WPJ428 + SIMCOM 8202G ===================== We try to build a FOSS 5GNR Router with OpenWRT. Some challenges we have encountered so far: - OpenWRT stable misses a patch to enable our board ethernet port -> we compile from source - The Modem Manager simtech plugin does not declare 5GNR ## Flash OpenWRT from uboot (Configure your computer with a static IP address 192.168.1.2/24 and make sure you have a running tftp server containing your image) First connect your UART cable on the router: ![UART](img/uart.jpg) Launch minicom ``` sudo minicom -D /dev/ttyUSB0 ``` Then boot the router. Press repeatidly `[ENTER]` to get the following prompt: ``` (IPQ40xx) # ``` Then enter the following commands: ``` set ipaddr 192.168.1.1 set serverip 192.168.1.2 ping ${serverip} sf probe tftpboot 0x84000000 openwrt-ipq40xx-generic-compex_wpj428-squashfs-sysupgrade.bin sf erase 0x00180000 +$filesize sf write 0x84000000 0x00180000 $filesize bootipq ``` ## Compile ``` make menuconfig scripts/diffconfig.sh > ../wpj428/config make download make -j $(nproc) ``` To inject a config file: ```bash # Append changes to bottom of .config cat config >> .config # Apply changes make defconfig make download make -j $(nproc) ``` ## Flash OpenWRT from OpenWRT (!) Copy the firmware in router's `/tmp`. Why `/tmp`? Your router has more volatile storage than persistent one, moreover you will overwrite the persistent storage. So, copy the firmware in `/tmp`! Next, we will use the `sysupgrade` command. `-v` is verbose, `-n` ask openwrt to erase configuration files (ie. ask for a factory reset). ``` sysupgrade -v -n /tmp/openwrt-ipq40xx-generic-compex_wpj428-squashfs-sysupgrade.bin ``` ## Get root on MimoAP 1. Download a backup from your router firmware 2. Extract it, edit `/etc/shadow`, replace the hash of the `root` user with the one from the `admin` user 3. Recompress the folder hierarchy 4. Import this new archive as backup in MimoAP 5. Run `ssh root@192.168.1.1` (replace with the IP address of your router) and use your `admin` password 6. Enjoy! (But you should really install a vanilla OpenWRT instead) ## Flash OpenWRT from Compex ROM (MimoAP) *Not written* ## Flash MimoAP/OpenWRT with Compex tools on Uboot *Not written* ## Using ModemManager Wait for modems: ``` mmcli -M ``` Connect/Disconnect: ``` mmcli -m 0 --simple-connect="apn=free" mmcli -m 0 --simple-disconnect ``` Set supported/preferred mode: ``` mmcli -m 0 --set-allowed-modes="3G|4G" --set-preferred-mode=4G mmcli -m 0 --set-allowed-modes="5G" ``` Equivalent with `qmicli`: ``` qmicli --device=/dev/cdc-wdm0 --device-open-proxy --nas-get-system-selection-preference qmicli --device=/dev/cdc-wdm0 --device-open-proxy --nas-set-system-selection-preference='5gnr|lte' ``` ## QMICLI Connect About our provider (Free Mobile), IPv4 is acquired through DHCP but IPv6 is statically provided. ### IPv6 ``` qmicli --device=/dev/cdc-wdm0 --device-open-proxy --wds-start-network="ip-type=6,apn=free" --client-no-release-cid qmicli --device=/dev/cdc-wdm0 --device-open-proxy --wds-get-current-settings ip addr add 2a0d:e487:15f:f7f5:5c58:4e37:90c0:74d8/64 dev wwan0 ip route add default via 2a0d:e487:15f:f7f5:49ec:2e4a:ca1:5b20 echo -e "nameserver 2a0d:e480::1\nnameserver 2a0d:e480::2" > /etc/resolv.conf ``` ### IPv4 ``` qmicli --device=/dev/cdc-wdm0 --device-open-proxy --wds-start-network="ip-type=4,apn=free" --client-no-release-cid udhcpc -q -f -n -i wwan0 ``` ## Unable to directly connect in 5GNR Despite patching ModemManager simtech plugin, we get an error if we force 5GNR. We typed: ``` mmcli -m 0 --set-allowed-modes="5G" mmcli -m 0 --simple-disconnect mmcli -m 0 --simple-connect="apn=free" ``` We got: ``` Fri Mar 19 23:57:22 2021 daemon.warn [2633]: [modem0] couldn't load operator code: Current operator MCC/MNC is still unknown Fri Mar 19 23:57:22 2021 daemon.warn [2633]: [modem0] couldn't load operator name: Current operator description is still unknown Fri Mar 19 23:57:48 2021 daemon.info [2633]: [modem0] state changed (connected -> disconnecting) Fri Mar 19 23:57:48 2021 daemon.info [2633]: [modem0] state changed (disconnecting -> registered) Fri Mar 19 23:57:48 2021 daemon.info [2633]: [modem0/bearer1] connection #1 finished: duration 936s, tx: 79 bytes, rx :566 bytes Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0] simple connect started... Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0] simple connect state (4/8): wait to get fully enabled Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0] simple connect state (5/8): register Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0] simple connect state (6/8): bearer Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0] simple connect state (7/8): connect Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0] state changed (registered -> connecting) Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0/bearer1] couldn't start network: QMI protocol error (14): 'CallFailed' Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0/bearer1] call end reason (3): generic-no-service Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0/bearer1] verbose call end reason (3,2001): [cm] no-service Fri Mar 19 23:57:57 2021 daemon.warn [2633]: [modem0/bearer1] connection attempt #2 failed: QMI protocol error (14): 'CallFailed' Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0] state changed (connecting -> registered) Fri Mar 19 23:57:57 2021 daemon.info [2633]: [modem0/bearer1] connection #2 finished: duration 0s, tx: 0 bytes, rx :0 bytes ``` And the new bearer contains: ``` root@OpenWrt:/# mmcli -b 1 ---------------------------- General | path: /org/freedesktop/ModemManager1/Bearer/1 | type: default ---------------------------- Status | connected: no | suspended: no | ip timeout: 20 ---------------------------- Properties | apn: free | roaming: allowed ---------------------------- Statistics | attempts: 2 | attempts: 1 | total-duration: 936 | total-bytes rx: 566 | total-bytes tx: 79 ``` Errors : ``` QMI protocol error (14): 'CallFailed' ``` ``` call end reason (3): generic-no-service verbose call end reason (3,2001): [cm] no-service ``` ## Final Modem Configuration ### Generic 1. Set a password 2. Set a name: `parangon` 3. Set IP range: `192.168.0.254/24` ### ModemManager We append the following to ModemManager: ``` config interface 'broadband' option device '/sys/devices/platform/soc/60f8800.usb2/6000000.dwc3/xhci-hcd.1.auto/usb3/3-1' option proto 'modemmanager' option apn 'free' option iptype 'ipv4v6' ``` Then we can start the interface with: ``` ifup broadband ``` Add our broadband interface to the WAN zone in the firewall. Both IPv6 and IPv4 should work: ``` ping openwrt.org ping -6 openwrt.org ``` ### Configure Wireguard On the router: ```bash mkdir /tmp/x cd /tmp/x umask go= wg genkey | tee wgclient.key | wg pubkey > wgclient.pub wg genpsk > wgclient.psk ``` Add to `/etc/config/network` ``` config interface 'wg0' option proto 'wireguard' list addresses '192.168.2.3' option private_key '???' config wireguard_wg0 option public_key '???' option description 'rayonx' option persistent_keepalive '25' option endpoint_port '51820' list allowed_ips '192.168.2.0/24' option route_allowed_ips '1' option endpoint_host 'rayonx.machine.dufour.io' ``` Doc: - https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics - https://openwrt.org/docs/guide-user/services/vpn/wireguard/client ### Configure SQM *Not relevant now* ### Configure our DNS recursive resolver We use LuCi to setup our recursive DNS Go to Network -> DHCP and DNS -> Advanced Settings -> Set port 5353 for the DNS server Go to Service -> Recursive DNS -> Unbound -> DHCP -> and select dnsmasq Go to System -> Startup -> Start unbound Check in Service -> Recursive DNS -> Files -> Show: Unbound -> at the end, forward-zone must be declared for you Check with `netstat -tlpn` that unbound listens on port 53 and dnsmasq on port 5353. Finally check with `dig +short @192.168.1.1 sci-hub.se` and `dig +short @192.168.1.1 parangon.lan` (this is the name of our router) We use: - http://kacangbawang.com/say-bye-to-providers-dns-servers-be-your-own-dns-resolver/ Related with OpenWRT: - https://openwrt.org/docs/guide-user/services/dns/unbound - https://openwrt.org/docs/guide-user/services/dns/dot\_unbound - https://forum.openwrt.org/t/using-unbound-alongside-dnsmasq/50537 - https://gist.github.com/kevinoid/00656e6e4815e3ffe25dabe252e0f1e3 - https://kevinlocke.name/bits/2017/03/09/unbound-with-dnsmasq-on-openwrt/ - https://blog.josefsson.org/tag/openwrt/ - https://zhmail.com/2018/04/20/setting-up-a-dns-over-tls-forwarding-cache-on-openwrt-snapshot-r6693-or-later/ - https://www.dnssec-deployment.org/2012/03/a-validating-recursive-resolver-on-a-70-home-router/ - https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/ Not related with OpenWRT: - https://calomel.org/unbound_dns.html - https://feeding.cloud.geek.nz/posts/setting-up-your-own-dnssec-aware/ Sites to test: - sci-hub.se (`ping sci-hub.se` should not return `127.0.0.1`) ### Configure our adblocker *Not yet written* Test with Youtube on Android. ## Known Bugs section\_id is not defined: https://forum.openwrt.org/t/updated-cant-fetch-latest-git-error-when-creating-interface-with-luci-section-id-is-not-defined/91836/3 ## Logs uboot logs: ``` Format: Log Type - Time(microsec) - Message - Optional Info Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.1-00118 S - IMAGE_VARIANT_STRING=DAABANAZA S - OEM_IMAGE_VERSION_STRING=CRM S - Boot Config, 0x00000021 S - Reset status Config, 0x00000000 S - Core 0 Frequency, 0 MHz B - 261 - PBL, Start B - 1339 - bootable_media_detect_entry, Start B - 1679 - bootable_media_detect_success, Start B - 1693 - elf_loader_entry, Start B - 5073 - auth_hash_seg_entry, Start B - 7219 - auth_hash_seg_exit, Start B - 577690 - elf_segs_hash_verify_entry, Start B - 695375 - PBL, End B - 695399 - SBL1, Start B - 786439 - pm_device_init, Start D - 7 - pm_device_init, Delta B - 787885 - boot_flash_init, Start D - 52818 - boot_flash_init, Delta B - 844845 - boot_config_data_table_init, Start D - 3835 - boot_config_data_table_init, Delta - (419 Bytes) B - 852054 - clock_init, Start D - 7575 - clock_init, Delta B - 864102 - CDT version:2,Platform ID:8,Major ID:1,Minor ID:0,Subtype:0 B - 867516 - sbl1_ddr_set_params, Start B - 872614 - cpr_init, Start D - 2 - cpr_init, Delta B - 876996 - Pre_DDR_clock_init, Start D - 4 - Pre_DDR_clock_init, Delta D - 13176 - sbl1_ddr_set_params, Delta B - 890735 - pm_driver_init, Start D - 2 - pm_driver_init, Delta B - 960961 - sbl1_wait_for_ddr_training, Start D - 28 - sbl1_wait_for_ddr_training, Delta B - 976579 - Image Load, Start D - 151978 - QSEE Image Loaded, Delta - (297240 Bytes) B - 1128985 - Image Load, Start D - 1447 - SEC Image Loaded, Delta - (2048 Bytes) B - 1139420 - Image Load, Start D - 211388 - APPSBL Image Loaded, Delta - (432219 Bytes) B - 1351204 - QSEE Execution, Start D - 60 - QSEE Execution, Delta B - 1357421 - SBL1, End D - 664130 - SBL1, Delta S - Flash Throughput, 2007 KB/s (731926 Bytes, 364613 us) S - DDR Frequency, 537 MHz U-Boot 2012.07 [Chaos Calmer 15.05.1,r35193] (Jul 25 2017 - 11:36:26) smem ram ptable found: ver: 1 len: 3 DRAM: 256 MiB machid : 0x8010000 NAND: SF: Detected MX25L25635E with page size 4 KiB, total 32 MiB ipq_spi: page_size: 0x100, sector_size: 0x1000, size: 0x2000000 32 MiB MMC: *** Warning - bad CRC, using default environment In: serial Out: serial Err: serial machid: 8010000 flash_type: 0 Hit any key to stop autoboot: 0 Net: MAC0 addr:4:f0:21:65:18:12 PHY ID1: 0x4d PHY ID2: 0xd0b1 ipq40xx_ess_sw_init done eth0 ``` ## Sources - [All the commits in OpenWRT about the WPJ428](https://git.openwrt.org/?p=openwrt%2Fopenwrt.git&a=search&h=HEAD&st=commit&s=WPJ428) - https://openwrt.org/docs/guide-developer/build-system/use-buildsystem - https://damow.net/5g-home-broadband/ - https://techship.com/faq/how-to-step-by-step-set-up-a-data-connection-over-qmi-interface-using-qmicli-and-in-kernel-driver-qmi-wwan-in-linux/ - [No 5GNR, many qmicli commands to help debug and compare!](https://forums.quectel.com/t/rm500q-gl-not-working/6594) - https://forum.sierrawireless.com/t/mc7354-got-qmi-error-callfailed-when-starting-network/9053 - https://community.autopi.io/t/error-when-starting-qmi-connection/2338 - https://lists.freedesktop.org/archives/libqmi-devel/2018-January/002707.html