expo/expoweb
1
0
Fork 0
mirror of https://expo.survex.com/repositories/expoweb/.git/ synced 2025-12-08 14:54:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
369b47b756f19308d63291fbb780ad3b491955ea
expoweb/handbook/computing/netconfig.html
addledo 369b47b756 Hut network handbook page formatting
2025-07-06 20:12:39 +01:00

408 lines
23 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<title>CUCC Expedition Handbook: Hut network</title>
<link rel="stylesheet" type="text/css" href=/css/main2.css />
</head>
<body>
<h2 id="tophead">CUCC Expedition Handbook</h2>
<h1>Hut Network Configuration</h1>
<figure align=center>
<img width=60% border=1 src="./new-potato-hut-network.svg">
<br><figcaption>Hut Network</figcaption>
</figure>
<p>The Wavlink antenna sits on the outside of the potato hut and picks up the Gasthof WiFi. This is wired via ethernet cable and PoE (Power over Ethernet adapter) to the Netgear router, which acts as a switch and wireless access point. DHCP is done by the antenna. The antenna should be wired to one of the black LAN ports on the router, not the yellow WAN port. The Wavlink antenna is set up in "Repeater" & "WISP" mode. This is the only device seen by the Gasthof WiFi as it performs NAT for devices connected to its network. A device must manually login to the Gasthof network every so often, which autheticates for all devices on our network. In the past there has been an automated login script, but this is currently broken.
<p>The ethernet cable to the outisde is run into the ceiling vent above the kitchen and then out of the wall vent above the sink outside the tatty hut. The antenna is mounted to a screw on the wall near there. In 2025 the download speed achieved from this setup was 50-60Mbps.
<h3>The Gasthof Wifi</h3>
<p>The Gasthof WiFi - which you can use if you are close enough to the main building - is "StaudnGast" and has no WiFi password but there is a login webpage. It allocates IP addresses in the range <samp>192.168.2.x</samp> etc. The antenna is now on the first-floor balcony within sight of the tatty hut window. You can get the password from the Gasthof front desk, or during expo it is usally written on the whiteboard in the potato hut. In the scripts published in this handbook we use the word GASTSECRET instead of the real password.
<p>If you are not actively using the internet, the Gasthof system will close the connection after a few minutes and you will have to re-login again, typing the password into the login page.
<h3>The potato hut wifi</h3>
<p>The potato hut WiFi has <a href="https://www.howtogeek.com/334935/what-is-an-ssid-or-service-set-identifier/">SSID</a> "potatohut" with our usual cavey:beery password. Like almost every other wifi anywhere it is running DHCP (done by the Wavlink) and allocating IP addresses to your device.
<h3>Automated Login Script</h3>
<p>The old script ran a script once every 60s which checks whether it can access the internet. If it can't, it attempts a re-login to the Gasthof wifi system, which takes 5-10 seconds. If it still can't access the internet it deletes nearly all the configuration and reloads everything - which takes about 30s. The mere fact that it accesses the internet every minute is enough for the Gasthof system to keep the connection open - until it times out completely which it does after an hour or so.
<p>The <str>used</str> scripts on the netbook live in <var>/root/fakenet</var> so that the cron job (running as root) can access them and things work even if /home is not mounted. [This is not the usual Linux place to keep such things.] The cron file lives in the usual place in <var>/etc/cron/cron.d/fakenet</var>.
Ignore the backup copy in /home/expo/fakenet.
<p>When the netbook powers up, the script <var>/etc/init.d/fakenet</var> runs which sets everything going for the first time.
<h4>Wifi/router Netgear WNDR4000</h4>
<p>The Netgear ethernet/wifi hub holds the radio transceiver that provides the wifi coverage inside the potato hut.
It has an <a href="https://manualmachine.com/netgear/wndr4000/816208-user-manual/">online manual</a> but it needs no configuration at all during expo. Just turn it on at the beginning of expo and off again at the end.
<p>The webpage control panel (which you should never need or touch) is accessed by connecting a laptop to the wifi or using the <var>expo laptop</var> on the ethernet and bringing up a web browser to <a href="http://192.168.200.1">http://192.168.200.1</a> with username 'admin' and the usual expo cavey:beery password. The password is also written on the underneath of the box.
<h5>TL-WR841N</h5>
<figure class="onright" >
<a href="WR841N.jpg"><img border=1 src="WR841N.jpg"></a>
<br><figcaption>TL-WR841N sockets and switches</figcaption>
</figure>
<p>In 2023 we have an alternative wifi/router in Austria, a <a href="https://www.expertreviews.co.uk/tp-link/1401766/tp-link-tl-wr841n-review">TL-WR841N</a> belonging to Wookey which is configured identically to the Netgear device except that the username is 'root' not 'admin'. It would be good to test this so we could give ARM their WNDR4000 back, and the TP-link router can become expo's.
<s><p>One important difference is that the ethernet cable from the netbook is plugged into the blue socket on the WR841N (it is yellow on the Netgear), and the 4 white sockets on the Netgear are 4 yellow sockets on the WR841N.</s> A word of warning: the WR841N has been flashed with new firmware (openWRT) and so any documentation you may read in online manuals for it will be wrong: notably the reset and wifi on/off buttons don't have any effect, and the lights don't flash in the way the manuals say they do. There is also no USB socket, no 5Ghz, slower ethernet (100Mbps not 1Gbps) and the wifi range out to the tents is probably worse than the Netgear wifi.
<s>
<h4>Alfa wifi device</h4>
<p>The Alfa AWUS036ACH is a high-power external wifi aerial to connect across the campsite to the gasthof.
It uses the Realtek RTL8812AU chipset.
Annoyingly this does not have a mainline kernel driver so we have to use a dkms driver '8812au'.
This is not properly debianized so if you upgrade the kernel on the aspire it has to be rebuilt.
The source and the rebuild scripts are in /home/expo/alfa-driver/morrownr.
Installing the kernel headers for the runing kernel,
then running <tt>/home/expo/alfa-driver/morrownr/install-driver.sh NoPrompt</tt> will update it.
<p>I recommend not updating the kernel for the duration of expo.
We are getting 15-30 Mbit/s download speed with this device at the Acer Aspire netbook (3 July 2023).
<p>Note that this dual-antenna WiFi thing is a <em>high power</em> device: it won't work if plugged in via an unpowered USB hub. It is also fussy about which USB port it is plugged into on the netbook.
</s>
<h4>IP6</h4>
<p>While you can use 5Ghz wifi and IP6 to connect within the hut (if the Netgear router is being used),
there is no IP6 connectivity to the external internet. Sorry. We are dependent on the Gasthof system for this. Use a phone and data roaming if you want it.
<s><h4>Where the DNS happens</h4>
<p> DNS is what connects a computer name (such as <var>expo.survex.com</var>) with an internet address (such as <samp>78.129.164.125</samp>). To make the internet work, we need to tell every laptop and phone where to find a DNS nameserver, or what machine to ask in order to get DNS queries forwarded to a DNS nameserver.
<p>The DNS configuration happens in the netbook, using dnsmasq. The router just forwards DNS queries to the netbook, and tells laptops connected to the hut wifi to use that too.</s>
<h4>Where the DHCP happens</h4>
<p>DHCP is what decides what the <samp>x</samp> is when the wifi issues an address that a laptop must use when it connects to the wifi as <samp>192.168.200.x</samp>.
<p>We have done this in two different ways:
<ol>
<li>2017-2019 : in the netbook.
<li>2022-2024 : in the router (Netgear or tp-link) box.
<li>2025 : in the Wavlink antenna.
</ol>
<p>1. The benefit of doing it in the router box is that you get to play with a graphical web interface not text files. But also you can test that the router is working separately from everything else.
<p>2. The benefit of doing it in the netbook is that all the configuration is in the same place, and you only have to learn one way of doing things instead of having to use text files <em>and</em> a web interface. Also, by making the router completely dumb, it is swap-replaceable if it dies with no reconfiguration required.
<s><p>We also have the address <samp>192.168.250.200</samp> reserved for the expo laptop <em>crowley</em> in both routers.</s>
<h4>Printer</h4>
<p> We have a Samsung C430W printer, which can be connected to the network via ethernet, giving everyone printing access on their own device (2025).
<h5>Making the printer work with the expo laptop</h5>
<p>From a clean Debian install on the expo laptop, the missing thing for making the printer work was: apt-get install libcupsimage2
Also you need the Samsung driver installation from the Samsung website (see below).
<p>To share the printer:<br>
cupsctl --share-printers<br>
lpadmin -p C43x-Series -o printer-is-shared=true<br>
this should be one-time config.
<h4>Samsung Unified Printer Driver</h4>
<p>We have our own archive copy of this driver at
<a href="/expofiles/documents/uld.zip">expofiles/documents/uld.zip</a>.
<p>
The archive site is at
<a href="https://www.bchemnet.com/suldr/">
The Samsung Unified Linux Driver Repository</a>: "This site provides an apt (.deb) repository for installing the Samsung Unified Linux Driver (as of 2017, sold to HP) in a more user-friendly and less problematic way than downloading and installing directly from the Samsung website or using the installer that ships with printers."
<p>Or you can try to get the driver from
<a href="https://www.samsung.com/us/support/downloads/">www.samsung.com/us/support/downloads/</a> but it may have evaporated since HP took over the support.
<p>Installing the Samsung driver package:
<ol class="procedure" type="1">
<li class="step" title="Step 1">
<p>Make sure that the machine is connected to
your computer and powered on.</p>
</li>
<li class="step" title="Step 2">
<p>Copy the <span class="guimenu eng" title="eng">Unified Linux Driver</span> package
to your system.</p>
</li>
<li class="step" title="Step 3">
<p> Open Terminal program and go to the folder that you
copied the package to.</p>
</li>
<li class="step" title="Step 4">
<p>Extract the package.</p>
</li>
<li class="step" title="Step 5">
<p>Move to <span class="guimenu eng" title="eng">uld</span> folder.</p>
</li>
<li class="step" title="Step 6">
<p>Execute "./<span class="guimenu linux_driver" title="linux_driver">install.sh</span>"
command (If you're not logged in as a root, execute the
command with "<span class="guimenu eng" title="eng">sudo</span>" as "<span class="guimenu eng" title="eng">sudo ./install.sh</span>")</p>
</li>
<li class="step" title="Step 7">
<p> Proceed with the installation.</p>
</li>
<li class="step" title="Step 8">
<p>When the installation is finished, launch printing
utility(Go to <span class="guimenu eng" title="eng">System</span> &gt; <span class="guimenu eng" title="eng">Administration</span> &gt; <span class="guimenu eng" title="eng">Printing</span> or
execute "<span class="guimenu eng" title="eng">system-config-printer</span>" command
in Terminal program).</p>
</li>
<li class="step" title="Step 9">
<p>Click <span class="guimenu linux_driver" title="linux_driver">Add</span> button.</p>
</li>
<li class="step" title="Step 10">
<p>Select your printer.</p>
</li>
<li class="step" title="Step 11">
<p>Click the <span class="guimenu linux_Installer" title="linux_Installer">Forward</span> button
and add it to your system.</p>
</li>
</ol>
<h4 style="color: red">Troubleshooting</h4>
<p>Sometimes the WiFi may break and fail to allow devices to connect to the network. The first thing to try when this happens it to power cycle the Wavlink antenna. The can be done using the power button on the PoE adapter. The Gasthof network will likely have to be manually authenticated again afterwards, using any device.
<p>If the local network is working but doesn't have internet access, take a phone out to the road and try to connect directly to the Gasthof wifi. This is to check that the Gasthof is on the internet and that the problem is not between the Gasthof and the rest of the world.
<p>You test whether the internet is running by trying to visit <a href="http://www.google.com">www.google.com</a> or
<a href="https://github.com">github.com</a>.
<hr><hr>
<h1>Script information (out of date)</h1>
<h2 id="scripts">The scripts</h2>
<p>For the curious or desperate, here is how the scripts actually work.
<p>The master copy of the scripts in on the expo server in <var>/home/expo/config/netbook</var> which includes the files
<ul>
<li><a href="netbookfakenet/readme">readme</a>
<li><a href="netbookfakenet/fakenetcron">fakenetcron</a> - needs to be renamed and copied to <var>/etc/cron.d/fakenet</var>
<li><a href="netbookfakenet/70-persistent-net.rules">70-persistent-net.rules</a> - needs to be copied into <var>/etc/udev/rules.d/</var>
<li>fakenet2022.tgz - needs to be unpacked into <var>/root</var>
</ul>
<p>The files linked in this documentation are sanitized copies, not the master files. Get the master files by ftp or scp from <var>expo.survex.com/home/expo/config/netbook</var>.
<p>Installation instructions are in the top-level <a href="netbookfakenet/readme">readme</a> file. These are all documented below, but do get an updated copy from <var>expo.survex.com/home/expo/config/netbook</var> before you do anything.
<h3>After installation of the files</h3>
<p>The central script is <a href="netbookfakenet/fakenet2022/keepalive">/root/fakenet/keepalive</a> which is run every 60 seconds:
<pre><code>
#!/bin/sh
# Runs from cron
if ( ping -c 1 -w 5 -q wookware.org ); then
#working
:
else
#rerun login
/root/fakenet/expo/gasthoflogin
sleep 10
if ( ping -c 1 -w 5 -q wookware.org ); then
#working now
:
else
#re-setup full network config
/root/fakenet/runfakenet
fi
fi
</code></pre>
As you can see, it checks if the internet is available by looking for <var>wookware.org</var> and if not, it runs the Gasthof login script. If there is still no joy, it runs the full network reconfiguration script.
<p>Gasthof login script <a href="netbookfakenet/fakenet2022/expo/gasthoflogin">/root/fakenet/expo/gasthoflogin</a>:
<pre><code>#!/bin/bash
#Script to connect to gasthof wifi
#Pull random webpage to get login page
# DNS must point to gasthof network, request must be by name
# Resolves, then HTTP request gets 303 'See Other'
#Extract magic token, then send login+token to 192.168.2.1:1000/fgtauth?<token>
# Do it in a tmp dir to stop collecting index.html's
tmp=$(mktemp -d)
cd $tmp
echo "nameserver 213.33.99.70" > /etc/resolv.conf
wget http://wookware.org/
magic=$(cat index.html | tail -1 | sed 's/^.*magic" value="//' | sed 's/".*//')
wget -o /dev/null --post-data="username=Gast&password=GASTSECRET&magic=$magic" http://192.168.2.1:1000/
rm -f index.html
rm -f index.html.*
cd ..
rmdir $tmp
</code></pre>
As you can see, it attempts to get http://wookware.org/index.html but actually gets the gasthof login form, which it then POSTs to with the Gasthof password - which is not actually GASTSECRET. Get this year's Gasthof password from the reception desk and write it on the whiteboard in the hut.
<p>The network rebuild script is <a href="netbookfakenet/fakenet2022/runfakenet">/root/fakenet/runfakenet</a> where ${base} is "/root/fakenet" and ${config} is "expo" as set in <a href="netbookfakenet/fakenet2022/config">/root/fakenet/config</a>. (This config is a relic from the CSG script in 2014, see Historical Notes below.)
<pre><code>#!/bin/sh -eux
. /root/fakenet/config
#Close down running interfaces and services
sudo ifdown -i ${base}/${config}/netconfig eth0
sudo ifdown -i ${base}/${config}/netconfig wlan0
sudo ifdown -i ${base}/${config}/netconfig wlan1
sudo service wicd stop
sudo iptables -F
sudo killall dhclient || true
sudo /etc/init.d/dnsmasq stop
sudo killall dnsmasq || true
#Now bring up desired networking
#ethernet to router
sudo ifup -i ${base}/${config}/netconfig eth0
#wlan1 long-range wireless to gasthof
sudo ifup -i ${base}/${config}/netconfig wlan1
#Set up hostapd for local wireless - not currently (2022) used
#sudo service hostapd restart
#Make this machine do DNS for potatohut
#And forward external requests to the real net
sudo dnsmasq -q -C ${base}/${config}/dnsmasq.conf
#bridge/masquerade from gasthof to router
${base}/${config}/masquerade
# Log in to Gasthof wifi!
${base}/${config}/gasthoflogin
# Join Acer to potatohut network for admin purposes
#sudo ifup -i ${base}/${config}/netconfig wlan0
# Remove old local route for broken internal wifi
# Added 8 July 2023
sudo ip addr del 10.0.1.1/24 dev wlan0
</code></pre>
<h4>Other vital configuration bits</h4>
<p>The file that configures the wifi, but only when it is not managed by the router and its web control panel, is the file <var>/root/fakent/expo/hostapd.conf</var>
<pre><code>interface=wlan0
driver=nl80211
ssid=potatohut
hw_mode=g
channel=1
macaddr_acl=0
ignore_broadcast_ssid=0
auth_algs=1
wpa=3
wpa_passphrase=CAVEYBEERYPASSWORD
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
</code></pre>
where CAVEYBEERYPASSWORD is our usual expo password. In 2022 this capability was configured by the Netgear control panel, not by this file on the netbook.
<p>The file that configures the DNS and DHCP is <var>/root/fakent/expo/dnamasq.conf</var> and it is very long with
most of the lines commented out with an initial '#', so they are not all listed here. (You can read a copy of it: <a
href="netbookfakenet/fakenet2022/expo/dnsmasq.conf">/root/fakenet/expo/dnsmasq.conf</a> ). On the netbook 'eth0' is
the interface with the antenna (which is actually a USB socket) and 'wlan0' is the netbook's ethernet socket interface to the cable going to the Netgear box. Some of the more relevant lines are:
<pre><code>interface=wlan0
dhcp-range=192.168.1.10,192.168.1.199,12h
addn-hosts=/root/fakenet/expo/hosts
expand-hosts
domain=potato.hut
no-dhcp-interface=eth0
</code></pre>
<p>The netconfig file referred to in <var>runfakenet</var> is <a href="netbookfakenet/fakenet2022/expo/netconfig">/root/fakenet/expo/netconfig</a>.<br />
The <a href="https://manpages.debian.org/bullseye/ifupdown/interfaces.5.en.html">interfaces(5)</a> man pages are online. <br />
The <a href="https://wiki.debian.org/WiFi/HowToUse">debian Wifi Interface</a> documentation is online. <br />
The <a href="https://github.com/ystk/debian-wpasupplicant/blob/master/debian/README.Debian">debian wpasupplicant MODES</a> documentation is online. <br />See also <a href="https://manpages.debian.org/buster/wpasupplicant/wpa_supplicant.8.en.html">WPA_SUPPLICANT(8)</a>
<p>
The operative lines of the <var>netconfig</var> file are:</p>
<pre><code># This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
# connection to router
allow-hotplug eth0
iface eth0 inet static
address 10.0.1.2
netmask 255.255.255.0
dns-nameservers 10.0.1.2
# Alfa wifi widget to the Gasthof
# See /usr/share/doc/wpasupplicant/README.modes.gz for config
allow-hotplug wlan1
iface wlan1 inet dhcp
wireless-essid StaudnGast
# Access to the Acer netbook from the potatohut WiFi network
# auto wlan0
#allow-hotplug wlan0
#iface wlan0 inet dhcp
# wpa-ssid potatohut
# wpa-psk CAVEYBEERYPASSWORD
#bridge interface between ethernet (router) and wlan (gasthof)
#not used 2022 (wireless to eth bridgr not allowed?)
#auto br0
#iface br0 inet static
#bridge_ports wlan1 eth0
# address 10.0.1.3
# netmask 255.255.255.0
</code></pre>
<p>The masquerade file referred to in <var>runfakenet</var> is <a href="netbookfakenet/fakenet2022/expo/masquerade">/root/fakenet/expo/masquerade</a>
and the operative lines are</p>
<pre><code>#!/bin/sh -eux
sudo sysctl net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o wlan1 -j MASQUERADE
</code></pre>
Note the line <var>addn-hosts=/root/fakenet/expo/hosts</var> which refers to the first file listed above which defines the names of the machines for the two ends of the cable between the netbook and the Netgear box. This <var>/root/fakenet/expo/hosts</var> file is just two lines. The name of the Netgear box is 'router' even though all routing is actually done by the netbook.
<pre><code>10.0.1.2 tclapsire3
10.0.1.1 router
</code></pre>
<p>The cron job file that configures <var>crontab</var> to run the fakenet script every 60 seconds is
<a href="netbookfakenet/70-persistent-net.rules">70-persistent-net.rules</a>. It is a single line of cron configuration:
<pre><code>*/1 * * * * root [ -x /root/fakenet/keepalive ] && /root/fakenet/keepalive
</code></pre>
where the initial <samp>*/1 * * * *</samp> means that it runs once a minute, on every hour, day, month and year.
<p>There is also a historical relic <a href="netbookfakenet/fakenet2022/keepaliveharder">/root/fakenet/keepaliveharder</a> which is no longer needed as it has been subsumed within <var>keepalive</var>.
<p>There is a utility script which perhaps may be useful when configuring the network
<a href="netbookfakenet/fakenet2022/stopfakenet">/root/fakenet/stopfakenet</a> which stops everything:
<pre><code>#!/bin/sh
. ./config
sudo ifdown -i ${base}/${config}/netconfig eth0
sudo ifdown -i ${base}/${config}/netconfig wlan0
sudo ifdown -i ${base}/${config}/netconfig wlan1
sudo killall dnsmasq
sudo killall svnserve
#sudo service hostapd stop
sudo service wicd start
</code></pre>
(No, I don't know why killing hostpad is commented out.)
<p> There is no init script which automatically configures everything when the netbook is booted up. The cron job running once a minute will restart everything after a minute or two.
<h2 id="buggeration">Buggeration - how it will all go wrong..</h2>
<p>We are using an old way of configuring network interfaces in debian. Which will all break at some point when
someone does a debian upgrade. The scripts use the <a href="https://wiki.debian.org/NetworkInterfaceNames">
"Predicatable Names" scheme</a> and <a href="https://wiki.debian.org/iptables">iptables</a> which are both earmarked for destruction.
<p> Note that "Wicd is not available in Debian 11/Bullseye or newer" - <a href="https://wiki.debian.org/WiFi/HowToUse">debian Wifi Interface</a> documentation.
<p>This is intentional. As Wookey wrote in
<a href="netbookfakenet/fakenet2022/README-expo">/root/fakenet/README-expo</a>:<br />
<em>"It's quite low-level and old-fashioned so one can understand it :-)"</em>
<p>So all this will need reimplementing for expo 2024.
<hr />
Go back to
<a href="../l/hut-cables.html">Hut cabling</a><br />
Go back to: <a href="computer.html">Basecamp computers</a><br />
Go on to: <a href="onlinesystems.html">Expo online systems</a><br />
<hr /></body></body></html>
Reference in New Issue View Git Blame Copy Permalink