Notes for TP-Link WR703N Mesh Test Firmware ------------------------------------------- This alpha firmware was built by Elektra to test interoperability between the TP device and a Mesh Potato running SECN-1 firmware. The firmware image is: openwrt-ar71xx-generic-tl-wr703n-v1-squashfs-factory.bin The firmware provides the XWRT web interface. The SECN interface may be added with a patch as shown below. The BSSID of the MP devices used in a mesh with these TP devices must be changed to 02: ... to allow the devices to communicate correctly. This is due to a restriction on the allowable BSSID values by OpenWrt. Values must not have the least significant bit of the first field set to 1 ie only even numbers may be used. This firmware uses 02: as the first field. The firmware *must* be loaded using the sysupgrade command line facility. A new TP device running the original firmware must be first flashed with one of the "factory" OpenWrt based images before any "sysupgrade" firmware can be loaded using the sysupgrade utility. After flashing this software, there will be no led flashing activity to indicate the boot process. So give it several minutes to safely complete the flash process before power cycling the device. The IP address of the device is 192.168.1.1 Telnet to the device after flashing and set the root password. This will activate ssh for the next login. The firmware includes a "run-once" script which requires that the device be restarted to complete the set up process. After restarting allow several minutes for the device to be operating correctly. The firmware also includes an open WiFi Access Point which is running by default, so take appropriate precautions to prevent inappropriate connections. WiFi encryption can be enabled by adding two lines to the wireless config file as below: config 'wifi-iface' option 'device' 'radio0' option 'network' 'wifi0' option 'mode' 'ap' option 'ssid' 'potato-AP' option 'sw_merge' '1' option 'hidden' '0' # to add encryption option 'encryption' 'psk' option 'key' 'potato-potato' The /etc/config/network file does not have an an entry for 'gateway' for the 'lan' section To add gateway to allow internet access add the gateway definition line as shown: config 'interface' 'lan' option 'proto' 'static' option 'ipaddr' '192.168.1.1' option 'netmask' '255.255.255.0' option 'type' 'bridge' option 'ifname' 'eth0 bat0 wlan0' option 'dns' '8.8.8.8' # to add gateway option 'gateway' '192.168.1.254' -------------------------------------------------------------------------------------------------------- Notes for TP-Link WR703N SECN-1 Patch-01 ---------------------------------------- This patch is for the TP-Link WR703N to install Small Enterprise Campus Network facilities to the Mesh Test image that Elektra has built, and incorporates the SECN web interface for configuration, and Softphone support. The patch file is: WR703-Patch-mesh-test-01f.tar.gz After flashing the device, ensure that it has been restarted twice to complete the set up process before applying the patch. To apply the patch: - copy the file to the /tmp directory on the device, - cd to the / directory, - unpack with the tar command: # tar -xzv -f .tar.gz For full details on usage see the SECN Ver 2 User Guide SECN Web Interface ------------------ To access the SECN web interface point your browser to the http://192.168.1.1 which is the default IP address after flashing this firmware. ----------------------------------------------------------------------------------------------------------- Notes for TP-Link WR703N SECN-1 Patch-02 ---------------------------------------- This patch adds security facilities for the web server as follows: 1. Basic Authentication using accounts in the /etc/passwd file. Accounts 'root' and 'admin' are provided, each with default password of 'admin'. 2. Fallback IP address - the web server will only listen on the Fallback IP address 172.31.255.254 with netmask 255.255.255.252. Requesting device must have address 172.31.255.253 3. Enable SSL - web server will listen on port 443. URLs of the form https:// These security settings are enabled from three checkboxes on the Basic SECN web page. Changes to these settings are not activated until the device is rebooted. When logged in as a particular user (e.g. 'admin') the Set Password function will change the password for that account. Note: SSL is not operational in this build, so this function is disabled in /etc/init.d/config_secn script. Enabling SSL in this build causes a segmentation fault when the web server is restarted. Files changed in this patch (from Patch01) include: - /www/configstyle.css - /www/cgi-bin/secn and secn-adv - /www/cgi-bin/config/htmlconfig1.html and config4.html - /www/cgi-bin/config/config1.sh, config2.sh, config4.sh, config5.sh - /etc/config/secn and config.tar.gz - /etc/init.d/config_secn - /etc/http.conf and http.conf.off - /etc/passwd