Setting up openwrt with Telenet WiFree

1_OpenwrtWiFreeGuide.md

Setting up openwrt with Telenet WiFree

This guide explains how to setup your openwrt router to interact with Telenet WiFree as a WISP router.
In this case we will connect to WiFree, create a secondary Wifi signal and also have access to the internet on the Lan interface.

With this setup you can have multiple devices connected to the Telenet WiFree Hotspot.

!Important check the Troubleshooting section at the bottom of this page if LAN does not work.

Disclaimer

I only use this at a secondary home. I am not in any way affiliated with Telenet.

What do you need?

• OpenWRT (In this case Barrier Breaker because of TP-Link MR3020 RAM limitations.)
• Full wpad package: search the openwrt packages site, it depends on your openwrt version. It should be located in the base packages.
• Openwrt compatible router: in this case I used an old TP-Link MR3020

Setup

1. Install OpenWRT

2. Log into your device

3. Secure your device

System -> Administration

4. Synchronize time

System -> System

Do not skip this step. Telenet WiFree seems to deauthenticate you if your time is not synchronized.

5. Removing and installing packages

Change the names of LOCATION_TO_YOUR_WPAD_FILE and wpad_XXX.ipk to the depending on your setup.

Open up your favourite terminal.
Scp the wpad file to your router.
scp /LOCATION_TO_YOUR_WPAD_FILE/wpad_XXX.ipk root@192.168.1.1:/tmp/
SSH into your device.
ssh root@192.168.1.1
Enter your password.
Remove the wpad-mini package and install the previously copied wpad package.

opkg remove wpad-mini
opkg install /tmp/wpad_XXX.ipk
rm /tmp/wpad_XXX.ipk

6. Associate with wireless network

Network -> Wifi

• Press Scan

• Join the network you want to connect to
  

• Submit these settings
  

• Change your interface configuration exactly as shown below input your own Identity and Password (Telenet Account) and press Save & Apply

• Advanced setting change country to Belgium

• Check if connected

  Network -> Wifi

  

7. Add secondary network

Network -> Wifi

• Press add in the right corner
• Change settings as wanted
• Change security settings

8. Done

Troubleshooting

• Try to disable all ipv6 connections if you can't get a connection
• Is your time synced??
• Leave a comment in case of other problems
• You could encounter out of space troubles on some devices. Keep in mind that with openwrt everytime you write a file you lose storage. So try to make as little changes as possible.
• To bypass the X time-out period implemented by Telenet check Watchcat. The restart interface mode should solve this problem and restart the selected interface automatically after x seconds of failed pings.

Credit

• Philipe_d @ userbase.be
• Openwrt Documentation

dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option ra 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 wwan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
	option ifname 'eth0'
	option force_link '1'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option delegate '0'

config interface 'wwan'
	option proto 'dhcp'
	option delegate '0'

system

config system
	option hostname 'OpenWrt'
	option timezone 'UTC'

config timeserver 'ntp'
	list server '0.openwrt.pool.ntp.org'
	list server '1.openwrt.pool.ntp.org'
	list server '2.openwrt.pool.ntp.org'
	list server '3.openwrt.pool.ntp.org'
	option enabled '1'
	option enable_server '0'

config led 'led_usb'
	option name 'USB'
	option sysfs 'tp-link:green:3g'
	option trigger 'usbdev'
	option dev '1-1'
	option interval '50'

config led 'led_wlan'
	option name 'WLAN'
	option sysfs 'tp-link:green:wlan'
	option trigger 'phy0tpt'

config led 'led_lan'
	option name 'LAN'
	option sysfs 'tp-link:green:lan'
	option trigger 'netdev'
	option dev 'eth0'
	option mode 'link tx rx'

ucitrack

config network
	option init network
	list affects dhcp
	list affects radvd

config wireless
	list affects network

config firewall
	option init firewall
	list affects luci-splash
	list affects qos
	list affects miniupnpd

config olsr
	option init olsrd

config dhcp
	option init dnsmasq

config dropbear
	option init dropbear

config httpd
	option init httpd

config fstab
	option init fstab

config qos
	option init qos

config system
	option init led
	list affects luci_statistics

config luci_splash
	option init luci_splash

config upnpd
	option init miniupnpd

config ntpclient
	option init ntpclient

config samba
	option init samba

config tinyproxy
	option init tinyproxy

config 6relayd
	option init 6relayd

uhttpd

config uhttpd 'main'
	list listen_http '0.0.0.0:80'
	list listen_http '[::]:80'
	list listen_https '0.0.0.0:443'
	list listen_https '[::]:443'
	option home '/www'
	option rfc1918_filter '1'
	option max_requests '3'
	option max_connections '100'
	option cert '/etc/uhttpd.crt'
	option key '/etc/uhttpd.key'
	option cgi_prefix '/cgi-bin'
	option script_timeout '60'
	option network_timeout '30'
	option http_keepalive '20'
	option tcp_keepalive '1'
	option ubus_prefix '/ubus'

config cert 'px5g'
	option days '730'
	option bits '1024'
	option country 'DE'
	option state 'Berlin'
	option location 'Berlin'
	option commonname 'OpenWrt'

wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/ar933x_wmac'
	option htmode 'HT20'
	option country 'BE'
	option txpower '20'

config wifi-iface
	option network 'wwan'
	option ssid 'TelenetWiFree'
	option device 'radio0'
	option mode 'sta'
	option encryption 'wpa2'
	option eap_type 'peap'
	option auth 'MSCHAPV2'
	option identity 'WIFREE-USER'
	option password 'WIFREE-PASS'
	option bssid 'WIFREE-MAC-ADDRESS'

config wifi-iface
	option device 'radio0'
	option mode 'ap'
	option ssid 'MY-HOTSPOT'
	option network 'lan'
	option encryption 'psk2'
	option key '12341234'

I was thinking about adding a USB LTE-modem (but no idea which one would work best). On the other hand, if the cost of a new LTE-router is the same... (but I still want to run openWrt, and prefereably have at least the same amount of ethernet ports)

You could just use an old phone as a modem on the existing router.

From what I've been reading up to now the ZTE MF286D is a good device so I'm looking for a second hand one myself. Only has 4 ports though :-)

You could just use an old phone as a modem on the existing router.

Thought about this as well, but looks really clumsy and comes with additional overhead/point of failures of the MobileOS. In case of failure cannot easily be rebooted (without remote access). If it's connected/embedded directly into the router it gets reset with a reboot of the device as well. (Also don't need the screen/battery)
In my case then it would be easier to run everything of the phone I guess.

Is it normal that after the so called 1 November end of Wi-Free, I still get access to this as usual? Are they waiting to send a FW update to all the existing routers to disable the Wi-Free signal?

As far as I know: where I live, nearly all Telenet WiFree disappeared on November 3th, but I was in Mechelen yesterday and there all WiFree was still working fine there. As you say, I too suspect that all modems will have to get a signal and my guess is that they roll out these changes per region... It might even be a bit type based as well: in my home region, I still see (exact) one distant TelenetWifree that works fine, but it'ss too distant to be comfortable. But it's just one... where it used to be 10 or more that surrounded me. Hope this helps. I'd say: if it's your primary Internet, might wanna make arrangements for alternatives asap.

…

On Mon, Nov 6, 2023, 14:25 Hugo Saraiva ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ Is it normal that after the so called 1 November end of Wi-Free, I still get access to this as usual? Are they waiting to send a FW update to all the existing routers to disable the Wi-Free signal? — Reply to this email directly, view it on GitHub <https://gist.github.com/devbynyden/fd87a92d493c4a8e89994cb1016413f5#gistcomment-4751325> or unsubscribe <https://github.com/notifications/unsubscribe-auth/AO7ZKYA7SMLPR35W2OGPQJDYDDQLJBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVA4TAMBRGA2TKN5HORZGSZ3HMVZKMY3SMVQXIZI> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

I've lost the stable WiFree Hotspot somewhere beginning of october, so I wouldn't be surprised if they started earlier... (or someone in the neighbourhood cancelled his subscription). After all, there are no guarantees about coverage...

I've lost the stable WiFree Hotspot somewhere beginning of october, so I wouldn't be surprised if they started earlier... (or someone in the neighbourhood cancelled his subscription). After all, there are no guarantees about coverage...

Yeah, I started to have authentication issues in september. I switched to a data sim now, but their 4G connection is very unstable (and sometimes very slow), postal code 8980. Let's hope they roll out 5G more quickly