Enlarge / Failing an image of the proposed reference hardware by the OpenWrt group, let us gaze upon where this all started: inside a device that tried to quietly use open source software without crediting or releasing it. (credit: Jim Salter)

OpenWrt, the open source firmware that sprang from Linksys' use of open source code in its iconic WRT54G router and subsequent release of its work , is 20 years old this year. To keep the project going, lead developers have proposed creating a "fully upstream supported hardware design," one that would prevent the need for handling "binary blobs" in modern router hardware and let DIY router enthusiasts forge their own path.

OpenWRT project members, 13 of which signed off on this hardware, are keeping the "OpenWrt One" simple, while including "some nice features we believe all OpenWrt supported platforms should have," including "almost unbrickable" low-level firmware, an on-board real-time clock with a battery backup, and USB-PD power. The price should be under $100 and the schematics and code publicly available.

But OpenWrt will not be producing or selling these boards, "for a ton of reasons." The group is looking to the Banana Pi makers to distribute a fitting device, with every device producing a donation to the Software Freedom Conservancy earmarked for OpenWrt. That money could then be used for hosting expenses, or "maybe an OpenWrt summit."

Značky: #openwrt, #security, #Networking, #Linux

Continue reading "Banner message for ssh"

Značky: #debian, #ubuntu, #Network, #openwrt

I own some old ADSL modems that are no longer suitable for modern networks. OpenWrt can be installed on them, but they are limited by hardware to 100 Mbps LAN and 54 Mbps WiFi. Therefore, using these devices as routers, network attached storage or anything else that requires high transfer speeds is no longer wanted. Fortunately, OpenWrt comes with many software packages available to install using its included package manager.

One of the tasks that are suitable for most low-speed OpenWrt routers is audio playing. However, there are some hardware requirements. You need a router on which you can install OpenWrt firmware. It must have at least 8 MB flash storage memory and, the most important: at least one USB port. I haven’t heard of routers with audio output, yet there are plenty with USB ports (for GSM modem or USB storage). With an USB sound card and proper software, you will be able to play audio from any OpenWrt router. In this post I will talk about internet radio streams. However, if you have an extra USB port or you plan to use a hub, you may also play music files from USB drive.

USB audio card plugged in the USB port of the router

Značky: #Audio, #Internet, #OpenWRT, #Radio, #Elektro

Following my previous post , you should have now a running Mosquitto based MQTT broker on your OpenWrt router that listens on port 1883 for unsecured clients and on port 8884 for TLS PSK clients. But that's not all. I want to have the broker listen to 8883 port for TLS certificate secured clients. I will use this port for remote clients over the internet.

Of course, the port can be used for local clients that support TLS. This is the highest level of transport encryption available. It's the same encryption used by HTTPS. When you (your browser) send a HTTPS request to a server (website), the server responds with its certificate and public key. The browser has a database of trusted certificate authorities and if the authority that issued the received certificate is in that database, browser will trust the server and will respond with data encrypted with the public key. Server decrypts data with its private key. Client and server will negotiate a one time key that will be used throughout the session.

Značky: #IoT, #Linux, #MQTT, #OpenWRT, #Elektro

The previous post was about MQTT security layers, the advantages of running a local MQTT server and how may a network of things be structured. The OpenWrt router should be ready to install and set up the server (broker) software. The software repositories contain two variants of the Eclipse Mosquitto software. One of them is built without SSL support. If you install that one, you won't be able to accept secure clients. The SSL enabled variant requires a bit more internal storage space and that's the main reason they provide both builds.

I'm using a router with Broadcom SoC and 16 MB of internal storage. There's still 86 percent free space after installing Mosquitto, the SSL enabled build. In this post I'll show you how to configure Mosquitto broker to listen to multiple ports and to accept clients with different security settings. This is because not all microcontrollers with network connectivity have enough processing power for TLS/SSL. And, as I said in the previous post, the devices in your local network are behind (at least one) firewall, and as long as no one else has physical access to the network, transport encryption between MQTT clients and server is not really needed. However, TLS/SSL is required for remote clients, over internet.

Značky: #IoT, #Linux, #MQTT, #OpenWRT, #Elektro