Build 4MB image with integrated openwisp-config
193 views
Skip to first unread message
Vladislav Bidikov
Jan 8, 2018, 2:01:01 PM1/8/18
to OpenWISP
Hi all,
After seeing the great news about the merge between openwrt and openlede - i think this is the best place to ask about the experience in building a 4MB firmware build with all the needed componenets (we have several TP-link 740N on campus) and try to maintain a functional version...
After some initial research i think that we will need to remove some modules (which are not needed at all) like ipv6, ppp, pppoe and even maybe LUCI in order to make room for the openwisp config packate (and it's dependencies)...
Is there any archive of such endeavors so far since we feel that these older 4MB devices are even more practical with openwisp for university wide installation (if we can get the vpn part working in openwisp 2 - and find a good example config)
Please advice on the matter...
After seeing the great news about the merge between openwrt and openlede - i think this is the best place to ask about the experience in building a 4MB firmware build with all the needed componenets (we have several TP-link 740N on campus) and try to maintain a functional version...
After some initial research i think that we will need to remove some modules (which are not needed at all) like ipv6, ppp, pppoe and even maybe LUCI in order to make room for the openwisp config packate (and it's dependencies)...
Is there any archive of such endeavors so far since we feel that these older 4MB devices are even more practical with openwisp for university wide installation (if we can get the vpn part working in openwisp 2 - and find a good example config)
Please advice on the matter...
Federico Capoano
Jan 8, 2018, 3:26:46 PM1/8/18
to open...@googlegroups.com
Hi Vladislav,
some people I know have accomplished this.
openwisp-config only needs its dependencies so you can safely remove the packages you mentioned.
Since I don't need this, I haven't dedicated time to it and I don't have a configuration to share.
The people I know have accomplished it by using the imagebuilder with a stripped down profile - BUT - it was with OpenWRT Chaos Calmer.
I suggest to ask to the lede devs if 4mb devices are still officially supported in the latest version because I am not entirely sure.
Federico
--
You received this message because you are subscribed to the Google Groups "OpenWISP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openwisp+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Vladislav Bidikov
Jan 8, 2018, 3:57:59 PM1/8/18
to OpenWISP
Hi Federico...
openlede is not a requirement - we can use the last openwrt from my point of view...
Not sure how the firmware builder with ansible will handle openwrt... looks like a nice trial and error ahead :)
Expecialy since wen you remove luci (which looks like it will have to go) the difference for openlede/openwrt for this particular device is minimal (since it's quite old hardware) and stability and some basic networking (and vlan) is the only needed (and maybe openvpn if there is room)...
About the openvpn information - any documentation where we can see what needs to be setup where and how ? expecialy on the openwisp2 machine - the openvpn server there...
Thanks for your great response and fast support - hope you can provide us with more :)
One thinks that falls on my mind if maybe a openwisp firmware 1.x is also an option for these devices ???
Best regards,
openlede is not a requirement - we can use the last openwrt from my point of view...
Not sure how the firmware builder with ansible will handle openwrt... looks like a nice trial and error ahead :)
Expecialy since wen you remove luci (which looks like it will have to go) the difference for openlede/openwrt for this particular device is minimal (since it's quite old hardware) and stability and some basic networking (and vlan) is the only needed (and maybe openvpn if there is room)...
About the openvpn information - any documentation where we can see what needs to be setup where and how ? expecialy on the openwisp2 machine - the openvpn server there...
Thanks for your great response and fast support - hope you can provide us with more :)
One thinks that falls on my mind if maybe a openwisp firmware 1.x is also an option for these devices ???
Best regards,
Federico Capoano
Jan 9, 2018, 4:21:57 AM1/9/18
to open...@googlegroups.com
Hey Vlad,
On Mon, Jan 8, 2018 at 9:58 PM Vladislav Bidikov <bid...@gmail.com> wrote:
Hi Federico...
openlede is not a requirement - we can use the last openwrt from my point of view...
Not sure how the firmware builder with ansible will handle openwrt... looks like a nice trial and error ahead :)
You mean ansible-openwisp2-imagegenerator? Or what else?
Compiling manually is also an option. In either cases it will likely take some trial and error before getting it right.
Expecialy since wen you remove luci (which looks like it will have to go) the difference for openlede/openwrt for this particular device is minimal (since it's quite old hardware) and stability and some basic networking (and vlan) is the only needed (and maybe openvpn if there is room)...
About the openvpn information - any documentation where we can see what needs to be setup where and how ? expecialy on the openwisp2 machine - the openvpn server there...
Nah unfortunately this is an area that needs improvement, but of the side-time (eg: what remains after work and personal life) I can dedicate to OpenWISP I'm kept busy on so many fronts (merging & testing patches, Google Code-In, Google Summer of Code, new features) that I don't have time to address this. I hope that over time more contributors will be motivated to help out in scaling this community.
For the moment, I can give you some useful hints:
- use this ansible role to setup openvpn: https://github.com/Stouts/Stouts.openvpn
- on the firmware, use the same SSL library you chose for openwisp-config, so if you choose openwisp-config-openssl use openvpn-openssl
- set up a VPN server object in OpenWISP 2 in which you replicate the config of the server
- create a Template of type "vpn-client", select the VPN server you just created, leave the configuration empty and the system will figure out a viable template for you
- test it, refine the config and if you can.. please report your experience here.. it will be useful for others as well
Thanks for your great response and fast support - hope you can provide us with more :)
One thinks that falls on my mind if maybe a openwisp firmware 1.x is also an option for these devices ???
That may work. OpenWISP 2 can also manage OWF1.x by adding this module: https://github.com/openwisp/django-owm-legacy
I tested this only in staging environment and not on a large scale yet.
But that module was designed to deploy OW2 in existing OW1 networks in order to migrate them gradually.
In my opinion as a community we should focus our time and energy in replacing all the OW1 softwares as soon as possible: they served us well for many years and indicated the road ahead, but haven't been maintained actively and they pose serious security risks to the organizations that are using those in productions.
If you take a look at the linux dependencies and ruby gems, you will notice they are old and vulnerable, even github gives warnings about it:
Moreover, OW1 is unflexible and cannot be used for use cases that are slightly different from the public wifi use case they were designed for, which triggered many organizations over time to write completely different code which implemented very similar features but did slightly different things. I think this is a huge waste of human effort and we must do the best we can to get as many people collaborating on the same software ecosystem as possible, so more organization can share the same base system but build their unique features on top of it.
So unless you have very good reasons to use OW1 stuff and you are not worried about the security risk you can try, otherwise if you have some patience and time to help us improve OpenWISP2 (sending frequent feedback to this list, for example, is very helpful, writing blog posts is very helpful as well), it will be much better for everybody, I believe.
Federico
Message has been deleted
Message has been deleted
henriqsc
Jan 10, 2018, 6:52:35 AM1/10/18
to OpenWISP
Well we built a 16MB image so there was plenty of space to install anything.
Only thing I can say is that a customized firmware with the shared_key embedded for automatic registration works like a charm, even if devices are reset they will retrieve the configuration from openwisp2 afterwards.
Radu Rambet
May 28, 2018, 5:06:37 AM5/28/18
to OpenWISP
Well since I have the same problem here here how I did it :
- chaos calmer
- removed everything that is unneeded
- using image generator
- used tinc instead of openvpn as it is lighter and it gets the job done
- chaos calmer
- removed everything that is unneeded
- using image generator
- used tinc instead of openvpn as it is lighter and it gets the job done
Unfortunately there is not enough space to install eneything else . I got away with olsr and tinc but no luci and the biggest problem no monitoring tool like collectd or something else . You have to live without any monitoring tool.
You may probably use some passive pinging but that's all you need the machine itself you cannot install anything else .
I'm doing traffic shaping from firewall .
If anybody has any idea how I could monitor what's happening on the router without installing things that would be great.
So it works but kind of blind . Still a 10 USD TPLink what could you expect ;)
Reply all
Reply to author
Forward
0 new messages