A5-V11 is cheap Chinese OEM router. Is is sold about 7 USD on eBay or AliExpress. You can read more about it on OpenWrt wiki page.

Specificatons:

• Factory firmware: openwrt-ramips-rt305x-a5-v11-squashfs-factory.bin
• Sysupgrade: openwrt-ramips-rt305x-a5-v11-squashfs-sysupgrade.bin

TODO

After firmware image is successfully uploaded, you can connect to router and do configuration steps. OpenWrt has default IP address 192.168.1.1 and netmask 255.255.255.0.

Connect the router and your computer into same network and configure your IP address:

# ip addr add 192.168.1.2/24 dev eth0

Make sure than no other device in the network has same IP address 192.168.1.1 too. If you put A5-V11 into your actual network which uses same IP range, it is very probable that this address is already taken. Most likely by your gateway router.

When you are connecting to the router first time, root user has no password. For that reason you can't login to the route over SSH.

When root has no password assigned, router accepts telnet connections with no authentication. It is primary used for configuring root password. After password is configured, telnet daemon will be stopped and disabled entirely.

Connect to the router by following command:

$ telnet 192.168.1.1

After you get shell, configure root password:

root@OpenWrt:/# passwd
Changing password for root
New password: 
Retype password: 
Password for root changed by root

And that's it. Now you can close telnet connection:

root@OpenWrt:/# exit
Connection closed by foreign host.

When password is configured, you can login over SSH:

$ ssh root@192.168.1.1

Most of the configuration is done using UCI. Unfortunately, OpenWrt UCI config generator scrip can't handle CA authentication for mosquitto bridges. For that reason, mosquitto have to be configured directly in /etc/mosquitto directory.

LAN setting is stored in /etc/config/network

/etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fda1:a709:4c28::/48'

config interface 'lan'
	option ifname 'eth0.1'
	option force_link '1'
	option type 'bridge'
	option proto 'static'
	option ipaddr <broker IP address>
	option netmask <network mask>
	option ip6assign '60'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 6t'

config 'route'
        option 'interface' 'lan'
        option 'target'    '0.0.0.0'
        option 'netmask'   '0.0.0.0'
        option 'gateway'   <address of your gateway>
        option 'metric'    '100'

Adjust following options based on your needs:

• at config interface lan section:
  • ipaddr - IP address of your broker in the network.
  • netmask - Network mask.
• at config route section:
  • gateway - IP address of default gateway.

DHCP have to be configured to resolve central broker hostname to IP address. This is necessary for establishing SSL connection.

Add following line to /etc/hosts:

/etc/hosts

<IP address> central-broker

Substitute <IP address> with actual public IP address o your central broker.

To properly configure mosquitto, you have to create configuration file and provide CA and cert files.

At first, create mosquitto configuration directory tree:

root@OpenWrt:~# mkdir -p /etc/mosquitto/ca_certificates /etc/mosquitto/certs

Create configuration file /etc/mosquitto/mosquitto.conf

/etc/mosquitto/mosquitto.conf

# listen port
listener 1883

# bridge configuration
connection central-broker
address central-broker:1883
clientid <bridge ID>
topic # both 0 "" <bridge topic>
bridge_cafile /etc/mosquitto/ca_certificates/ca.crt
bridge_certfile <cert file>
bridge_keyfile <keyfile>

# authentication
username <username>
password <password>

Configuration file defines several options. These option can be explained more in detail:

• connection - Bridge connection name and start of bridge section. It can be any string.
• address - Central broker hostname and port. This hostname must be configured in /etc/hosts or operating system must be able to resolve it using DNS.

Following configuration options must be adjusted based on your needs:

• clientid - Bridge client ID for central broker. This should be unique string across all other local brokers. For example: bridge-my-house.
• topic - Specify prepended MQTT topic. It must ends with /. For example: my-house/.
• bridge_certfile - Absolute path to your *.crt file. For example: /etc/mosquitto/certs/my-house.crt
• bridge_keyfile - Absolute path to your *.key file. For example: /etc/mosquitto/certs/my-house.key
• username - Bridge username.
• password - Bridge password.

Last thing what needs to be done is provide CA and cert files. You can fin instruction how to generate them on certificates page.

Copy following files to your broker using SCP:

• Copy CA ca.crt into /etc/mosquitto/ca_certificates directory.
• Copy *.crt and *.key files into /etc/mosquitto/certs directory.

Make sure that mosquitto can read all necessary file:

root@OpenWrt:~# chmod -R +r /etc/mosquitto