Refugee Shelter Wifi

FIXED

Im Marburger Stadtteil Cappel ist seit Juni 2015 eine Notunterkunft für Geflüchtete eingerichtet worden. Sie ist eine Außenstelle der hessischen Erstaufnahmestelle in Gießen. Die Stadtwerke Marburg stellen in Kooperation mit dem Verein Rechenkraft e.V. und Unterstützung der Feuerwehr im Camp einen WLAN-Internetzugang bereit.

Monitoring

Umfassende Statistiken

• Grafana

Ping-Probe des Ripe Atlas

• AP1
• AP2
• AP3

Erstinstallation

• Drei WiMAX-Uplinks der Stadtwerke Marburg
• Drei TP-Link „Access“-Points mit ESSID FreeInternet[1-3]
  • Halten keinerlei Last nicht aus.

Überarbeitung von 2015-07-29

• Sechs Ubiquiti Nanostation M2 (NSM2), eine Nanostation M5 (NSM5), eine Nanostation M2 Loco (NSM2L)
• L2 Mesh mit batman-adv
• drei NSM2 als Gateway mit NAT und DHCP

Karte und Router

Configure GW + AP

opkg update
opkg install batctl alfred vnstat ip-full iwinfo
/etc/init.d/alfred enable
/etc/init.d/vnstat enable
uci batch << EOF
delete network.lan
set network.lan=interface
set network.lan.force_link=1
set network.lan.proto=static
set network.lan.type=bridge
set network.lan.ifname=bat0
set network.lan.mtu=1500
set network.lan.netmask=255.255.0.0
set network.lan.ipaddr=10.128.EDIT.1

delete network.wan
set network.wan=interface
set network.wan.proto=dhcp
set network.wan.ifname=eth0

delete network.wan6

set network.mesh=interface
set network.mesh.proto=batadv
set network.mesh.mtu=1532
set network.mesh.mesh=bat0
set network.mesh_copper=interface
set network.mesh_copper.ifname=eth1
set network.mesh_copper.proto=batadv
set network.mesh_copper.mtu=1532
set network.mesh_copper.mesh=bat0

set dhcp.@dnsmasq[0]=dnsmasq
set dhcp.@dnsmasq[0].domainneeded=1
set dhcp.@dnsmasq[0].boguspriv=1
set dhcp.@dnsmasq[0].localise_queries=1
set dhcp.@dnsmasq[0].rebind_protection=1
set dhcp.@dnsmasq[0].rebind_localhost=1
set dhcp.@dnsmasq[0].expandhosts=1
set dhcp.@dnsmasq[0].readethers=1
set dhcp.@dnsmasq[0].leasefile=/tmp/dhcp.leases
set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto
set dhcp.@dnsmasq[0].local=/camp/
set dhcp.@dnsmasq[0].domain=camp
set dhcp.lan=dhcp
set dhcp.lan.interface=lan
set dhcp.lan.dhcpv6=disabled
set dhcp.lan.ra=disabled
set dhcp.lan.leasetime=15m
set dhcp.lan.force=1
set dhcp.lan.ra_management=1
set dhcp.lan.limit=500
set dhcp.lan.netmask=255.255.0.0
set dhcp.lan.start=EDIT 10+512*n
set dhcp.wan=dhcp
set dhcp.wan.interface=wan
set dhcp.wan.ignore=1
set dhcp.odhcpd=odhcpd
set dhcp.odhcpd.maindhcp=0
set dhcp.odhcpd.leasefile=/tmp/hosts/odhcpd
set dhcp.odhcpd.leasetrigger=/usr/sbin/odhcpd-update

set wireless.radio0.channel=EDIT
set wireless.radio0.hwmode=11ng
set wireless.radio0.txpower=12
set wireless.radio0.htmode=HT20
set wireless.radio0.country=DE
set wireless.radio0.disabled=0

delete wireless.@wifi-iface[0]
delete wireless.@wifi-iface[0]
delete wireless.@wifi-iface[0]

add wireless wifi-iface
set wireless.@wifi-iface[-1].device=radio0
set wireless.@wifi-iface[-1].mode=ap
set wireless.@wifi-iface[-1].encryption=none
set wireless.@wifi-iface[-1].ssid=internet
set wireless.@wifi-iface[-1].network=lan

add wireless wifi-iface
set wireless.@wifi-iface[-1].device=radio0
set wireless.@wifi-iface[-1].mode=adhoc
set wireless.@wifi-iface[-1].encryption=none
set wireless.@wifi-iface[-1].ssid=DO-NOT-CONNECT
set wireless.@wifi-iface[-1].network=mesh
set wireless.@wifi-iface[-1].bssid=ca:ff:ee:ca:ff:ee
set wireless.@wifi-iface[-1].hidden=1

set firewall.@zone[1].input=REJECT
add firewall rule
set firewall.@rule[-1].name=Allow-SSH-on-wan
set firewall.@rule[-1].src=wan
set firewall.@rule[-1].proto=tcp
set firewall.@rule[-1].dest_port=22
set firewall.@rule[-1].target=ACCEPT

set system.@system[0].hostname=EDIT

set batman-adv.bat0.gw_mode=server
set batman-adv.bat0.gw_bandwidth=30mbit/30mbit
set batman-adv.bat0.gw_sel_class=
set batman-adv.bat0.aggregated_ogms=
set batman-adv.bat0.ap_isolation=
set batman-adv.bat0.bonding=
set batman-adv.bat0.fragmentation=
set batman-adv.bat0.log_level=
set batman-adv.bat0.orig_interval=
set batman-adv.bat0.vis_mode=
set batman-adv.bat0.bridge_loop_avoidance=
set batman-adv.bat0.distributed_arp_table=
set batman-adv.bat0.multicast_mode=
set batman-adv.bat0.network_coding=
set batman-adv.bat0.hop_penalty=
set batman-adv.bat0.isolation_mark=

set alfred.alfred.disabled=0
set alfred.alfred.mode=master

commit
EOF

cat << EOF >> /etc/crontabs/root
*/5 * * * * ping -c 3 -W 1 8.8.8.8; if [ \$? -eq 1 ]; then /etc/init.d/dnsmasq stop; batctl gw client; fi
*/5 * * * * ping -c 3 -W 1 8.8.8.8; if [ \$? -eq 0 ]; then /etc/init.d/dnsmasq start; batctl gw server; fi
EOF

reboot

Configure AP

opkg update
opkg install batctl alfred vnstat ip-full iwinfo
/etc/init.d/alfred enable
/etc/init.d/vnstat enable
/etc/init.d/firewall disable
/etc/init.d/dnsmasq disable
uci batch << EOF
delete network.lan
set network.lan=interface
set network.lan.force_link=1
set network.lan.proto=static
set network.lan.type=bridge
set network.lan.ifname=bat0
set network.lan.mtu=1500
set network.lan.netmask=255.255.0.0
set network.lan.ipaddr=10.128.EDIT.EDIT

delete network.wan
set network.wan=interface
set network.wan.proto=dhcp
set network.wan.ifname=@lan

delete network.wan6

set network.mesh=interface
set network.mesh.proto=batadv
set network.mesh.mtu=1532
set network.mesh.mesh=bat0
set network.mesh_copper=interface
set network.mesh_copper.ifname=eth0
set network.mesh_copper.proto=batadv
set network.mesh_copper.mtu=1532
set network.mesh_copper.mesh=bat0
set network.mesh_copper2=interface
set network.mesh_copper2.ifname=eth1
set network.mesh_copper2.proto=batadv
set network.mesh_copper2.mtu=1532
set network.mesh_copper2.mesh=bat0

set wireless.radio0.channel=EDIT
set wireless.radio0.hwmode=11ng
set wireless.radio0.txpower=12
set wireless.radio0.htmode=HT20
set wireless.radio0.country=DE
set wireless.radio0.disabled=0

delete wireless.@wifi-iface[0]
delete wireless.@wifi-iface[0]
delete wireless.@wifi-iface[0]

add wireless wifi-iface
set wireless.@wifi-iface[-1].device=radio0
set wireless.@wifi-iface[-1].mode=ap
set wireless.@wifi-iface[-1].encryption=none
set wireless.@wifi-iface[-1].ssid=internet
set wireless.@wifi-iface[-1].network=lan

add wireless wifi-iface
set wireless.@wifi-iface[-1].device=radio0
set wireless.@wifi-iface[-1].mode=adhoc
set wireless.@wifi-iface[-1].encryption=none
set wireless.@wifi-iface[-1].ssid=DO-NOT-CONNECT
set wireless.@wifi-iface[-1].network=mesh
set wireless.@wifi-iface[-1].bssid=ca:ff:ee:ca:ff:ee
set wireless.@wifi-iface[-1].hidden=1

set system.@system[0].hostname=EDIT

set batman-adv.bat0.gw_mode=client
set batman-adv.bat0.gw_bandwidth=
set batman-adv.bat0.gw_sel_class=2
set batman-adv.bat0.aggregated_ogms=
set batman-adv.bat0.ap_isolation=
set batman-adv.bat0.bonding=
set batman-adv.bat0.fragmentation=
set batman-adv.bat0.log_level=
set batman-adv.bat0.orig_interval=
set batman-adv.bat0.vis_mode=
set batman-adv.bat0.bridge_loop_avoidance=
set batman-adv.bat0.distributed_arp_table=
set batman-adv.bat0.multicast_mode=
set batman-adv.bat0.network_coding=
set batman-adv.bat0.hop_penalty=
set batman-adv.bat0.isolation_mark=

set alfred.alfred.disabled=0
set alfred.alfred.mode=slave

commit
EOF

reboot

Configure PoE pass-through

cat << EOF > /etc/rc.local
echo 8 > /sys/class/gpio/export
echo out > /sys/class/gpio/gpio8/direction
echo 1 > /sys/class/gpio/gpio8/value
EOF

Monitoring

/usr/bin/stats.sh (Ultra-Krebs)

#!/bin/sh

echo -n '{
	"channel_utilisation": {
		"frequency": "'
iw wlan0 survey dump | grep "in use" | awk '{print $2}' | tr -d '\n'
echo -n '",
		"active": "'
iw wlan0 survey dump | grep -A 5 "in use" | grep active | awk '{print $4}' | tr -d '\n'
echo -n '",
		"busy": "'
iw wlan0 survey dump | grep -A 5 "in use" | grep busy | awk '{print $4}' | tr -d '\n'
echo -n '",
		"receive": "'
iw wlan0 survey dump | grep -A 5 "in use" | grep receive | awk '{print $4}' | tr -d '\n'
echo -n '",
		"transmit": "'
iw wlan0 survey dump | grep -A 5 "in use" | grep transmit | awk '{print $4}' | tr -d '\n'
echo -n '"
	},
	"station_count": "'
iwinfo wlan0-1 assoclist | grep dBm | wc -l | tr -d '\n'
echo -n '",
	"traffic": {
		"wan": {
			"rx": {
				"packets": "'
ip -s link | grep -A 5 pppoe-wan: | head -n 4 | tail -n 1 | awk '{print $2}' | tr -d '\n'
echo -n '",
				"bytes": "'
ip -s link | grep -A 5 pppoe-wan: | head -n 4 | tail -n 1 | awk '{print $1}' | tr -d '\n'
echo -n '"
			},
			"tx": {
				"packets": "'
ip -s link | grep -A 5 pppoe-wan: | tail -n 1 | awk '{print $2}' | tr -d '\n'
echo -n '",
				"bytes": "'
ip -s link | grep -A 5 pppoe-wan: | tail -n 1 | awk '{print $1}' | tr -d '\n'
echo -n '"
			}
		},
		"mesh": {
			"rx": {
				"packets": "'
ip -s link | grep -A 5 wlan0: | head -n 4 | tail -n 1 | awk '{print $2}' | tr -d '\n'
echo -n '",
				"bytes": "'
ip -s link | grep -A 5 wlan0: | head -n 4 | tail -n 1 | awk '{print $1}' | tr -d '\n'
echo -n '"
			},
			"tx": {
				"packets": "'
ip -s link | grep -A 5 wlan0: | tail -n 1 | awk '{print $2}' | tr -d '\n'
echo -n '",
				"bytes": "'
ip -s link | grep -A 5 wlan0: | tail -n 1 | awk '{print $1}' | tr -d '\n'
echo -n '"
			}
		},
		"access": {
			"rx": {
				"packets": "'
ip -s link | grep -A 5 wlan0-1: | head -n 4 | tail -n 1 | awk '{print $2}' | tr -d '\n'
echo -n '",
				"bytes": "'
ip -s link | grep -A 5 wlan0-1: | head -n 4 | tail -n 1 | awk '{print $1}' | tr -d '\n'
echo -n '"
			},
			"tx": {
				"packets": "'
ip -s link | grep -A 5 wlan0-1: | tail -n 1 | awk '{print $2}' | tr -d '\n'
echo -n '",
				"bytes": "'
ip -s link | grep -A 5 wlan0-1: | tail -n 1 | awk '{print $1}' | tr -d '\n'
echo -n '"
			}
		}
	},
	"connections": {
		"tcp": "'
cat /proc/net/nf_conntrack | grep tcp | grep ESTABLISHED | wc -l | tr -d '\n'
echo -n '",
		"udp": "'
cat /proc/net/nf_conntrack | grep udp | wc -l | tr -d '\n'
echo -n '"
	}
}'

/etc/alfred/send-stats.sh (Ultra-Krebs)

#!/bin/sh

/usr/bin/stats.sh | tr -d '\n' | tr -d '\t' | alfred -s 99

Test von 2015-07-31

Graph

Installation am 2015-08.02

Graph