Tuesday, 13 January 2015

Raspberry Pi - 1 Wire OWFS i2c bus

In this basic How-To I work through the software configuration steps I use so that the Raspberry Pi can read values from a 1-wire DS18B20 temp sensors. The basic Raspberry Pi is fully operational with the latest fully updated Raspbian image. It is possible to interface directly to the GPIO pins, which I tested on a breadboard before deciding to go with the dedicated add on module (the RPI3v1) from Sheepwalk Electronics, which provides me with a convenient connection options given I have Cat5E wiring throughout my house. Sad I know, but useful none the less. :) The first thing we need to do is to enable the required kernel nodules. To achieve this across reboots insert the lines below in the /etc/modules file: 
i2c-bcm2708
i2c-dev
If ic2detect isn't already installed it is available through the standard repository. Whilst we are installing the i2c-tools we will install the owfs and ow-shell packages as well: 
sudo apt-get install i2c-tools owfs ow-shell
The command below will probe the i2c bus. Change the value of -y accordingly (0 = RPi-V1 1 = RPi-V2): 
pi@rasp-owfs ~ $ sudo i2cdetect -y 0
 0 1 2 3 4 5 6 7 8 9 a b c d e f
 00: -- -- -- -- -- -- -- -- -- -- -- -- --
 10: -- -- -- -- -- -- -- -- -- -- -- -- 1c -- -- --
 20: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 30: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 40: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 60: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 70: -- -- -- -- -- -- -- --
 pi@rasp-owfs ~ $
Edit the /etc/owfs.conf file as appropriate below: 
server: FAKE = DS18S20,DS2405
 #server: FAKE = DS18S20,DS2405
 # Chose appropriate line below based on rev1 or rev2 RPi
 # server: device=/dev/i2c-0
 # server: device=/dev/i2c-1
Assuming everything is operational and configured correctly, restart the service and check to see the connected 1-wire sensors are being read. 
pi@rasp-owfs ~ $ sudo service owserver restart
[ ok ] Restarting 1-Wire TCP Server: owserver.
pi@rasp-owfs ~ $
pi@rasp-owfs ~ $
pi@rasp-owfs ~ $ owdir
 /28.BAB11E050000
 /28.69EF1E050000
 /bus.7
 /bus.6
 /bus.5
 /bus.4
 /bus.3
 /bus.2
 /bus.1
 /bus.0
 /uncached
 /settings
 /system
 /statistics
 /structure
 /simultaneous
 /alarm
pi@rasp-owfs ~ $
pi@rasp-owfs ~ $
pi@rasp-owfs ~ $ owread /28.BAB11E050000/temperature ;echo
23.9375
pi@rasp-owfs ~ $ owread /28.69EF1E050000/temperature; echo
23.9375
pi@rasp-owfs ~ $
We have now got 2 sensors plugged in and being read, they even agree and report the same temperature, which given they are next to each other is hardly surprising. Wouldn't it be good though to change the long hexidecimal strings so we can refer to the sensors using a location name. Fortunately with a bit more editing that's exactly what we can do. Work out which one you wish to name first by simply removing the other one. When we down run the owdir command the only one listed will be that of the one to rename. 
pi@rasp-owfs ~ $ owdir
 /28.CE1613050000
 /bus.7
 /bus.6
 /bus.5
 /bus.4
 /bus.3
 /bus.2
 /bus.1
 /bus.0
 /uncached
 /settings
 /system
 /statistics
 /structure
 /simultaneous
 /alarm 
pi@rasp-owfs ~ $
The observant may have noticed that this is a different sensor to those addressed before. This is a waterproof one that is mounted outside in a wind sheltered spot. It should be noted though that using this method to create alias breaks the built in web server front end to owserver. If you use that interface such as browsing to http://yourIPaddr:2121, then this isn't for you. I am sure it can be solved, I've just never needed to so haven't looked into it.So to proceed, simply create a owfs.alias file in /etc with the format as below:- 
pi@rasp-owfs ~ $ sudo vi /etc/owfs.alias
 28.69EF1E050000 = datacab1
 28.D9301F050000 = lounge1
 28.CC871E050000 = loft1
 28.A8A21E050000 = kitchen1
 28.BAB11E050000 = bedroom2
 28.EB4C1E050000 = bedroom1
 28.1ADE1F050000 = office1
 28.22A61E050000 = garage2
 28.CE1613050000 = outside
Now the alias file has been created, we need to instruct the owserver to use those names. Simply edit the /etc/init.d/owserver file find the section below (not far from the top) :- 
d_start() {
 [ -d $PIDDIR ] || {
 mkdir -m 0775 -p $PIDDIR
 chown root:root $PIDDIR >/dev/null 2>&1
 }
 start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- -c $CONFFILE \
 --pid-file $PIDFILE
 # ensure the daemon has been started
 sleep 1
 pidofproc -p $PIDFILE $DAEMON >/dev/null
 }
Under the start-stop-daemon section we need to change it to as shown below for it to use the alias file we created earlier. 
start-stop-daemon --start --quiet --oknodo --exec $DAEMON -- -c $CONFFILE \
 -a /etc/owfs.alias --pid-file $PIDFILE
Once we have updated, either reboot the RPi or, issue the following command:- 
sudo /etc/init.d/owserver restart
Personally I would recommend a reboot, but either should work as shown below. 
pi@rasp-owfs ~ $ owdir
 /outside
 /bedroom2
 /datacab1
 /bus.7
 /bus.6
 /bus.5
 /bus.4
 /bus.3
 /bus.2
 /bus.1
 /bus.0
 /uncached
 /settings
 /system
 /statistics
 /structure
 /simultaneous
 /alarm
 pi@rasp-owfs ~ $
 pi@rasp-owfs ~ $ owread /outside/fasttemp;echo
 3
 pi@rasp-owfs ~ $ owread /outside/temperature;echo
 3.1875
 pi@rasp-owfs ~ $
That's all folks. Feel free to leave a comment.
Posted by at No comments:
Labels: ,

Thursday, 1 January 2015

Purpose in life ?

Do we have a purpose in life ? 

A rather deep question. Personally I hope to enjoy life, and have some fun. If this in turn helps some others along the way, all the better.
Posted by at No comments:
Labels:

Monday, 3 December 2012

Build Asus EeePC Debian Wifi Access Point

Background

I have a number of old netbooks and laptops, gathering dust in my office that have been discarded over the years by family members, friends and myself as they have been replaced by newer faster models. Many of them are in various stages of being dismantled as they have been cannibalised to keep other machines going. In addition to old computer equipment, my office is also littered with old networking equipment including access points and even some wireless antennas that I seem to have accumulated over the years. Even with all this old hardware available to me, I still find myself wanting a Linux based access point for two reasons.
  • The challenge of getting it working, and learn a few things on the way.
  • To provide a Linux machine for future projects I have in mind.

Hardware

Looking at the equipment I have available to experiment with, I have chosen to use one of the two original Asus EeePC available. After all, these were the machines that created the whole netbook category as I see it. I have a 701 4G Surf in a rather fetching baby blue and white colour, and a 701 8G model.
Despite the rather girlie colour its the 4G Surf that I have chosen as I don't need much storage space, and the battery is in better condition than the 8G alternative.
 

Debian OS

The Asus has a Atheros wifi card which is supported in the ath5k driver. This is included in the kernel of Debian distributions since 2.6.25. Debian Squeeze (at time of writing) is the current stable release, so I headed over to the downloads page and several minutes later had a Net Install CD burnt ready for action.
 If you need help installing Debian there is a lot of useful information in the Debian EeePC Wiki.
 

OS Installation

The install itself is simple enough, I chose to do an expert text only install. Previously on other netbooks I've had problems with GUI installs and the different resolutions. I didn't even try the GUI, it may work fine, text although not pretty always works though.
When it came to partitioning the disks, I went with a single 4GB ext3 partition. I didn't bother with a swap space as I don't have a lot of space to play with, but primarily because the internal disk is flash memory, I can't see how it will actually add much to the performance anyway. I don't have conclusive information either way, so just chose a simple set-up for my needs.
During the Software Selection of the install process I opted for the three following options.
  • SSH Server
  • Laptop
  • Standard System Utilities
If at a later date I find I need some additional functionality I can always install the relevant package at that time. At the moment I am keen to avoid installing all sorts of software and risk wasting valuable disk space which is at a premium on the EeePC.
Following a reboot, and logging in with the credentials provided during the install it all looks good with both my ethernet and wifi interfaces being available. 
root@eeepc:~#$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1f:c6:3e:1f:b9
 inet addr:10.1.1.158 Bcast:10.1.1.255 Mask:255.255.255.0
 inet6 addr: fe80::21f:c6ff:fe3e:1fb9/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:182 errors:0 dropped:0 overruns:0 frame:0
 TX packets:104 errors:0 dropped:0 overruns:0 carrier:1
 collisions:1 txqueuelen:1000
 RX bytes:21877 (21.3 KiB) TX bytes:14862 (14.5 KiB)
 Memory:fbfc0000-fc000000

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
 inet6 addr: ::1/128 Scope:Host
 UP LOOPBACK RUNNING MTU:16436 Metric:1
 RX packets:8 errors:0 dropped:0 overruns:0 frame:0
 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)

pan0 Link encap:Ethernet HWaddr 9a:12:2c:14:30:5b
 BROADCAST MULTICAST MTU:1500 Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

wlan0 Link encap:Ethernet HWaddr 00:15:af:8e:04:7c
 BROADCAST MULTICAST MTU:1500 Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
 

Additional Packages Required

Pretty much everything you need to get up and running will probably be installed now, there are some exceptions of course. For my access point I will need to be able to put the Atheros wifi card into Master mode, to enable me to do this I need Hostapd. 
apt-get install hostapd
In addition I also will be requiring the ability to bridge the Wlan0 and Eth0 interfaces and will need the bridge utils package to achieve this. 
apt-get install bridge-utils
 

Post Installation Configuration - Hostapd

Once hostapd is installed you need to edit a couple of config files to enable it to start up as a daemon with the required configuration.
  1. In /etc/default/hostapd  replace the line #DAEMON_CONF="" with DAEMON_CONF="/etc/hostapd/hostapd.conf"
  2. Edit /etc/hostapd/hostapd.conf file and include the configuration for your new wireless network. An example is shown below, but more information on the settings available can be found on this hostapd driver page, it is targeted towards PRISM based wifi cards, but is still a good reference.
The following can be used as a sample hostapd.conf for an open access point. 
#
# Config for /etc/hostapd/hostapd.conf for an open wifi.
#
interface=wlan0
driver=nl80211
bridge=br0
ssid=open-wifi
auth_algs=1
channel=11
wpa=0
ignore_broadcast_ssid=0
It is very simple to add WPA security, as the example below shows. 
#
# Config for /etc/hostapd/hostapd.conf for a secure wifi.
#
interface=wlan0
driver=nl80211
bridge=br0
ssid=secure-wifi
auth_algs=1
channel=1
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wpa_passphrase=securewirelesspassword
macaddr_acl=0
ignore_broadcast_ssid=0
Even though we have not yet set-up the bridging function, it is probably worth restarting the hostapd process for the new configuration file to be used. To do this simply enter  the following: 
/etc/init.d/hostapd restart
 

Post Installation Configuration - Bridging.

All that is left to do in this simple set-up is to build the bridge and allocate the real physical interfaces to the bridge. The commands below are all that is needed to do this. 
ifconfig eth0 0.0.0.0 down
ifconfig wlan0 0.0.0.0 down
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 wlan0
brctl stp br0 off
ifconfig eth0 0.0.0.0 up
ifconfig wlan0 0.0.0.0 up
dhclient br0
Whilst this may look complicated, it is very simple really.
  • Lines 1 & 2 remove any IP address on the Ethernet and Wifi interfaces and shuts them down.
  • Line 3 defines a new interface br0
  • Lines 4 and 5 add the Ethernet and Wifi interfaces into the bridge group br0
  • Line 6 turns spanning-tree off. This is a function which prevents loops in a network, and isn't needed for a simple wireless network.
  • Lines 7 & 8 bring up the two interfaces without an IP address assigned.
  • Line 9 requests an IP address for the br0 interface so the host Debian box can accessed for management purposes.

It Works

I now have an old Asus EeePC up and running as a basic Access Point using Debian Linux.
AsusEeePC-AP  

Summary

This is a simple project but one I've been planning to do for a while now. This small portable laptop is now functioning as a simple access point. I have further projects planned, some of the ideas include
  • Add a DHCP server and route rather than bridge between the Wifi and the Ethernet.
  • Add NAT (or more specifically PAT) functionality to mascaraed the wireless clients so their IP addresses do not appear on the attached Ethernet.
  • Build an OpenVPN connection from the laptop to a remote server so that the wireless clients are then tunnelled across the attached Ethernet. This will allow both traffic encryption and hiding of the end Wifi devices.
  • As a simple data collection point to run capture tools such as tcpdump, dsniff and driftnet for testing and demonstration purposes.
  • Building on that idea, add ettercap functionality to highlight the threat of MITM (Man In The Middle) attacks and educate people not to just use any open wireless network.
  • Investigate the possibility of building some content filtering solution to protect children from stumbling (or finding) non appropriate web sites.
I have no idea what will come first on that list, or when I will find the time, but all of those things present a challenge and catch my interest.
I hope this information helps someone somewhere, if you have any thoughts or ideas, please leave a comment.
Posted by at No comments:
Labels: ,

Thursday, 29 November 2012

My Own Mortality

For reasons I will not go into here, I've had cause to consider my own mortality earlier today, I was not being morbid or feeling depressed, I was just pondering about life in general. The thought occurred to me, that I would want a particular piece of music to be played at my funeral. This isn't something new, I've left instructions in my will to request this piece of music. However, over the years I've purchased this track on a 7 inch vinyl single, a 12 inch vinyl single, a CD single, a CD album, a "best of" CD album. It won't be long before you will have to visit a museum to actually see some equipment that can play the various formats I have. It has found its way on and off various phones, mp3 players, ipods and even the odd minidisk (remember them). However, will my immediate family, be able to find a copy when the time comes. Probably not very easily unless I happen to be listening to it when my life ends. Is there an opportunity for some kind of personalised digital safe for keeping these kind of memories? Sure there is things for videos, photos and music already. The problem is though that you cant easily leave delegated authority for someone to access the information after the account holder has gone. You only need to hear stories of people trying to get family members account details deleted off social networking sites after they have passed away. I've heard first hand of someone who keeps getting emails asking if they want to be friends with their deceased Uncle. Anyway, not sure it will make someone millions. However, I would probably pay a fee for such a service that has guarantees to deliver. If you know or hear about such a service drop me a note please.
Posted by at No comments:
Labels:

Wednesday, 28 November 2012

Configure Dynamic DNS on a Cisco 857w.

Background.

I was asked recently if the ISP I use provides static (or rather fixed dynamic) IP addresses. My ISP doesn't offer such a service so I rely on one of the many Dynamic DNS services available. This led to a discussion of how to configure a Cisco SOHO router to act as the Dynamic DNS client. I thought I would spare 10 mins and run through the set-up I have and how to get it working.

Pre-Requisites.

For the sake of clarity this is what you will need to get this up and running.
  • A Cisco router, that supports DDNS configuration. Most SoHo devices do.
  • A suitable working ISP service.
  • A base configuration so that your router is already up and running on the internet.
  • A basic knowledge of how to log in, enter enable mode and configure the router.
  • A Dynamic DNS account and associated host name.

Dynamic DNS account configuration.

I won't bore you with the details of this, just head over to Dynamic DNS, set up an account and choose one of the many competitively priced DNS hosting options. I went for the single host for free, but this requires you to log in once every so often to confirm your account is active. Fortunately they send you an email with a link to confirm your account, so it isn't difficult to keep the account active. Once you have set up your account you will end up with some information we will be using later in the Cisco configuration.
  • Account Name:- I've used ddnsAccName
  • Account Password:- I've used ddnsPasswd
  • Domain Name that you have just chosen:- I've used greatservice.dyndns.org
Obviously the information above is purely fictional.  

Cisco Configuration Step 1.

So assuming you have met the pre-requisites, and have the account information to hand the configuration is quiet simple. Initially we need to define the update method the Cisco will use: 
ip ddns update method DynDNS
 HTTP
There are 2 gotchas with the next lines. The first is that you must press CTRL-V immediately prior to typing the "?" in the config lines below. If you don't do this the Cisco will invoke the context sensitive help function with will prevent you from entering the configuration lines. The second, is that although they may be wrapped in your browser, they are in reality just two very long commands, I have separated them out to try and help make it clearer. Obviously replace the highlighted details with your details where appropriate. Furthermore these commands should immediately follow those already outlined above. 
add http://ddnsAccName:ddnsPasswd@members.dyndns.org/nic/update?system=dyndns&hostname=greatservice.dyndns.org&myip=
remove http://ddnsAccName:ddnsPasswd@members.dyndns.org/nic/update?system=dyndns&hostname=greatservice.dyndns.org&myip=
The updates will be triggered by the Cisco when it detects an IP address change, but you should also update periodically to protect against your host being aged out. Update to often though when it isn't required may be considered abusive and can lead to a ban. The settings below are the ones I've been using for over a year with no problems. These should also be configured immediately after the previous commands still within the update method definition. 
interval maximum 28 12 0 0
 interval minimum 28 0 0 0

Cisco Configuration Step 2.

Once the update method is defined, this just needs to be tied to the interface connected to the internet. In my case here it is ATM0.101, yours may be different but it should be the same commands. It is worth pointing out here that the update command specifying the method needs to match that specified earlier. 
interface ATM0.101 point-to-point
 description WAN Link to the Internet
 ip ddns update hostname greatservice.dyndns.org
 ip ddns update DynDNS
 ip address dhcp
All the other configuration commands have been omitted to boil this down to the bare minimum required. Hope this helps someone.
Posted by at No comments:
Labels:

Sunday, 4 November 2012

Life Online

As I sit here on mute, on another conference call, during another IT project rollout I began to think about life online. I've been using the Internet since about 1994 using gopher to find information, long before google or bing. I remember using the World Wide Web Worm to search for things prior to the new upstart yahoo appearing on the scene. I don't really get Twitter, or Facebook, but I am constantly finding new interesting information and articles on various blogs which have proved valuable over the years. So here I am, a bit of an IT nerd according to those who know me. I'm interested in technology, security, deception and sharing knowledge. I thought it time I tried to give something back to the online community rather than being a sponge and just soaking it all up. Hopefully at least one page I publish will help or assist others in pursuit of their goals. Time will tell.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)