Notes

Overview
Telekom FTTH
- Configure
- References
EdgeOS / EdgeRouter
- DHCP
- DNS
- References
Unifi Access points (and switches)
Computers
Study notes

Overview

This page is for notes that don't belong anywhere else

Telekom FTTH

Configuring and OpenWRT router for Telekom FTTH.

Put your router/modem/shitbox from Telekom into bridge mode. Unfortunately it will expose the connection as a PPPoE instead of pain Ethernet with DHCP.

TLDR: You need to tag the packets on your WAN port with VLAN 7¹:

Configure

Using the info from the letter you should have gotten²:

Username: ${Anschlusskennung}${Zugangsnummer}${Mitbenutzernummer}@t-online.de
Password: ${Kennwort}
Protocol: PPPoE

Note

If you enable "easy login" in the Telekom Kundenportal, you can use invalid or no credentials for the PAP/CHAP auth.

These examples are using a Turris Omnia router. Your interface names may be different.

Configure with uci:

$ uci set network.wan.proto='ppoe'
$ uci set network.wan.ipv6='auto'
$ uci set network.wan.username='${Anschlusskennung}${Zugangsnummer}${Mitbenutzernummer}@t-online.de'
$ uci set network.wan.password='${Kennwort}'
$ uci set network.wan.device='eth2.7'

Editing config file /etc/config/network:

config interface 'wan'
	option proto 'pppoe'
	option ipv6 'auto'
	option password '${Kennwort}'
	option device 'eth2.7'
	option username '${Anschlusskennung}${Zugangsnummer}${Mitbenutzernummer}@t-online.de'
	option metric '0'
	option peerdns '0'
	list dns '${dns_server}'


config switch_vlan
	option device 'switch0'
	option vlan '7'
	option ports '1t 6t'

References

OpenWRT Wiki: ISP Configurations/Deustche Telekom

Telekom Hilft forum: PPPoE Einwahl über einen Router herstellen

EdgeOS / EdgeRouter

These things work like Cisco devices, enter configuration to change the config:

root@edge:~$ configure
[edit]
root@edge#

To show or dump the whole config, enter show:

# show
firewall {
...
}
interfaces {
...
}
port-forward {
...
}
service {
...
}
system {
...
}
[edit]

To inspect parts of the config,

# show firewall
...
[edit]

# show service dhcp-server hostfile-update
>hostfile-update enable
[edit]

When you are done, commit and save changes:

root@edge# commit
[edit]
root@edge# save
Saving configuration to '/config/config.boot'...
Done
[edit]
root@edge# exit
exit
root@edge:~$

The running config is written to /config/config.boot, which is just a textfile (easy backups).

DHCP

Act as an authoritative DNS for the zone configured in the DHCP server, recognizing local hostnames³:

set service dhcp-server hostfile-update enable

DNS

Forward DNS requests⁴ for $zone to $resolver:

set service dns forwarding options server=/${zone}/${resolver}

Show DNS forwardings servers and metrics:

show dns forwarding nameservers
show dns forwarding statistics

Enable DNS forwarding on $interface:

set service dns forwarding dhcp $interface

Forward DNS to $ip:

set service dns forwarding name-server $ip

Override $address with $ip

set service dns forwarding options address=/$address/$ip

Bind DNS to $interface:

set service dns forwarding listen-on $interface

Bind to all interfaces except $interface:

delete service dns forwarding listen-on
set service dns forwarding except-interface $interface

References

Configuring EdgeRouter X DNS to recognize local hostnames - GitHub MasterKale/IAmDocumentation

⁴

UniFi EdgeRouter - DNS Forwarding Setup and Options

⁵

UniFi EdgeRouter - How to Create a WAN Firewall Rule

Unifi Access points (and switches)

The access points are running some stripped down Linux. If you set your ssh key in the Network Console, you can ssh to them as the user admin. You'll get dropped into a BusyBox shell in /etc/persistent and can poke around.

They only present an RSA host key. If your OpenSSH doesn't accept it by default, you'll first have to enable it:

Host acess-point
    User admin
    HostkeyAlgorithms +ssh-rsa

They ship with vi, with vim deceptively symlinked to it:

# alias vim
vim='vi'

Some firmwares have some Unifi-specific tools, though these seem to be mostly gone from the firmware on newer access points. On older firmwares you can sometimes them.

ubnt-systool
ubnt-device-info
ubnt-tools

All firmwares ship with useful standard network utilities like tcpdump, scp, arp, ip, ping and etc.

Persist filesystem changes

The /etc/persistent path name is not a lie. But if you write to the filesystem and reboot, your changes will be gone. You need to use cfgmtd to actually persist your changes.

# cfgmtd -h
Usage: cfgmtd [options]
	-t <type>			- Configuration type to use [1(active)|2(backup)]. (Default: 1(active))
	-f <config file>		- Configuration file to use. (Default: /tmp/system.cfg)
	-p <persistent directory>	- Directory to persistent dir. (Default: none)
	-w				- Write to flash action.
	-r				- Read from flash action.
	-c				- Clear flash action.
	-o <mtd|file name>		- Use mtd or file name. (Default: /dev/mmcblk0p9)
	-n				- No check size when specify -o. (Default: Check)
	-h				- This message.

# cfgmtd -w -p /etc/persistent

You dont have a lot of space to play with though. :)

Control the LED

The access points have both a blue and white LED, but only the blue LED is configurable in the controller (models prior to AC Lite supposedly had an RGB LED).

They show up under /sys/class/leds/ubnt:{white,blue}:dome on AC Lite access points. On newer U6 access points they seem to be at /sys/class/leds/ubnt:{white,blue}:personality instead.

Turn on the white LED

The brightness file accepts a value between 0-255. Turning on the white LED is just writing 0 to brightness for the blue LED (turning it off) and writing 255 to brightness for the white LED (turning it on). For a dimmer light, use a lower number.

On U6 access points:

# echo 0 > /sys/class/leds/ubnt\:blue\:personality/brightness
# echo 255 > /sys/class/leds/ubnt\:white\:personality/brightness

On AC Lite:

# echo 0 > /sys/class/leds/ubnt\:blue\:dome/brightness
# echo 255 > /sys/class/leds/ubnt\:white\:dome/brightness

Turn the LEDs off

Just write 0 to the brightness file for both. For U6:

# echo 0 > /sys/class/leds/ubnt\:white\:personality/brightness
# echo 0 > /sys/class/leds/ubnt\:blue\:personality/brightness

Use ubnt:{white,blue}:dome on AC Lites and etc.

Adopt an AP over SSH

Info

Default user/passwd: unbt/ubnt

You can ssh to an AP and initate the adoption process:

# mca-cli-op set-inform http://${controller_host}:8080/inform

Some firmwares come with a set-inform binary, but mca-cli-op seems to ship with all firmwares (that I have seen).

The current controller URL is saved in a text file /etc/persistent/cfg/mgmt:

# grep "mgmt\.servers" cfg/mgmt
mgmt.servers.1.url=http://${controller_host}:8080/inform

Most other controller-configurable settings seem to be persisted in that file, as well as the authentication key it uses for the Adoption protocol (they use plain HTTP on port 8080 without SSL, but the HTTP traffic itself gets encrypted).

Clear the config

This clears the config on the AP, and has the same effect as pressing the phsysical reset button:

# set-default

The access point gets rebooted, and comes up with the factory settings.

References

⁶

Ubiquiti Support and Help Center - UISP - Command Line Interface (CLI)

⁷

Lazy Admin: Unifi Commands

⁸

OpenWRT Wiki: Ubiquiti Unifi AC

⁹

std.rocks: Main commands for Unifi Access Point

¹⁰

UniHosted: UniFi Commands