13 KiB
WPJ428 + SIMCOM 8202G
We try to build a FOSS 5GNR Router with OpenWRT. Some challenges we have encountered so far:
- OpenWRT stable misses a patch to enable our board ethernet port -> we compile from source
- The Modem Manager simtech plugin does not declare 5GNR
Flash OpenWRT from uboot
(Configure your computer with a static IP address 192.168.1.2/24 and make sure you have a running tftp server containing your image)
First connect your UART cable on the router:
Launch minicom
sudo minicom -D /dev/ttyUSB0
Then boot the router. Press repeatidly [ENTER]
to get the following prompt:
(IPQ40xx) #
Then enter the following commands:
set ipaddr 192.168.1.1
set serverip 192.168.1.2
ping ${serverip}
sf probe
tftpboot 0x84000000 openwrt-ipq40xx-generic-compex_wpj428-squashfs-sysupgrade.bin
sf erase 0x00180000 +$filesize
sf write 0x84000000 0x00180000 $filesize
bootipq
Compile
make menuconfig
scripts/diffconfig.sh > ../wpj428/config
make download
make -j $(nproc)
To inject a config file:
# Append changes to bottom of .config
cat config >> .config
# Apply changes
make defconfig
make download
make -j $(nproc)
Flash OpenWRT from OpenWRT (!)
Copy the firmware in router's /tmp
.
Why /tmp
? Your router has more volatile storage than persistent one, moreover you will overwrite the persistent storage.
So, copy the firmware in /tmp
!
Next, we will use the sysupgrade
command. -v
is verbose, -n
ask openwrt to erase configuration files (ie. ask for a factory reset).
sysupgrade -v -n /tmp/openwrt-ipq40xx-generic-compex_wpj428-squashfs-sysupgrade.bin
Get root on MimoAP
- Download a backup from your router firmware
- Extract it, edit
/etc/shadow
, replace the hash of theroot
user with the one from theadmin
user - Recompress the folder hierarchy
- Import this new archive as backup in MimoAP
- Run
ssh root@192.168.1.1
(replace with the IP address of your router) and use youradmin
password - Enjoy! (But you should really install a vanilla OpenWRT instead)
Flash OpenWRT from Compex ROM (MimoAP)
Not written
Flash MimoAP/OpenWRT with Compex tools on Uboot
Not written
Using ModemManager
Wait for modems:
mmcli -M
Connect/Disconnect:
mmcli -m 0 --simple-connect="apn=free"
mmcli -m 0 --simple-disconnect
Set supported/preferred mode:
mmcli -m 0 --set-allowed-modes="3G|4G" --set-preferred-mode=4G
mmcli -m 0 --set-allowed-modes="5G"
Equivalent with qmicli
:
qmicli --device=/dev/cdc-wdm0 --device-open-proxy --nas-get-system-selection-preference
qmicli --device=/dev/cdc-wdm0 --device-open-proxy --nas-set-system-selection-preference='5gnr|lte'
QMICLI Connect
About our provider (Free Mobile), IPv4 is acquired through DHCP but IPv6 is statically provided.
IPv6
qmicli --device=/dev/cdc-wdm0 --device-open-proxy --wds-start-network="ip-type=6,apn=free" --client-no-release-cid
qmicli --device=/dev/cdc-wdm0 --device-open-proxy --wds-get-current-settings
ip addr add 2a0d:e487:15f:f7f5:5c58:4e37:90c0:74d8/64 dev wwan0
ip route add default via 2a0d:e487:15f:f7f5:49ec:2e4a:ca1:5b20
echo -e "nameserver 2a0d:e480::1\nnameserver 2a0d:e480::2" > /etc/resolv.conf
IPv4
qmicli --device=/dev/cdc-wdm0 --device-open-proxy --wds-start-network="ip-type=4,apn=free" --client-no-release-cid
udhcpc -q -f -n -i wwan0
Unable to directly connect in 5GNR
Despite patching ModemManager simtech plugin, we get an error if we force 5GNR. We typed:
mmcli -m 0 --set-allowed-modes="5G"
mmcli -m 0 --simple-disconnect
mmcli -m 0 --simple-connect="apn=free"
We got:
Fri Mar 19 23:57:22 2021 daemon.warn [2633]: <warn> [modem0] couldn't load operator code: Current operator MCC/MNC is still unknown
Fri Mar 19 23:57:22 2021 daemon.warn [2633]: <warn> [modem0] couldn't load operator name: Current operator description is still unknown
Fri Mar 19 23:57:48 2021 daemon.info [2633]: <info> [modem0] state changed (connected -> disconnecting)
Fri Mar 19 23:57:48 2021 daemon.info [2633]: <info> [modem0] state changed (disconnecting -> registered)
Fri Mar 19 23:57:48 2021 daemon.info [2633]: <info> [modem0/bearer1] connection #1 finished: duration 936s, tx: 79 bytes, rx :566 bytes
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0] simple connect started...
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0] simple connect state (4/8): wait to get fully enabled
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0] simple connect state (5/8): register
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0] simple connect state (6/8): bearer
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0] simple connect state (7/8): connect
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0] state changed (registered -> connecting)
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0/bearer1] couldn't start network: QMI protocol error (14): 'CallFailed'
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0/bearer1] call end reason (3): generic-no-service
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0/bearer1] verbose call end reason (3,2001): [cm] no-service
Fri Mar 19 23:57:57 2021 daemon.warn [2633]: <warn> [modem0/bearer1] connection attempt #2 failed: QMI protocol error (14): 'CallFailed'
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0] state changed (connecting -> registered)
Fri Mar 19 23:57:57 2021 daemon.info [2633]: <info> [modem0/bearer1] connection #2 finished: duration 0s, tx: 0 bytes, rx :0 bytes
And the new bearer contains:
root@OpenWrt:/# mmcli -b 1
----------------------------
General | path: /org/freedesktop/ModemManager1/Bearer/1
| type: default
----------------------------
Status | connected: no
| suspended: no
| ip timeout: 20
----------------------------
Properties | apn: free
| roaming: allowed
----------------------------
Statistics | attempts: 2
| attempts: 1
| total-duration: 936
| total-bytes rx: 566
| total-bytes tx: 79
Errors :
QMI protocol error (14): 'CallFailed'
call end reason (3): generic-no-service
verbose call end reason (3,2001): [cm] no-service
Final Modem Configuration
Generic
- Set a password
- Set a name:
parangon
- Set IP range:
192.168.0.254/24
ModemManager
We append the following to ModemManager:
config interface 'broadband'
option device '/sys/devices/platform/soc/60f8800.usb2/6000000.dwc3/xhci-hcd.1.auto/usb3/3-1'
option proto 'modemmanager'
option apn 'free'
option iptype 'ipv4v6'
Then we can start the interface with:
ifup broadband
Add our broadband interface to the WAN zone in the firewall.
Both IPv6 and IPv4 should work:
ping openwrt.org
ping -6 openwrt.org
Configure Wireguard
On the router:
mkdir /tmp/x
cd /tmp/x
umask go=
wg genkey | tee wgclient.key | wg pubkey > wgclient.pub
wg genpsk > wgclient.psk
Add to /etc/config/network
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.2.3'
option private_key '???'
config wireguard_wg0
option public_key '???'
option description 'rayonx'
option persistent_keepalive '25'
option endpoint_port '51820'
list allowed_ips '192.168.2.0/24'
option route_allowed_ips '1'
option endpoint_host 'rayonx.machine.dufour.io'
Doc:
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/basics
- https://openwrt.org/docs/guide-user/services/vpn/wireguard/client
Configure SQM
Not relevant now
Configure our DNS recursive resolver
We use LuCi to setup our recursive DNS
Go to Network -> DHCP and DNS -> Advanced Settings -> Set port 5353 for the DNS server
Go to Service -> Recursive DNS -> Unbound -> DHCP -> and select dnsmasq
Go to System -> Startup -> Start unbound
Check in Service -> Recursive DNS -> Files -> Show: Unbound -> at the end, forward-zone must be declared for you
Check with netstat -tlpn
that unbound listens on port 53 and dnsmasq on port 5353.
Finally check with dig +short @192.168.1.1 sci-hub.se
and dig +short @192.168.1.1 parangon.lan
(this is the name of our router)
We use:
Related with OpenWRT:
- https://openwrt.org/docs/guide-user/services/dns/unbound
- https://openwrt.org/docs/guide-user/services/dns/dot_unbound
- https://forum.openwrt.org/t/using-unbound-alongside-dnsmasq/50537
- https://gist.github.com/kevinoid/00656e6e4815e3ffe25dabe252e0f1e3
- https://kevinlocke.name/bits/2017/03/09/unbound-with-dnsmasq-on-openwrt/
- https://blog.josefsson.org/tag/openwrt/
- https://zhmail.com/2018/04/20/setting-up-a-dns-over-tls-forwarding-cache-on-openwrt-snapshot-r6693-or-later/
- https://www.dnssec-deployment.org/2012/03/a-validating-recursive-resolver-on-a-70-home-router/
- https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/
Not related with OpenWRT:
- https://calomel.org/unbound_dns.html
- https://feeding.cloud.geek.nz/posts/setting-up-your-own-dnssec-aware/
Sites to test:
- sci-hub.se (
ping sci-hub.se
should not return127.0.0.1
)
Configure our adblocker
Not yet written
Test with Youtube on Android.
Known Bugs
section_id is not defined: https://forum.openwrt.org/t/updated-cant-fetch-latest-git-error-when-creating-interface-with-luci-section-id-is-not-defined/91836/3
Logs
uboot logs:
Format: Log Type - Time(microsec) - Message - Optional Info
Log Type: B - Since Boot(Power On Reset), D - Delta, S - Statistic
S - QC_IMAGE_VERSION_STRING=BOOT.BF.3.1.1-00118
S - IMAGE_VARIANT_STRING=DAABANAZA
S - OEM_IMAGE_VERSION_STRING=CRM
S - Boot Config, 0x00000021
S - Reset status Config, 0x00000000
S - Core 0 Frequency, 0 MHz
B - 261 - PBL, Start
B - 1339 - bootable_media_detect_entry, Start
B - 1679 - bootable_media_detect_success, Start
B - 1693 - elf_loader_entry, Start
B - 5073 - auth_hash_seg_entry, Start
B - 7219 - auth_hash_seg_exit, Start
B - 577690 - elf_segs_hash_verify_entry, Start
B - 695375 - PBL, End
B - 695399 - SBL1, Start
B - 786439 - pm_device_init, Start
D - 7 - pm_device_init, Delta
B - 787885 - boot_flash_init, Start
D - 52818 - boot_flash_init, Delta
B - 844845 - boot_config_data_table_init, Start
D - 3835 - boot_config_data_table_init, Delta - (419 Bytes)
B - 852054 - clock_init, Start
D - 7575 - clock_init, Delta
B - 864102 - CDT version:2,Platform ID:8,Major ID:1,Minor ID:0,Subtype:0
B - 867516 - sbl1_ddr_set_params, Start
B - 872614 - cpr_init, Start
D - 2 - cpr_init, Delta
B - 876996 - Pre_DDR_clock_init, Start
D - 4 - Pre_DDR_clock_init, Delta
D - 13176 - sbl1_ddr_set_params, Delta
B - 890735 - pm_driver_init, Start
D - 2 - pm_driver_init, Delta
B - 960961 - sbl1_wait_for_ddr_training, Start
D - 28 - sbl1_wait_for_ddr_training, Delta
B - 976579 - Image Load, Start
D - 151978 - QSEE Image Loaded, Delta - (297240 Bytes)
B - 1128985 - Image Load, Start
D - 1447 - SEC Image Loaded, Delta - (2048 Bytes)
B - 1139420 - Image Load, Start
D - 211388 - APPSBL Image Loaded, Delta - (432219 Bytes)
B - 1351204 - QSEE Execution, Start
D - 60 - QSEE Execution, Delta
B - 1357421 - SBL1, End
D - 664130 - SBL1, Delta
S - Flash Throughput, 2007 KB/s (731926 Bytes, 364613 us)
S - DDR Frequency, 537 MHz
U-Boot 2012.07 [Chaos Calmer 15.05.1,r35193] (Jul 25 2017 - 11:36:26)
smem ram ptable found: ver: 1 len: 3
DRAM: 256 MiB
machid : 0x8010000
NAND: SF: Detected MX25L25635E with page size 4 KiB, total 32 MiB
ipq_spi: page_size: 0x100, sector_size: 0x1000, size: 0x2000000
32 MiB
MMC:
*** Warning - bad CRC, using default environment
In: serial
Out: serial
Err: serial
machid: 8010000
flash_type: 0
Hit any key to stop autoboot: 0
Net: MAC0 addr:4:f0:21:65:18:12
PHY ID1: 0x4d
PHY ID2: 0xd0b1
ipq40xx_ess_sw_init done
eth0
Sources
- All the commits in OpenWRT about the WPJ428
- https://openwrt.org/docs/guide-developer/build-system/use-buildsystem
- https://damow.net/5g-home-broadband/
- https://techship.com/faq/how-to-step-by-step-set-up-a-data-connection-over-qmi-interface-using-qmicli-and-in-kernel-driver-qmi-wwan-in-linux/
- No 5GNR, many qmicli commands to help debug and compare!
- https://forum.sierrawireless.com/t/mc7354-got-qmi-error-callfailed-when-starting-network/9053
- https://community.autopi.io/t/error-when-starting-qmi-connection/2338
- https://lists.freedesktop.org/archives/libqmi-devel/2018-January/002707.html