We bought a Compex WPJ 428 board + a SIMCom 8202G LTE/5GNR modem and we try to make it work on OpenWRT
Find a file
2021-03-22 18:43:26 +01:00
img Add a README 2021-03-22 09:25:31 +01:00
config Add Unbound 2021-03-22 14:25:06 +00:00
README.md Simplify VPN config 2021-03-22 18:43:26 +01:00

WPJ428 + SIMCOM 8202G

We try to build a FOSS 5GNR Router with OpenWRT. Some challenges we have encountered so far:

  • OpenWRT stable misses a patch to enable our board ethernet port -> we compile from source
  • The Modem Manager simtech plugin does not declare 5GNR

Flash OpenWRT from uboot

(Configure your computer with a static IP address 192.168.1.2/24 and make sure you have a running tftp server containing your image)

First connect your UART cable on the router:

UART

Launch minicom

sudo minicom -D /dev/ttyUSB0

Then boot the router. Press repeatidly [ENTER] to get the following prompt:

(IPQ40xx) #

Then enter the following commands:

set ipaddr 192.168.1.1
set serverip 192.168.1.2
ping ${serverip}
sf probe
tftpboot 0x84000000 openwrt-ipq40xx-generic-compex_wpj428-squashfs-sysupgrade.bin
sf erase 0x00180000 +$filesize
sf write 0x84000000 0x00180000 $filesize
bootipq

Compile

make menuconfig
scripts/diffconfig.sh > ../wpj428/config
make download
make -j $(nproc)

To inject a config file:

# Append changes to bottom of .config
cat config >> .config
# Apply changes
make defconfig
make download
make -j $(nproc)

Flash OpenWRT from OpenWRT (!)

Copy the firmware in router's /tmp. Why /tmp? Your router has more volatile storage than persistent one, moreover you will overwrite the persistent storage. So, copy the firmware in /tmp! Next, we will use the sysupgrade command. -v is verbose, -n ask openwrt to erase configuration files (ie. ask for a factory reset).

sysupgrade -v -n /tmp/openwrt-ipq40xx-generic-compex_wpj428-squashfs-sysupgrade.bin

Get root on MimoAP

  1. Download a backup from your router firmware
  2. Extract it, edit /etc/shadow, replace the hash of the root user with the one from the admin user
  3. Recompress the folder hierarchy
  4. Import this new archive as backup in MimoAP
  5. Run ssh root@192.168.1.1 (replace with the IP address of your router) and use your admin password
  6. Enjoy! (But you should really install a vanilla OpenWRT instead)

Flash OpenWRT from Compex ROM (MimoAP)

Not written

Flash MimoAP/OpenWRT with Compex tools on Uboot

Not written

Using ModemManager

Wait for modems:

mmcli -M

Connect/Disconnect:

mmcli -m 0 --simple-connect="apn=free"
mmcli -m 0 --simple-disconnect

Set supported/preferred mode:

mmcli -m 0 --set-allowed-modes="3G|4G" --set-preferred-mode=4G
mmcli -m 0 --set-allowed-modes="5G"

Equivalent with qmicli:

qmicli --device=/dev/cdc-wdm0 --device-open-proxy --nas-get-system-selection-preference
qmicli --device=/dev/cdc-wdm0 --device-open-proxy --nas-set-system-selection-preference='5gnr|lte'

QMICLI Connect

About our provider (Free Mobile), IPv4 is acquired through DHCP but IPv6 is statically provided.

IPv6

qmicli --device=/dev/cdc-wdm0 --device-open-proxy --wds-start-network="ip-type=6,apn=free" --client-no-release-cid
qmicli --device=/dev/cdc-wdm0 --device-open-proxy   --wds-get-current-settings
ip addr add 2a0d:e487:15f:f7f5:5c58:4e37:90c0:74d8/64 dev wwan0
ip route add default via 2a0d:e487:15f:f7f5:49ec:2e4a:ca1:5b20
echo -e "nameserver 2a0d:e480::1\nnameserver 2a0d:e480::2" > /etc/resolv.conf

IPv4

qmicli --device=/dev/cdc-wdm0 --device-open-proxy --wds-start-network="ip-type=4,apn=free" --client-no-release-cid
udhcpc -q -f -n -i wwan0

Unable to directly connect in 5GNR

Despite patching ModemManager simtech plugin, we get an error if we force 5GNR. We typed:

mmcli -m 0 --set-allowed-modes="5G"
mmcli -m 0 --simple-disconnect
mmcli -m 0 --simple-connect="apn=free"

We got:

Fri Mar 19 23:57:22 2021 daemon.warn [2633]: <warn>  [modem0] couldn't load operator code: Current operator MCC/MNC is still unknown
Fri Mar 19 23:57:22 2021 daemon.warn [2633]: <warn>  [modem0] couldn't load operator name: Current operator description is still unknown
Fri Mar 19 23:57:48 2021 daemon.info [2633]: <info>  [modem0] state changed (connected -> disconnecting)
Fri Mar 19 23:57:48 2021 daemon.info [2633]: <info>  [modem0] state changed (disconnecting -> registered)
Fri Mar 19 23:57:48 2021 daemon.info [2633]: <info>  [modem0/bearer1] connection #1 finished: duration 936s, tx: 79 bytes, rx :566 bytes
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0] simple connect started...
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0] simple connect state (4/8): wait to get fully enabled
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0] simple connect state (5/8): register
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0] simple connect state (6/8): bearer
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0] simple connect state (7/8): connect
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0] state changed (registered -> connecting)
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0/bearer1] couldn't start network: QMI protocol error (14): 'CallFailed'
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0/bearer1] call end reason (3): generic-no-service
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0/bearer1] verbose call end reason (3,2001): [cm] no-service
Fri Mar 19 23:57:57 2021 daemon.warn [2633]: <warn>  [modem0/bearer1] connection attempt #2 failed: QMI protocol error (14): 'CallFailed'
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0] state changed (connecting -> registered)
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info>  [modem0/bearer1] connection #2 finished: duration 0s, tx: 0 bytes, rx :0 bytes

And the new bearer contains:

root@OpenWrt:/# mmcli -b 1
  ----------------------------
  General    |           path: /org/freedesktop/ModemManager1/Bearer/1
             |           type: default
  ----------------------------
  Status     |      connected: no
             |      suspended: no
             |     ip timeout: 20
  ----------------------------
  Properties |            apn: free
             |        roaming: allowed
  ----------------------------
  Statistics |       attempts: 2
             |       attempts: 1
             | total-duration: 936
             | total-bytes rx: 566
             | total-bytes tx: 79

Errors :

QMI protocol error (14): 'CallFailed'
call end reason (3): generic-no-service
verbose call end reason (3,2001): [cm] no-service

Final Modem Configuration

Generic

  1. Set a password
  2. Set a name: parangon
  3. Set IP range: 192.168.0.254/24

ModemManager

We append the following to ModemManager:

config interface 'broadband'
        option device '/sys/devices/platform/soc/60f8800.usb2/6000000.dwc3/xhci-hcd.1.auto/usb3/3-1'
        option proto 'modemmanager'
        option apn 'free'
        option iptype 'ipv4v6'

Then we can start the interface with:

ifup broadband

Add our broadband interface to the WAN zone in the firewall.

Both IPv6 and IPv4 should work:

ping openwrt.org
ping -6 openwrt.org

Configure Wireguard

On the router:

mkdir /tmp/x
cd /tmp/x
umask go=
wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
wg genpsk > wgclient.psk

Add to /etc/config/network

config interface 'wg0'
	option proto 'wireguard'
	list addresses '192.168.2.3'
	option private_key '???'

config wireguard_wg0
	option public_key '???'
	option description 'rayonx'
	option persistent_keepalive '25'
	option endpoint_port '51820'
	list allowed_ips '192.168.2.0/24'
	option route_allowed_ips '1'
	option endpoint_host 'rayonx.machine.dufour.io'

Doc:

Configure SQM

Not relevant now

Configure our DNS recursive resolver

We use LuCi to setup our recursive DNS

Go to Network -> DHCP and DNS -> Advanced Settings -> Set port 5353 for the DNS server
Go to Service -> Recursive DNS -> Unbound -> DHCP -> and select dnsmasq
Go to System -> Startup -> Start unbound
Check in Service -> Recursive DNS -> Files -> Show: Unbound -> at the end, forward-zone must be declared for you Check with netstat -tlpn that unbound listens on port 53 and dnsmasq on port 5353. Finally check with dig +short @192.168.1.1 sci-hub.se and dig +short @192.168.1.1 parangon.lan (this is the name of our router)

We use:

Related with OpenWRT:

Not related with OpenWRT:

Sites to test:

  • sci-hub.se (ping sci-hub.se should not return 127.0.0.1)

Configure our adblocker

Not yet written

Test with Youtube on Android.

Known Bugs

section_id is not defined: https://forum.openwrt.org/t/updated-cant-fetch-latest-git-error-when-creating-interface-with-luci-section-id-is-not-defined/91836/3

Logs

uboot logs:

Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset),  D - Delta,  S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.1-00118
S - IMAGE_VARIANT_STRING=DAABANAZA
S - OEM_IMAGE_VERSION_STRING=CRM
S - Boot Config, 0x00000021
S - Reset status Config, 0x00000000
S - Core 0 Frequency, 0 MHz
B -       261 - PBL, Start
B -      1339 - bootable_media_detect_entry, Start
B -      1679 - bootable_media_detect_success, Start
B -      1693 - elf_loader_entry, Start
B -      5073 - auth_hash_seg_entry, Start
B -      7219 - auth_hash_seg_exit, Start
B -    577690 - elf_segs_hash_verify_entry, Start
B -    695375 - PBL, End
B -    695399 - SBL1, Start
B -    786439 - pm_device_init, Start
D -         7 - pm_device_init, Delta
B -    787885 - boot_flash_init, Start
D -     52818 - boot_flash_init, Delta
B -    844845 - boot_config_data_table_init, Start
D -      3835 - boot_config_data_table_init, Delta - (419 Bytes)
B -    852054 - clock_init, Start
D -      7575 - clock_init, Delta
B -    864102 - CDT version:2,Platform ID:8,Major ID:1,Minor ID:0,Subtype:0
B -    867516 - sbl1_ddr_set_params, Start
B -    872614 - cpr_init, Start
D -         2 - cpr_init, Delta
B -    876996 - Pre_DDR_clock_init, Start
D -         4 - Pre_DDR_clock_init, Delta
D -     13176 - sbl1_ddr_set_params, Delta
B -    890735 - pm_driver_init, Start
D -         2 - pm_driver_init, Delta
B -    960961 - sbl1_wait_for_ddr_training, Start
D -        28 - sbl1_wait_for_ddr_training, Delta
B -    976579 - Image Load, Start
D -    151978 - QSEE Image Loaded, Delta - (297240 Bytes)
B -   1128985 - Image Load, Start
D -      1447 - SEC Image Loaded, Delta - (2048 Bytes)
B -   1139420 - Image Load, Start
D -    211388 - APPSBL Image Loaded, Delta - (432219 Bytes)
B -   1351204 - QSEE Execution, Start
D -        60 - QSEE Execution, Delta
B -   1357421 - SBL1, End
D -    664130 - SBL1, Delta
S - Flash Throughput, 2007 KB/s  (731926 Bytes,  364613 us)
S - DDR Frequency, 537 MHz


U-Boot 2012.07 [Chaos Calmer 15.05.1,r35193] (Jul 25 2017 - 11:36:26)

smem ram ptable found: ver: 1 len: 3
DRAM:  256 MiB
machid : 0x8010000
NAND:  SF: Detected MX25L25635E with page size 4 KiB, total 32 MiB
ipq_spi: page_size: 0x100, sector_size: 0x1000, size: 0x2000000
32 MiB
MMC:   
*** Warning - bad CRC, using default environment

In:    serial
Out:   serial
Err:   serial
machid: 8010000
flash_type: 0
Hit any key to stop autoboot:  0 
Net:   MAC0 addr:4:f0:21:65:18:12
PHY ID1: 0x4d
PHY ID2: 0xd0b1
ipq40xx_ess_sw_init done
eth0

Sources