{"id":3110,"date":"2020-10-17T12:59:22","date_gmt":"2020-10-17T11:59:22","guid":{"rendered":"https:\/\/kudzia.eu\/b\/?p=3110"},"modified":"2023-03-22T08:56:13","modified_gmt":"2023-03-22T07:56:13","slug":"getting-upc-wifree-to-work-with-mikrotik-and-openwrt","status":"publish","type":"post","link":"https:\/\/kudzia.eu\/b\/2020\/10\/getting-upc-wifree-to-work-with-mikrotik-and-openwrt\/","title":{"rendered":"UPC WiFree on Mikrotik and OpenWRT"},"content":{"rendered":"

UPC turns your cable modem into WiFi hot-spot available for others. outrageous! and i’ve been using it for quite a while – it generally works. below – how to connect OpenWRT or Mikrotik to such connection.
\n<\/p>\n

OpenWRT 22.03.0-rc6<\/h2>\n

on Polish OpenWRT forum<\/a> – eko.one.pl – i’ve found a fully functional example<\/a>. i’ve tesed it on Netgear WNDR4300 and R6220. it works fine for me.
\nssh to the router, and there:<\/p>\n

\r\nopkg update\r\nopkg remove wpad*\r\nopkg install wpad-openssl libopenssl ca-bundle wget \r\nwget -O \/etc\/ssl\/certs\/LGI_Root_CA.cer https:\/\/kudzia.eu\/b\/wp-content\/uploads\/2020\/10\/LGI_Root_CA.cer\r\n\r\nreboot\r\n\r\n# ssh again\r\nuci set wireless.radio0.disabled='0'\r\nuci set wireless.radio0.txpower='20'\r\nuci set wireless.radio0.htmode='HT40'\r\nuci set wireless.radio0.channel='auto'\r\nuci set wireless.radio0.country='PL'\r\nuci set wireless.default_radio0=wifi-iface\r\nuci set wireless.default_radio0.device='radio0'\r\nuci set wireless.default_radio0.mode='sta'\r\nuci set wireless.default_radio0.network='upcwifree'\r\nuci set wireless.default_radio0.ssid='Wi-Free #InternetUPCNajszybszy'\r\nuci set wireless.default_radio0.encryption='wpa2+ccmp'\r\nuci set wireless.default_radio0.eap_type='ttls'\r\nuci set wireless.default_radio0.phase1='peaplabel=1'\r\nuci set wireless.default_radio0.phase2='auth=MSCHAPV2'\r\nuci set wireless.default_radio0.ca_cert='\/etc\/ssl\/certs\/LGI_Root_CA.cer'\r\nuci set wireless.default_radio0.wps_pushbutton='0'\r\n# below enter your actual login for UPC WiFree\r\nuci set wireless.default_radio0.identity='my upc wifree login'\r\n# below enter your actual password for UPC WiFree\r\nuci set wireless.default_radio0.password='my password'\r\nuci set wireless.default_radio0.disabled='0'\r\nuci set wireless.default_radio0.ifname='wlan0'\r\nuci set wireless.default_radio0.auth='MSCHAPV2'\r\nuci commit wireless\r\n\r\nuci set network.upcwifree=interface \r\nuci set network.upcwifree.proto='dhcp'\r\nuci set network.upcwifree.auto='1'\r\nuci set network.upcwifree.ipv6='0'\r\nuci commit network\r\n\r\nuci set firewall.@zone[1].network=''wan' 'wan6' 'upcwifree''\r\n<\/pre>\n
sometimes, some of the neighboring routers no longer provide connectivity [ or even IP address via DHCP ] for this wlan. to find out all available neighbors – run:<\/p>\n
\r\niwinfo wlan0 scan\r\n# you might need to first install it - opkg update; opkg install iwinfo\r\n<\/pre>\n
in the output – find few candidates with highest possible value of Signal – e.g.:<\/p>\n
\r\nCell 07 - Address: 92:xx:xx:xx:xx:xx\r\n          ESSID: "Wi-Free #InternetUPCNajszybszy"\r\n          Mode: Master  Channel: 11\r\n          Signal: -61 dBm  Quality: 49\/70\r\n          Encryption: WPA2 802.1X (TKIP, CCMP)\r\n...\r\nCell 09 - Address: AE:xx:xx:xx:xx:xx\r\n          ESSID: "Wi-Free #InternetUPCNajszybszy"\r\n          Mode: Master  Channel: 1\r\n          Signal: -62 dBm  Quality: 48\/70\r\n          Encryption: WPA2 802.1X (CCMP)\r\n<\/pre>\n
take the MAC address and run:<\/p>\n
\r\nuci set wireless.default_radio0.bssid="AE:xx:xx:xx:xx:xx"\r\nuci commit network\r\nreboot\r\n<\/pre>\n
iterate it few times until you find a neighboring device that works.<\/p>\n
OpenWRT 19.07.4<\/h2>\n
install needed packages:<\/p>\n
\r\nopkg update\r\nopkg remove wpad*\r\nopkg install wpad-openssl libopenssl ca-bundle\r\n\r\nuci set wireless.radio0.disabled='0'\r\nuci set wireless.radio0.txpower='20'\r\nuci set wireless.radio0.htmode='HT40'\r\nuci set wireless.radio0.channel='auto'\r\nuci set wireless.radio0.country='PL'\r\nuci set wireless.default_radio0=wifi-iface\r\nuci set wireless.default_radio0.device='radio0'\r\nuci set wireless.default_radio0.mode='sta'\r\nuci set wireless.default_radio0.network='upcwifree'\r\nuci set wireless.default_radio0.ssid='UPC Wi-Free #SprawdzUPCMobile!'\r\nuci set wireless.default_radio0.encryption='wpa2+ccmp'\r\nuci set wireless.default_radio0.eap_type='ttls'\r\nuci set wireless.default_radio0.phase1='peaplabel=1'\r\nuci set wireless.default_radio0.phase2='auth=MSCHAPV2'\r\nuci set wireless.default_radio0.ca_cert='\/etc\/ssl\/certs\/LGI_Root_CA.cer'\r\nuci set wireless.default_radio0.wps_pushbutton='0'\r\n# below enter your actual login for UPC WiFree\r\nuci set wireless.default_radio0.identity='my upc wifree login'\r\n# below enter your actual password for UPC WiFree\r\nuci set wireless.default_radio0.password='my password'\r\nuci set wireless.default_radio0.disabled='0'\r\nuci set wireless.default_radio0.ifname='wlan0'\r\nuci set wireless.default_radio0.auth='MSCHAPV2'\r\nuci commit wireless\r\n\r\nuci set network.upcwifree=interface \r\nuci set network.upcwifree.proto='dhcp'\r\nuci set network.upcwifree.auto='1'\r\nuci set network.upcwifree.ipv6='0'\r\nuci commit network\r\n\r\nuci set firewall.@zone[1].network=''wan' 'wan6' 'upcwifree''\r\nuci commit firewall\r\n\r\n<\/pre>\n
download LGI_Root_CA.cer<\/a> and save it in \/etc\/ssl\/certs\/<\/p>\n
\r\nopkg install libustream-openssl20150806 ca-bundle ca-certificates wget libustream-openssl20150806\r\nwget -O \/etc\/ssl\/certs\/LGI_Root_CA.cer https:\/\/kudzia.eu\/b\/wp-content\/uploads\/2020\/10\/LGI_Root_CA.cer\r\n<\/pre>\n
reconfigure your 2.4GHz wifi interface [ WiFree only works on that band, not surprisingly since wall penetration of 5GHz is much worse ]:<\/p>\n
\r\nuci set wireless.radio0.disabled='0'\r\nuci set wireless.radio0.txpower='20'\r\nuci set wireless.radio0.htmode='HT40'\r\nuci set wireless.radio0.channel='auto'\r\nuci set wireless.radio0.country='PL'\r\nuci set wireless.default_radio0=wifi-iface\r\nuci set wireless.default_radio0.device='radio0'\r\nuci set wireless.default_radio0.mode='sta'\r\nuci set wireless.default_radio0.network='upcwifree'\r\nuci set wireless.default_radio0.ssid='UPC Wi-Free #SprawdzUPCMobile!'\r\nuci set wireless.default_radio0.encryption='wpa2+ccmp'\r\nuci set wireless.default_radio0.eap_type='ttls'\r\nuci set wireless.default_radio0.phase1='peaplabel=1'\r\nuci set wireless.default_radio0.phase2='auth=MSCHAPV2'\r\nuci set wireless.default_radio0.ca_cert='\/etc\/ssl\/certs\/LGI_Root_CA.cer'\r\nuci set wireless.default_radio0.wps_pushbutton='0'\r\n# below enter your actual login for UPC WiFree\r\nuci set wireless.default_radio0.identity='my upc wifree login'\r\n# below enter your actual password for UPC WiFree\r\nuci set wireless.default_radio0.password='my password'\r\nuci set wireless.default_radio0.disabled='0'\r\nuci set wireless.default_radio0.ifname='wlan0'\r\nuci set wireless.default_radio0.auth='MSCHAPV2'\r\nuci commit wireless\r\n\r\nuci set network.upcwifree=interface \r\nuci set network.upcwifree.proto='dhcp'\r\nuci set network.upcwifree.auto='1'\r\nuci set network.upcwifree.ipv6='0'\r\nuci commit network\r\n\r\nuci set firewall.@zone[1].network=''wan' 'wan6' 'upcwifree''\r\nuci commit firewall\r\n<\/pre>\n
Mikrotik 7.1.beta2<\/h2>\n
i’m using this on 751G-2HnD with development firmware, although it should work on other software too.<\/p>\n
\r\n\/interface wireless security-profiles\r\nset [ find default=yes ] supplicant-identity=MikroTik\r\nadd authentication-types=wpa2-eap eap-methods=peap group-ciphers=tkip,aes-ccm management-protection=allowed mode=dynamic-keys mschapv2-password=my-upc-password mschapv2-username=my-upc-login name=UPC supplicant-identity=my-upc-login tls-mode=dont-verify-certificate unicast-ciphers=tkip,aes-ccm\r\n\/interface wireless\r\nset [ find default-name=wlan1 ] band=2ghz-b\/g\/n country=poland default-authentication=no disabled=no frequency=2437 installation=indoor security-profile=UPC ssid="UPC Wi-Free #SprawdzUPCMobile!" wireless-protocol=802.11\r\n\r\n\/interface wireless connect-list\r\nadd interface=wlan1 mac-address=92:5C:14:AB:8F:57 security-profile=UPC ssid="UPC Wi-Free #SprawdzUPCMobile!" wireless-protocol=802.11\r\n# above is not strictly needed but i wanted mikrotik to always choose device that i know is closest to me.\r\n\r\n\/ip dhcp-client\r\nadd disabled=no interface=wlan1\r\n<\/pre>\n
on both devices i’m also running WireGuard VPN – so i can reach both from anywhere in the internet, despite the fact that neither has public IP address. both routers establish VPN to my VPS. OpenWRT gave me a bit of headache – VPN would not re-establish after short drops of the WiFi acts as WAN. after each such episode wg0 would disappear and to reinstantiate it i had to either run \/etc\/init.d\/network restart<\/i> or reboot router. i’ve searched for help on the OpenWRT forum<\/a>. this did not help:<\/p>\n
\r\nuci set network.wg0.tunlink='upcwifree'\r\n<\/pre>\n
so i ended up doing this:<\/p>\n
\r\necho "* * * * * root ping -c 5 172.16.1.1 ; if [ $? -ne 0 ] ; then \/etc\/init.d\/network restart ; fi" >> \/etc\/crontab\/root\r\n\/etc\/init.d\/cron restart\r\n<\/pre>\n
where 172.16.1.1 is remote end of the VPN. yes, it’s rather crude measure.<\/p>\n","protected":false},"excerpt":{"rendered":"
UPC turns your cable modem into WiFi hot-spot available for others. outrageous! and i’ve been using it for quite a while – it generally works. below – how to connect OpenWRT or Mikrotik to such connection.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3110","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=3110"}],"version-history":[{"count":24,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3110\/revisions"}],"predecessor-version":[{"id":3442,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/3110\/revisions\/3442"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=3110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=3110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=3110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}