This is an old revision of the document!
====== auto-oz ====== ===== Updates ===== ==== May 11 2011 ==== My service expired last night. My renew script still isn't working, but I didn't try very hard. All I did was run:<code> curl -K curlcfg2 http://google.com -v curl -K curlcfg2 http://phc.prontonetworks.com/cgi-bin/authlogin -v curl -K curlcfg2 "https://register.prontonetworks.com/registration/Main.jsp?wispId=5338&nasId=00:1b:24:78:ab:82&tempName=selAuth&orgUrl=&userMacId=00:23:69:b3:ce:65" -v -c /tmp/cookiejar curl -K curlcfg2 -d 'username=$$$$$$$$&password=$$$$$$$$&changePassword=' "https://register.prontonetworks.com/registration/customization/default/CheckValidUserToLogin.jsp" -v -b /tmp/cookiejar -c /tmp/cookiejar curl -K curlcfg2 https://register.prontonetworks.com/registration/chooseAuth.do -d 'loginUserId=$$$$$$$$&loginPassword=$$$$$$$$&authType=Pronto' -e "https://register.prontonetworks.com/registration/customization/default/CheckValidUserToLogin.jsp" -v -b /tmp/cookiejar -c /tmp/cookiejar curl -K curlcfg2 https://register.prontonetworks.com/registration/buyAPlan.do -d 'planId=#############&rPM=Yes&selectPG=Verisign&agree=agree' -v -b /tmp/cookiejar -c /tmp/cookiejar curl -K curlcfg2 https://register.prontonetworks.com/registration/buyAPlanConfirm.do -d 'planId=#############&planType=PREPAID&requestComingFrom=BuyAPlan&paymentMethodId=CC&customerId=#############&creditCardNumber=################&creditCardId=#############' -v -c /tmp/cookiejar -b /tmp/cookiejar curl -K curlcfg2 https://register.prontonetworks.com/registration/process.jsp -v -b /tmp/cookiejar -c /tmp/cookiejar curl -K curlcfg2 https://phc.prontonetworks.com/cgi-bin/authlogin -d 'serviceName=ProntoAuthentication&userId=$$$$$$$$&password=$$$$$$$$' -v -b /tmp/cookiejar -c /tmp/cookiejar curl -K curlcfg2 "http://www.onezone.ca/wifi/wifi_success.html?wispId=5338&nasId=00:1b:24:78:ab:82&newReg=Y&sessionId=#############&freePlan=N" -v -b /tmp/cookiejar -c /tmp/cookiejar curl -K curlcfg2 "http://www.onezone.ca/wifi/wifi_checkaccount.html?wispId=5338&sessionId=#############&nasId=00:1b:24:78:ab:82&newReg=Y" -v -b /tmp/cookiejar -c /tmp/cookiejar curl -K curlcfg2 "https://register.prontonetworks.com/registration/Main.jsp?wispId=5338&nasId=00:1b:24:78:ab:82&sessionId=#############" -v -b /tmp/cookiejar -c /tmp/cookiejar </code> You need the file /sbin/curlcfg2, which contains:<code> -A "Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_2_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5H11 Safari/525.20" -k </code> Note that you'll need to replace "$$$$$$$$" with your username or password as appropriate, and "#############" with whatever the appropriate number is, matching whatever was received in the results of the last command. If you run these commands twice, it'll bill your account twice, but give you two months of service. You can confirm this by checking your oz account info (for which you don't need cookies): - Go to http://www.onezone.ca/wifi/myaccount.html (from anywhere) - Click My Account - Log in with username and password - Click Home ==== April 13 2011 ==== I was expecting the service at SLM to die on Sunday (10th), but it was still running until 2am last night. When I got in today, there were 53 instances of 'onezone-check.pl' running on the auto-oz router, each one also having an instance of udhcpc. I ran: <code>killall onezone-check.pl</code> And then: <code>/sbin/onezone-check.pl</code> And we were online. So maybe Onezone didn't log us out; maybe the router was just choking. Just to see what would happen, I ran: <code>cd /sbin ./onezone-logout.sh ./onezone-check.pl</code> And it came up fine. So, last time I was here I ran the renew script a second time to see if it would credit me another month. At the time I remember thinking that it hadn't. But looking now, it's not set to expire until May 10th. Unfortunately, I can't get the renew script to run anymore. When it tries to run the shell onezone-Mainjsp.sh script, it hangs. Launching curl from a shell script from a perl script was working before, but appears not to now. I rebooted the router; same problem. I tried setting a timeout in curl by setting '-m 10' in curlcfg, but that didn't do anything. ==== March 3 2011 ==== <code> what's happening is that on this command: curl -K curlcfg https://register.prontonetworks.com/registration/customization/default/CheckValidUserToLogin.jsp -d "username=XXX&password=YYYYYY&changePassword=" -e "https://register.prontonetworks.com/registration/Main.jsp?wispId=5338&nasId=00:1b:24:78:ab:82&tempName=selAuth&orgUrl=&userMacId=00:23:69:b3:ce:65" -b /tmp/cookiejar onezone returns: Session Timed out. Error in Proceeding Further. Please close and restart your browser. I tried removing the "-b /tmp/cookiejar" from the command, and it does the same thing. So, I guess we need to go further back to find the spot it stop complaining about this. Let's try: curl -K curlcfg "https://register.prontonetworks.com/registration/Main.jsp?wispId=5338&nasId=00:1b:24:78:ab:82&tempName=selAuth&orgUrl=&userMacId=00:23:69:b3:ce:65" -b /tmp/cookiejar curl -K curlcfg https://register.prontonetworks.com/registration/customization/default/CheckValidUserToLogin.jsp -d "username=XXX&password=YYYYYY&changePassword=" -e "https://register.prontonetworks.com/registration/Main.jsp?wispId=5338&nasId=00:1b:24:78:ab:82&tempName=selAuth&orgUrl=&userMacId=00:23:69:b3:ce:65" -c /tmp/cookiejar Same problem. Check the cookies. It's setting the same one: register.prontonetworks.com FALSE /registration TRUE 0 JSESSIONID 0a0a0a4730d54b28d991910e4309a603ca5a1fbe4e94.e3yQbx4TbNeLe34Lb3mKchePbhn0n6jAmljGr5XDqQLvpAe register.prontonetworks.com FALSE /registration TRUE 0 JSESSIONID 0a0a0a4730d54b28d991910e4309a603ca5a1fbe4e94.e3yQbx4TbNeLe34Lb3mKchePbhn0n6jAmljGr5XDqQLvpAe Let's try deleting the cookie file. rm /tmp/cookiejar curl -K curlcfg "https://register.prontonetworks.com/registration/Main.jsp?wispId=5338&nasId=00:1b:24:78:ab:82&tempName=selAuth&orgUrl=&userMacId=00:23:69:b3:ce:65" -c /tmp/cookiejar It gave us the same cookie again: register.prontonetworks.com FALSE /registration TRUE 0 JSESSIONID 0a0a0a4730d5cfc25258927348bb8e5af08d27bdf765.e3yQbx4TbNeLe34Lb3mKchePbhn0n6jAmljGr5XDqQLvpAe Well, let's keep going: curl -K curlcfg https://register.prontonetworks.com/registration/customization/default/CheckValidUserToLogin.jsp -d "username=XXX&password=YYYYYY&changePassword=" -e "https://register.prontonetworks.com/registration/Main.jsp?wispId=5338&nasId=00:1b:24:78:ab:82&tempName=selAuth&orgUrl=&userMacId=00:23:69:b3:ce:65" -b /tmp/cookiejar This time it didn't return the session timeout message. I think maybe it's because I had my "-b" and "-c" confused on the commandline. -b is to read, -c is to write. Let's run the script again: ./onezone-renew.pl It did the same thing: die at ./onezone-renew.pl line 67. [.......] The renew wasn't working and so I logged in manually through my browser to try to see what was up. All I did was log in and the whole rig started working immediately. So... that means there's something's wrong with the onezone-login.sh script. It looks like that script isn't reading cookies, which is maybe the problem. This is awkward, because when the login doesn't work, the onezone-check script going straight to try to renew. Awkward, eh? So, I modified onezone-login.sh to get a cookie, and then send that cookie along with the login request. To the extent that my tests now are valid, it seems to be working. There's also the problem of multiple instances running. Fix this too! </code> ===== Installation ===== This is a way to configure an OpenWRT router to connect in client mode to the OneZone network. I've tested it ONLY using whiterussian-rc5, on a Linksys WRT54GL and a Motorola WR850G. Notes: * You can use this with either a regular $30/month OneZone account, or a $5/month iPhone account. There are two tricks with the iPhone account: first (predictably) you can only sign up for the account if you hit the captive portal using an iPhone/iPod (iPad?) browser -- either an actual device, or a desktop browser with a spoofed user-agent. Second, when you create the account, it (at least temporarily) **gets locked to the MAC address of the wifi client**. So the best way to do it is to use a laptop browser spoofing an iPhone user-agent, plugged into the router that's going to be the client. * You're much better off configuring the router someplace where you've got a wired Internet connection. These instructions assume that you've got one. I've managed to pull it off otherwise, but it's a hassle. * Of course, in order to test this properly, you need to be doing the setup someplace where you've got a reasonably strong OneZone signal. * Instructions here are specific to Wireless Toronto's setup: we want these routers to check into the open-mesh dashboard so that we can monitor them and get notifications. They also connect to our OpenVPN server. If you're not Wireless Toronto, you'll have to adapt this to suit your needs. * It **may** be possible to use two iPhone accounts simultaneously in two different locations, by spoofing the MAC address of the wifi interface on the router. The way to do that is 'nvram set il0macaddr=xx:xx:xx:xx:xx:xx'. Steps: - if there's any chance that it has some wacko nvram settings, reset the router to factory default (or use mtd erase if you know what you're doing) - flash the router with whiterussian-rc5 - plug it into an Internet connection - ssh into it - run this:<code> vi /etc/ipkg.conf </code> - add this line:<code> src xwrt ftp://ftp.berlios.de/pub/xwrt/packages </code> - run this:<code> ipkg update ipkg install microperl curl cd /sbin wget http://wirelesstoronto.ca/dist/om-checkin.pl wget http://wirelesstoronto.ca/dist/onezone-check.pl wget http://wirelesstoronto.ca/dist/onezone-login.sh wget http://wirelesstoronto.ca/dist/onezone-logout.sh chmod +x om-checkin.pl chmod +x onezone-check.pl chmod +x onezone-login.sh chmod +x onezone-logout.sh cd /etc wget http://wirelesstoronto.ca/dist/om-checkin.conf.pl ifconfig eth0 </code> <code> WARNING: auto-oz is still in development. the versions of these files on the server aren't the newest ones. If you're interested, contact Gabe. </code> - it will output the mac address. Copy it, and add the node to the OM dashboard. The dashboard will then calculate its IP address. - run this:<code> vi /etc/om-checkin.conf.pl </code> - put the IP & MAC address in the appropriate spots - run this:<code> crontab -e </code> - add this line:<code> */2 * * * * /sbin/om-checkin.pl </code> - run this:<code> ipkg install ntpclient cd /etc/init.d wget http://wirelesstoronto.ca/dist/S55ntpclient chmod +x /etc/init.d/S55ntpclient /etc/init.d/S55ntpclient echo EST5EDT,M3.2.0/02:00,M11.1.0/02:00 > /etc/TZ cd /etc/init.d cp S99done S99done.real rm S99done mv S99done.real S99done vi /etc/init.d/S99done </code> - add these lines to the end:<code> # start crond /usr/sbin/crond -c /etc/crontabs </code> - run this:<code> mkdir /etc/crontabs touch /etc/crontabs/root ln -sf /etc/crontabs/root /etc/crontab /usr/sbin/crond -c /etc/crontabs vi /etc/crontab </code> - add this line:<code> 0 * * * * /usr/sbin/ntpclient -l -h pool.ntp.org -i 5 -s </code> - run this:<code> killall crond /usr/sbin/crond -c /etc/crontabs ipkg install openvpn mkdir /etc/openvpn cd /etc/openvpn wget http://wirelesstoronto.ca/dist/client.conf vi /etc/openvpn/client.conf </code> - replace NODEID with the real router id - run this:<code> cd /etc/openvpn wget http://wirelesstoronto.ca/dist/ca.crt </code> - copy cert files from the server: scp wireless@openvpn.wirelesstoronto.ca:easy-rsa/keys/client(NODEID).* . - run this:<code> chmod 600 client*.key cd /etc/init.d wget http://wirelesstoronto.ca/dist/S90openvpn chmod +x S90openvpn nvram set wl0_mode=sta nvram set lan_ifname=br0 nvram set lan_ifnames=vlan0 nvram set wan_ifname=eth1 nvram set lan_ipaddr=192.168.88.1 nvram set lan_proto=static nvram set wan_proto=dhcp nvram set wl0_ssid="One Zone_High Speed Internet" nvram commit reboot </code> - now use a desktop browser spoofing an iPhone user-agent to log into onezone and create an account - run this:<code> vi /sbin/onezone-login.sh </code> - replace "<USERNAME>" with the username, and "<PASSWORD>" with the password - reboot it and watch it get online within a minute or so! - test your packet loss and throughput. Note that you might want to leave it in place for ~5 minutes, since the signal strength & throughput seems to get better over the first few minutes.
