laptops

Both expo laptops Crowley and Aziraphale use DHCP to get an IP4 address and the identity of a DNS nameserver. Neither laptop has any other configuration.

If you connect your laptop or phone to the potato hut wifi you will connect in the same way.

The Gasthof Wifi

The Gasthof WiFi - which you can use if you are close enough to the main building - is "StaudnGast" and has no WiFi password but there is a login webpage. It allocates IP addresses in the range 192.168.2.x etc. The antenna is now on the first-floor balcony within sight of the tatty hut window. You can get the password from the Gasthof front desk, or during expo it is usally written on the whiteboard in the potato hut. In the scripts published in this handbook we use the word GASTSECRET instead of the real password.

If you are not actively using the internet, the Gasthof system will close the connection after a few minutes and you will have to re-login again, typing the password into the login page.

The potato hut wifi

The potato hut wiFi has SSID "tattyhut" with our usual cavey:beery password. Like almost every other wifi anywhere it is running DHCP and allocating IP addresses to your device.

The DHCP system is issuing IP4 addresses of the form 192.168.200.x where x is a number between 11 and 199 with a lifetime of 48 hours.

The Expo laptops acquire a dynamic local address of this form, as does any other laptop or phone connecting to this wifi.

How it works - in words

The Acer Aspire One netbook is running Debian Linux operating system with the lightweight [xfce] window mananger. It runs a script once every 60s which checks whether it can access the internet. If it can't, it attempts a re-login to the Gasthof wifi system, which takes 5-10 seconds. If it still can't access the internet it deletes nearly all the configuration and reloads everything - which takes about 30s. The mere fact that it accesses the internet every minute is enough for the Gasthof system to keep the connection open - until it times out completely which it does after an hour or so.

The used scripts on the netbook live in /root/fakenet so that the cron job (running as root) can access them and things work even if /home is not monted. [This is not the usual Linux place to keep such things.] The cron file lives in the usual place in /etc/cron/cron.d/fakenet. Ignore the backup copy in /home/expo/fakenet.

When the netbook powers up, the script /etc/init.d/fakenet runs which sets everything going for the first time.

Wifi/router Netgear WNDR4000

The Netgear ethernet/wifi hub holds the radio transceiver that provides the wifi coverage inside the potato hut. It has an online manual but it needs no configuration at all during expo. Just turn it on at the beginning of expo and off again at the end.

The webpage control panel (which you should never need or touch) is accessed by connecting a laptop to the wifi or using the expo laptop on the ethernet and bringing up a web browser to http://192.168.200.1 with username 'admin' and the usual expo cavey:beery password. The password is also written on the underneath of the box.

TL-WR841N

TL-WR841N sockets and switches

In 2023 we will also have a backup wifi/router in Austria, a TL-WR841N belonging to Wookey which is configured identically to the Netgear device except that the username is 'root' not 'admin'. It would be good to test this so we could give ARM their WNDR4000 back, and the TP-link router can become expo's.

One important difference is that the ethernet cable from the netbook is plugged into the blue socket on the WR841N (it is yellow on the Netgear), and the 4 white sockets on the Netgear are 4 yellow sockets on the WR841N. A word of warning: the WR841N has been flashed with new firmware (openWRT) and so any documentation you may read in online manuals for it will be wrong: notably the reset and wifi on/off buttons don't have any effect, and the lights don't flash in the way the manuals say they do. There is also no USB socket, no 5Ghz, slower ethernet (100Mbps not 1Gbps) and the wifi range out to the tents is probably worse than the Netgear wifi.

Alfa wifi device

The Alfa AWUS036ACH is a high-power external wifi aerial to connect across the campsite to the gasthof. It uses the Realtek RTL8812AU chipset. Annoyingly this does not have a mainline kernel driver so we have to use a dkms driver '8812au'. This is not properly debianized so if you upgrade the kernel on the aspire it has to be rebuilt. The source and the rebuild scripts are in /home/expo/alfa-driver/morrownr. installing the kernel headers for the runing kernel, then running /home/expo/alfa-driver/morrownr/install-driver.sh NoPrompt will update it.

I recommend not updating the kernel for the duration of expo.

IP6

While you can use 5Ghz wifi and IP6 to connect within the hut, there is no IP6 connectivity to the external internet. Sorry. We are dependent on the Gasthof system for this. Use a phone and data roaming if you want it.

4 different 'networks'

To understand how the network is configured, you need to realise that we have to manage these different 'networks':

We bridge the hut wifi with the hut ethernet cable to the expo laptop so they are both 192.168.200.x, but this is a matter of choice. This is configured inside the wifi/router using the webpage control panel.

Where the DNS happens

DNS is what connects a computer name (such as expo.survex.com) with an internet address (such as 78.129.164.125). To make the internet work, we need to tell every laptop and phone where to find a DNS nameserver, or what machine to ask in order to get DNS queries forwarded to a DNS nameserver.

The DNS configuration happens in the netbook, using dnsmasq. The Netgear box just forwards DNS queries to the netbook, and tells laptops connected to the hut wifi to use that too.

Where the DHCP happens

DHCP is what decides what the x is when the wifi issues an address that a laptop must use when it connects to the wifi as 192.168.200.x.

We have done this in two different ways:

  1. 2017-2019 : in the netbook.
  2. 2022 : in the Netgear box.

1. The benefit of doing it in the Netgear box is that you get to play with a graphical web interface not text files. But also you can test that the Netgear box is working separately from everything else.

2. The benefit of doing it in the netbook is that all the configuration is in the same place, and you only have to learn one way of doing things instead of having to use text files and a web interface. Also, by making the Netgear box completely dumb, it is swap-replaceable if it dies with no reconfiguration required.

The DHCP is configured to issue IP addresses with x between 10 and 199, i.e. laptops and phones will get IP addresses between 192.168.200.10 and 192.168.200.199. These may change after 12 hours.

The router itself is 192.168.200.1

Interfaces

The netbook has two network interfaces: the Alfa wifi antenna (which is 'wlan1' and has an address issued by the Gasthof wifi system using DHCP) plugged into a USB socket, and the netbook's ethernet cable socket (eth0) which is configured to have the address 10.0.1.2. wlan0 on the netbook is the internal wifi.

The Netgear box has its yellow ethernet cable socket set to the address 10.0.1.1. The four other ethernet sockets are all on the address range 192.168.200.x and the wifi network interface is set to 192.168.200.1 also in the network 192.168.200.x.

So the ethernet cable between the Netgear box and the netbook is 10.0.1.1 at the Netgear end and 10.0.1.2 at the netbook end. Nothing else uses any number like 10.0.1.x.

When it all goes wrong

If everything is working between devices in the hut, but there is no internet access, then the first thing to check is that the black WiFi antennae on the small black Alfa box are still upright and have not been knocked sideways.

The next thing is to take a phone out to the road and try to connect directly to the Gasthof wifi. This is to check that the Gasthof is on the internet and that the problem is not between the Gasthof and the rest of the world.

You test whether the internet is running by trying to visit www.google.com or github.com.

The netbook attempts a reconnection every 60 seconds, so wait at least 2 minutes before doing anything. That is because when the netbook attempts a full reconnection it can take nearly a minute to rebuild everything.

Test whether the netbook is actually running and responding by sitting at the expo laptop and logging into the netbook remotely. Do this in a terminal window:

ssh expo@tclaspire3.potato.hut
or
ssh expo@tclaspire3.hut
or
ssh expo@10.0.1.2
(The last of these may not actually work: this is a non-routable IP address.)

If you get a login prompt, the netbook is running. It is a slow machine so do not expect this to be instant.

Login to the netbook (as user 'expo' using the cavey:beery password) and type this at a prompt:

/root/fakenet/runfakenet
which will run the script to reconnect. This may take a minute to have the desired effect.

If you didn't get a prompt when you attempted to login from the expo laptop then you will need to do the same thing but actually on the netbook keyboard. While you are at it, it would be a good idea to re-boot the netbook first by typing this on the netbook keyboard first, and waiting for it to re-boot:

shutdown --reboot

You may also need to re-enable wicd, see below.

If it keeps failing, then maybe the cron system which re-triggers it every 60s is not working. That is probably a symptom of something more much more serious wrong with the netbook if you have already re-booted it. Try re-booting it again and this time be more patient. Report this to a nerd, write a record of the problem in the expo logbook and post a request for help to the expo Matrix chat system.

wicd

The netbook needs to have its persistent networking set up correctly in addition to the other scripts. This is the wicd gui program that has an icon in the top-right of the sceen in the system panel. (Or search in all applications in the Internet section for the wicd application). Set the checkboxes so that the netbook does not connect to any network except the StaudnGast wifi network, and also tick the 'automatically reconnect' checkbox for the "StaudnGast" network.

The scripts

For the curious or desperate, here is how the scripts actually work.

The master copy of the scripts in on the expo server in /home/expo/config/netbook which includes the files

The files linked in this documentation are sanitized copies, not the master files. Get the master files by ftp or scp from expo.survex.com/home/expo/config/netbook.

Installation instructions are in the top-level readme file. These are all documented below, but do get an updated copy from expo.survex.com/home/expo/config/netbook before you do anything.

After installation of the files

The central script is /root/fakenet/keepalive which is run every 60 seconds:


#!/bin/sh
# Runs from cron

if ( ping -c 1 -w 5 -q wookware.org ); then
 #working
 :
else
 #rerun login 
 /root/fakenet/expo/gasthoflogin
 sleep 10
 if ( ping -c 1 -w 5 -q wookware.org ); then
  #working now
  :
 else
  #re-setup full network config
  /root/fakenet/runfakenet
 fi
fi
As you can see, it checks if the internet is available by looking for wookware.org and if not, it runs the Gasthof login script. If there is still no joy, it runs the full network reconfiguration script.

Gasthof login script /root/fakenet/expo/gasthoflogin:

#!/bin/bash 
#Script to connect to gasthof wifi
#Pull random webpage to get login page
# DNS must point to gasthof network, request must be by name
# Resolves, then HTTP request gets 303 'See Other'
#Extract magic token, then send login+token to 192.168.2.1:1000/fgtauth?
# Do it in a tmp dir to stop collecting index.html's

tmp=$(mktemp -d)
cd $tmp
echo "nameserver 213.33.99.70" > /etc/resolv.conf
wget http://wookware.org/
magic=$(cat index.html | tail -1 | sed 's/^.*magic" value="//' | sed 's/".*//')
wget -o /dev/null --post-data="username=Gast&password=GASTSECRET&magic=$magic" http://192.168.2.1:1000/
rm -f index.html
rm -f index.html.*
cd ..
rmdir $tmp
As you can see, it attempts to get http://wookware.org/index.html but actually gets the gasthof login form, which it then POSTs to with the Gasthof password - which is not actually GASTSECRET. Get this year's Gasthof password from the reception desk and write it on the whiteboard in the hut.

The network rebuild script is /root/fakenet/runfakenet where ${base} is "/root/fakenet" and ${config} is "expo" as set in /root/fakenet/config. (This config is a relic from the CSG script in 2014, see Historical Notes below.)

#!/bin/sh -eux

. /root/fakenet/config

#Close down running interfaces and services
sudo ifdown -i ${base}/${config}/netconfig eth0
sudo ifdown -i ${base}/${config}/netconfig wlan0
sudo ifdown -i ${base}/${config}/netconfig wlan1
sudo service wicd stop
sudo iptables -F
sudo killall dhclient || true
sudo /etc/init.d/dnsmasq stop
sudo killall dnsmasq || true

#Now bring up desired networking
#ethernet to router
sudo ifup -i ${base}/${config}/netconfig eth0
#wlan1 long-range wireless to gasthof
sudo ifup -i ${base}/${config}/netconfig wlan1

#Set up hostapd for local wireless - not currently (2022) used
#sudo service hostapd restart

#Make this machine do DNS for potatohut
#And forward external requests to the real net
sudo dnsmasq -q -C ${base}/${config}/dnsmasq.conf

#bridge/masquerade from gasthof to router
${base}/${config}/masquerade

# Log in to Gasthof wifi!
${base}/${config}/gasthoflogin


# Join Acer to potatohut network for admin purposes
#sudo ifup -i ${base}/${config}/netconfig wlan0

Other vital configuration bits

The file that configures the wifi, if it is not managed by the Netgear box and its web control panel, is the file /root/fakent/expo/hostapd.conf

interface=wlan0
driver=nl80211
ssid=tattyhut
hw_mode=g
channel=1
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
wpa=3
wpa_passphrase=CAVEYBEERYPASSWORD
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
where CAVEYBEERYPASSWORD is our usual expo password. In 2022 this capability was configured by the Netgear control panel, not by this file on the netbook.

The file that configures the DNS and DHCP is /root/fakent/expo/dnamasq.conf and it is very long with most of the lines commented out with an initial '#', so they are not all listed here. (You can read a copy of it: /root/fakenet/expo/dnsmasq.conf ). On the netbook 'eth0' is the interface with the antenna (which is actually a USB socket) and 'wlan0' is the netbook's ethernet socket interface to the cable going to the Netgear box. Some of the more relevant lines are:

interface=wlan0
dhcp-range=192.168.1.10,192.168.1.199,12h
addn-hosts=/root/fakenet/expo/hosts
expand-hosts
domain=potato.hut
no-dhcp-interface=eth0

The netconfig file referred to in runfakenet is /root/fakenet/expo/netconfig.
The interfaces(5) man pages are online.
The debian Wifi Interface documentation is online.
The debian wpasupplicant MODES documentation is online.
See also WPA_SUPPLICANT(8)

The operative lines of the netconfig file are:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo 
iface lo inet loopback

# The primary network interface
auto eth0

# connection to router
allow-hotplug eth0
iface eth0 inet static
  address 10.0.1.2
  netmask 255.255.255.0
  dns-nameservers 10.0.1.2

# Alfa wifi widget to the Gasthof
# See /usr/share/doc/wpasupplicant/README.modes.gz for config
allow-hotplug wlan1
iface wlan1 inet dhcp
 wireless-essid StaudnGast
 
# Access to the Acer netbook from the potatohut WiFi network
# auto wlan0
#allow-hotplug wlan0
#iface wlan0 inet dhcp
#  wpa-ssid potatohut
#  wpa-psk CAVEYBEERYPASSWORD

#bridge interface between ethernet (router) and wlan (gasthof)
#not used 2022 (wireless to eth bridgr not allowed?)
#auto br0
#iface br0 inet static
#bridge_ports wlan1 eth0
# address 10.0.1.3
# netmask 255.255.255.0  

The masquerade file referred to in runfakenet is /root/fakenet/expo/masquerade and the operative lines are

#!/bin/sh -eux
sudo sysctl net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE  
Note the line addn-hosts=/root/fakenet/expo/hosts which refers to the first file listed above which defines the names of the machines for the two ends of the cable between the netbook and the Netgear box. This /root/fakenet/expo/hosts file is just two lines. The name of the Netgear box is 'router' even though all routing is actually done by the netbook.
10.0.1.2 tclapsire3
10.0.1.1 router

The cron job file that configures crontab to run the fakenet script every 60 seconds is 70-persistent-net.rules. It is a single line of cron configuration:

*/1 *  * * *     root   [ -x /root/fakenet/keepalive ] && /root/fakenet/keepalive
where the initial */1 * * * * means that it runs once a minute, on every hour, day, month and year.

There is also a historical relic /root/fakenet/keepaliveharder which is no longer needed as it has been subsumed within keepalive.

There is a utility script which perhaps may be useful when configuring the network /root/fakenet/stopfakenet which stops everything:

#!/bin/sh
. ./config
sudo ifdown -i ${base}/${config}/netconfig eth0
sudo ifdown -i ${base}/${config}/netconfig wlan0
sudo ifdown -i ${base}/${config}/netconfig wlan1
sudo killall dnsmasq
sudo killall svnserve
#sudo service hostapd stop
sudo service wicd start
(No, I don't know why killing hostpad is commented out.)

There is no init script which automatically configures everything when the netbook is booted up. The cron job running once a minute will restart everything after a minute or two.

Buggeration - how it will all go wrong..

We are using an old way of configuring network interfaces in debian. Which will all break at some point when someone does a debian upgrade. The scripts use the "Predicatable Names" scheme and iptables which are both earmarked for destruction.

Note that "Wicd is not available in Debian 11/Bullseye or newer" - debian Wifi Interface documentation.

This is intentional. As Wookey wrote in /root/fakenet/README-expo:
"It's quite low-level and old-fashioned so one can understand it :-)"

So all this will need reimplementing for expo 2024.

Historical Notes

Prior to 2017 we used to run an unconnected local network with our own DNS domain name "potato.hut", our own server holding all the website and survey data, and published WiFi as SSID "tattyhut". Updates to the rest of the world were done by taking an up-to-date laptop which had been in the tatty hut to a real internet connection and pushing the changes to the distributed version control system on expo.survex.com to be merged.

In 2017 we arrived on expo to discover that our hard-drive in the hut had died (taking the music collection with it) which triggered the general reconfiguration to connect the tattyhut to the internet continuously and not to have our own local server. This coincided with a much-improved WiFi service at the Gasthof. We continued with the wifi service in the hut but now it also connects to the external internet instead of to a 'pretend' internet (which is why the system is called 'fakenet').

In 2018 and 2019 we had good Internet access at basecamp, but the high-gain system (old Alfa) was returned to its owner (Sam) during Covid (2020-21). Wookey bought a new one, which proved to not live up to its advertising.

In 2022 Wifi reception from the Gasthof was very poor. The connection script was improved so that dropped connections were restored more quickly. However the basic bandwidth with the new cheap antenna was not enough.

In 2023 a new Wifi device (the new Alfa) should restore decent connectivity. We hope this will improve everything to how it was in 2019. However this new Alfa has proved to be a right bastard to find the right drivers for. Wookey has had to be inventive in using an Ubuntu PPA to make it work with the Acer Aspire 1.

Also during winter 2023/23 Wookey upgraded the operating system on the Acer Aspire One netbook from the ancient Debian Wheezy it had been running to a decently almost-modern Debian distribution. This required much coaxing.

History of the scripts

The structure of the system was created by Wookey in 2013 who used the fakenet principle and the netbook to run training sessions in caving huts with no internet connection for the Cave Survey Group in the UK. [This is why the script has an extra level of parameter setting that might seem unnecessary: it has 'csg' and 'expo' options, but the two configurations have diverged so much over the years that this is merely a fossil.]

The part of the script that logs into the Gasthof wifi was written by Mark Shinwell in 2017 and re-edited by Sam Wenham in 2019. Wookey made it more robust on expo in 2022.


Go back to Hut cabling
Go back to: Basecamp computers
Go on to: Expo online systems