Installing Homenet on LEDE/OpenWrt (DRAFT)

Installing_Homenet.md

Installing Homenet on your Router

This set of instructions configures a fresh LEDE installation to run Homenet. They will likely work on a current build of OpenWrt.

There's lots of good info about Homenet elsewhere. See the External References section (below).

The general strategy is to connect your computer to the router's LAN Ethernet, convert the wireless and WAN interfaces to run Homenet, and test the changes so far. After things are working, configure the LAN Ethernet to Homenet through connect one of the (now Homenet) wireless interfaces.

1. Install LEDE on your router. See the main Getting Started with LEDE page for details. Although these initial steps install the LuCI web GUI, you cannot currently use LuCI to install Homenet.

2. Connect your computer to the router's LAN Ethernet port. (You might even turn off your computer's Wi-Fi to ensure that you're connected through Ethernet.) This is a critical first-step to prevent you from locking yourself out during the configuration process.

3. SSH to the router, install the packages required by Homenet, then reboot.

   ssh root@192.168.1.1
   opkg update
   opkg install ip tcpdump strace
   opkg install ipset hnet-full
   sync
   reboot
   

4. Before you start changing things: Record some information that will make it easier to continue. SSH to the router again after the reboot.

   • Verify your router's name. Your router's name is displayed in the terminal prompt. If the prompt is root@lede:~# in the terminal, the router's name is lede.
   • Record the IPv6 link local address so you can log in if there are problems. See the steps in Further Notes at the end of this note.
   • Consider making a backup unless this is a fresh installation. See Making a backup.

5. Add a new interface for each of the physical devices that should have their own routes. For a default LEDE installation, you will initially create interfaces for the radio(s) and the WAN Ethernet interface. (A subsequent step will configure the LAN Ethernet interface.)

   • Edit the file /etc/config/network where interfaces are defined.

   • Create wireless interfaces for each radio (name them W24 and W5 for the 2.4GHz and 5GHz radios, respectively). Set them to hnet (no need to configure ipaddr/netmask options).

     config 'interface' 'W24'
         option 'proto' 'hnet'
     
     config 'interface' 'W5'
         option 'proto' 'hnet'
     

   • Remove references to the previous wan and wan6 interfaces. Comment out the lines associated with wan (and wan6, if present) by adding a # at the start of each line.

   • Create a new interface (named E0) for the WAN port. Add the lines below, where IFNAME is the ifname from the 'wan' section that you just commented out. If E0 is going to connect to another Homenet router, comment out the option 'mode' 'external' line.

       config 'interface' 'E0'
       	option 'ifname' 'IFNAME'
       	option 'proto'  'hnet'
       	option 'mode'   'external'
     

   • Since Homenet will create its own ULA, set the ULA to the empty string (''). Change:

     config 'globals' 'globals'
         option 'ula_prefix' 'fd12:bf8f:440d::/48'
     

     ... to...

     config 'globals' 'globals'
         option 'ula_prefix' ''
     

   • Save the file /etc/config/network.

6. Change each radio to use one of the new wireless interfaces created above. This associates each physical radio with one of the interfaces defined above.

   • Edit the /etc/config/wireless file. You will find a wifi-iface section for each of the radios.

   • Change each radio's network option from lan to one of the newly-created interfaces (W24 or W5). For example, change:

     config 'wifi-iface'
        option 'device'     'radio0'
        option 'network'    'lan'  # CHANGE THIS...
        option 'mode'       'ap'
        option 'ssid'       'LEDE'
        option 'encryption' 'none'
     

     ... to...

     config 'wifi-iface'
        option 'device'     'radio0'
        option 'network'    'W5'  # TO THIS...
        option 'mode'       'ap'
        option 'ssid'       'LEDE'
        option 'encryption' 'none'
     

   • Make the same changes for the second radio, if present.

   • Save the file /etc/config/wireless

7. Add the new interfaces to the proper firewall zone. Place each of the new wireless interfaces (W24, W5) in the lan zone. If the new WAN interface (E0) will connect to the public Internet, put it in the wan zone, otherwise (if it's an internal router) place it in the lan zone.

   • Edit /etc/config/firewall and comment out the wan (and wan6) network lines.

   • Then add the W24, W5, and E0 lines. The updated file will look something like this:

      ...
      config 'zone'
      	option 'name'       'lan'
      	list   'network'    'lan'
      	list   'network'    'W24'  # Add this line
      	list   'network'    'W5'   # And this line
      	option 'input'      'ACCEPT'
      	option 'output'     'ACCEPT'
      	option 'forward'    'ACCEPT'
      	
      config zone
          option 'name       'wan'
          list   'network'   'E0'   # Add this line
          # list 'network'   'wan'  # comment out
          # list 'network'   'wan6' # comment out
      	...
     

   • Save the file /etc/config/firewall

8. Verify that the changes work. Reboot your router, and follow the steps below.

   sync
   reboot
   

   • Your LAN Ethernet configuration will remain the same, so you should be able to ssh with ssh root@192.168.1.1
   • You should also check that your router now has a Homenet name. If your router's name (above) was lede, then you should be able to connect with ssh root@lede.home, and use the web GUI at https://lede.home
   • You should still have connectivity to the external Internet through the new E0 interface. Use ping 8.8.8.8 to test.
   • The Web GUI (https://192.168.1.1) should show interfaces for W24, W5, LAN and E0.

9. Enable one (or both) wireless interfaces and verify they work.

   • Use the Web GUI to enable one or both Wi-Fi interfaces. Or comment out the option disabled 1 line in /etc/config/wireless for one or both radios.
   • Your computer should now see the wireless interfaces. By default, they will have the SSID LEDE. Connect to one.
   • Verify connectivity with ping 8.8.8.8.
   • If that is successful, disconnect the Ethernet and verify connectivity again.

10. Finally, configure the LAN Ethernet to Homenet, give it the name E1, and place it in the lan firewall zone. While you're connected via one of the wireless interfaces, remove the final mentions of interface lan, and add interface E1. To do this:

    • Edit /etc/config/network. Comment out the lan interface, like this:

       # config 'interface' 'lan'
       #    option 'type' 'bridge'
       #    option 'ifname' 'eth0'
       #    option 'proto' 'static'
       #    option 'ipaddr' '192.168.1.1'
       #    option 'netmask' '255.255.255.0'
       #    option 'ip6assign' '60'
      

• Add the E1 interface, where the ifname is the same value as you commented out (above).

    config 'interface'  'E1'
    	option 'ifname' 'eth0'
    	option 'proto'  'hnet'
  

• Save the file /etc/config/network. - Edit /etc/config/firewall to add interface E1 to the LAN zone. Comment out list network lan and add list network E1. It will look like this:

    config 'zone'
    	option 'name'       'lan'
    	# list 'network'    'lan'
    	list   'network'    'E1'
    	list   'network'    'W24'
    	list   'network'    'W5'
    	...
  

- Save the file `/etc/config/firewall`.
- Reboot and test your configuration (see Step 8 above.) 
Your LAN Ethernet will no longer be at 192.168.1.1. 
Connect to the router using its DNS name `lede.home` 
Use `ssh root@lede.home` or <https://lede.home>

Further Steps

• These steps need further explanation and checking

• Configure NAT-PMP on interfaces that need it. Review and edit /etc/config/upnpd as needed.

• Add these rules to /etc/config/firewall (to give end-to-end IPv6 connectivity?)

   config rule
   	option target 'ACCEPT'
   	option src 'wan'
   	option name 'Accept-v6'
   	option family 'ipv6'
   	option dest 'lan'
   	option dest_port '1024-65535'
  

Additional Notes

• These steps have been tested with several versions of hardware and software:

  • Netgear WNDR3800 with LEDE r1139 (28Jul2016) and hnet-full 2016-06-28-606dye9046..e-1
  • WiTi Router board with LEDE r1141 (28Jul2016) and hnet-full 2016-06-28-606dye9046..e-1 (Not working: trouble when setting LAN interface to hnet)
  • (still being tested) TP-Link Archer C7 v2 with OpenWrt 15.05.1 (16Mar2016) and hnet-full 2015-07-10-ea2bd2bc2d..9-1

• This guide leaves all LAN ethernet ports bridged on the same subnet. It is possible to configure each Ethernet port to have its own VLAN, and make the ports individually routed.

Troubleshooting Procedures

• Making a backup: The easiest way is to use the LuCI web GUI that archives the entire /etc directory. You can also use sysupgrade -b backup.tar.gz to save the important files.

• Discover the link-local IPv6 address for your router.

  • Connect your computer to the router using Ethernet.

  • Determine the name of your computer's Ethernet interface (not the router's). It will be something like eth0, en0, etc.

  • Use ping6 to the IPv6 link-local multicast address to get responses from all devices on that link. You will see responses like this (computer's interface was en0):

     ping6 -I en0 ff02::1
     	
     PING6(56=40+8+8 bytes) fe80::aebc:32ff:fe8e:d769%en0 --> ff02::1
     16 bytes from fe80::32b5:c2ff:fe84:d35e%en0, icmp_seq=0 hlim=64 time=3.662 ms
     ^C
    

  • Now you can SSH in using the link-local address found above:

     ssh root@fe80::32b5:c2ff:fe84:d35e%en0
    

• Enter Failsafe mode. If your router seems uncommunicative after making a change, you can usually reboot into failsafe mode to log back in.

• opkg errors: As of July 2016, LEDE is evolving quickly. If opkg install gives errors, it is likely that the current package builds do not match the firmware image you installed. Download the current firmware image, reinstall it, and retry the steps above.

External Sources of Information

• OpenWrt documentation for Homenet Pointers to other information
• OpenWrt documentation for /etc/config/network Describes all the options of configuring hnet (and other) interfaces.
• Home Networking Control Protocol (HNCP) RFC 7788 The specification that defines homenet.
• Juliusz Chroboczek's Tutorial was the basis for this guide.
• IETF Homenet mailing list thread fleshed out this guide.
• Tore Anderson's introducton to Homenet
• Tore's "Making a Homenet Router out of OpenWrt" NB: This web-based procedure was tested on OpenWrt, but will not work on LEDE.

Hi what does sync do? Has anything about setting this up changed? as I tryed on a snapshot from martch 31 and my wan interface would not work. It could not pick up a IP from my vergin hub. When using the standard way, my wan uses dhcp to get it's IP. Is there any plans to make a install script to make setting this up more friendly?