[Cerowrt-devel] Replacing CeroWrt with OpenWrt - Routing

[Cerowrt-devel] Replacing CeroWrt with OpenWrt - Routing

[Rich Brown]

I am working to restore the functionality of my CeroWrt 3.10.50-1 router with an OpenWrt BB image.

Things are going pretty well, but I have run into a problem. In the past, I frequently used two CeroWrt routers at my home: one was my primary, and connected via PPPoE to my DSL link; the other was the secondary, and used DHCP on ge00 to get an address from the LAN side of the primary router.

My memory is that everything worked fine - I could connect to either router's wifi, and get to things that were on the other router's Wifi. (Bonjour/mDNS naming for example).

With OpenWrt as my primary router and CeroWrt as the secondary, I am able to connect to the CeroWrt wifi and get anywhere - either the OpenWrt subnets or to the Internet.

But connecting to the OpenWrt wifi, I cannot ping or telnet to any addresses on the CeroWrt... What am I missing? (This is probably not a deep question: I really don't understand linux routing configuration...)

Many thanks,

Rich

Re: [Cerowrt-devel] Replacing CeroWrt with OpenWrt - Routing

[Alan Jenkins]

On 13/05/15 02:19, Rich Brown wrote:
> I am working to restore the functionality of my CeroWrt 3.10.50-1
> router with an OpenWrt BB image.
>
> Things are going pretty well, but I have run into a problem. In the
> past, I frequently used two CeroWrt routers at my home: one was my
> primary, and connected via PPPoE to my DSL link; the other was the
> secondary, and used DHCP on ge00 to get an address from the LAN side
> of the primary router.
>
> My memory is that everything worked fine - I could connect to either
> router's wifi, and get to things that were on the other router's
> Wifi. (Bonjour/mDNS naming for example).
>
> With OpenWrt as my primary router and CeroWrt as the secondary, I am
> able to connect to the CeroWrt wifi and get anywhere - either the
> OpenWrt subnets or to the Internet.
>
> But connecting to the OpenWrt wifi, I cannot ping or telnet to any
> addresses on the CeroWrt... What am I missing? (This is probably not
> a deep question: I really don't understand linux routing
> configuration...)

I can start with really basic :).

AIUI CeroWrt can do this using the babel mesh routing daemon.  That 
might be what you had working.

I don't know routing daemons, but I'm quite familiar with static 
routing, so in your shoes that's probably what I'd attempt first.  It at 
least gives you an idea what's going on at the IP level.  This would 
require... as a vague checklist, and being unhelpfully vague about 
wireless...

Second router:

1) Make sure the LAN subnet (and IP address) doesn't conflict with the 
first.  I think CeroWrt already uses different addresses to OpenWrt. 
But for this example I use 192.168.16.0, netmask 255.255.255.0, and 
192.168.16.1.

Wiki explanation of netmask:
https://en.wikipedia.org/wiki/Subnetwork#Determining_the_network_prefix


2) a) Configure it with a WAN IP address that belongs to the first LAN. 
  Usually a static address, which is outside the DHCP pool.  Keep a note 
of all the static addresses you configure, to avoid conflicts.  b) Set 
default route to the first router.  OR make it a DHCP client which picks 
up the address and default route automatically.

You seem to have this part working, or CeroWrt wouldn't access the internet.


3) First router: set a static route for the subnet belonging to LAN2, 
which points at the LAN1 IP address of the second router.

You don't have this bit.

To add a separate routed wireless network on the second AP (as opposed 
to a more seamless one which allows roaming between the two APs): try 
configuring the wireless subnet adjacent to the wired one & use a single 
aggregated route for simplicity.

wireless lan: 192.168.17.0, 255.255.255.0

aggregated route for wlan + lan: 192.168.16.0/23, i.e. netmask 255.255.254.0

It could be extended to guest wireless as well.  Widen the route by 
another bit, and don't worry if you're not actually using the fourth 
subnet (192.168.19.0/24)


4) *** Make sure NAT is disabled on the second router. ***

I think you have NAT enabled on CeroWrt, because otherwise, without 
doing part 3), computers on CeroWrt network wouldn't get any packets 
_back_ from the internet.


5) Configure the firewall on the second router to accept all packets 
from the WAN interface / unknown networks.  You rely on the first router 
to do that instead.


Alan

Re: [Cerowrt-devel] Replacing CeroWrt with OpenWrt - Routing

[Kevin Darbyshire-Bryant]

[-- Attachment #1: Type: text/plain, Size: 1460 bytes --]



On 13/05/15 09:07, Alan Jenkins wrote:
> On 13/05/15 02:19, Rich Brown wrote:
>>
>>
>> But connecting to the OpenWrt wifi, I cannot ping or telnet to any
>> addresses on the CeroWrt... What am I missing? (This is probably not
>> a deep question: I really don't understand linux routing
>> configuration...)
>

For reference/interest: The default CeroWrt numbering is here 
http://www.bufferbloat.net/projects/cerowrt/wiki/Default_network_numbering 
which may help explain how things used to work :-)

I'm currently away on 'holiday' down at my parents house otherwise could 
help/concentrate more.  As an aside, evidently the house is on the end 
of a very long piece of wet string known as a telephone line, actually I 
must be in space judging by the 6 seconds(!) of bufferbloat.  I brought 
an ancient Netgear DGN3500 with me for them (has integrated ADSL modem 
otherwise things get messy cabling wise otherwise it'd be a TP-Link 
Archer C7) running OpenWrt CC r45669 with 'Cake' rammed into it (in a 
slightly more elegant way since we last typed Dave H/T :-)

This has enabled me to relocate back to planet earth and pointed out 
some strange ADSL rate behaviour (which mysteriously fixed itself at 
6am)  Still can't get over the 6 seconds of bufferbloat, latency is now 
under some sort of control down to spikes of 120mS ish - needs more 
fiddling.  No wonder facetime calls were problematic though.

Kevin D-B




[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4791 bytes --]

Re: [Cerowrt-devel] Replacing CeroWrt with OpenWrt - Routing

[Rich Brown]

Thanks Alan and Kevin,

This is helpful - I think I have enough to go on, and will report back/ask more questions as I move forward.

Best,

Rich

On May 13, 2015, at 4:07 AM, Alan Jenkins <alan.christopher.jenkins@gmail.com> wrote:

> On 13/05/15 02:19, Rich Brown wrote:
>> I am working to restore the functionality of my CeroWrt 3.10.50-1
>> router with an OpenWrt BB image.
>> 
>> Things are going pretty well, but I have run into a problem. In the
>> past, I frequently used two CeroWrt routers at my home: one was my
>> primary, and connected via PPPoE to my DSL link; the other was the
>> secondary, and used DHCP on ge00 to get an address from the LAN side
>> of the primary router.
>> 
>> My memory is that everything worked fine - I could connect to either
>> router's wifi, and get to things that were on the other router's
>> Wifi. (Bonjour/mDNS naming for example).
>> 
>> With OpenWrt as my primary router and CeroWrt as the secondary, I am
>> able to connect to the CeroWrt wifi and get anywhere - either the
>> OpenWrt subnets or to the Internet.
>> 
>> But connecting to the OpenWrt wifi, I cannot ping or telnet to any
>> addresses on the CeroWrt... What am I missing? (This is probably not
>> a deep question: I really don't understand linux routing
>> configuration...)
> 
> I can start with really basic :).
> 
> AIUI CeroWrt can do this using the babel mesh routing daemon.  That might be what you had working.
> 
> I don't know routing daemons, but I'm quite familiar with static routing, so in your shoes that's probably what I'd attempt first.  It at least gives you an idea what's going on at the IP level.  This would require... as a vague checklist, and being unhelpfully vague about wireless...
> 
> Second router:
> 
> 1) Make sure the LAN subnet (and IP address) doesn't conflict with the first.  I think CeroWrt already uses different addresses to OpenWrt. But for this example I use 192.168.16.0, netmask 255.255.255.0, and 192.168.16.1.
> 
> Wiki explanation of netmask:
> https://en.wikipedia.org/wiki/Subnetwork#Determining_the_network_prefix
> 
> 
> 2) a) Configure it with a WAN IP address that belongs to the first LAN.  Usually a static address, which is outside the DHCP pool.  Keep a note of all the static addresses you configure, to avoid conflicts.  b) Set default route to the first router.  OR make it a DHCP client which picks up the address and default route automatically.
> 
> You seem to have this part working, or CeroWrt wouldn't access the internet.
> 
> 
> 3) First router: set a static route for the subnet belonging to LAN2, which points at the LAN1 IP address of the second router.
> 
> You don't have this bit.
> 
> To add a separate routed wireless network on the second AP (as opposed to a more seamless one which allows roaming between the two APs): try configuring the wireless subnet adjacent to the wired one & use a single aggregated route for simplicity.
> 
> wireless lan: 192.168.17.0, 255.255.255.0
> 
> aggregated route for wlan + lan: 192.168.16.0/23, i.e. netmask 255.255.254.0
> 
> It could be extended to guest wireless as well.  Widen the route by another bit, and don't worry if you're not actually using the fourth subnet (192.168.19.0/24)
> 
> 
> 4) *** Make sure NAT is disabled on the second router. ***
> 
> I think you have NAT enabled on CeroWrt, because otherwise, without doing part 3), computers on CeroWrt network wouldn't get any packets _back_ from the internet.
> 
> 
> 5) Configure the firewall on the second router to accept all packets from the WAN interface / unknown networks.  You rely on the first router to do that instead.
> 
> 
> Alan

Re: [Cerowrt-devel] Replacing CeroWrt with OpenWrt - Routing

[Rich Brown]

I was close. I had the proper subnetting (CeroWrt router different from the OpenWrt...). I had tried turning off NAT, and accepting forwarded packets in the ge00 firewall, but that wasn't enough. 

Alan was right. The missing piece was:
	- set a static IP for ge00 on CeroWrt (secondary router)
	- add static routes in the OpenWrt (primary) router for the CeroWrt subnet(s) using that static IP for ge00 

One other setting needed a tweak. I was not able to access the CeroWrt web GUI when connected to the OpenWrt (primary) router's wifi. I needed to turn off the 'blockconfig' rule in the Network -> Firewall -> TrafficRules to allow configuration traffic in through the "wan" link that connects the secondary router to the primary.

Thanks all!

Rich

PS My next quest is subnetting/routing in OpenWrt instead of bridging everything on the LAN side...

On May 13, 2015, at 4:07 AM, Alan Jenkins <alan.christopher.jenkins@gmail.com> wrote:

> On 13/05/15 02:19, Rich Brown wrote:
>> I am working to restore the functionality of my CeroWrt 3.10.50-1
>> router with an OpenWrt BB image.
>> 
>> Things are going pretty well, but I have run into a problem. In the
>> past, I frequently used two CeroWrt routers at my home: one was my
>> primary, and connected via PPPoE to my DSL link; the other was the
>> secondary, and used DHCP on ge00 to get an address from the LAN side
>> of the primary router.
>> 
>> My memory is that everything worked fine - I could connect to either
>> router's wifi, and get to things that were on the other router's
>> Wifi. (Bonjour/mDNS naming for example).
>> 
>> With OpenWrt as my primary router and CeroWrt as the secondary, I am
>> able to connect to the CeroWrt wifi and get anywhere - either the
>> OpenWrt subnets or to the Internet.
>> 
>> But connecting to the OpenWrt wifi, I cannot ping or telnet to any
>> addresses on the CeroWrt... What am I missing? (This is probably not
>> a deep question: I really don't understand linux routing
>> configuration...)
> 
> I can start with really basic :).
> 
> AIUI CeroWrt can do this using the babel mesh routing daemon.  That might be what you had working.
> 
> I don't know routing daemons, but I'm quite familiar with static routing, so in your shoes that's probably what I'd attempt first.  It at least gives you an idea what's going on at the IP level.  This would require... as a vague checklist, and being unhelpfully vague about wireless...
> 
> Second router:
> 
> 1) Make sure the LAN subnet (and IP address) doesn't conflict with the first.  I think CeroWrt already uses different addresses to OpenWrt. But for this example I use 192.168.16.0, netmask 255.255.255.0, and 192.168.16.1.
> 
> Wiki explanation of netmask:
> https://en.wikipedia.org/wiki/Subnetwork#Determining_the_network_prefix
> 
> 
> 2) a) Configure it with a WAN IP address that belongs to the first LAN.  Usually a static address, which is outside the DHCP pool.  Keep a note of all the static addresses you configure, to avoid conflicts.  b) Set default route to the first router.  OR make it a DHCP client which picks up the address and default route automatically.
> 
> You seem to have this part working, or CeroWrt wouldn't access the internet.
> 
> 
> 3) First router: set a static route for the subnet belonging to LAN2, which points at the LAN1 IP address of the second router.
> 
> You don't have this bit.
> 
> To add a separate routed wireless network on the second AP (as opposed to a more seamless one which allows roaming between the two APs): try configuring the wireless subnet adjacent to the wired one & use a single aggregated route for simplicity.
> 
> wireless lan: 192.168.17.0, 255.255.255.0
> 
> aggregated route for wlan + lan: 192.168.16.0/23, i.e. netmask 255.255.254.0
> 
> It could be extended to guest wireless as well.  Widen the route by another bit, and don't worry if you're not actually using the fourth subnet (192.168.19.0/24)
> 
> 
> 4) *** Make sure NAT is disabled on the second router. ***
> 
> I think you have NAT enabled on CeroWrt, because otherwise, without doing part 3), computers on CeroWrt network wouldn't get any packets _back_ from the internet.
> 
> 
> 5) Configure the firewall on the second router to accept all packets from the WAN interface / unknown networks.  You rely on the first router to do that instead.
> 
> 
> Alan

Re: [Cerowrt-devel] Replacing CeroWrt with OpenWrt - Routing

[Dave Taht]

On Wed, May 13, 2015 at 6:36 AM, Rich Brown <richb.hanover@gmail.com> wrote:
> I was close. I had the proper subnetting (CeroWrt router different from the OpenWrt...). I had tried turning off NAT, and accepting forwarded packets in the ge00 firewall, but that wasn't enough.
>
> Alan was right. The missing piece was:
>         - set a static IP for ge00 on CeroWrt (secondary router)
>         - add static routes in the OpenWrt (primary) router for the CeroWrt subnet(s) using that static IP for ge00

What I typically do was simpler for ethernet connectivity.

kill the firewall on the sub router (ACCEPT 3 times)
renumber the sub router
use dhcp on the sub router's wan interface. Turn off fetching the
default route. (option defaultroute '0')
Enable babel on all interfaces (including wan) on the sub router
enable babel on the main router.

done. No need for static routes.

can do same for wifi either adhoc or as a wifi client

> One other setting needed a tweak. I was not able to access the CeroWrt web GUI when connected to the OpenWrt (primary) router's wifi. I needed to turn off the 'blockconfig' rule in the Network -> Firewall -> TrafficRules to allow configuration traffic in through the "wan" link that connects the secondary router to the primary.
>
> Thanks all!
>
> Rich
>
> PS My next quest is subnetting/routing in OpenWrt instead of bridging everything on the LAN side...
>
> On May 13, 2015, at 4:07 AM, Alan Jenkins <alan.christopher.jenkins@gmail.com> wrote:
>
>> On 13/05/15 02:19, Rich Brown wrote:
>>> I am working to restore the functionality of my CeroWrt 3.10.50-1
>>> router with an OpenWrt BB image.
>>>
>>> Things are going pretty well, but I have run into a problem. In the
>>> past, I frequently used two CeroWrt routers at my home: one was my
>>> primary, and connected via PPPoE to my DSL link; the other was the
>>> secondary, and used DHCP on ge00 to get an address from the LAN side
>>> of the primary router.
>>>
>>> My memory is that everything worked fine - I could connect to either
>>> router's wifi, and get to things that were on the other router's
>>> Wifi. (Bonjour/mDNS naming for example).
>>>
>>> With OpenWrt as my primary router and CeroWrt as the secondary, I am
>>> able to connect to the CeroWrt wifi and get anywhere - either the
>>> OpenWrt subnets or to the Internet.
>>>
>>> But connecting to the OpenWrt wifi, I cannot ping or telnet to any
>>> addresses on the CeroWrt... What am I missing? (This is probably not
>>> a deep question: I really don't understand linux routing
>>> configuration...)
>>
>> I can start with really basic :).
>>
>> AIUI CeroWrt can do this using the babel mesh routing daemon.  That might be what you had working.
>>
>> I don't know routing daemons, but I'm quite familiar with static routing, so in your shoes that's probably what I'd attempt first.  It at least gives you an idea what's going on at the IP level.  This would require... as a vague checklist, and being unhelpfully vague about wireless...
>>
>> Second router:
>>
>> 1) Make sure the LAN subnet (and IP address) doesn't conflict with the first.  I think CeroWrt already uses different addresses to OpenWrt. But for this example I use 192.168.16.0, netmask 255.255.255.0, and 192.168.16.1.
>>
>> Wiki explanation of netmask:
>> https://en.wikipedia.org/wiki/Subnetwork#Determining_the_network_prefix
>>
>>
>> 2) a) Configure it with a WAN IP address that belongs to the first LAN.  Usually a static address, which is outside the DHCP pool.  Keep a note of all the static addresses you configure, to avoid conflicts.  b) Set default route to the first router.  OR make it a DHCP client which picks up the address and default route automatically.
>>
>> You seem to have this part working, or CeroWrt wouldn't access the internet.
>>
>>
>> 3) First router: set a static route for the subnet belonging to LAN2, which points at the LAN1 IP address of the second router.
>>
>> You don't have this bit.
>>
>> To add a separate routed wireless network on the second AP (as opposed to a more seamless one which allows roaming between the two APs): try configuring the wireless subnet adjacent to the wired one & use a single aggregated route for simplicity.
>>
>> wireless lan: 192.168.17.0, 255.255.255.0
>>
>> aggregated route for wlan + lan: 192.168.16.0/23, i.e. netmask 255.255.254.0
>>
>> It could be extended to guest wireless as well.  Widen the route by another bit, and don't worry if you're not actually using the fourth subnet (192.168.19.0/24)
>>
>>
>> 4) *** Make sure NAT is disabled on the second router. ***
>>
>> I think you have NAT enabled on CeroWrt, because otherwise, without doing part 3), computers on CeroWrt network wouldn't get any packets _back_ from the internet.
>>
>>
>> 5) Configure the firewall on the second router to accept all packets from the WAN interface / unknown networks.  You rely on the first router to do that instead.
>>
>>
>> Alan
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 
Dave Täht
Open Networking needs **Open Source Hardware**

https://plus.google.com/u/0/+EricRaymond/posts/JqxCe2pFr67

Re: [Cerowrt-devel] Replacing CeroWrt with OpenWrt - Routing

[Rich Brown]

Dave - thanks for this overview. I'll check it out, then report to the group/OpenWrt wiki.

Rich


On May 13, 2015, at 10:49 AM, Dave Taht <dave.taht@gmail.com> wrote:

> What I typically do was simpler for ethernet connectivity.
> 
> kill the firewall on the sub router (ACCEPT 3 times)
> renumber the sub router
> use dhcp on the sub router's wan interface. Turn off fetching the
> default route. (option defaultroute '0')
> Enable babel on all interfaces (including wan) on the sub router
> enable babel on the main router.
> 
> done. No need for static routes.
> 
> can do same for wifi either adhoc or as a wifi client