Showing posts with label wifi. Show all posts
Showing posts with label wifi. Show all posts

Wednesday, March 6, 2019

Connect your OSMC Kodi to Wifi with IEEE8021x authentication

I was struggling a bit to connect my Kodi to Wifi which has IEEE8021x authentication. But after some googling, the following worked out fine.


  1. Scan for Wifi networks and find the one you want to connect to
    2. connmanctl scan wifi
connmanctl services
    Output: 
    root@kodi1:~# connmanctl scan wifi
Scan completed for wifi
root@kodi1:~# connmanctl services
*AR Wired                ethernet_b827ebf9x_cable
                         wifi_b827ebacx_hidden_managed_none
    SSID1                wifi_b827ebacx_7a657573_managed_psk
    SSID2 .              wifi_b827ebacx_7a6575735f696f74_managed_psk
                         wifi_b827ebacx_hidden_managed_psk
    SSID3                wifi_b827ebacx_54656c656e6574576946726565_managed_ieee8021x
    ...
  2. Get the detailed information needed to connect to the Wifi network
    3. connmanctl services wifi_xxx_managed_ieee8021x
  3. Enter the following in your shell
    4. cat > /var/lib/connman/peap-mschapv2.config <<EOF
[global]
Name = <ssid>
Description = <description of network>
[service_peap]
Type = wifi
Name = <ssid>
EAP = peap
Phase2 = MSCHAPV2
Identity = <login>
Passphrase = <passphrase>
EOF

  4. Now connman should pick this up automatically. Please be aware that the file needs to end with .config and be placed in /var/lib/connman!
  5. Run the services command again, and notice that there will be an asterix next to the wifi network, if it has been found and the config file has been processed correctly. (as said: Immutable, AutoConnect and Favorite are set to true)
    6. Output: 
    root@kodi1:~# connmanctl services
*AO SSID3                wifi_b827ebacx_54656c656e6574576946726565_managed_ieee8021x
*AR Wired                ethernet_b827ebf9x_cable
                         wifi_b827ebacx_hidden_managed_none
    SSID1                wifi_b827ebacx_7a657573_managed_psk
    SSID2 .              wifi_b827ebacx_7a6575735f696f74_managed_psk
                         wifi_b827ebacx_hidden_managed_psk
    ...

  6. Connect to the Wifi network

    7. connmanctl connect wifi_xxx_managed_ieee8021x
Posted at No comments:
Labels: , , , ,

Thursday, March 23, 2017

Ubiquiti UniFi access point radio tweaking and performance tuning

Trying to tweak the radio setup of my Ubiquiti UniFi access points, I started reading a bit more about how to set the different frequencies. Below is a summary of my reading and a few do's and don'ts.

Do:

  • Do start off with default settings of your access points, install iPerf and baseline your initial Wifi speed results
  • Download a Wifi analyzer for your smartphone and walk around your house to see which channels are occupied where. Perform a site survey.
  • Do regular performance checks if you update settings and compare against the default ones
  • Do alternate between different channels in your house for the same Wifi network (e.g. floor 0 on 1, floor 1 on 6 and floor 2 on 11)
  • Do stick with the standard 2.4 GHz channels (1, 6 and 11) and set the channel width to 20 Mhz only
  • Do stick with the standard 5 GHz channels (36, 40 and 44) and set the channel width to 40 or 80 Mhz
  • Do set the Tx power manually, but not too high, as you may be your own source of interference
  • Do consider if you need 2.4 GHz for "speed intensive" devices as 2.4 GHz networks can be interefering with each other in high-density areas. I have a 2.4 GHz Wifi network for "non-speed intensive" devices and a 5 GHz Wifi network for "speed intensive" ones. Both have a different SSID, which allows separate VLAN tagging and will never end up in the situation where you're "stuck" on a 2.4 GHz network, while you need higher speeds.
  • Do know that Bluetooth, cordless phone and microwaves also operate on the 2.4 GHz band and can thus cause interference


Don't:

  • Don't expect speeds of Wifi to match speeds of wired connections
  • Don't set the Tx power to high and expect better performance of your Wifi network if there's no reason to, as it can also work against you
  • Don't randomly set the 2.4 or 5 GHz channels and channel width
  • Don't use DFS (Dynamic Frequency Selection) for 5 GHz as this may interupt channel communication when interference with radar signals are detected
  • Don't count on the fact that band-steering will work for all of your devices
  • Don't enable the Guest feature on your UniFi, as it will limit speeds. You're better off creating a separate network and SSID for this


What I did change:

  • Sticked with one WLAN group (can be Default one)
  • Go to devices, click on each AP listed. Under Configuration > WLANs: Create 2 SSIDs with different names in this WLAN group, one on 2.4 GHz with one name and another name for the 5 GHz one.
  • Under Configuration > Radios: Set the channel width for 2.4 GHz onto HT20 and for 5 GHz onto VHT40 or VHT80 for each access point. Choose different channels for each AP, or alternate the ones furthest away from each other.


The wireless network modes for a Linksys Dual-Band router will vary depending on the frequency band(s) you choose to enable. In the 2.4 GHz frequency, the Wifi signal range is divided into channels each at 5 MHz interval. Adjacent channels overlap and will interfere with each other at 20 MHz block. Setting the channel width to 40 MHz network will allow you to use 2/3 of the entire Wifi band. Thus having a higher chance of overlapping and interfering with other wireless networks. Meanwhile, if you set the channel width to 20 MHz, the network will only overlap with the two channels before and after that frequency.
You won't get better speed by doing that change. You may get better signal, but there's a downside to it. Essentially, you will have a higher chance to have collisions with other wireless networks around you. This is because each of these automatically uses +/- 2 channels to the left and the right for HT20, and because neighbour APs can coordinate the spectrum use with your APs. So by selecting ch 1 you instruct your AP to operate on ch 2 and 3 as well, by selecting 6 you tell the AP to transmit and receive on channels 4 to 8, etc.
Dual-band routers essentially give you two access points with each having their own bandwidth in them. Usually one AP will be in the 2.4 GHz range and the other will be in the 5 GHz range. Within each spectrum, there are several Wifi modes that you can enable. The fastest will be Wireless N, with speeds of 300 Mbps. However, that 300 Mbps is shared between all devices connected to that AP.
For example, if you have 5 devices in the 5 GHz AP and one is using up 200 Mbps, then the other 4 devices on the 5 GHz AP will have 100 Mbps to work with. - Source: Linksys

It is important to note that 2.4 GHz and 5 GHz have different characteristics that must be taken into account when deploying dual-band APs (2.4 GHz and 5 GHz capable) access points. The 2.4 GHz signal can travel further and has better penetration capabilities than 5 GHz. Thus the radius of a coverage cell on 2.4 GHz is longer than on 5 GHz. This could lead to dead zones in 5 GHz coverage if only 2.4GHz coverage is measured in a site survey, and will likely require different power settings for each radio to equalize coverage cells. - Source: Cisco Meraki

The 802.11 standard defines 23 20MHz wide channels in the 5GHz spectrum. Each channel is spaced 20MHz apart and separated into three Unlicensed National Information Infrastructure (UNII) bands. Wireless devices specified as 802.11a/n/ac are capable of operating within these bands. In the United States, UNII-1 (5.150 to 5.250 GHz) containing channels 36, 40, 44, and 48 and UNII-3 (5.725-5.825) containing channels 149, 153, 157, 161 are permitted. UNII-2 (5.250-5.350 GHz and 5.470-5.725GHz) which contains channels 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, and 140 are permitted in the United States, but shared with radar systems. Therefore, APs operating on UNII-2 channels are required to use Dynamic Frequency Selection (DFS) to avoid interfering with radar signals. If an AP detects a radar signal, it must immediately stop using that channel and randomly pick a new channel. In the United States, even without the use of the UNII-2 band, 5GHz is well suited for high density deployments due to its greater number of non-overlaping channels. Below is a diagram showing the U.S. 5GHz channel plan. - Source: Cisco Meraki

Is your location close to an area that may contain a weather RADAR?  If so, you may want to consider not using some DFS channels (116-132.)  When RADAR is detected in the area, APs will be forced to move to another channel.  This channel may already be in use by a neighboring access point, causing co-channel interference. Source: Extreme Networks

Other useful links:
UBNT
Learntomato

Posted at 1 comment:
Labels: , , , , , , , ,

Tuesday, February 28, 2017

Installing Unifi Controller as a Docker container on Synology


Having Ubiquiti UniFi access points in your house is a great way to serve a meshed Wifi network. With a Synology NAS and DSM6, it's very easy now to run the UniFi Controller in a Docker container. Link to the docker image: https://hub.docker.com/r/jacobalberty/unifi/
These tutorials will greatly help you with that: miketabor.com and kapsi.fi. There's a few tweaks I had to make:
Change the container config and add UDP port 10001:10001
Make sure your firewall rules on your NAS are properly adapted (take the 10001/udp into account as well)

If you have deployed a UniFi Controller on a different system/instance before, make sure that you adopt the device on your new Controller by doing the following steps:
SSH login to your access point (access_point_ip:22) with credentials of the previous controller (e.g. administrator:yoursecretpass)
Now execute the following commands:
#mca-cli
#set-inform synology_nas_ip:8080/inform

Now you should see your device into your new Controller instance and you're good to go!
Posted at No comments:
Labels: , , , , , , , ,

Thursday, February 9, 2017

Looking inside a Wifi smartplug (Maginon/Edimax/STT)



I bought a smart plug from a local retailer which branded it as a Maginon SP1-E. These can also be found on the market as an Edimax SP-1101W. Originally, they are manufactured by ST&T.
For me, these plugs are very useful as they are a cheap solution for socket based electricity sub-metering and I can enable or disable the power remotely, which can be integrated into my domotics or smart home control center.

In a summary, the functions are:
  • Runs embedded Linux
  • Able to switch power
  • Able to access Wifi networks
  • Able to measure V, W, A and kWh
  • Can be controlled by a crappy smartphone app

By default, when plugged in, the plug will power-on, allow power consumption from it for 2-3 seconds, switch the breaker (and no longer allow power consumption) and then require that the user switches the breaker (through a command to the device) again to allow power consumption. This behavior can be seen as 'safe', yet it is a dirty way to trigger the breaker at startup. If the breaker would have been normal open by design, the 2-3 seconds power-on at the start, would not happen. Additionally, if you put this plug onto a freezer e.g., and a power disruption happens, your freezer will not be repowered after power restoration, until the user switches the breaker through a command to the device. Later on, we will tackle this short coming in another blog post.
Maginon has released source code for the plug under the GPLhttp://gpl.supra-elektronik.com/

The mechanics: outside

The front has 2 buttons and 2 LEDs. The main button (largest one) can be used to HW switch the breaker. When pressing the reset button for more than 8 seconds, the plug will go back to the factory settings.
The plug can be opened, using triangle bits.

The mechanics: inside

There are 2 main PCBs inside. The Embedded Linux board (Ralink RT5350F) which is low voltage and the breaker/metering board which runs at 230V.

Below are the images of the Embedded Linux board:


 Patch antenna on the left, wired to the Embedded Linux board


 Ralink Soc (System on Chip) board

Pins on the edges, to plug the board onto the breaker/metering board.

Here are some images of the breaker/metering board:

Look inside from the top
The breaker

Inside the Embedded Linux OS

Login into the plug can be done by telnet to the plug IP on port tcp/23. The default username/password is: admin/admin.

 Checking the cpuinfo
# cat /proc/cpuinfo
system type             : Ralink SoC
processor               : 0
cpu model               : MIPS 24K V4.12
BogoMIPS                : 239.61
wait instruction        : yes
microsecond timers      : yes
tlb_entries             : 32
extra interrupt vector  : yes
hardware watchpoint     : yes
ASEs implemented        : mips16 dsp
VCED exceptions         : not available
VCEI exceptions         : not available
Linux version
# uname -a
Linux (none) 2.6.21 #324 Mon Aug 25 16:53:40 CST 2014 mips unknown
Checking the mount points
# mount   
rootfs on / type rootfs (rw)
proc on /proc type proc (rw)
none on /var type ramfs (rw)
none on /etc type ramfs (rw)
none on /tmp type ramfs (rw)
none on /media type ramfs (rw)
none on /dev/pts type devpts (rw)
Checking the filesystem
# df /
Filesystem           1k-blocks      Used Available Use% Mounted on
rootfs                       0         0         0   0% /
Checking the memory usage
# free   
              total         used         free       shared      buffers
  Mem:        29324         9984        19340            0            0
 Swap:            0            0            0
Total:        29324         9984        19340
The available tools within Busybox
# busybox
BusyBox v1.12.1 (2014-07-31 06:32:52 CEST) multi-call binary
Copyright (C) 1998-2008 Erik Andersen, Rob Landley, Denys Vlasenko
and others. Licensed under GPLv2.
See source distribution for full notice.

Usage: busybox [function] [arguments]...
   or: function [arguments]...

        BusyBox is a multi-call binary that combines many common Unix
        utilities into a single executable.  Most people will create a
        link to busybox for each function they wish to use and BusyBox
        will act like whatever it was invoked as!

Currently defined functions:
        [, [[, ash, brctl, cat, chmod, chpasswd, cp, crond, date, dd, df,
        du, echo, expr, free, grep, halt, ifconfig, init, init, insmod, kill,
        killall, login, ls, lsmod, mkdir, mknod, mount, ping, poweroff, printf,
        ps, pwd, reboot, rm, rmmod, route, sed, sh, sleep, syslogd, telnetd,
        test, tftp, top, touch, tr, udhcpc, udhcpd, umount, uname, uptime,
        vconfig, wc
The following binaries are available and not from Busybox
# cd /bin
# ls -l | grep -v "busybox"
-rwxr-xr-x    1 0        0          148244 iperf
-rwxr-xr-x    1 0        0           22804 ntpclient
-rwxr-xr-x    1 0        0            6208 erase
lrwxrwxrwx    1 0        0              11 nvram_set -> ralink_init
-rwxr-xr-x    1 0        0           36216 iwpriv
-rwxr-xr-x    1 0        0           36508 ralink_init
-rwxr-xr-x    1 0        0           79072 rt2860apd
-rwxr-xr-x    1 0        0            9032 gpio
-rwxr-xr-x    1 0        0            9928 flash
-rwxr-xr-x    1 0        0            6864 reg
-rwxr-xr-x    1 0        0          173476 miniupnpd
lrwxrwxrwx    1 0        0              11 nvram_get -> ralink_init
-rwxr-xr-x    1 0        0            9920 ated
-rwxr-xr-x    1 0        0            6536 nvram_daemon
-rwxr-xr-x    1 0        0           33992 mkfs.jffs2
-rwxr-xr-x    1 0        0          345156 goahead
-rwxrwxrwx    1 0        0          381421 RDTServer
lrwxrwxrwx    1 0        0               9 rtinicapd -> rt2860apd
-rwxrwxrwx    1 0        0           37798 setUID
-rwxr-xr-x    1 0        0          170687 GpioForCrond
-rwxrwxrwx    1 0        0           37901 writeflash
-rwxr-xr-x    1 0        0           88976 iptables
-rwxr-xr-x    1 0        0            5264 mii_mgr
-rwxr-xr-x    1 0        0           83848 GetInfo
-rwxrwxrwx    1 0        0           48789 checksum
-rwxr-xr-x    1 0        0           39975 UartForCrond
-rwxr-xr-x    1 0        0           12744 mtd_write
-rwxr-xr-x    1 0        0           74124 lld2d
-rwxr-xr-x    1 0        0           16236 switch
-rwxrwxrwx    1 0        0           37798 getUID
-rwxr-xr-x    1 0        0            6164 eraseall
The below command will enable the power consumption on the plug.
# /bin/GpioForCrond 1
gpio_set_dir: gpio=2, dir=0
gpio_set_dir: gpio=1, dir=1
InitGpio() success, fd = 3
Get GPIO1 = [01]
The below command will disable the power consumption on the plug.
# /bin/GpioForCrond 0
gpio_set_dir: gpio=2, dir=0
gpio_set_dir: gpio=1, dir=1
InitGpio() success, fd = 3
Get GPIO1 = [00]
Several interfaces are available for connecting. The apcli0 is the WAN interface where the plug acts as a client for. In this case, this is connected to the home Wifi network in the network range 192.168.0.0/24. The br0 is the "server" interface where the plug can give IP leases to other clients (e.g. your laptop), which are accessing the plug's Wifi network. This Wifi network has a SSID which is always named as "Smartplug_XXXXXX" where XXXXXX is the last 6 chars of the plug's br0 MAC address, in this case 11A408.
# ifconfig
apcli0    Link encap:Ethernet  HWaddr 00:08:ED:11:A4:09
          inet addr:192.168.0.235  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

br0       Link encap:Ethernet  HWaddr 00:08:ED:11:A4:08
          inet addr:10.10.10.254  Bcast:10.10.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:1512 (1.4 KiB)

eth2      Link encap:Ethernet  HWaddr 00:0C:43:30:50:77
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5345 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:548821 (535.9 KiB)
          Interrupt:3

eth2.1    Link encap:Ethernet  HWaddr 00:0C:43:30:50:77
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth2.2    Link encap:Ethernet  HWaddr 00:0C:43:30:50:66
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1588 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1588 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:191850 (187.3 KiB)  TX bytes:191850 (187.3 KiB)

ra0       Link encap:Ethernet  HWaddr 00:08:ED:11:A4:08
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:70094428 errors:203 dropped:0 overruns:0 frame:0
          TX packets:923762 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3887818972 (3.6 GiB)  TX bytes:88933398 (84.8 MiB)
          Interrupt:4

Posted at 5 comments:
Labels: , , , , , , , , , , , ,
Subscribe to: Posts (Atom)