Custom firmware w. Asus WL-500W

Mobile WLAN and UMTS Router

I bought the router Asus WL-500W in order to have it run OpenWRT Kamikaze 7.09 as a replacement for my previous Linksys WRT54G3G, which is still used in another location. The WRT54G3G has no USB ports but a CardBus slot, which contains a Huawei E600 UMTS (no HSDPA) adapter. The E600 serves the WAN port of the WRT54G3G running the Kamikaze 7.09 brcm-2.4 port since I was unable to get the WRT54G3G WLAN to work with the 2.6 kernel (brcm47xx port). This is a wellknown problem which is due to the chipset manufacturer Broadcom not releasing the source code for their proprietary WLAN driver for the Linux 2.6 kernel. (Actually, I believe it's the driver's Hardware Abstraction Layer - HAL- which is needed. Work is currently in progress in the open source community on alternative drivers, i.e. b43. The alternative drivers as of today, March 2009, are reported to work with some brcm chipsets, but according to my findings they do not yet work satisfactorily with the Broadcom WLAN chipsets in WRT54G3G (BCM4712 - 802.11g) and WL500W (BCM4321 - 802.11N-draft).

So, the new WL500W, which has two USB ports, is supposed to make use of a Huawei E220 UMTS (HSDPA) Modem, a dongle for WAN. This may not be altogether unproblematic, since the Linux 2.4 kernel has no built in support for USB modems. This was introduced in the 2.6 kernel with version 2.6.19 I believe. (http://wiki.debian.org/Huawei/E220: "E220 is supported natively in Linux kernels 2.6.20 and later, using the usbserial.ko (usbserial-generic interface) module. - Also usb_storage.ko is aware of HUAWEI E220 modem and no further action needs to be taken.")

I have experimented with a few of the open source firmwares for the WL-500W, but all seem to have their own shortcomings:

1. Koppel: www.koppel.cz/cdmawifi, versions 1.69 and 1,71. Based on the wellrespected Oleg firmwares (latest stable subversion "10") for the Asus WL-500 series of routers, which are based on stock Asus firmware and extensively modified with bugfixes. The Koppel modifications are done to get the WAN port use UMTS adapters and are developed by a czech gentleman by the name of Jiri Engelthaler. Based on the 2.4 kernel.

Koppel works very well on the WL-500W, both WAN (UMTS) and WLAN (brcm). The only caveat I have found are firewall issues, which remain from the Oleg firmware. It seems that the "A" directive in iptables is not working. I am unaware of any firewall rules with port-forwarding of SIP ports, which my setup requires, based on other than the "A" directive so the firewall doesn't work for med. The firewall is iptables with a web interface aswell as a post-firewall script. I was unable to configure the router for good and efficient use including asterisk (SIP) behind the NAT firewall.

2. Alpha versions of the Oleg firmwares can be found on Google Gode. It seems that someone has continued the development of Oleg's firmware, which has not progressed for more than a year. It runs fine, at least the subversion "d" I tried, but I could not get WAN to work with E220. No reference to the firewall issue in the list of changes.

3. Asus has brought out a new firmware for the WL-500W, version 2.0.0.6. I heard that the issues of the previous versions, corrected by Oleg, remain, so I did not work very long to check whether the E220 could be made to work. Certainly, it does not work out of the box.

4. X-WRT is a version of OpenWRT which is not a fork. It adds an improved webif configuration interface. This web interface uses some Flash memory, which is particularly limited in the WRT54G3G, only 4MB. So, only the WL-500W benefits from X-WRT if you need to install additional drivers to get E600 UMTS adapter to work. The Kamikaze 8.09 has recently been relesed, also by X-WRT, and looked fine in the brcm47xx port I tried. But i could not get the b43 driver which was installed automatically to control WLAN of the WL-500W. The mini-PCI card was not recognised.

5. DD-WRT is currently under heavy development. It looks very promising, so I installed the latest V.24 pre-SP2 mega build. It seems the WL-500W can handle it with its 8MB flash, but JFFS has only 320 kb available after enableing it. So, USB storage is required. Unfortunately I could not get E220 to work and it seems difficult to get IPKG packages to work without a functional WAN port for Internet access. It's kernel 2.4.37, so USB modems need special attention.

I'm currently investigating the possiblity to install Debian on the WL-500W. This can be done, according to http://wpkg.org/Running_Debian_on_ASUS_WL-500W, but I doubt that it will be beneficial to a router. It works very well on a NSLU2 running asterisk however. If m0n0wall is lightweight enough, I guess that could be possible. But with only 32MB of RAM available, the same with NSLU2 by the way, you must be very selective with what to install. I do need iptables, vlan, dnsmasq and a sip proxy such as milkfish, which is included in DD-WRT mega and voip builds.

asterisk behind NAT: externip

SIP and One-Way Audio

Är detta anledningen? - Även jag börjar bli nojjig p g a DynDNS.

-Mikael

clipped from forum.voxilla.com

I currently have 6 on-prem extensions, 6 off-prem extensions, 9 two-way SIP service connections, one inbound only SIP service connection and one IAX2 two-way service connection. Each one of these connections came with its own portion of pain.

---

The reason my brain centers on the dyndns is this: up until about a month ago I was running my Asterisk on a Linksys WRT54GS router, which passed traffic wonderfully because the Asterisk was actually on the public side of the router and not in a DMZ or behind forwarded ports. The WRT doesn't have enough horsepower to do switching and voice processing, so I couldn't set up either an IVR function or a Voice Mail function. That led me to shift the Asterisk to a dedicated Intel box.

---

I installed Asterisk@Home (because I couldn't get Asterisk CVS to install well over Fedora Core 3 on a Pentium 200 MMX), put the Asterisk server in my router's DMZ (the same WRT with Linksys firmware) and migrated my .conf files to the new box. The box roared to life, but would not pass audio to or from FWD or any of my off-prem extensions, although every other connection worked.

---

It wasn't until I set my externip to my dyndns FQDN that I could get audio on the troubled connections, although the audio would quit every once in a while. That's when I learned to reload my sip.conf after suffering a PPPoE IP address change. Everything has been smooth ever since, which is why I have been fixated on that part of the configuration.

---

Your question about ping response is simple. Unless you have forwarded the ping port (whose number escapes me) to your Asterisk box, it is your router that is responding to the ping. An easy way to confirm successful forwarding through your router is to forward port 80 (http) or 22 (ssh) through your router to the Asterisk box and see if you can reach AMP from a web browser or open a remote shell or SFTP session via an SSH client, since both of these server daemons are native to Asterisk@Home.

---

I wouldn't be so quick to change out your Asterisk version because of this problem. First of all, there's a directory /etc/asterisk/default that has clean copies of all of the .conf files should you feel you are irretrievably corrupt somewhere. Secondly, if you have other services and clients working you probably haven't screwed anything up.

Installing OpenWRT with UMTS support

Summary with some comments, on installing and setting up OpenWRT with UMTS support

Step by step; In simplified English, by mnordlin

Install OpenWRT Kamikaze 7.09

1. Download firmware image from http://downloads.openwrt.org/kamikaze/7.09/brcm-2.4/openwrt-brcm-2.4-squashfs.trx (provided you already have kamikaze installed - install the corresponding bin file otherwise)
2. Copy firmware to /tmp folder on device.
3. Execute
root@OpenWrt:~# mtd -r write openwrt-brcm-2.4-squashfs.trx linux
4. Wait until connection breaks, which happens when installation reboots
5. Open a command window, start -> run -> cmd.
6. Attach an ethernet cable between your PC and device (you won't have access to WLAN until later on).
7. C:\Documents and Settings\Mikael>telnet 192.168.1.1 [enter]
8. Get your personal public key or create a key pair. You will probably find PUTTYgen (included with WinSCP) useful for generating your RSA key pair and pasting your public key to device in next step. The secret key will be required later on for logging in to the device.
9. Execute in telnet window, using copy and paste,
root@OpenWrt:~# echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAtQl8uscy3rjAbNBdL2ATUKfHCJHB+Zh7V5aTjBLoJ7F
AOw1fnCCpzWi2yUsqbjrzVIO6tFsPODS3PRc0my9ghSxO9itmwOe0kKLYc8blNf9kcQ27upSyf
Ff5jhE5AwyqEpzmc26FPwj4Zhip+aWg1ZLaEUn/WLHLEuXHPA9lRRgtlYHqgT7Ap3D/lZ/9Rd
4zCxTKAshzjO5fEBAXyOMADYJ1G9IIaKDHkHGtb981Sraxk9f+wMbOBuyvOGJKKXHuX04X
V7dmY87AhmAaRwEPeS0gGqoEkDMeALqyt1dYKqZ+Tv58UAPakS6nM9YhOGMMY5sCWM
m/bS3XQFbrv+2qWQ== rsa-key-20080313' > /etc/dropbear/authorized_keys
(be sure to use your own public key - the one in the example is a 2048 bits RSA key in PUTTY format for SSH-2, created by mnordlin)
10. Execute
root@OpenWrt:~# cat /etc/config/dropbear | sed -e "s/'on'/'off'/" > /etc/config/dropbear
(or simply change the line to "option PasswordAuth 'off'", replacing 'on' to 'off')
11. Execute
root@OpenWrt:~# rm /etc/rc.d/S50telnet
12. Check your public key was entered correctly by displaying it, execute
root@OpenWrt:~# dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key
13. Check that ssh works (dropbear on device), and reboot. Telnet access is now disabled. The only means of accessing device is with ssh (SCP as in WinSCP), using your private key.
14. Enable WiFi/WLAN by adding '#' in front of the line 'option disabled 1', or simply removing the whole line, in /etc/config/wireless
15. Add credentials for WiFi security.
Use WPA-PSK by changing 'option encryption' from 'none' to 'psk' and adding "option key '12345678'".
Change 'OpenWrt' to 'WRT54G3G' while you're at it, should you ever get a second router.
16. Your next router won't be a WRT54G3G.
Change the hostname of the device in /etc/config/system from OpenWRT to WRT54G3G.
The command line will remain as OpenWRT until next reboot, however.

Enabling 3G/UMTS

17. Install the PCMCIA drivers; kmod-pcmcia-core and pcmcia-cs:
Copy the drivers from openwrt.org to device /tmp, then execute the ipkg install commands:
root@OpenWrt:~# ipkg install pcmcia-cs_3.2.8-1_mipsel.ipk
root@OpenWrt:~# ipkg install kmod-pcmcia-core_2.4.34-brcm-1_mipsel.ipk

18. Reboot the device without the Huawei E600.

19. Check that CardBus Controller installed fine
root@OpenWrt:~# cardctl status
Output should look like:
Socket 0:
no card

20. Insert the Huawei E600 into device and check CardBus Controller status again. Output now should look like:
Socket 0:
3.3V CardBus card
function 0: [ready]
function 1: [ready]

21. Install USB support: kmod-usb-core, kmod-usb-serial, kmod-usb-ohci (for SlugOS, use 'kernel-module-usbserial').
root@OpenWrt:~# ipkg install kmod-usb-core_2.4.34-brcm-1_mipsel.ipk
root@OpenWrt:~# ipkg install kmod-usb-serial_2.4.34-brcm-1_mipsel.ipk
root@OpenWrt:~# ipkg install kmod-usb-ohci_2.4.34-brcm-1_mipsel.ipk

22. Install 3G/UMTS support (for dialup PPP): chat, comgt.
root@OpenWrt:~# ipkg install chat_2.4.3-8_mipsel.ipk
root@OpenWrt:~# ipkg install comgt_0.32-1_mipsel.ipk

23. Modífy the WAN section of “/etc/config/network” to read:
#### WAN configuration
config interface wan
option ifname 'ppp0'
option proto '3g'
option device '/dev/usb/tts/0'
option apn 'internet.tele2.se'
option pincode '1234' (or what you have here)
option dns "130.244.127.161 130.244.127.169"

24. Modify the LAN section by adding the following both lines.
option gateway 192.168.1.1

25. Start (and optionally time) the wan interface:
root@OpenWrt:~# time ifup wan
Wireless WAN (WWAN as it was called in whiterussian) is now started. Output should look like:
ifconfig: SIOCGIFFLAGS: No such device
Trying to set PIN
PIN set successfully
Trying to set mode
Error setting WWAN mode!
real 0m 7.22s
user 0m 0.69s
sys 0m 1.17s

Update wget

26. Update wget (to avoid the segmentation fault bug)
root@OpenWrt:~# ipkg update
root@OpenWrt:~# ipkg -force-overwrite install wget

Setup DDNS

27. Create the file /etc/ppp/ip-up.d/S01dyndns (and don't forget to chmod it executable; i e 0x0755) with the following content:
#!/bin/sh
USER="user"
PASS="pass"
DOMAIN="domain.ath.cx"
registered=$(nslookup $DOMAIN|sed 's/[^0-9. ]//g'|tail -n1|sed -e's/ [0-9.]*//2' -e's/ *//')
current=$(wget -O - http://checkip.dyndns.org|sed 's/[^0-9.]//g')
[ "$current" != "$registered" ] && {
wget -O /dev/null http://$USER:$PASS@members.dyndns.org/nic/update?hostname=$DOMAIN &&
registered=$current
}
sleep 3
newip=$(wget -O - http://checkip.dyndns.org|sed s/[^0-9.]//g)
newdns=$(nslookup $DOMAIN|sed 's/[^0-9. ]//g'|tail -n1|sed -e's/ [0-9.]*//2' -e's/ *//')
echo "Set ${newip} (DNS: ${newdns}), had ${current} (DNS: ${registered})" \
| /usr/bin/logger -t ddupd

28. After a reboot, check DynDNS by running
root@OpenWrt:~#nslookup gashaga.ath.cx (<- your domain goes here)

29. Compare the ip address with the ip for ppp0 by running
root@OpenWrt:~#ifconfig
If the numbers are equal, all is fine.

Open iptables for incoming ssh

30. To open up the firewall to allow incoming connections on port 22 (the ssh port), add the following line to “/etc/config/firewall”:
accept:proto=tcp dport=22

A Masquerading SIP Proxy: siproxd

31. Install siproxd according to Hias in http://forum.openwrt.org/viewtopic.php?id=9397
Since you're running OpenWrt 7.09 (aka Kamikaze) your bridged LAN is named br-lan (br0 was whiterussian). ppp0 remains, though, even if you start your Internet interface by 'ifup wan'. You can check the names with 'ifconfig', which you used in step 29 above.

32. Change settings from 'transparent SIP proxy' to 'GS BT-100 behind NAT router running siproxd' from
http://apocalyptech.com/linux/sipnat/siproxd-pdf.htm.

QoS: L7/SIP

33. Install ipkg install qos-scripts

34. Setup QoS according to http://www.voip-forum.se/forum/showthread.php?t=601 and install sip.pat level7-filter from
http://l7-filter.sourceforge.net/layer7-protocols/protocols/sip.pat

References:

A. http://josefsson.org/grisslan/internet.html
B. http://wiki.openwrt.org/OpenWrtDocs/KamikazeConfiguration
C. http://wiki.openwrt.org/DDNSHowTo
D. http://forum.openwrt.org/viewtopic.php?pid=57925
E. http://forum.openwrt.org/viewtopic.php?id=9397
F. http://apocalyptech.com/linux/sipnat/siproxd-pdf.html
G. http://www.voip-forum.se/forum/showthread.php?t=601
H. http://l7-filter.sourceforge.net/layer7-protocols/protocols/sip.pat

fringME!

Nokia N95 VoIP - Clipmarks

Clipmarks user mnordlin has sent you a clip...

Nokia N95 VoIP

mnordlin's Message:

Prova Voxalot, det fungerar faktiskt!

clipped from forum.voxalot.com

Nokia 95 Setup

Okay, well with some help from Martin, dipac and others, I have a great working setup on my N95 Nokia!

I can now use both Truphone and Voxalot without any OTA provisiong being required [other than whatever the Truphone application sets up].

Installed Truphone by sending an SMS with the word 'Tru' to +44 7624 000 000 and following the bouncing ball....

Got that working fine with my WLAN and mobile Internet connections [Three X-Series data plan on the road].

Installed the "sipvoipsettings.SIS" application as per this post by dipac Nokia Support Thread

Using the new "SIP VoIP Settings" application:
- VoIP Services [no entries]
NAT firewall settings -> Domain parameters
- added au.voxalot.com
(did not touch truphone.com entry)
STUN server name: stun.voxalot.com.au
STUN server port: 3478
no other changes

- NAT firewall settings -> IAP parameters [no entries]

Added a "SIP settings" entry for Voxalot as follows:

Profile name: VoXaLot
Service profile: IETF
Default access point: <for you to define>
Public user name: sip:xxxxxx@us.voxalot.com <- where xxxxxx is user VoXaLot user name. If you want to use the Australian cluster set to sip:xxxxxx@au.voxalot.com and for Europe set sip:xxxxxx@eu.voxalot.com
Use compression: No
Registration: Always on

Use security: No

Proxy server:
Proxy server address: sip:us.voxalot.com <- If you want to use the Australian cluster set to sip:au.voxalot.com and for Europe set sip:eu.voxalot.com
Realm: None NB: Could not use "voxalot.com"
User name: xxxxxx. <- where xxxxxx is user VoXaLot user name
Password: <your VoXaLot password>
Allow loose routing: Yes
Transport type: UDP

Port: 5060

Registrar server:
Registrar server address: sip:us.voxalot.com <- If you want to use the Australian cluster set to sip:au.voxalot.com and for Europe set sip:eu.voxalot.com
Realm: voxalot.com
User name: xxxxxx. <- where xxxxxx is user VoXaLot user name
Password: <your VoXaLot password>
Transport type: UDP

Port: 2060 NB: I could have just as easily used 5060 or one of the other ports that Voxalot allow though..

I chose Voxalot as my default profile... [don't think this is necessary, except for when adding like entries]

Once the N95 is registered, to test inbounds from any other phone dial any of the SIP Broker access numbers found here:

SIP Broker PSTN Numbers

At the voice prompt, dial *010xxxxxx <- where xxxxxx is user VoXaLot user name

You can also test using "Web callback" if you have a Vox Premium account.

Your N95 should ring.

Optional Extra customization of N95:

Settings -> General -> Personalisation -> Standby mode

Shortcuts:
Left selection key: Internet telephone

Right selection key: Conn. manager

Active standby apps:
Shortcut 1: Contacts
Shortcut 2: Bluetooth
Shortcut 3: Settings
Shortcut 4: Web
Shortcut 5: GPS data

Shortcut 6: Maps

Now, I can:

• see the active data connections easily with the standby right selection key;
• use "Internet telephone" application via the left selection key to change the 'active' Internet telephone service;

Using the standby apps, I can quickly turn on or off bluetooth and get to other settings.

Other notes.

• The IAP (Internet Access Point) may need adjustment for the Voxalot entry when required -- the Truphone application takes care of roaming b/w IAPs for Truphone only.
• calls through Truphone require International format, ie. no leading zeros;
• calls through Voxalot use your standard dial plans;
• default call type is Internet call, but this can be changed -- I enter numbers and the press the left selection key to make a normal mobile (voice or video) call
• my bluetooth capable car radio only seems to work with normal voice (mobile) calls
• I have NOT mucked around with CODEC settings or other now configurable parameters, but if this is important to your setup, then it is now possible without OTA.

How does all this benefit me the most?

My SIPME account has a DID and it is "SIP Registered"; calls to my 1300 number go to this DID (as a local call termination) and I can answer it anywhere that I have an active Voxalot registered device -- now including my mobile!

Of course with the Voxalot setup, I can use my normal dial plan entries whilst on the road.

Another bonus of Truphone, is that I can call plenty of locations for 'free' until at least the end of the year including all fixed line phones in Australia, the US (plus US mobiles) and the UK.

Get Clipmarks - The easiest way to email text, images and videos you find on the web. It's free!

SER Milkfish [Arkiv] - VoIP-Forum.se

SER Milkfish [Arkiv] - VoIP-Forum.se: "Körde du udp 5060?

Nu fungerar nästan allt (iaxuppkopplingen måste dock göras via lan-ip hemma och via wan-ip utanför) som önskvärt.
Jag har lagt in följande i firewall.user (ge gärna synpunkter på säkerhetsrisker):

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 80 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 80 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5060 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5060 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 10000:20000 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 4569 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 4569 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 5036 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 5036 -j ACCEPT

iptables -t nat -A prerouting_rule -i $WAN -p udp --dport 2727 -j ACCEPT
iptables -A input_rule -i $WAN -p udp --dport 2727 -j ACCEPT"