Wednesday, January 24, 2007

FON reminds users to use unmodified software

The German FON blog reminds the users to use only official FON software. They quote point 6.7 of the general conditions.

The German version:

Um eine korrekte Funktion der FON Hotspots zu gewährleisten, müssen die Linuse und Bills ausschließlich offizielle Versionen der FON Software einsetzen.
The English version:
In order to guarantee the correct functioning of the FON Hotspots, the Linuses and Bills shall exclusively use the official versions of the FON Software.

It is interesting that the German version says "müssen" (engl. to have to) and the English version says "shall". I am not a lawyer, but it looks strange to me. Anyone (especially lawyers) knows how to interpret such terms please leave a comment.

The following is fully neutral: Please read the comments and answers of Peter of the blog. Very interesting... Sorry, but this is in German. But the non-German readers can try Google translate. (Bear in mind that the quoted part of the condition is also translated from the German version.)

Furthermore the German FON blog is moderated, this means submitted comments need further approval. Stefan offered them information about a security flaw with the firewall rules when using multiple IP subnets. His comment is still not published yet...

Saturday, January 13, 2007

Codename Kolofonium release date

Hey guys, Stefan and me won't release the hack for the new 0.7.1-2 version until the first La Foneras with a flashed 0.7.1-2 firmware will be shipped. Its codename is "kolofonium" and it is easy as using the La Fonera's web interface (this time with your standard browser!).

We won't release it earlier, because you can reset the La Foneras to its flashed firmware and use one the known hacks. Freddy described several ways to do it here.

Please leave a comment when you get your first 0.7.1-2 flashed La Fonera.

Monday, January 08, 2007

We did it again!

After a few days of searching and trying, we found yet another way to open the SSH port of a La Fonera. It works with all firware versions (also the new 0.7.1-2). Stay tuned!

Wednesday, January 03, 2007

Fonera Autoupdate version 0.7.1 rev 2

My La Fonera just wants a new autoupdate. The extracted .fon is available here (thanks to Stefan).

It updates the webinterface, the validate.awk (checks correct input of the webinterface) and haserl (CGI wrapper for shell scripts).

We will investigate if they fixed webinterface.

Update: We tried a lot, but still with no luck. It looks like, the FON developers did a good job (this time). But we didn't give up yet...

Tuesday, January 02, 2007

Chillispot for OpenWrt for FON

FON patched chillispot a little bit. E.g. the 001-endian_fix.patch fixes the dhcp server of chillispot. This one and 100-fon.patch works fine with chillispot 1.1, but the others need further attention. I am not a C programmer. Maybe someone could help.

Anyway you can use the chillispot of the FON sources. It is version 1.0. It also installs chilli_radconfig. You can generate the long string - describe in the previous post. Thanks Anton for the comment. He says, that you can just use uamserver https://login.fon.com/cp/index.php in the chilli.conf. Anyway, I generated the string with chilli_radconfig. Maybe the string is needed for the first time registration of a La Fonera. This would support the assumption. But this is all speculations.

I tried to use it but with no success yet. The chilli.conf looks like that:

radiusserver1 radius01.fon.com
radiusserver2 radius02.fon.com
radiussecret garrafon
# MAC address of wlan device (wifi0)
radiusnasid XX:XX:XX:XX:XX:XX

# IP of the OpenFonera
dns1 192.168.1.223
dns2 192.168.1.223

# interface of the FON_AP
dhcpif ath0

uamsecret garrafon
uamanydns
uamallowed www.martinvarsavsky.net,www.google.com,www.flickr.com,static.flickr.com,video.google.com,216.239.51.0/24,66.249.81.0/24
uamallowed www.fon.com,www.paypal.com,www.paypalobjects.com,www.skype.com,66.249.93.0/24,72.14.207.0/24,72.14.209.0/24,84.96.67.0/24,213.91.9.0/24,80.118.99.0/24
uamallowed shop.fon.co.kr,secure.nuguya.com,inilite.inicis.com,fon-en.custhelp.com,maps.fon.com,c20.statcounter.com
uamserver https://login.fon.com/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/cp/index.php

When I start it with chilli -d -f -c /etc/chilli.conf and connecting a peer to the FON_AP the output is:
chillispot[675]: chilli.c: 3090: New DHCP request from MAC=XX-XX-XX-XX-XX-XX
New DHCP connection established
DHCP requested IP address
chillispot[675]: ippool.c: 436: No more IP addresses available
chillispot[675]: chilli.c: 3045: Failed allocate dynamic IP address
DHCP requested IP address
chillispot[675]: chilli.c: 3051: Client MAC=XX-XX-XX-XX-XX-XX assigned IP 192.168.182.2

When I try to open a webpage, chillispot reports several times:
cb_dhcp_data_ind. Packet received. DHCP authstate: 5
cb_tun_ind. Packet received: Forwarding to link layer

But it won't open a webpage. The redirection doesn't work. I think the problem is my iptables configuration. Anyone who knows how to set up iptables proper for chillispot please leave a comment.

Chillispot configuration for OpenWRT for FON

As you know in the last days I flashed a La Fonera with OpenWRT (Kamikaze). Currently I am working on a proper configuration for chillispot, to make it possible to add FON support (FON AP) to every device running OpenWRT.

Configuration is simple, but the problem is, that the /etc/chilli.conf of an original La Fonera contains a line like:

uamserver https://login.fon.com/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX/cp/index.php

The XXX... is a string of numbers and letters. This string is created by /usr/sbin/chilli_radconfig. Stefan told me that chilli_radconfig fetches the configuration file somehow from FON. One of the parameters for it is the MAC address of the WIFI device.

I'll keep you up to date on any progress.