User Tools

Site Tools


brokers:a5_v11

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
brokers:a5_v11 [2016/05/05 12:31]
buben old revision restored (2016/04/30 23:41)
brokers:a5_v11 [2016/05/09 10:24] (current)
Line 1: Line 1:
 +====== A5-V11 Local broker ======
  
 +A5-V11 is cheap Chinese OEM router. Is is sold about 7 USD on eBay or AliExpress. You can read more about it on [[https://​wiki.openwrt.org/​toh/​unbranded/​a5-v11|OpenWrt wiki page]].
 +
 +**Specificatons:​**
 +^ SoC                    | MediaTek/​Ralink RT5350F ​       |
 +^ CPU                    | Ralink RT5350 MIPS 24KEc V4.12 |
 +^ Frequency ​             | 360 MHz                        |
 +^ Cores                  | Single core                    |
 +^ RAM                    | 32 MiB                         |
 +^ Storage ​               | 4 MiB Flash                    |
 +^ USB ports              | 1x USB 2.0                     |
 +^ Real-time clock        | No                             |
 +^ Powering ​              | Micro USB                      |
 +
 +===== Pre-build images =====
 +
 +  * **Factory firmware:** {{:​brokers:​openwrt-ramips-rt305x-a5-v11-squashfs-factory.bin|}}
 +  * **Sysupgrade:​** {{:​brokers:​openwrt-ramips-rt305x-a5-v11-squashfs-sysupgrade.bin|}}
 +
 +===== Upload firmware =====
 +
 +**TODO**
 +
 +===== Configuration =====
 +After firmware image is successfully uploaded, you can connect to router and do configuration steps. OpenWrt has default IP address ''​192.168.1.1''​ and netmask ''​255.255.255.0''​.
 +
 +Connect the router and your computer into same network and configure your IP address:
 +
 +<​code>​
 +# ip addr add 192.168.1.2/​24 dev eth0
 +</​code>​
 +
 +Make sure than no other device in the network has same IP address ''​192.168.1.1''​ too. If you put A5-V11 into your actual network which uses same IP range, it is very probable that this address is already taken. Most likely by your gateway router.
 +
 +==== First connection ====
 +
 +When you are connecting to the router first time, ''​root''​ user has no password. For that reason you can't login to the route over [[https://​en.wikipedia.org/​wiki/​Secure_Shell|SSH]].
 +
 +When root has no password assigned, router accepts telnet connections with no authentication. It is primary used for configuring ''​root''​ password. After password is configured, telnet daemon will be stopped and disabled entirely.
 +
 +Connect to the router by following command:
 +
 +<​code>​
 +$ telnet 192.168.1.1
 +</​code>​
 +
 +After you get shell, configure root password:
 +
 +<​code>​
 +root@OpenWrt:/#​ passwd
 +Changing password for root
 +New password: ​
 +Retype password: ​
 +Password for root changed by root
 +</​code>​
 +
 +And that's it. Now you can close telnet connection:
 +
 +<​code>​
 +root@OpenWrt:/#​ exit
 +Connection closed by foreign host.
 +</​code>​
 +
 +When password is configured, you can login over SSH:
 +
 +<​code>​
 +$ ssh root@192.168.1.1
 +</​code>​
 +
 +===== Making configuration changes =====
 +Most of the configuration is done using [[https://​wiki.openwrt.org/​doc/​uci|UCI]]. Unfortunately,​ OpenWrt UCI config generator scrip can't handle CA authentication for mosquitto bridges. For that reason, mosquitto have to be configured directly in ''/​etc/​mosquitto''​ directory.
 +
 +==== LAN settings ====
 +LAN setting is stored in ''/​etc/​config/​network''​
 +<code - /​etc/​config/​network>​
 +config interface '​loopback'​
 + option ifname '​lo'​
 + option proto '​static'​
 + option ipaddr '​127.0.0.1'​
 + option netmask '​255.0.0.0'​
 +
 +config globals '​globals'​
 + option ula_prefix '​fda1:​a709:​4c28::/​48'​
 +
 +config interface '​lan'​
 + option ifname '​eth0.1'​
 + option force_link '​1'​
 + option type '​bridge'​
 + option proto '​static'​
 + option ipaddr <broker IP address>
 + option netmask <network mask>
 + option ip6assign '​60'​
 +
 +config switch
 + option name '​switch0'​
 + option reset '​1'​
 + option enable_vlan '​1'​
 +
 +config switch_vlan
 + option device '​switch0'​
 + option vlan '​1'​
 + option ports '0 6t'
 +
 +config '​route'​
 +        option '​interface'​ '​lan'​
 +        option '​target' ​   '​0.0.0.0'​
 +        option '​netmask' ​  '​0.0.0.0'​
 +        option '​gateway' ​  <​address of your gateway>
 +        option '​metric' ​   '​100'​
 +</​code>​
 +
 +Adjust following options based on your needs:
 +  * at ''​config interface lan''​ section:
 +    * ''​ipaddr''​ - IP address of your broker in the network.
 +    * ''​netmask''​ - Network mask.
 +  * at ''​config route''​ section:
 +    * ''​gateway''​ - IP address of default gateway.
 +==== DNS settings ====
 +DHCP have to be configured to resolve central broker hostname to IP address. This is necessary for establishing SSL connection.
 +
 +Add following line to ''/​etc/​hosts'':​
 +
 +<code - /​etc/​hosts>​
 +<IP address> central-broker
 +</​code>​
 +
 +Substitute ''<​IP address>''​ with actual public IP address o your central broker.
 +==== moqsuitto settings ====
 +To properly configure mosquitto, you have to create configuration file and provide CA and cert files.
 +
 +At first, create mosquitto configuration directory tree:
 +
 +<​code>​
 +root@OpenWrt:​~#​ mkdir -p /​etc/​mosquitto/​ca_certificates /​etc/​mosquitto/​certs
 +</​code>​
 +
 +=== Configuration file. ===
 +Create configuration file ''/​etc/​mosquitto/​mosquitto.conf''​
 +<code - /​etc/​mosquitto/​mosquitto.conf>​
 +# listen port
 +listener 1883
 +
 +# bridge configuration
 +connection central-broker
 +address central-broker:​1883
 +clientid <bridge ID>
 +topic # both 0 ""​ <bridge topic>
 +bridge_cafile /​etc/​mosquitto/​ca_certificates/​ca.crt
 +bridge_certfile <cert file>
 +bridge_keyfile <​keyfile>​
 +
 +# authentication
 +username <​username>​
 +password <​password>​
 +</​code>​
 +
 +Configuration file defines several options. These option can be explained more in detail:
 +  * ''​connection''​ - Bridge connection name and start of bridge section. It can be any string.
 +  * ''​address''​ - Central broker hostname and port. This hostname must be configured in ''/​etc/​hosts''​ or operating system must be able to resolve it using [[https://​en.wikipedia.org/​wiki/​Domain_Name_System|DNS]].
 +
 +Following configuration options must be adjusted based on your needs:
 +  * ''​clientid''​ - Bridge client ID for central broker. This should be unique string across all other local brokers. For example: ''​bridge-my-house''​.
 +  * ''​topic''​ - Specify prepended MQTT topic. It must ends with ''/''​. For example: ''​my-house/''​.
 +  * ''​bridge_certfile''​ - Absolute path to your ''​*.crt''​ file. For example: ''/​etc/​mosquitto/​certs/​my-house.crt''​
 +  * ''​bridge_keyfile''​ - Absolute path to your ''​*.key''​ file. For example: ''/​etc/​mosquitto/​certs/​my-house.key''​
 +  * ''​username''​ - Bridge username.
 +  * ''​password''​ - Bridge password.
 +
 +=== Certificates ===
 +Last thing what needs to be done is provide CA and cert files. You can fin instruction how to generate them on [[brokers:​certificates|certificates]] page.
 +
 +Copy following files to your broker using [[https://​en.wikipedia.org/​wiki/​Secure_copy|SCP]]:​
 +  * Copy CA ''​ca.crt''​ into ''/​etc/​mosquitto/​ca_certificates''​ directory.
 +  * Copy ''​*.crt''​ and ''​*.key''​ files into ''/​etc/​mosquitto/​certs''​ directory.
 +
 +==== Final tips ====
 +
 +Make sure that mosquitto can read all necessary file:
 +
 +<​code>​
 +root@OpenWrt:​~#​ chmod -R +r /​etc/​mosquitto
 +</​code>​
brokers/a5_v11.txt · Last modified: 2016/05/09 10:24 (external edit)