Posts Tagged ‘fonera’

Fonera 2.0N inside

February 5, 2010

It took some time but finally someone put on the web images of what’s inside the Fonera 2.0N.

Here are the links:
Printed circuit top
Printed circuit bottom

Now some details:

In the top picture you can clearly see the new Ralink chip and the FLASH memory, which has a parallel interface (the previous Foneras had a serial FLASH) so we can expect faster boot times and better read/write performance.

The bottom picture only shows the two RAM chips.

There seems to be a JTAG port (the 12 pads at the left of the top image). Even the other Foneras had such connector, but was never used since redboot and the serial port provided an easier way to reflash it.

And yes, there is also a serial port! The connector name is JP2, the 4 pin connector at the bottom left in the top pcb image. It is not populated by default, but it is always possible to solder wires directly to the pad on the pcb.

Quoting from

Serial Port is JP2.
Pins are 3,3V – RXD – GND – TXD
Configuration is: 57600 8 N 1

As I don’t have a Fonera 2.0N, I can’t try to see if it really works, buth the pinout does make sense since it says that GND is pin 3, and the bottom pcb image shows that the third pin is connected to the ground plane.


Openwrt, Fonera and .p12 certificates

November 21, 2009

The most common use of a Fonera is as wireless access point, but it’s not the only possible use. Another possibility is to use the Fonera to connect to an existing wireless network. This can be useful to connect a computer without a wireless card, to set up a “repeater” to extend the range of a wireless network, or to run some application that needs internet connectivity on the Fonera itself (after all, it’s just a Linux based device).

However, when the network you need to connect to requires a WPA enterprise certificate authentication, things can get messy.

This post is just a log of all I had to do to connect my Fonera to one such network, and I think it can be useful to other who have the same need.

First, I’ll describe how to connect to that network using a computer running Linux, using the shell only. It is also possible to use some GUI utility, such as network manager but the shell way is what (in theory) can be usd on the Fonera too, since it has no GUI.
The procedure starts by creating a wpa_supplicant.conf file, with the following content:

ssid="<your network ssid>"
anonymous_identity="<your username>"
ca_cert="<your path to the .cer certificate file>"
private_key="<your path to the .p12 ceritficate file>"
private_key_passwd="<your password>"

And by filling in the required data where there are angle brackets. It is also a good idea to write all the commands to connect in an .sh script file, just like this:

sudo /etc/init.d/network-manager stop
sudo killall wpa_supplicant
sudo ifconfig eth1 down
sudo ifconfig eth1 up
sudo iwconfig eth1 essid <your network ssid>
sudo wpa_supplicant -i eth1 -D wext -c <path to wpa_supplicant.conf>/wpa_supplicant.conf -d &
#wait for connection
sleep 20
sudo dhclient eth1

The script uses a couple of tricks: first it stops network-manager, since it interferes with the manual connection (don’t worry, it will be started again next time you reboot your computer), then the sleep 20 at the end is there to give time to wpa_supplicant to connect to the network before dhclient starts. Of course if you use this you need to replace eth1 with the device name of your wireless card.

This works flawlessly on a Linux computer, but when I tried to connnnect in this way on a Fonera running OpenWrt, it failed. First the Fonera does not have network-manager, so the first line needs to be removed. Then there is no dhclient, but an equivalent program named dhcpcd. But the real problem is wpa_supplicant. When I started it, it failed with the following error:

RSA: Expected zero INTEGER in the beginning of private key; not found
TLSv1: Failed to parse private key
TLS: Failed to load private key
TLS: Failed to set TLS connection parameters
EAP-TLS: Failed to initialize SSL.
TLSv1: Selected cipher suite: 0x0000
TLSv1: Record Layer - New write cipher suite 0x0000
TLSv1: Record Layer - New read cipher suite 0x0000
EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)

After searching and posting on the OpenWrt forum, the problem was found: to minimize the size of the OpenWrt firmware (some routers only have 2..4MB of FLASH memory…) wpa_supplicant is compiled with an internal (and incomplete) implementation of TLS, which may fail with some certificate types. The solution is to compile a custom wpa_supplicant configured to use OpenSSL as TLS provider.

So I downloaded on my computer running Kubuntu Linux the OpenWrt buildroot with

svn co svn://

configured it with

make meunconfig

in the following way: Network > wpa_supplicant > TLS provider > OpenSSL and disabled timestamp check (since the Fonera does not have a permanent clock and the time is set to 1/1/1970 every time it reboots)

Then I typed “make” and after ~2GB of source files downloaded form the Internet and 1.5 hours of compile time the buildroot compiled a custom firmware  with the required packages.

However when I installed the wpa-supplicant_0.6.3-1.1_mips.ipk file together with the required dependencies libopenssl_0.9.8i-3.2_mips.ipk and zlib_1.2.3-5_mips.ipk  on my OpenWrt it still failed to connect. The problem this time was a lot of ioctl() errors. It looks like the wpa_supplicant package is heavily dependent on the kernel version, so it didn’t work.

The solution was to reflash the Fonera with the firmware that the buildroot compiled together with the wpa_supplicant package. At this point another problem occurred: in the custom firmware the ath0 device, which is the wireless device was not present! At the beginning the problem looked like the lack of the kmod_madwifi package, but the package was present. The solution was to create the device at every reboot with

wlanconfig ath0 create wlandev wifi0

Now that the device was again available, a new problem occurred: wpa_supplicant successfully parsed the certificates, but failed agian to connect, with the following error:

TLS: Certificate verification failed, error 9 (certificate is not yet valid)

The problem was that while the timestamp check was disabled, the date still needed to be within the certificate’s validity range. A quick “date -s” command soved this and finally wpa_supplicant connected to the wireless network.

However, it failed getting an IP address. This because in my custom firmware I forgot to add dhcpcd. Building the dhcpcd package with the buildroot and installing the .ipk package solved this last problem.

In the end the scripts used to connect successfully are these:


ssid="<your network ssid>"
anonymous_identity="<your username>"
ca_cert="<your path to the .cer certificate file>"
private_key="your path to the .p12 certificate file>"
private_key_passwd="<your password>"

## For Fonera + specially compiled OpenWrt
## Developed by TFT

## any date in the certificate validity range is acceptable
date -s 2009.11.20-10:00

killall wpa_supplicant dhcpcd
wlanconfig ath0 destroy

wlanconfig ath0 create wlandev wifi0
ifconfig ath0 down
ifconfig ath0 up
iwconfig ath0 essid <your network ssid>
wpa_supplicant -i ath0 -D madwifi -c /etc/wpa_supplicant.conf -d &
## wait for connection
sleep 20
dhcpcd ath0

Which *wrt is best for you

September 17, 2009

In this post I’m talking about Linux-based alternative firmwares for wifi routers, like the Fonera. Since there is more than one, I’ll present the three most widely known, explaining their advantages and disadvantages.

First of all, why would somebody want to change the default firmware that comes with the router? The primary reason is: more features. Some advanced features like QoS might not be available in the original firmware. It is also possible tu run a small webserver on the router and, if it has an USB host port, a bittorrent client can be installed.

As I said, there is more than one firmware. This blog post will concentrate on DD-Wrt, OpenWrt and X-Wrt.

Let’s start with DD-Wrt. This is a firmware designed for end users, it has a good web-based user interface for managing settings, and is relatively feature-rich. The key point is that the set of features is decided for you by DD-Wrt. The filesystem of the router is not writeable, so you can’t install other applications, and you also can’t remove applications you don’t use to save some FLASH memory space.


  • Simple to use, good web UI, good documentation
  • Adds many features to your router


  • Limited room for customization, due to the read only filesystem
  • When installed, the router password is set to a default value, this might cause a security hole if the user is inexperienced/lazy and does not change it
  • Not good for developers. The read only filesystem does not allow to install custom application, the development tools for this firmware are not very developer friendly

Now let’s examine the second choice: OpenWrt. This firmware is the opposite of DD-Wrt. By default, it comes with a minimal set of packages, not even a web based UI (even if it can be installed later). All configuration is done through SSH and a shell Update: it looks like newer releases of OpenWRT come with a minimal web based configuration interface, called LuCI. It has a writeable JFFS2 filesystem, with transparent compression enabled, so that installed applications need a minimum FLASH space. To install applications, you use the opkg package manager. This combination allows to customize the firmware the way you want, by installing only what you need. The repository is incredibly full of packages, see it for yourself here. You can find anything from CTorrent to aircrack to asterisk and even php. From a developer point of view, things are even better. If you have a computer running Linux, you can install the buildroot-based development system. You can choose from the full development system that allows you to modify the kernel and build custom firmwares, or only the SDK for application development.


  • Fully customizable, with a writeable filesystem and package manager
  • Really large number of packages
  • Good documentation on its website
  • The first time is installed, it asks you to set the root password. There is no default password
  • Developer friendly


  • Not good for end users/noobs. Configuration is done through a shell.

Now, the last firmware, X-Wrt. This is just OpenWrt with a web based UI installed by default. It is not a fork, since the two projects proceed together. This means that all the advantages of OpenWrt are the same for X-Wrt. Developers can even use the OpenWrt development tools to target X-Wrt too.


  • All the advantages of OpenWrt
  • A web based UI for configuration makes it good also for end users


  • The web UI takes up some FLASH memory. If you have a router with very little FLASH, it will limit the number of applications you can install
  • The quality of the web UI is a bit behind the one of DD-Wrt, even if it is improving

Personally, I find X-Wrt to be the best compromise between features and simplicity, and that’s why I’m using it on my Fonera. Also, I’ve tried the development tools and they work well, but maybe I’ll talk about them in detail in another blog post…

The Fonera 2.0n is coming

September 5, 2009

People who read my website know that I like Foneras. I have a model 2100 since 2008, the first model produced by Fon, bought for just 6€ (at the time there was a promotion :)).

I particularly appreciated the ease of hackability of this little device, with its RedBoot bootloader and brick-proof serial port. I’ve tried many hacks with it, first installed dd-wrt, then openwrt, written simple C++ programs for it, experimented with the GPIO, added an heatsink… some of these hacks are described in my website, and maybe I’ll talk about the remaining ones in this blog.

Fon announced the Fonera 2.0 more than one year ago, however it was available only for developers, until recently. It is different from the original fonera, because it has an USB host port that can be used to connect an hard drive, or other USB device. In addition, the software is open source, therefore expandable. And even the default configuration has many nice features, like auto backup of the computer onto the hard drive connected to the Fonera (like Apple’s time machine+time capsule, but multi platform), automatic torrent download without the need to leave the computer powered, and automatic upload for example on Youtube.

However, the topic of this post is the Fonera 2.0n. This is a fresh news. Fon has recently released a new router, called Fonera 2.0n. It is currently not available on the Fon shop online, but there’s a “Coming soon” banner. Searching around the Net I found some images. Here’s how it looks:



It’s significantly different from the older models, and not only outside.

It has a Ralink chipset, while the other was an Atheros. The CPU now runs @ 300MHz (the Atheros ran @ 180MHz), and even the RAM is larger: 64MBytes, while the Fonera 2.0 had 32MBytes and the older ones (including mine) only 16MBytes.

Other than the usual Internet port, to be connected to an ADSL Modem, this one has 4 10/100MBit ports, so it can also act as a switch for a wired network. And the wifi was upgraded to the latests 802.11n standard, which is faster. The two antennas will probably allow a better wifi signal reception.

The only downside is that the internal FLASH memory remained 8MBytes. However, it is still better than many other routers that only have 4MBytes.

Personally, I also don’t particularly like its case. All previous models came in the distinctive white case that it could be defined “The MacBook of the routers” (even if MacBooks aren’t white anymore). Now it looks like a “standard” router.

Last note: I couldn’t find a picture of the circuit board, and there’s no info on the presence of the serial port connector. Still too early, I guess.