Connecting a Nintendo DS on FON

(version française)

I succeded to connect a Nintendo DS through a FON Wifi connection, based on creating a MAC based's authorisation mecanism. Adding MAC address in a local MAC database let any equipement (DS, PC, PDA...) to connect through FON connection without the portal based's standard authentication mecanism. If the MAC is not in the database, standard authentication (portal based) will be there.

Please note that these modifications create a hole in the router, that can be exploit by spoofing... (however, FON use *un*encrypted communications...)

My FON router is a WRT54g with firmware FON Beta 0.6.6 and this howto is based on this hardware. Test have not been made on La Fonera , but it could work (based on firmware openWRT)

CAUTION : I discourage you to follow this Howto if you don't know what openWRT is and if you have any idea how to repair your rpouter if something goes wrong...

First, material for this operation is available here : http://www.licour.com/blogfiles/fon_mac.tgz.

You'll have to install freeradius on your router, as well as modify chillispot configuration. Here are the operations :

set write mode on /etc/ipkg.conf

cp -f /rom/etc/ipkg.conf /etc/ipkg.conf

Add the following ipkg source (openwrt one) :

/etc/ipkg.conf
...
src openwrt http://downloads.openwrt.org/whiterussian/packages/
...

Install freeradius packages :

# ipkg update
# ipkg install freeradius
Installing freeradius (1.0.5-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//freeradius_1.0.5-1_mipsel.ipk
Installing libltdl (1.5.14-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//libltdl_1.5.14-1_mipsel.ipk
Installing libopenssl (0.9.8d-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//libopenssl_0.9.8d-1_mipsel.ipk
Installing libpthread (0.9.27-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//libpthread_0.9.27-1_mipsel.ipk
Configuring freeradius
Configuring libltdl
Configuring libopenssl
Configuring libpthread
Successfully terminated.

# ipkg install freeradius-mod-files
Installing freeradius-mod-files (1.0.5-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//freeradius-mod-files_1.0.5-1_mipsel.ipk
Configuring freeradius-mod-files
Successfully terminated.

# ipkg install freeradius-mod-realm
Installing freeradius-mod-realm (1.0.5-1) to root...
Downloading http://downloads.openwrt.org/whiterussian/packages//freeradius-mod-realm_1.0.5-1_mipsel.ipk
Configuring freeradius-mod-realm
Successfully terminated.

Other packages will be install during these operations. Here are the packages that were installed on my router

- libpthread_0.9.27-1_mipsel.ipk
- libltdl_1.5.14-1_mipsel.ipk
- libopenssl_0.9.8d-1_mipsel.ipk
- freeradius_1.0.5-1_mipsel.ipk
- freeradius-mod-files_1.0.5-1_mipsel.ipk
- freeradius-mod-realm_1.0.5-1_mipsel.ipk

Caution : Adding these packages consume large storage space (~ 800Ko), and perhaps you'll have to free some space if you have already installed other packages.

install materials

To simplify, i created an archive with all configurations files : http://www.licour.com/blogfiles/fon_mac.tgz.

# cd /tmp
# wget http://www.licour.com/blogfiles/fon_mac.tgz
# tar xzf fon_mac.tgz
# cd fon_mac
# cp -a MAC /jffs

There is now a script and confi files inside the directory /jffs/MAC

Freeradius configuration

# cp freeradius/* /etc/freeradius/
# ln -s /etc/init.d/radiusd /etc/init.d/S60freeradius

This install freeradius config files. Freeradius will now be start on boot

Chillispot configuration

This will modify chillispot's startup script to use specific options

# rm /etc/init.d/chillispot
# cp chillispot /etc/init.d/chillispot

Manage allowed MAC address :

You'll have to complete this file with your MAC addresses :

/jffs/MAC/fon_allowed_mac.lst
# This file store all MAC address that must be trusted by FON router
# Format : one MAC address per line, no space before, no space after
#  MAC address format : XX-XX-XX-XX-XX-XX
#
# Don't forget to execute this script after each change in this file :
#  /jffs/MAC/fon_update_mac.sh

# This is a test's MAC address. Please uncomment and change it
#00-01-02-03-04-05

After each modification, this script have to be launch :

# /jffs/MAC/fon_update_mac.sh
Process MAC : XX-XX-XX-XX-XX-XX
updated /etc/freeradius/users
updated /jffs/MAC/fon_chillispot.sed
restarting chillispot
A reboot could help you...

Reboot the router

# reboot

enjoy...

Commentaires

1. Le mardi 2 janvier 2007 à 16:26, par AustinTX

It is absolutely amazing what these routers can do with a little modification. The memory limit is the biggest obstacle remaining. It sometimes seems easier to just set up the environment on a Linux PC and use the router as little more than a WAP.

Some people have added SD memory cards to their Linksys routers running DD-WRT to add storage space. Will you consider developing a way to add this capability to routers using Fon's official firmware? Perhaps it would be easier to wait for La Fonera 2.0 (originally called "The Liberator") which will have a simple bittorrent client and a USB host mode for attaching thumb drives.

2. Le jeudi 4 janvier 2007 à 22:40, par ruisan

Is it possible to access the personal wired network this way? I have a buffalo router..

3. Le vendredi 5 janvier 2007 à 05:48, par llicour

ruisan :
Not this way. If you want to access WAN from WLAN, you have to modify firewall rules that exists by default in your router.
For example, if you want to access with SSH to WAN from WLAN, insert this rule :

iptables -I WAN_HOOK -p tcp --dport 22 -d 192.168.182.1 -j ACCEPT

Carefull, this is not reboot safe in this way !

4. Le jeudi 3 avril 2008 à 19:51, par Rumeur

"based on creating a mac based's authorisation mecanism", j'ai du mal à,comprendre, j'avoue :) en tout cas merci pour ce bilet intéressant ! c'est toujours dsympathique de passer su ce blog :)

5. Le mercredi 4 juin 2008 à 11:43, par jay