Router

Router at the Network Socket

Overview

The more WiFi networks there are at the dormitory, the worse the quality of each network gets. Think twice, if you you really need your own WiFi Network.
- If you only want to connect severall PC’s to the network an don’t really need an own WiFi, you can you a Switch(Not a Nintendo Switch of Course).
- If you have a PC with LAN and WiFi, you can often activate an Hotspot for your devices.
- At some places in the dormitory, there is an rommelwood-WiFi, which you can use. We’d like to provide the entire dormitory with this WiFi network, but we currently get faced with political / organisatorial problems. In order to help us, please contact the Studentenwerk or RRZE and tell them, why you need WiFi.
- If you have a Laptop without a LAN-Port but with an USB-Port, you can use an USB-Network-Adapter.
- If you really need an own WiFi(for Handy or Gaming Console), you will need a Router with 802.1X authentication at the WAN-Port. Mostly very expensiv or router that are supported by OpenWrt (currently e. g. TP-Link WR940N and WR940ND Version 3). Attention! The newest TP-Link TL-WR841N (V.14) is not supported!
- We can’t configre the router for every resident in this dormitory as there is a high request for help currently. We do our best! Please forgive us, if we can’t manage to help you.

Have questions or problems? Contact us!

If you have experience with configuring OpenWRTand/or have already a router with one of these Operation Systems, you can try the manual tutorial at the bottom of the page.

Router with OpenWRT

Caution

You will need a router supported by OpenWRT. These are mostly router from TP-Link. Also there are some from D-Link, Netgear. A list can be found under https://wiki.openwrt.org/toh/start.

If you have a supported router, you will be able to use the compiled imgages made by us. They should include everything you need. DO NOT download the images from OpenWRT instead use these: https://rommelwood.de/media/uploads/openwrt/latest/

Normal way of setting up a clean TP-Link Router

When you have installed OpenWRT,continue here.

Attnetion! Before you start, inform yourself very good! Read the text above and the OpenWRT Wiki for your modell.

If you don't know what to do, ask. But it would be nice if you try it yourself.

  1. Download the OpenWRT Image for your router here

    • Find the modellnumber of your router out. Help you can find here.
    • The filenames are to understand like this: [openwrt/lede]-[Chipset]-generic/tiny-[Router Modell]-v[Revision]-[Filesystem]-[factory / sysupgrade].bin
    • Filesystem is always squashfs
    • Chipset is most of the time ar71xx
    • factoryneed we, to flash the original TP-Link Software to OpenWRT, sysupgrade only functions for updates from OpenWRT to OpenWRT
    • Check twice, that the download was complete and correct. To check this, there are checksums for you.

  2. Connect the Router

    • Plug the Router power adapter in and check, that there is no loose connection and the power supply is stable
    • If there Routerhas more than 2 LAN-Ports, plug the LAN-Cable in the WAN-Port(most of the time coloured blue) in the network socket in your room.
    • Connect your PC/Laptop if possible by LAN (if not possible by WiFi) with the router (if available, to the LAN-Port of the router (most of the time yellow)).
    • Power your router on
    • You should get per DHCP an IP adress. Most of the time 192.168.0.x
    • (For example you can find it with CMD, when you type in ipconfig.)
    • The IP adress of your router will be 192.168.0.1

  3. In your Browser open the Webinterface of your router

  4. Log in

    • Mostly the standard login data isadmin and admin.
    • If not, look on the bottom of your router or in the internet

  5. Load the OpenWRT-Image form step 1 as update up

    • System Tools > Firmware Upgrade and than on Browse.
    • Search the file from step 1 on your Computer an upload it

    You should be now 100% sure that this is the right image for your router and that the download was correct and complete. Otherwise something could get destroyed.

    Sometime you will need to change the name of the imagefile. Than there would be an error message. If this happens, look in the OpenWRT-Wiki.

  6. Flash the image

    • Click on Upgrade.

    Now the power supply mustn't be cut, or something may get destroyed!

  7. Keep calm and keep waiting

    • Press now OK.

    Now the power supply mustn't be cut, or something may get destroyed!

    If the network connection is cut, than it isn't a problem

  8. Wait till the process is finished

    Now the power supply mustn't be cut, or something may get destroyed!

    If the network connection is cut, than it isn't a problem

  9. After a reboot, OpenWRT should be installed

    • Normally now, at the beginning, there is only LAN btw. PC and router possible. (If necessary unplug the WAN-Port)
    • OpenWRT most of the time uses different IP adresses:
    • It will take a moment, till your PC will be reconnected.
    • You should get now per DHCP an IP adress. Mostly 192.168.1.x
    • You can find it with CMD, when you type in ipconfig.
    • The router IP adress will be than 192.168.1.1
    • Short said: Type now http://192.168.1.1/ in your browser
    • If no Webinterface loads, it may be possible, that it is missing in the image. You can try to connect by SSH or Telnet with the router and luci to install Luci afterwards (per opkg install luci). Information on the OpenWRT Wiki an in the internet.

  10. Log in

    • The standard login credentials are root and root.

  11. Configure Settings

    • System > System

  12. General settings and time

    • After a click on Sync with Browser the time should be somewhat accurate (it is important that the date is correct)
    • register some NTP Servers. The following should work:
      1. ntp0.rommelwood.de New and important!
      2. use the default server. e.g. 2.openwrt.pool.ntp.org (or 0-3)
      3. ntp2.fau.de (or ntp0-ntp3) not recommended! you will quickly reach the reques rate limit!
    • Timezone: Here Europe/Berlin is correct, eventhough some people prefer to live on american time ;)
    • Hostname is optional: e.g. your rommel-username, your WLAN-name or the name of your stuffed animal (but don't use special characters)
    • After that press Save & Apply

  13. Network > Interfaces

  14. Remember the WAN Interface

    • Look for the interface with the name WAN (or WAN6)
    • Remember the name of the interface. Quite often it is eth0, eth1 or eth0.1
    • in the picture it is eth1

  15. Wired Auth > 802.1X

  16. 802.1X configuration

    • Interface is the name of the WAN interface from the "Remember the WAN Interface" section (e.g. eth1)
    • EAP-Method is TTLS
    • Authentication is PAP
    • If CA-Certificate is not used you should never use the router anywhere else, otherwise your login is no longer secret! It's safer if you use this here . (right-click and "Save as...". If you run into problems you can also skip installing the certificate)
    • Identity is your Rommel-username (just like for the website)
    • Password is your Rommel-password (just like for the website)
    • after that press Save & Apply

  17. Network > WiFi

  18. Edit WLAN

  19. WLAN Settings

    • For Transmit Power normal is enough 0 dBm. (the higher the setting, the more you jam your neighbor's network and the more power your device uses).
    • ESSID is the name of the Network (creative names only ;)). Using the name of an already existing network in our dormitory is forbidden
    • Continue with Wireless Security

  20. Wireless Security settings

    • Encryption is WPA2PSK. Using no or other encryption methods will lead to the termination of your internet access and possible legal prosecution!
    • Key is the password you would like for your WLAN (what you have to put in to connect to your router from your e.g. laptop or mobile phone). It must have a length of at least 8 characters and may not be guessed by others. If your password is insecure you might have unbidden guests using your internet access soon!
    • Continue with Advanced Settings (above, marking is missing)

    WLAN networks have to be encrypted using WPA2PSK. Using no or other encryption methods will lead to the termination of your internet access and possible legal prosecution!

    A weak password is no password! You have to ensure that the password of your choosing is secure, otherwise you will face prosecution in case someone abuses your internet access!

  21. Advanced WLAN settings

    • Region is DE - Germany. other wireless settings are illegal to use and will lead to prosecution from the radio authority (Funkaufsichtsbehörde)!
    • Afterwards press Save & Apply

    The WLAN settings have to be compliant with the regulations from the Bundesnetzagentur!

    Eventhough no screenshot is availible it is of utmost importance that the region is set to DE - Germany

  22. Activate WLAN

    • (after Save & Apply) click on Enable

  23. Set router password

    • click on Go to password configuration
    • set a password of your choosing (input twice, will be needed for later configuration of the router)
    • Afterwards click on Save & Apply

  24. Try it out

Something doesn't work?

Before contacting us, try the following:

Questions? Problems? contact us!

Details for Experts (AKA manual guide)

Most of the (cheap) routers don’t support 802.1X Authentification.
Therefor installing OpenWRT, a free OS for routers with support for some linux programs like wpad, is required to utilize 802.1X wired authentification. If you happen to have a router that supports 802.1X by default, you can skip the process.

You don’t necessarily have to use one of our images, you are free to compile your own or use an official image and perform the necessary changes yourself

The reason why we compile images is due to most routers only having about 4MB of flash memory, which certainly does not fit all availible modules.

A few annotations to help configure your image:

Let’s start:

ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=0
fast_reauth=1
network={
  key_mgmt=IEEE8021X
  eap=TTLS
  identity="username"
  password="passwd"
  ca_cert="/etc/config/lets-encrypt-x3-cross-signed.pem"
  phase2="auth=PAP"
  priority=10
}

#!/bin/sh /etc/rc.common

START=10
STOP=15

start() {
        ntpclient -d -s -h ntp0.rommelwood.de
        wpa_supplicant -i "output from previous step" -D wired -c /etc/config/wpa_supplicant.conf -B -dd -t
}

stop() {
        killall wpa_supplicant
}

if you want to build an image yourself you can download the config.seed from our website.

Questions or problems? contact us!