Birthday Hint

Shameless plug for my birthday coming up next month…

glar300m
GL-AR300M

I’m eager to own one or more of these GL-AR300M units, which sport dual antennas, a 300MHz CPU, and 128 MB NAND flash, for my libreCMC experiments. With that much CPU and persistent memory, it can be treated more like a pocket pc than a pocket Wi-Fi router. The units are not very expensive (under $40) though for the cheap shipping you have to figure in about 3 weeks of shipping time.

Builds with Flock Fix

My most recent builds have a bug in the configuration due to missing busybox flock program, which generates annoying messages in the log. Here are new builds:

  • libreCMC v1.4.2 commit 1652ef7 source
    • magnet:?xt=urn:btih:39bb40c25ddffbb8c3eeefdd7e685a29facf506b&dn=librecmc-v1.4.2-c%5F1652ef7.tar.gz
  • libreCMC v1.4.2 commit 1652ef7 TPE-R1100 Build
    • magnet:?xt=urn:btih:3aecd53e10ffdf76809ba86522782fa1db9defd9&dn=librecmc-v1.4.2-c%5F1652ef7-flock-ar71xx-generic-tpe-r1100-squashfs-sysupgrade.bin
  • libreCMC v1.4.2 commit 1652ef7 GL-AR150 Build
    • magnet:?xt=urn:btih:d3f93eb8bb6dd37dbefa2062caccfb72fd1040ce&dn=librecmc-v1.4.2-c%5F1652ef7-flock-ar71xx-generic-gl-ar150-squashfs-sysupgrade.bin

The GL-AR300M build will be done later.

Layer 2 VPN: It’s ALIVE!

My libreCMC to libreCMC Layer 2 OpenVPN connection worked successfully in a test from home -> work LAN. A few of the cooler looking log snippets:

openvpn(asi_eth_client)[821]: UDP link local: (not bound)
openvpn(asi_eth_client)[821]: UDP link remote: [AF_INET]<snip>:1194
openvpn(asi_eth_client)[821]: TLS: Initial packet from [AF_INET]<snip>:1194, sid=<snip> <snip>
openvpn(asi_eth_client)[821]: VERIFY OK: depth=1, C=US, ST=AK, L=Fairbanks, O=Alaska Satellite Internet, OU=Solutions, CN=Alaska Satellite Internet CA, name=ASICA, emailAddress=<snip>
openvpn(asi_eth_client)[821]: VERIFY KU OK
openvpn(asi_eth_client)[821]: Validating certificate extended key usage
openvpn(asi_eth_client)[821]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn(asi_eth_client)[821]: VERIFY EKU OK
openvpn(asi_eth_client)[821]: VERIFY OK: depth=0, C=US, ST=AK, L=Fairbanks, O=Alaska Satellite Internet, OU=Solutions, CN=myvpn, name=myvpn, emailAddress=<snip>
openvpn(asi_eth_client)[821]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
openvpn(asi_eth_client)[821]: [myvpn] Peer Connection Initiated with [AF_INET]<snip>:1194
<snip>
openvpn(asi_eth_client)[821]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn(asi_eth_client)[821]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn(asi_eth_client)[821]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Some snippets from tcpdump, showing the traffic being passed back and forth along the tunnel:

05:24:31.717536 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 382
05:24:31.717647 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 81
05:24:31.721769 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 188
05:24:31.722641 IP 10.0.0.184.45965 > <snip>.static.gci.net.1194: UDP, length 163
05:24:31.739124 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 105
05:24:31.800892 ARP, Request who-has 10.0.0.3 tell 10.0.0.1, length 46
05:24:31.927072 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 393
05:24:31.931171 IP 10.0.0.184.45965 > <snip>.static.gci.net.1194: UDP, length 163
05:24:32.205518 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 398
05:24:32.209665 IP 10.0.0.184.45965 > <snip>.static.gci.net.1194: UDP, length 163
05:24:32.482088 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 130

Screen shot of the interface stats:

Screenshot from 2018-02-26 20-30-28

I disabled the LAN ethernet and password protected the Wi-Fi to make it a little more challenging for a passerby to casually “plug in” to the exposed VPN. Once I connected to the Wi-Fi, I was able to access my work file share, printer interface, and backup storage system.

I’m going to submit my config info to the official libreCMC docs.

GL-AR300M NAND Build

Please see the previous post for details.

  • libreCMC v1.4.2 commit 1652ef7 source
    • magnet:?xt=urn:btih:39bb40c25ddffbb8c3eeefdd7e685a29facf506b&dn=librecmc-v1.4.2-c%5F1652ef7.tar.gz
  • libreCMC v1.4.2 commit 1652ef7 GL-AR300M NAND build
    • magnet:?xt=urn:btih:9444f30d781c2e6a7646ba30042b9603257b578c&dn=librecmc-v1.4.2-c%5F1652ef7-ar71xx-nand-gl-ar300m-ubi-factory.img