Router
Router at the Network Socket
Overview
The more WiFi networks there are at the dormitory, the worse the quality of each network gets. Think twice, if you you really need your own WiFi Network.
- If you only want to connect several PCs to the network an don’t really need an own WiFi, you can use a Switch(Not a Nintendo Switch of Course).
- If you have a PC with LAN and WiFi, you can often activate an Hotspot for your devices (e.g. for Windows (German)). (Only works as long as your PC is connected to our network. Unfortunately this method is not allowed on all operating systems for incomprehensible reasons. If that doesn’t work, you will get error messages saying that we wouldn’t allow it.)
- At some places in the dormitory, there is an
rommelwood-WiFi, which you can use. We’d like to provide the entire dormitory with this WiFi network, but we currently get faced with political/organisatorial problems. In order to help us, please contact the Studentenwerk or RRZE and tell them why you need WiFi. - If you have a Laptop without a LAN-Port but with an USB-Port, you can use an USB-Network-Adapter.
- If you really need your own WiFi(for Handy or Gaming Console), you will need a Router that supports 802.1X authentication at the WAN-Port. Mostly very expensive or router that are supported by OpenWrt (currently e. g. TP-Link WR940N and WR940ND Version 3). Attention! The newest TP-Link TL-WR841N is not (yet) supported in the latest Version 14!
- We can’t configre the router for every resident in this dormitory. We do our best! Please forgive us, if we can’t manage to help you.
Have questions or problems? Contact us!
If you have experience with configuring OpenWRTand/or have already a router with one of these Operation Systems, you can try the manual tutorial at the bottom of the page.
Router with OpenWRT
Caution
- First read everything and after that proceed.
- Under special circumstations you can render your Router useless, than only someone with knowledge can repair it.
- The operation system of your Router will be replaced.
- At the moment we are building a new infrastructure, where there is no need for authentication. However, this is still in the works and will need some more time. Please be patient.
You need a router that is supported by OpenWRT. These are mainly from TP-Link. But also other vendors like D-Link, Netgear etc. may be supported. A list can be found at https://wiki.openwrt.org/toh/start. (There are also not fully supported routers listed). At least one number should appear under “Supported Current Release”. Also check the router’s page. There you will also find which firmware fits your router and how to flash it with OpenWRT. See also the instructions below (For Tl-wr841n v13 use this link for now: https://rommelwood.de/media/uploads/openwrt/2018-05-31/).
If you have a supported router, you will be able to use the compiled imgages made by us. They should include everything you need. DO NOT download the images from OpenWRT instead use ours.
Normal way of setting up a clean TP-Link Router
### When you have installed OpenWRT, [continue here](#configure_openwrt).Attnetion! Before you start, inform yourself very good! Read the text above and the OpenWRT Wiki for your modell.
If you don't know what to do, ask us. But it would be nice if you try it yourself.
-
Download the OpenWRT Image for your router here
- Find the modellnumber of your router out. Help you can find here.
- The filenames are to understand like this:
[openwrt/lede]-[Chipset]-generic/tiny-[Router Modell]-v[Revision]-[Filesystem]-[factory / sysupgrade].bin - Filesystem is always
squashfs - Chipset is most of the time
ar71xx factoryneed we, to flash the original TP-Link Software to OpenWRT,sysupgradeonly functions for updates from OpenWRT to OpenWRT- Check twice, that the download was complete and correct. To check this, there are checksums for you.
- Find the modellnumber of your router out. Help you can find here.
-
Connect the Router
- Plug the Router power adapter in and check, that there is no loose connection and the power supply is stable
- If there Routerhas more than 2 LAN-Ports, plug the LAN-Cable in the WAN-Port(most of the time coloured blue) in the network socket in your room.
- Connect your PC/Laptop if possible by LAN (if not possible by WiFi) with the router (if available, to the LAN-Port of the router (most of the time yellow)).
- Power your router on
- You should get per
DHCPan IP adress. Most of the time192.168.0.x - (For example you can find it with
CMD, when you type inipconfig.) - The IP adress of your router will be
192.168.0.1
-
In your Browser open the Webinterface of your router
- Most of the time your just need to type in
http://192.168.0.1/orhttp://192.168.1.1/(depending on your router IP adress). - If that doesn't work you can try
http://tplinkwifi.net/
- Most of the time your just need to type in
-
Log in
- Mostly the standard login data is
adminandadmin. - If not, look on the bottom of your router or in the internet
- Mostly the standard login data is
-
Load the OpenWRT-Image form step 1 as update up
System Tools > Firmware Upgradeand than onBrowse.- Search the file from step 1 on your Computer an upload it
You should be now 100% sure that this is the right image for your router and that the download was correct and complete. Otherwise something could get destroyed.
Sometime you will need to change the name of the imagefile. Than there would be an error message. If this happens, look in the OpenWRT-Wiki.
-
Flash the image
- Click on
Upgrade.
Now the power supply mustn't be cut, or something may get destroyed!
- Click on
-
Keep calm and keep waiting
- Press now
OK.
Now the power supply mustn't be cut, or something may get destroyed!
If the network connection is cut, than it isn't a problem
- Press now
-
Wait till the process is finished
Now the power supply mustn't be cut, or something may get destroyed!
If the network connection is cut, than it isn't a problem
-
After a reboot, OpenWRT should be installed
- Normally now, at the beginning, there is only LAN btw. PC and router possible. (If necessary unplug the WAN-Port)
- OpenWRT most of the time uses different IP adresses:
- It will take a moment, till your PC will be reconnected.
- You should get now per
DHCPan IP adress. Mostly192.168.1.x - You can find it with
CMD, when you type inipconfig. - The router IP adress will be than
192.168.1.1 - Short said: Type now
http://192.168.1.1/in your browser - If no Webinterface loads, it may be possible, that it is missing in the image. You can try to connect by
SSHorTelnetwith the router andlucito install Luci afterwards (peropkg install luci). Information on the OpenWRT Wiki an in the internet.
-
Log in
- The standard login credentials are
rootandroot.
- The standard login credentials are
-
Configure Settings
System > System
-
General settings and time
- After a click on
Sync with Browserthe time should be somewhat accurate (it is important that the date is correct) - register some
NTP Servers. The following should work: ntp0.rommelwood.deNew and important!- use the default server. e.g.
2.openwrt.pool.ntp.org(or 0-3) ntp2.fau.de(or ntp0-ntp3)Timezone: HereEurope/Berlinis correct, eventhough some people prefer to live on american time ;)Hostnameis optional: e.g. your rommel-username, your WLAN-name or the name of your stuffed animal (but don't use special characters)- After that press
Save & Apply
- After a click on
-
Network > Interfaces
-
Remember the WAN Interface
- Look for the interface with the name
WAN(or WAN6) - Remember the name of the interface. Quite often it is
eth0,eth1oreth0.1 - in the picture it is
eth1
- Look for the interface with the name
-
Wired Auth > 802.1X
-
802.1X configuration
Interfaceis the name of theWANinterface from the "Remember the WAN Interface" section (e.g.eth1)EAP-MethodisTTLSAuthenticationisPAP- If
CA-Certificateis not used you should never use the router anywhere else, otherwise your login is no longer secret! It's safer if you use this here . (right-click and "Save as...". If you run into problems you can also skip installing the certificate) Identityis your Rommel-username (just like for the website)Passwordis your Rommel-password (just like for the website)- after that press
Save & Apply
-
Network > WiFi
-
EditWLAN
-
WLAN Settings
- For
Transmit Powernormal is enough0 dBm. (the higher the setting, the more you jam your neighbor's network and the more power your device uses). ESSIDis the name of the Network (creative names only ;)). Using the name of an already existing network in our dormitory is forbidden- Continue with
Wireless Security
- For
-
Wireless Security settings
EncryptionisWPA2PSK. Using no or other encryption methods will lead to the termination of your internet access and possible legal prosecution!Keyis the password you would like for your WLAN (what you have to put in to connect to your router from your e.g. laptop or mobile phone). It must have a length of at least 8 characters and may not be guessed by others. If your password is insecure you might have unbidden guests using your internet access soon!- Continue with
Advanced Settings(above, marking is missing)
WLAN networks have to be encrypted using WPA2PSK. Using no or other encryption methods will lead to the termination of your internet access and possible legal prosecution!
A weak password is no password! You have to ensure that the password of your choosing is secure, otherwise you will face prosecution in case someone abuses your internet access!
-
Advanced WLAN settings
RegionisDE - Germany. other wireless settings are illegal to use and will lead to prosecution from the radio authority (Funkaufsichtsbehörde)!- Afterwards press
Save & Apply
The WLAN settings have to be compliant with the regulations from the Bundesnetzagentur!
Eventhough no screenshot is availible it is of utmost importance that the region is set to
DE - Germany -
Activate WLAN
- (after
Save & Apply) click onEnable
- (after
-
Set router password
- click on
Go to password configuration - set a password of your choosing (input twice, will be needed for later configuration of the router)
- Afterwards click on
Save & Apply
- click on
-
Reboot the Router
- Menubar -> System -> Reboot(Click) -> Perform Reboot
- Wait until Router has rebooted
- About one to two minutes afterwards you should be successfully connected to the internet. Test your connection by following the advices from the next chapter.
-
Try it out
- now you can connect your devices to your router
- Search for the WLAN name that you put in as ESSID. The password is the WPA2PSK Key
- Visit sites like:
- If everything works you've earned yourself a medal! Perhaps you would like to join our network-team? ;)
Something doesn't work?
Before contacting us, try the following:
- Most problems arise because the routers local time is misconfigured. Make sure that everything is set up as detailed in the step “General settings and time”. Connect the router to your network outlet and restart it. After restarting make sure that the time under Status > System > Local Time is correct.
- Make sure that you used the correct login credentials under”802.1X Config”. Test your crendentials by trying to login with them on our homepage.
- It might take a long time for the router to authenticate itself. Let the router run for at least 2 hours
- If your router has worked but doesn’t work anymore refollow the installation guide.
Questions? Problems? contact us!
Details for Experts (AKA manual guide)
Most of the (cheap) routers don’t support 802.1X Authentification.
Therefor installing OpenWRT, a free OS for routers with support for some linux programs like wpad, is required to utilize 802.1X wired authentification. If you happen to have a router that supports 802.1X by default, you can skip the process.
You don’t necessarily have to use one of our images, you are free to compile your own or use an official image and perform the necessary changes yourself
The reason why we compile images is due to most routers only having about 4MB of flash memory, which certainly does not fit all availible modules.
A few annotations to help configure your image:
- the firmware has to be based off of 2.6, otherwise 802.1X will not work
- you have to activate DHCP (already default setting)
- you do not need the web interface called LuCi, you can use ssh/telnet for the following commands
Let’s start:
opkg remove wpad-miniopkg install wpador download the package manually at https://downloads.openwrt.org/releases/ (Version,packagesand choose architecture), copy to the router via scp to/tmp/and install withopkg install /tmp/wpad...opkg install ntpclientor … (see previous step)
alternatively any other program for time synchronisation, as the time is needed to verify the TLS-certificate- paste the following to
/etc/config/wpa_supplicant.conf:
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=0
fast_reauth=1
network={
key_mgmt=IEEE8021X
eap=TTLS
identity="username"
password="passwd"
ca_cert="/etc/config/lets-encrypt-x3-cross-signed.pem"
phase2="auth=PAP"
priority=10
}
- download
lets-encrypt-x3-cross-signed.pemfrom https://letsencrypt.org/certificates/ and copy to/etc/config/lets-encrypt-x3-cross-signed.pem - run
uci get network.wan.ifnameand paste the output to the location mentioned in the next step - paste the following to
/etc/init.d/rommelinternet(init-script):
#!/bin/sh /etc/rc.common
START=10
STOP=15
start() {
ntpclient -d -s -h ntp0.rommelwood.de
wpa_supplicant -i "output from previous step" -D wired -c /etc/config/wpa_supplicant.conf -B -dd -t
}
stop() {
killall wpa_supplicant
}
chmod +x /etc/init.d/rommelinternet- start WPA supplicant:
/etc/init.d/rommelinternet start - run on system startup:
/etc/init.d/rommelinternet enable - restart WAN Interface, so that the router authenticates itself and gets a new ip:
ifdown wanandifup wan - for the authentification part there is a graphical tool for LuCi: Openwrt 8021x gui
- Profit.
if you want to build an image yourself you can download the config.seed from our website.
Questions or problems? contact us!