Month: February 2018

• libreCMC v1.4.2 commit 1652ef7 source
  • magnet:?xt=urn:btih:39bb40c25ddffbb8c3eeefdd7e685a29facf506b&dn=librecmc-v1.4.2-c%5F1652ef7.tar.gz
• libreCMC v1.4.2 commit 1652ef7 GL-AR300M NAND Build
  • magnet:?xt=urn:btih:7e3a5638bb3666c969682dbaabc74151f808e727&dn=librecmc-v1.4.2-c%5F1652ef7-flock-ar71xx-nand-gl-ar300m-ubi-factory.img

Shameless plug for my birthday coming up next month…

I’m eager to own one or more of these GL-AR300M units, which sport dual antennas, a 300MHz CPU, and 128 MB NAND flash, for my libreCMC experiments. With that much CPU and persistent memory, it can be treated more like a pocket pc than a pocket Wi-Fi router. The units are not very expensive (under $40) though for the cheap shipping you have to figure in about 3 weeks of shipping time.

My most recent builds have a bug in the configuration due to missing busybox flock program, which generates annoying messages in the log. Here are new builds:

• libreCMC v1.4.2 commit 1652ef7 source
  • magnet:?xt=urn:btih:39bb40c25ddffbb8c3eeefdd7e685a29facf506b&dn=librecmc-v1.4.2-c%5F1652ef7.tar.gz
• libreCMC v1.4.2 commit 1652ef7 TPE-R1100 Build
  • magnet:?xt=urn:btih:3aecd53e10ffdf76809ba86522782fa1db9defd9&dn=librecmc-v1.4.2-c%5F1652ef7-flock-ar71xx-generic-tpe-r1100-squashfs-sysupgrade.bin
• libreCMC v1.4.2 commit 1652ef7 GL-AR150 Build
  • magnet:?xt=urn:btih:d3f93eb8bb6dd37dbefa2062caccfb72fd1040ce&dn=librecmc-v1.4.2-c%5F1652ef7-flock-ar71xx-generic-gl-ar150-squashfs-sysupgrade.bin

The GL-AR300M build will be done later.

My libreCMC to libreCMC Layer 2 OpenVPN connection worked successfully in a test from home -> work LAN. A few of the cooler looking log snippets:

openvpn(asi_eth_client)[821]: UDP link local: (not bound)
openvpn(asi_eth_client)[821]: UDP link remote: [AF_INET]<snip>:1194
openvpn(asi_eth_client)[821]: TLS: Initial packet from [AF_INET]<snip>:1194, sid=<snip> <snip>
openvpn(asi_eth_client)[821]: VERIFY OK: depth=1, C=US, ST=AK, L=Fairbanks, O=Alaska Satellite Internet, OU=Solutions, CN=Alaska Satellite Internet CA, name=ASICA, emailAddress=<snip>
openvpn(asi_eth_client)[821]: VERIFY KU OK
openvpn(asi_eth_client)[821]: Validating certificate extended key usage
openvpn(asi_eth_client)[821]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn(asi_eth_client)[821]: VERIFY EKU OK
openvpn(asi_eth_client)[821]: VERIFY OK: depth=0, C=US, ST=AK, L=Fairbanks, O=Alaska Satellite Internet, OU=Solutions, CN=myvpn, name=myvpn, emailAddress=<snip>
openvpn(asi_eth_client)[821]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
openvpn(asi_eth_client)[821]: [myvpn] Peer Connection Initiated with [AF_INET]<snip>:1194
<snip>
openvpn(asi_eth_client)[821]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn(asi_eth_client)[821]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn(asi_eth_client)[821]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Some snippets from tcpdump, showing the traffic being passed back and forth along the tunnel:

05:24:31.717536 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 382
05:24:31.717647 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 81
05:24:31.721769 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 188
05:24:31.722641 IP 10.0.0.184.45965 > <snip>.static.gci.net.1194: UDP, length 163
05:24:31.739124 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 105
05:24:31.800892 ARP, Request who-has 10.0.0.3 tell 10.0.0.1, length 46
05:24:31.927072 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 393
05:24:31.931171 IP 10.0.0.184.45965 > <snip>.static.gci.net.1194: UDP, length 163
05:24:32.205518 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 398
05:24:32.209665 IP 10.0.0.184.45965 > <snip>.static.gci.net.1194: UDP, length 163
05:24:32.482088 IP <snip>.static.gci.net.1194 > 10.0.0.184.45965: UDP, length 130

Screen shot of the interface stats:

I disabled the LAN ethernet and password protected the Wi-Fi to make it a little more challenging for a passerby to casually “plug in” to the exposed VPN. Once I connected to the Wi-Fi, I was able to access my work file share, printer interface, and backup storage system.

I’m going to submit my config info to the official libreCMC docs.

Please see the previous post for details.

• libreCMC v1.4.2 commit 1652ef7 source
  • magnet:?xt=urn:btih:39bb40c25ddffbb8c3eeefdd7e685a29facf506b&dn=librecmc-v1.4.2-c%5F1652ef7.tar.gz
• libreCMC v1.4.2 commit 1652ef7 GL-AR300M NAND build
  • magnet:?xt=urn:btih:9444f30d781c2e6a7646ba30042b9603257b578c&dn=librecmc-v1.4.2-c%5F1652ef7-ar71xx-nand-gl-ar300m-ubi-factory.img