UPC turns your cable modem into WiFi hot-spot available for others. outrageous! and i’ve been using it for quite a while – it generally works. below – how to connect OpenWRT or Mikrotik to such connection.
install needed packages:
opkg update opkg remove wpad* opkg install wpad-openssl libopenssl ca-bundle
download LGI_Root_CA.cer and save it in /etc/ssl/certs/
opkg install libustream-openssl20150806 ca-bundle ca-certificates wget wget -O /etc/ssl/certs/LGI_Root_CA.cer https://kudzia.eu/b/wp-content/uploads/2020/10/LGI_Root_CA.cer
reconfigure your 2.4GHz wifi interface [ WiFree only works on that band, not surprisingly since wall penetration of 5GHz is much worse ]:
uci set wireless.radio0.disabled='0' uci set wireless.radio0.txpower='20' uci set wireless.radio0.htmode='HT40' uci set wireless.radio0.channel='auto' uci set wireless.radio0.country='PL' uci set wireless.default_radio0=wifi-iface uci set wireless.default_radio0.device='radio0' uci set wireless.default_radio0.mode='sta' uci set wireless.default_radio0.network='upcwifree' uci set wireless.default_radio0.ssid='UPC Wi-Free #SprawdzUPCMobile!' uci set wireless.default_radio0.encryption='wpa2+ccmp' uci set wireless.default_radio0.eap_type='ttls' uci set wireless.default_radio0.phase1='peaplabel=1' uci set wireless.default_radio0.phase2='auth=MSCHAPV2' uci set wireless.default_radio0.ca_cert='/etc/ssl/certs/LGI_Root_CA.cer' uci set wireless.default_radio0.wps_pushbutton='0' # below enter your actual login for UPC WiFree uci set wireless.default_radio0.identity='my upc wifree login' # below enter your actual password for UPC WiFree uci set wireless.default_radio0.password='my password' uci set wireless.default_radio0.disabled='0' uci set wireless.default_radio0.ifname='wlan0' uci set wireless.default_radio0.auth='MSCHAPV2' uci commit wireless uci set network.upcwifree=interface uci set network.upcwifree.proto='dhcp' uci set network.upcwifree.auto='1' uci set network.upcwifree.ipv6='0' uci commit network uci set firewall.@zone.network=''wan' 'wan6' 'upcwifree'' uci commit firewall
i’m using this on 751G-2HnD with development firmware, although it should work on other software too.
/interface wireless security-profiles set [ find default=yes ] supplicant-identity=MikroTik add authentication-types=wpa2-eap eap-methods=peap group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys mschapv2-password=my-upc-password mschapv2-username=my-upc-login name=UPC supplicant-identity=my-upc-login tls-mode=dont-verify-certificate unicast-ciphers=tkip,aes-ccm /interface wireless set [ find default-name=wlan1 ] band=2ghz-b/g/n country=poland default-authentication=no disabled=no frequency=2437 installation=indoor security-profile=UPC ssid="UPC Wi-Free #SprawdzUPCMobile!" wireless-protocol=802.11 /interface wireless connect-list add interface=wlan1 mac-address=92:5C:14:AB:8F:57 security-profile=UPC ssid="UPC Wi-Free #SprawdzUPCMobile!" wireless-protocol=802.11 # above is not strictly needed but i wanted mikrotik to always choose device that i know is closest to me. /ip dhcp-client add disabled=no interface=wlan1
on both devices i’m also running WireGuard VPN – so i can reach both from anywhere in the internet, despite the fact that neither has public IP address. both routers establish VPN to my VPS. OpenWRT gave me a bit of headache – VPN would not re-establish after short drops of the WiFi acts as WAN. after each such episode wg0 would disappear and to reinstantiate it i had to either run /etc/init.d/network restart or reboot router. i’ve searched for help on the OpenWRT forum. this did not help:
uci set network.wg0.tunlink='upcwifree'
so i ended up doing this:
echo "* * * * * root ping -c 5 172.16.1.1 ; if [ $? -ne 0 ] ; then /etc/init.d/network restart ; fi" >> /etc/crontab/root /etc/init.d/cron restart
where 172.16.1.1 is remote end of the VPN. yes, it’s rather crude measure.