| View previous topic :: View next topic |
| Author |
Message |
AustinTX
FON-FRIENDS
Joined: 24 Feb 2006
Posts: 2760
Location: Austin, Texass
|
 Posted: Sat Sep 02, 2006 03:00 Post subject: |
 |
|
| chenu wrote: | | Now, I've been trying to follow this thread and from skimming it, my understanding is that you have found a way for us to not have to authenticate local wlan connections. |
Sorry, no. What we have done in this thread is made our routers appear to be authentic fonware to fon when we are using DD-WRT instead. This *ensures* that wlan connections must authenticate with fon. 
_________________
Well, as Revolutions go, this one has certainly been revolting! 
Linus || WRT54GL @ 228Mhz || DD-WRT v24 Beta (05/16/07) vpn
My background: ISP NOC Tech, DSL - ISDN - Dialup - Web Hosting
[ El Fon Blog ][ RSS Feed ][ skype:elfonblog ][ gizmo:therealelfonblog ] |
|
| Back to top |
|
 |
chenu
Fonero
Joined: 02 Sep 2006
Posts: 5
|
| Posted: Sat Sep 02, 2006 05:01 Post subject: |
|
|
| I didn't add this script to my router, so why is my router working fine with fon? If I understand you, this script is required for normal operation with DD-WRT. |
|
| Back to top |
|
|
AustinTX
FON-FRIENDS
Joined: 24 Feb 2006
Posts: 2760
Location: Austin, Texass
|
| Posted: Sat Sep 02, 2006 05:07 Post subject: |
|
|
| chenu wrote: | | I didn't add this script to my router, so why is my router working fine with fon? If I understand you, this script is required for normal operation with DD-WRT. |
Probably because when you registered your fon router, it had the latest firmware on it. We had the previous firmware and needed to begin performing the heartbeat to convince fon that we had the latest version now, and to watch what commands they are sending us. 
_________________
Well, as Revolutions go, this one has certainly been revolting!
Linus || WRT54GL @ 228Mhz || DD-WRT v24 Beta (05/16/07) vpn
My background: ISP NOC Tech, DSL - ISDN - Dialup - Web Hosting
[ El Fon Blog ][ RSS Feed ][ skype:elfonblog ][ gizmo:therealelfonblog ] |
|
| Back to top |
|
|
banzaifred
Fonero
Joined: 09 Aug 2006
Posts: 4
Location: rookie USA
|
| Posted: Sat Sep 02, 2006 07:16 Post subject: Almost there....always redirected to Fon Login Page? |
|
|
Austin, Freddy & Co.....
I've been reading all the threads and finally got Freddy's DD-WRT version loaded and setup via a direct flash using the Fon Interface.
Ran http://192.168.1.1/fon.cgi and tweaked the settings per this thread:
http://boards.fon.com/viewtopic.php?t=520&postdays=0&postorder=asc&highlight=fon+cgi&start=75
(I'm a total newb to routers but learning fast!)
I finally have a connection with my Fon/DD-wrt tweaked router and can get to the Fon Login web page. (previously could not get an IP via wireless until I changed the Fon routers IP to 192.168.2.1 - does this make sense? conflict with new router downstairs?
I can log in to Fon's page and check out my stats etc - but it never lets me surf any other web pages and am always directed back to the Fon Login page?? (damn!!)
I went to the local users section of their website and reset that.
Fon lets me log in with a local user and says "connected as GUEST" (or similar) but then again any page I go to after that-- it redirects me to the Fon Login page.
My system:
Cable Modem==>>wrtsl54gs (brand new w/thibor15c-downstairs) 192.168.1.1=====>wrt54gs Fon/DD-WRT-freddy upstairs 192.168.2.1====>Sunrocket VOIP ATA
Appreciate any help to fix this.... I know I'm close!!!
ps...I don't know how to or what SSH is..(sorry)
I just throw commands at the command window in DD-wrt and see what sticks!!
After this fix:
1)Tweak setup for VoIP QoS
2) XBOX setup
thanks,
Banz..and I'm a Fred too |
|
| Back to top |
|
|
aakira
Fonero
Joined: 06 Sep 2006
Posts: 3
|
| Posted: Wed Sep 06, 2006 13:11 Post subject: Heartbeart-Script on normal Linux-PC ? |
|
|
Hi,
I'm wondering if it is possible to run the heartbeat script on a normal linux (suse) machine?
I've tried:
ssh -T -p 1937 -i fonkey openwrt@download.fon.com
But always got a prompt asking for the passphrase and a password!
So what to do? |
|
| Back to top |
|
|
Freddy
Fonero Pub A
Joined: 26 Jul 2006
Posts: 230
Location: Germany
|
| Posted: Wed Sep 06, 2006 15:17 Post subject: Re: Heartbeart-Script on normal Linux-PC ? |
|
|
| aakira wrote: | | I'm wondering if it is possible to run the heartbeat script on a normal linux (suse) machine? |
It's possible... but not intended!
I won't tell you how it could be done...
_________________
status: Linus
setup: Debian Router » Linksys WRT54G + La Fonera
firmware: custom (based on dd-wrt) overclocked to 216 mhz and a modified Fonera firmware
link: 3Mbit down 512 kbit/s up
My Fonera Stuff
How to add a third signal to your Fonera |
|
| Back to top |
|
|
AustinTX
FON-FRIENDS
Joined: 24 Feb 2006
Posts: 2760
Location: Austin, Texass
|
| Posted: Wed Sep 06, 2006 15:47 Post subject: Re: Heartbeart-Script on normal Linux-PC ? |
|
|
| aakira wrote: | Hi, I'm wondering if it is possible to run the heartbeat script on a normal linux (suse) machine? I've tried:
ssh -T -p 1937 -i fonkey openwrt@download.fon.com
But always got a prompt asking for the passphrase and a password! So what to do? |
In fact, you could run Chillispot on a Linux PC and configure it to control an ethernet interface that was connected to a standard WAP of virtually any make or model and provide a complete, seamless fon hotspot with otherwise fon-incompatible hardware. It would be a great idea for providing a hotspot using future networking technology that can't be reflashed with linux/dd-wrt/openwrt/fonware firmware.
The problem you are having at this moment is that you don't have the SSL key required by this connection. You may either download the fonware source code and extract this file yourself:
http://download.fon.com/firmware/0.6.6/FONbasic-0.6.6.tar.bz2
http://en.fon.com/info/software_license.pdf
Or you can wget the current key file directly (for now) from:
http://kurobox.ods.org/key
Check out this thread which contains a side discussion on running the heartbeat script on a Linux PC:
http://boards.fon.com/viewtopic.php?t=1219
_________________
Well, as Revolutions go, this one has certainly been revolting!
Linus || WRT54GL @ 228Mhz || DD-WRT v24 Beta (05/16/07) vpn
My background: ISP NOC Tech, DSL - ISDN - Dialup - Web Hosting
[ El Fon Blog ][ RSS Feed ][ skype:elfonblog ][ gizmo:therealelfonblog ] |
|
| Back to top |
|
|
aakira
Fonero
Joined: 06 Sep 2006
Posts: 3
|
| Posted: Wed Sep 06, 2006 16:04 Post subject: already d/l key |
|
|
Hi,
I already d/l the key aka I got it also from the source, but I think the problem is my SSH Versin which is OpenSSH_3.8p1 with OPenSSL 0.9.7d.
When I try it on the wrt54gl with dropbear everything is working fine...!
Somewhere I read something about converting the dropbear-key to openssh (dropbearkonvert). But how?
best regards... |
|
| Back to top |
|
|
AustinTX
FON-FRIENDS
Joined: 24 Feb 2006
Posts: 2760
Location: Austin, Texass
|
| Posted: Wed Sep 06, 2006 16:41 Post subject: Re: already d/l key |
|
|
| aakira wrote: | | Somewhere I read something about converting the dropbear-key to openssh (dropbearkonvert). But how? |
Yep. Read that thread.
_________________
Well, as Revolutions go, this one has certainly been revolting!
Linus || WRT54GL @ 228Mhz || DD-WRT v24 Beta (05/16/07) vpn
My background: ISP NOC Tech, DSL - ISDN - Dialup - Web Hosting
[ El Fon Blog ][ RSS Feed ][ skype:elfonblog ][ gizmo:therealelfonblog ] |
|
| Back to top |
|
|
dema
Fonero Pub A
Joined: 09 Jun 2006
Posts: 188
Location: Lamporecchio (pt) - ITALY
|
| Posted: Wed Sep 06, 2006 16:51 Post subject: Re: already d/l key |
|
|
| AustinTX wrote: | | aakira wrote: | | Somewhere I read something about converting the dropbear-key to openssh (dropbearkonvert). But how? |
Yep. Read that thread. |
C'mon austin link this guy up
the link is here
_________________
status: Linus
setup: ADSL2MUE linksys » Linksys WRT54GL
firmware: dd-wrt v23 sp2 09/15/06 std nokaid FON compliant
link: 1024><256 kbit/s
ISP: NGI Milano - Italy
wlan devices: apple mac book
callme on skype
Proud member of the "Borat" english speakers |
|
| Back to top |
|
|
AustinTX
FON-FRIENDS
Joined: 24 Feb 2006
Posts: 2760
Location: Austin, Texass
|
| Posted: Wed Sep 06, 2006 16:59 Post subject: Re: already d/l key |
|
|
| dema wrote: | | C'mon austin link this guy up |
Haha, well I *did* give him the URL to the thread! I am not a SQL server, so why should I do all the work and deliver each little relevant nugget he wants? It's generous enough that I volunteered to be his search engine! 
_________________
Well, as Revolutions go, this one has certainly been revolting!
Linus || WRT54GL @ 228Mhz || DD-WRT v24 Beta (05/16/07) vpn
My background: ISP NOC Tech, DSL - ISDN - Dialup - Web Hosting
[ El Fon Blog ][ RSS Feed ][ skype:elfonblog ][ gizmo:therealelfonblog ] |
|
| Back to top |
|
|
aakira
Fonero
Joined: 06 Sep 2006
Posts: 3
|
| Posted: Thu Sep 07, 2006 06:19 Post subject: Hearbeat on PC |
|
|
Yup,
you have to convert the dropbear fonkey into an openssh key:
dropbearkonvert dropbear openssh key ssh_host_rsa_key
Now it working - very good work guys...!
Thank you for your fast help,
AAkira |
|
| Back to top |
|
|
AustinTX
FON-FRIENDS
Joined: 24 Feb 2006
Posts: 2760
Location: Austin, Texass
|
| Posted: Fri Sep 08, 2006 17:52 Post subject: re: How does fon 'monitor' it's foneros? |
|
|
| dJOEk wrote: | | AustinTX, How does fon 'monitor' it's foneros? I'm reading snippets here and there about the fon heartbeat... If the router does phone home, I sure hope it's fair in what info it sends back. I'd sure hate to see the email that goes "Fon noticed you violated the router we sent you, but no worries, since we have your bank account data we gave ourselves something for our trouble" |
The program running on the routers that does the magic of redirecting us to fon's login page until sucessful authentication is called Chillispot. This is an open-source Linux program which fon did not write. What fon provides is a RADIUS (username and password checker) server, and a web server. That's essentially it, though in combination, other services are also created. In return, they demand a *lot* of control, comparatively, over your router and your profits.
Chillispot used to have it's configuration stored on the router, where we could observe and change them, but now fon has it download them from their servers when the router boots up. This basically keeps us from manually setting up things on the router, like we used to, which fon has moved to their "lUser Zone" now. Remote administration is a good thing for, well, when you're not near the router, or have a lot of them to manage. But fon took these controls OUT of the local interface in the routers. So if fon is unreachable, so are our routers, which may be sitting in front of us.
This config download is also where fon sets up *their* DNS server instead of the one your ISP provides. This means they may log every web page, email server or chat/IM server that a wireless client visits. This would be valuable marketing data. Their business partners, in real time, can match the IP address of a visitor to their websites, with a database of online fon Aliens, and know exactly where you are, even if they may not know *who* you are. Yet. You'll start getting popup ads for the store you can see across the street from the cafe you are sitting in. You'll start chatting in AIM and get an ad for Googletalk. You'll make a Vonage call and soon get an ad for Skype. Kind of cool, kind of alarming.
They could, selectively, set up a particular hotspot with a special config file that specifies a very special DNS server which directs all or some of your traffic through proxy servers so that authorities can examine the contents for subversive information. Terruhists, you know. Fon is unlikely to ever be able to proxy everyone's traffic, but governments might. Logging DNS requests remains low-bandwidth enough that fon can still log all of it, and tell authorities which hotspots are used to read Arabic news or join environmentalist discussion boards, for later targeting.
Then, there is the heartbeat. The router opens an encrypted connection to fon upon booting up, and also revisits it about once an hour. It announces what firmware and other software versions it uses, then downloads a file. This file is a script of commands, which are run as root. It's not a realtime SSH session, but it gives them the ability to do anything the Linux root account could do at that prompt. Some of the commands I have observed my router reciving are: | Code: | # set ssid
# set root password
# set /etc/chilli.conf
# set /etc/hosts
|
Other activity has included rewriting the firewall rules, and may include transmitting any log file to fon, modifying any other config files, and even replacing software (which they're supposed to notify us of in advance).
Finally, there is the login page and the login confirmation pages. Here is where your browser can be fed cookies belonging to it's corporate partners which nail down exactly who you are as well as exactly where you are, as above. No suprises here. Many people block cookies, so this isn't a foolproof way to track people, but we all know companies like DoubleClick know it's still a profitable way.
So this has been a short list of things they are doing now, may easily do tomorrow, and what kinds of more alarming intrusions are possible with a little preparation. The message is clear. Fon does not trust us, and are quiet about their maneuvers because they don't wish to scare their prey away.
_________________
Well, as Revolutions go, this one has certainly been revolting!
Linus || WRT54GL @ 228Mhz || DD-WRT v24 Beta (05/16/07) vpn
My background: ISP NOC Tech, DSL - ISDN - Dialup - Web Hosting
[ El Fon Blog ][ RSS Feed ][ skype:elfonblog ][ gizmo:therealelfonblog ]
Last edited by AustinTX on Sun Sep 10, 2006 15:31; edited 1 time in total |
|
| Back to top |
|
|
Martien
Fonero
Joined: 29 Aug 2006
Posts: 6
Location: Wouw (Roosendaal, The Netherlands)
|
| Posted: Fri Sep 08, 2006 22:32 Post subject: |
|
|
First of all, nice explaination AustinXT
Second I just flashed the modded firmware from freddy's webpage, and i've run the fon.cgi script... but then, the userinterface of my router... does it supose to look like crap? has it been done to create more free space on the router? or did I do something wrong??  |
|
| Back to top |
|
|
tribut
Fonero
Joined: 08 Sep 2006
Posts: 3
Location: Freiberg / Germany
|
| Posted: Fri Sep 08, 2006 23:05 Post subject: |
|
|
| Martien wrote: | | i've run the fon.cgi script... but then, the userinterface of my router... |
Go to Administration -> Management -> Router GUI Style.
"elegant" looks kinda nice.
felix |
|
| Back to top |
|
|
Martien
Fonero
Joined: 29 Aug 2006
Posts: 6
Location: Wouw (Roosendaal, The Netherlands)
|
| Posted: Sun Sep 10, 2006 10:31 Post subject: |
|
|
| tribut wrote: | | Martien wrote: | | i've run the fon.cgi script... but then, the userinterface of my router... |
Go to Administration -> Management -> Router GUI Style.
"elegant" looks kinda nice.
felix |
OK thanks! it looks way better now,
but I have a lot of problems with this firmware, It stops handing out IP adresses once in a while and when it stops doing that, I can't open the configurationpages any more. Only a hard-reset (losing al my settings) makes it accessible again. |
|
| Back to top |
|
|
Satras
Fonero B
Joined: 29 Jun 2006
Posts: 54
Location: Germany
|
| Posted: Tue Sep 19, 2006 20:10 Post subject: |
|
|
sorry that i do not have the time to go trough 15 pages  but where are we with the heartbeat script ? Can someone update the first page and post there how to integrate/use it ?
_________________
status: Bill
setup: SDSL » EISFAIR Router » WRT54GL
firmware: 0.6.6
link: 1553><1024 kbit/s
ISP: QSC
ssid: FON_HotSpot
Fonero: 64303
|
|
| Back to top |
|
|
Freddy
Fonero Pub A
Joined: 26 Jul 2006
Posts: 230
Location: Germany
|
| Posted: Tue Sep 19, 2006 20:28 Post subject: |
|
|
| Satras wrote: | | sorry that i do not have the time to go trough 15 pages but where are we with the heartbeat script ? |
It's all on http://fon.freddy.eu.org/
_________________
status: Linus
setup: Debian Router » Linksys WRT54G + La Fonera
firmware: custom (based on dd-wrt) overclocked to 216 mhz and a modified Fonera firmware
link: 3Mbit down 512 kbit/s up
My Fonera Stuff
How to add a third signal to your Fonera |
|
| Back to top |
|
|
Satras
Fonero B
Joined: 29 Jun 2006
Posts: 54
Location: Germany
|
| Posted: Tue Sep 19, 2006 21:01 Post subject: |
|
|
cool thanx... can you tell me what is the different between these two values ?
| Quote: | WLMAC="$(/usr/sbin/nvram get wl0_hwaddr)"
ETMAC="$(/usr/sbin/nvram get et0macaddr)" |
and where are you actually sending the information to fon ?
ATM i try to learn scrips but i have not come that far with that one. I hope you can bring some light into my dark
_________________
status: Bill
setup: SDSL » EISFAIR Router » WRT54GL
firmware: 0.6.6
link: 1553><1024 kbit/s
ISP: QSC
ssid: FON_HotSpot
Fonero: 64303
|
|
| Back to top |
|
|
AustinTX
FON-FRIENDS
Joined: 24 Feb 2006
Posts: 2760
Location: Austin, Texass
|
| Posted: Wed Sep 20, 2006 01:01 Post subject: |
|
|
| Satras wrote: | | sorry that i do not have the time to go trough 15 pages but where are we with the heartbeat script ? Can someone update the first page and post there how to integrate/use it ? |
Err... it will take someone at *least* that long to give you the nice, neat instructions you are asking for.
_________________
Well, as Revolutions go, this one has certainly been revolting!
Linus || WRT54GL @ 228Mhz || DD-WRT v24 Beta (05/16/07) vpn
My background: ISP NOC Tech, DSL - ISDN - Dialup - Web Hosting
[ El Fon Blog ][ RSS Feed ][ skype:elfonblog ][ gizmo:therealelfonblog ] |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
RSS feed of
the last messages posted | Powered by phpBB © 2001, 2005 phpBB Group