User Tools

Site Tools


installation:hnet-lede

Installing Homenet on your Router

This set of instructions configures a fresh LEDE installation to run Homenet. They will likely work on a current build of OpenWrt.

There's lots of good info about Homenet elsewhere. See the RFCs & Specifications page.

Overall Strategy

The general strategy is to connect your computer to the router's LAN Ethernet, convert the wireless and WAN interfaces to run Homenet, and test the changes so far. After things are working, configure the LAN Ethernet to Homenet through connect one of the (now Homenet) wireless interfaces.

  1. Install LEDE on your router. See the main LEDE Quick Start page for details. Although these initial steps install the LuCI web GUI, you cannot currently use LuCI to install Homenet.
  2. Connect your computer to the router's LAN Ethernet port. (You might even turn off your computer's Wi-Fi to ensure that you're connected through Ethernet.) This is a critical first-step to prevent you from locking yourself out during the configuration process.
  3. SSH to the router, install the packages required by Homenet, then reboot.
    ssh root@192.168.1.1  
    opkg update  
    opkg install ip tcpdump strace  
    opkg install ipset hnet-full  
    sync  
    reboot  
  4. Before you start changing things: Record some information that will make it easier to continue. SSH to the router again after the reboot.
    • Verify your router's name. Your router's name is displayed in the terminal prompt. If the prompt is root@lede:~# in the terminal, the router's name is lede.
    • Record the IPv6 link local address so you can log in if there are problems. See the steps in Further Notes (below).
    • Consider making a backup unless this is a fresh installation. See Making a backup (below).
  5. Add a new interface for each of the physical devices that should have their own routes. For a default LEDE installation, you will initially create interfaces for the radio(s) and the WAN Ethernet interface. (A subsequent step will configure the LAN Ethernet interface.)
    1. Edit the file /etc/config/network where interfaces are defined.
    2. Create wireless interfaces for each radio (name them W24 and W5 for the 2.4GHz and 5GHz radios, respectively). Set them to hnet (no need to configure ipaddr/netmask options). Add these lines:
      config 'interface' 'W24'
          option 'proto' 'hnet'
              
      config 'interface' 'W5'
          option 'proto' 'hnet'
    3. Remove references to the previous wan and wan6 interfaces. Comment out the lines associated with wan (and wan6, if present) by adding a # at the start of each line.
    4. Create a new interface (named E0) for the WAN port. Add the lines below, where IFNAME is the ifname from the 'wan' section that you just commented out. If E0 is going to connect to another Homenet router, comment out the option 'mode' 'external' line.
      config 'interface' 'E0'
          option 'ifname' 'IFNAME'
          option 'proto'  'hnet'
          option 'mode'   'external'
    5. Since Homenet will create its own ULA, set the ULA to the empty string (). Change:
      config 'globals' 'globals'
          option 'ula_prefix' 'fd12:bf8f:440d::/48'

      … to…

      config 'globals' 'globals'
          option 'ula_prefix' ''
    6. Save the file /etc/config/network.
  6. Change each radio to use one of the new wireless interfaces created above. This associates each physical radio with one of the interfaces defined above.
    1. Edit the /etc/config/wireless file. You will find a wifi-iface section for each of the radios.
    2. Change each radio's network option from lan to one of the newly-created interfaces (W24 or W5). For example, change:
      config 'wifi-iface'
          option 'device'     'radio0'
          option 'network'    'lan'  # CHANGE THIS...
          option 'mode'       'ap'
          option 'ssid'       'LEDE'
          option 'encryption' 'none'

      … to…

      config 'wifi-iface'
          option 'device'     'radio0'
          option 'network'    'W5'  # TO THIS...
          option 'mode'       'ap'
          option 'ssid'       'LEDE'
          option 'encryption' 'none'
    3. Make the same changes for the second radio, if present.
    4. Save the file /etc/config/wireless
  7. Add the new interfaces to the proper firewall zone. Place each of the new wireless interfaces (W24, W5) in the lan zone. If the new WAN interface (E0) will connect to the public Internet, put it in the wan zone, otherwise (if it's an internal router) place it in the lan zone.
    1. Edit /etc/config/firewall and comment out the wan (and wan6) network lines.
    2. Then add the W24, W5, and E0 lines. The updated file will look something like this:
      ...
      config 'zone'
          option 'name'       'lan'
          list   'network'    'lan'
          list   'network'    'W24'  # Add this line
          list   'network'    'W5'   # And this line
          option 'input'      'ACCEPT'
          option 'output'     'ACCEPT'
          option 'forward'    'ACCEPT'
      			
      config zone
          option 'name       'wan'
          list   'network'   'E0'   # Add this line
          # list 'network'   'wan'  # comment out
          # list 'network'   'wan6' # comment out
          ...
    3. Save the file /etc/config/firewall
  8. Verify that the changes work. Reboot your router, and follow the steps below.
    sync
    reboot
    1. Your LAN Ethernet configuration will remain the same, so you should be able to ssh with ssh root@192.168.1.1
    2. You should also check that your router now has a Homenet name. If your router's name (above) was lede, then you should be able to connect with ssh root@lede.home, and use the web GUI at <https://lede.home>
    3. You should still have connectivity to the external Internet through the new E0 interface. Use ping 8.8.8.8 to test.
    4. The Web GUI (<https://192.168.1.1>) should show interfaces for W24, W5, LAN and E0.
  9. Enable one (or both) wireless interfaces and verify they work.
    1. Use the Web GUI to enable one or both Wi-Fi interfaces. Or comment out the option disabled 1 line in /etc/config/wireless for one or both radios.
    2. Your computer should now see the wireless interfaces. By default, they will have the SSID LEDE. Connect to one.
    3. Verify connectivity with ping 8.8.8.8.
    4. If that is successful, disconnect the Ethernet and verify connectivity again.
  10. Finally, configure the LAN Ethernet to Homenet, give it the name E1, and place it in the lan firewall zone. While you're connected via one of the wireless interfaces, remove the final mentions of interface lan, and add interface E1. To do this:
    1. Edit /etc/config/network. Comment out the lan interface, like this:
      # config 'interface' 'lan'
      #    option 'type' 'bridge'
      #    option 'ifname' 'eth0'
      #    option 'proto' 'static'
      #    option 'ipaddr' '192.168.1.1'
      #    option 'netmask' '255.255.255.0'
      #    option 'ip6assign' '60'
    2. Add the E1 interface, where the ifname is the same value as you commented out (above).
      config 'interface'  'E1'
          option 'ifname' 'eth0'
          option 'proto'  'hnet'
    3. Save the file /etc/config/network.
    4. Edit /etc/config/firewall to add interface E1 to the LAN zone. Comment out list network lan and add list network E1. It will look like this:
      config 'zone'
          option 'name'       'lan'
          # list 'network'    'lan'
          list   'network'    'E1'
          list   'network'    'W24'
          list   'network'    'W5'
          ...
    5. Save the file /etc/config/firewall.
  11. Reboot and test your final configuration. (see Step 8 above.) Your LAN Ethernet will no longer be at 192.168.1.1. Connect to the router using its DNS name lede.home Use ssh root@lede.home or <https://lede.home>

Further Steps

  1. These steps need further explanation and checking
    1. Configure NAT-PMP on interfaces that need it. Review and edit /etc/config/upnpd as needed.
    2. Add these rules to /etc/config/firewall (to give end-to-end IPv6 connectivity?)
      config rule
          option target 'ACCEPT'
          option src 'wan'
          option name 'Accept-v6'
          option family 'ipv6'
          option dest 'lan'
          option dest_port '1024-65535'

Additional Notes

  1. Update: None of these tests have been proven on LEDE. They need more testing time.
  2. These steps have been tested with several versions of hardware and software:
    1. Netgear WNDR3800 with LEDE r1139 (28Jul2016) and hnet-full 2016-06-28-606dye9046..e-1
    2. WiTi Router board with LEDE r1141 (28Jul2016) and hnet-full 2016-06-28-606dye9046..e-1 (Not working: trouble when setting LAN interface to hnet)
    3. (still being tested) TP-Link Archer C7 v2 with OpenWrt 15.05.1 (16Mar2016) and hnet-full 2015-07-10-ea2bd2bc2d..9-1
  3. This guide leaves all LAN ethernet ports bridged on the same subnet. It is possible to configure each Ethernet port to have its own VLAN, and make the ports individually routed.
installation/hnet-lede.txt · Last modified: 2016/12/03 17:29 by richb-hanover