Reconfiguring the Technicolor TG582n Router

Most folks have probably moved on from using this, but I have still found the Technicolor TG582n router a very capable router, especially for Home network study lab use.

In a later example, I'm going to show a customised reconfiguration I created to support two additional WiFI SSIDs and three internet enabled VLANs.

The following is a collection of things found experimenting with these routers.

Telnet Administrator account name and password required

---

For any reconfiguration work, you will require knowledge of both of the above for your router.

Depending on the firmware and the ISP that originally supplier the router, this account name may either be the same as the Web GUI, or entirely different. Clues on that and the default password to use may be found by Googling.

The hidden menu system in Telnet

---

In the telnet window Technicolor have implemented some nicely drawn and descriptive tabular menus as an alternative to the CLI. Just enter the command 'menu' after logging in, and away you go with the cursor keys!

Well, almost. Doing that and drawing the pretty lines may freak out your telnet session.

So if it's not working as here, change these settings in your telnet client program.

Setting	Windows	Linux
Windows/Translation - Remote character set	Use Font Encoding	ISO-8859
Terminal/Keyboard Backspace key	Control-H	Control-H

The above works well in Putty from http://www.chiark.greenend.org.uk/~sgtatham/putty/.

Saving your CLI changes

---

When configuration changing telnet commands are entered, the router will store just these commands in it's own self managed start-up configuration script stored in volatile memory, lost if the router is powered off.

When you are quite certain of the effectiveness of changes that you have made, you can use the 'saveall' command to write those settings in non-volatile flash memory situated alongside the router's own template configurations and operating firmware, all which will be reloaded after a router physical off-on power cycle.

In non-starting emergencies, holding the reset button for 10s with the power on will restore those settings straight back to pre-script. Here you can either reload a saved configuration, or attempt to recover it all from another hopefully fine memory. Yours :)

A saved configuration? Yes, you can do this from the router GUI, something that I strongly recommend that you do frequently! Here be dragons I warn you!

CLI Reference Guides

---

A CLI reference guide (in PDF format, and lots of pages!) may be found by Googling for "CLI reference guide R10.2 technicolor".

Several ISP's have made more widely available the earlier reference guide for R8.4 which I have found boringly similar except for commands that configure DNS server routing.

Technicolor Appnotes and Config guides

The following is a useful list of Technicolor Appnotes and Config guides files that I found cached at

http://support.alcadis.nl/downloads/Technicolor/General/General%20Guides/

They are not all particular to the tg582n. I've listed them here to aid future document searches on Google.

Filename	Document Title
AppNote_3play_sPVC.pdf	Triple-Play Using IPoE for Voice, PPPoE for Data and Bridged Video on Multiple PVCs (without VLANs)
AppNote_AutoWAN_Br.pdf	Triple-Play Using IPoE for Voice, PPPoE for Data and Bridged Video on Multiple PVCs (with VLANs)
AppNote_DECTairupgrade.pdf	Performing an Air Upgrade of the DECT Handset
AppNote_DHCProuteoptions.pdf	DHCP Route Options
AppNote_embeddedscript.pdf	Thomson Gateway Embedded Script Files
AppNote_EthWAN_BrIGMP.pdf	Ethernet WAN Port for Routed Multicast via the Bridge, Purely IGMP-based
AppNote_EthWAN_RtIGMP.pdf	Ethernet WAN Port for Routed Multicast, Purely IGMP-based
AppNote_EthWAN_Rt.pdf	Ethernet WAN Port for Routed Multicast
AppNote_mPVC_RtBr.pdf	Routed Internet and Bridged Multicast with Multiple PVCs
AppNote_mPVC_RtIGMP.pdf	Routed Internet and Routed Multicast with Multiple PVCs, Purely IGMP-based
AppNote_mPVC_RtRt.pdf	Routed Internet and Routed Multicast with Multiple PVCs
AppNote_MulticastVideo.pdf	Multicast Video
AppNote_multipubIPaddress.pdf	Thomson Gateways and Multiple IP Addresses
AppNote_RoutedPPPoA.pdf	The SpeedTouchTM Routed PPPoA Packet Service
AppNote_SIPserver.pdf	Configuring the Thomson Gateway SIP Server
AppNote_sPVC_RtBr.pdf	Routed Internet and Bridged Multicast with a Single PVC
AppNote_sPVC_RtIGMP.pdf	Routed Internet and Routed Multicast with a Single PVC, Purely IGMP-based
AppNote_VLANBr_IPToS.pdf	IP ToS Mapping for PVC Multiplexing
AppNote_VLANBr.pdf	VLAN Bridging
AppNote_VLANBr_PorttoPVC.pdf	Port-to-PVC Mapping
AppNote_VLANBr_TransForw.pdf	VLAN-Transparent Forwarding
AppNote_VLANBr_UnknownVLAN.pdf	Unknown VLAN Forwarding
AppNote_VLANBr_VLANIDForw.pdf	VLAN ID-Based Forwarding
AppNote_VLANBr_VLANIDTransl.pdf	VLAN ID Translation
AppNote_VLANBr_VLANUserPrio.pdf	VLAN User Priority Mapping to One PVC
AppNote_VPN.pdf	Thomson Gateways and Virtual Private Networks
ConfigGuide_ATMQoS.pdf	ATM Quality of Service Configuration Guide
ConfigGuide_Ethernet.pdf	Ethernet Configuration Guide
ConfigGuide_EthernetQoS.pdf	Ethernet QoS Configuration Guide
ConfigGuide_EthernetVLAN.pdf	VLAN Configuration Guide
ConfigGuide_IPQoS.pdf	IP Quality of Service Configuration Guide
ConfigGuide_SHDSL.pdf	SHDSL Configuration Guide
ConfigGuide_SIF.pdf	Stateful Inspection Firewall Configuration Guide
ConfigGuide_TR-069.pdf	TR-069 Configuration Guide
ConfigGuide_VoIP.pdf	Voice over IP Configuration Guide

DarkIce, Icecast, Streaming computer audio over WiFi

The following creates a local WiFi 'radio station' to rebroadcast to an internet radio receiver whatever the soundcard in a Ubuntu PC is playing, specifically on the ALSA devices 'monitor' output.

1. Use the following command to list out Alsa output sources.
   $ pactl list | grep alsa_output
   
   Mine looks like this. I have a HiFImeDIY audio DAC and a HDMI connected television.
   

   Name: alsa_output.pci-0000_01_00.1.hdmi-surround71-extra1
   Monitor Source: alsa_output.pci-0000_01_00.1.hdmi-surround71-extra1.monitor
   Name: alsa_output.usb-HiFimeDIY_Audio_HiFimeDIY_DAC-01.iec958-stereo
   Monitor Source: alsa_output.usb-HiFimeDIY_Audio_HiFimeDIY_DAC-01.iec958-stereo.monitor
   Name: alsa_output.pci-0000_01_00.1.hdmi-surround71-extra1.monitor
   Monitor of Sink: alsa_output.pci-0000_01_00.1.hdmi-surround71-extra1
   Name: alsa_output.usb-HiFimeDIY_Audio_HiFimeDIY_DAC-01.iec958-stereo.monitor
   Monitor of Sink: alsa_output.usb-HiFimeDIY_Audio_HiFimeDIY_DAC-01.iec958-stereo
   

   If you don't see a Monitor output, find another soundcard for your PC?
2. Identify the line for the 'Monitor Source' for the 'Name' output that you normally play PC audio out to.

3. Install DarkIce from http://www.darkice.org/
4. Install and configure Icecast (http://icecast.org) securely from documentation
   $ sudo apt-get install icecast
5. Create (and edit) the following as /etc/darkice.cfg

[general]
       duration        = 3600
       bufferSecs      = 5

       [input]
       device          = pulseaudio # hw:2,1
       paSourceName    = alsa_output.usb-HiFimeDIY_Audio_HiFimeDIY_DAC-01.iec958-stereo.monitor
       sampleRate      = 44100 
       bitsPerSample   = 16
       channel         = 2

       [icecast2-0]
       format = mp3 
       sampleRate      = 44100 
       channel         = 2
       bitrateMode     = cbr
       bitrate         = 192 
       server          = serverme.lan
       port            = 8000
       password = youricecastserverpasswordhere 
       mountPoint      = live96
       name            = tictac2 
       description     = Streaming from TicTac2 
       url             = http://www.yourserver.com
       genre           = live
       public          = yes
       remoteDumpFile  = /tmp/live96.mp3

6. Start DarkIce with the following command, and 'tune in' from your internet radio. When finished listening stop the darkice process with Ctrl-C.
   $ sudo /usr/bin/darkice
   
   

   DarkIce 1.2 live audio streamer, http://code.google.com/p/darkice/
   Copyright (c) 2000-2007, Tyrell Hungary, http://tyrell.hu/
   Copyright (c) 2008-2013, Akos Maroy and Rafael Diniz
   This is free software, and you are welcome to redistribute it 
   under the terms of The GNU General Public License version 3 or
   any later version.
   
   Using config file: /etc/darkice.cfg
   Using PulseAudio audio server as input device.
   Using PulseAudio source:  alsa_output.usb-HiFimeDIY_Audio_HiFimeDIY_DAC-01.iec958-stereo.monitor
   Using POSIX real-time scheduling, priority 4
   

7. If you see the following panic message after this, check that the 'paSourceName' is entered correctly and your normal soundcard is actually selected as output in your PC's soundmixer.
   

   No such entity [0]
   Assertion 's' failed at pulse/simple.c:253, function pa_simple_free(). Aborting.
   Aborted (core dumped)
   

MRTG, modified alias names template for TP-LINK TL-SG2424

This perl code snip replaces the builtin messy template within MRTG cfgmaker, with one that cleanly shows alias names and interface speed alongside the activity chart for each port.

1. Save the following as cfgtemplate.

$target_lines .= <<ECHO;

Target[$target_name]: $if_ref:$router_connect
SetEnv[$target_name]: MRTG_INT_IP="$if_ip" MRTG_INT_DESCR="$if_snmp_descr"
ECHO
if ($directory_name) {
$target_lines .= "Directory[$target_name]: $directory_name\n";
}

$target_lines .= <<ECHO;
MaxBytes[$target_name]: $if_speed
Title[$target_name]: $html_if_title_desc
PageTop[$target_name]: <h1>Port $if_index -- $html_if_snmp_alias @ $if_speed_str</h1>
<div id="sysdetails">
<table>
<tr>
<td>System:</td>
<td>$sysname in $html_syslocation</td>
</tr>
<tr>
<td>Maintainer:</td>
<td>$html_syscontact</td>
</tr>
<tr>
<td>Description:</td>
<td>$html_if_description</td>
</tr>
<tr>
<td>ifType:</td>
<td>$html_if_type_desc ($if_type_num)</td>
</tr>
<tr>
<td>ifName:</td>
<td>$html_if_snmp_name</td>
</tr>
ECHO

$target_lines .= <<ECHO if defined $if_port_name;
<tr>
<td>Port Name:</td>
<td>$if_port_name</td>
</tr>
ECHO

$target_lines .= <<ECHO if defined $if_pp_port_name;
<tr>
<td>Port Name:</td>
<td>$if_pp_port_name</td>
</tr>
ECHO

$target_lines .= <<ECHO;
<tr>
<td>Max Speed:</td>
<td>$if_speed_str</td>
</tr>
ECHO

$target_lines .= <<ECHO if $if_ip;
<tr>
<td>Ip:</td>
<td>$if_ip ($if_dns_name)</td>
</tr>
ECHO

$target_lines .= <<ECHO;
</table>
</div>
ECHO

2. Use this script to build the /etc/mrtg.cfg configuration file and HTML index structure.

#!/bin/bash

cfgmaker \
 --global "options[_]: growright,bits" \
 --global 'WorkDir: /var/www/mrtg' \
 --if-template=/home/john/Documents/mrtg-setup/cfgtemplate \
 --ifref=nr \
 --ifdesc=alias \
 --no-down \
 --nodefaultglobal \
 --zero-speed=100000000 \
 --output=/etc/mrtg.cfg \
inside@switch.lan

indexmaker \
 --title="Traffic graphs for switch.lan" \
 --subtitle="Green is device output (or switch input) traffic." \
 --columns=3 /etc/mrtg.cfg > /var/www/mrtg/index.html

MRTG, picking up TP-LINK TL-SG2424 Port Aliases

Apply the following changes to /usr/bin/cfgmaker. [mrtg ubuntu version 2.17.4]

--- cfgmaker.old 2016-12-03 19:36:43.143626964 +0000
+++ cfgmaker 2016-12-03 19:42:26.043595223 +0000
@@ -175,7 +175,7 @@
         push @Variables,  ($1 > 11.0 or $1 < 10.0 ) ? "ifAlias" : "CiscolocIfDescr";
         if ($1 > 11.2) {push @Variables, "vmVlan";};
        if ($1 > 11.3) {push @Variables, "vlanTrunkPortDynamicStatus";};
-    } elsif ( $routers->{$router}{deviceinfo}{Vendor} =~ /(?:hp|juniper|dlink|wwp|foundry|dellLan|force10|3com|extremenetworks|openBSD|arista|enterasys|zyxel|vyatta)/i) {
+    } elsif ( $routers->{$router}{deviceinfo}{Vendor} =~ /(?:hp|juniper|dlink|wwp|foundry|dellLan|force10|3com|extremenetworks|openBSD|arista|enterasys|zyxel|vyatta|tplink)/i) {
         push @Variables, "ifAlias";
     }
 
@@ -1003,7 +1003,9 @@
             '1.3.6.1.4.1.30065.' =>      'arista',    
             '1.3.6.1.4.1.5624.' =>      'enterasys',    
             '1.3.6.1.4.1.30803.' =>      'Vyatta',    
-            '1.3.6.1.4.1.3955.' =>       'LinkSys'
+            '1.3.6.1.4.1.3955.' =>       'LinkSys',
+            '1.3.6.1.4.1.11863.1.1.13' => 'tplink'
+
         );
         $DevInfo{Vendor} = 'Unknown Vendor - '.$DevInfo{sysObjectID};
         foreach (keys %vendorIDs) {

Reducing Flash card writes on RPi Raspbian

1. Disable the swap file
   $ sudo sphys-swapfile swapoff
   
2. By modifing /etc/fstab, mount busy folders on external samba storage
   
   • /home/user/Documents
     
   • /var/www
     
   • Selected folders on /var/log e.g. Apache2, custom cron
     

   proc            /proc           proc    defaults          0       0
   /dev/mmcblk0p1  /boot           vfat    defaults          0       2
   /dev/mmcblk0p2  /               ext4    defaults,noatime  0       1
   # a swapfile is not a swap partition, no line here
   #   use  dphys-swapfile swap[on|off]  for that
   
   //storage/apps/rpi/www/ /var/www/ cifs credentials=/home/john/.smbcredentials,uid=www-data,gid=users,file_mode=0755,dir_mode=0755,iocharset=utf8,sec=ntlm 0 0
   //storage/apps/rpi/log/apache2 /var/log/apache2 cifs credentials=/home/john/.smbcredentials,uid=root,gid=adm,file_mode=0755,dir_mode=0755,iocharset=utf8,sec=ntlm 0 0
   //storage/apps/rpi/Documents   /home/john/Documents        cifs    credentials=/home/john/.smbcredentials,uid=john,gid=john,file_mode=0755,dir_mode=0755,iocharset=utf8,sec=ntlm 0 0
   //storage/apps/rpi/log/cron   /var/log/cron        cifs    credentials=/home/john/.smbcredentials,uid=root,gid=adm,file_mode=0755,dir_mode=0755,iocharset=utf8,sec=ntlm 0 0
   

   Do 'sudo raspi-config' and make sure 'wait for network' is enabled for boot.

Rsync/SSH online backup cronjob for RPi

1. Create and secure keys folder for root

# mkdir /root/.keys /root/.keys/storage
# chmod 600 /root/.keys
# chmod 600 /root/.keys/storage

2. Obtain and secure storage SSH client key 'id_dsa' in this folder

# chmod 600 /root/.keys/storage/id_dsa

3. Save following as rsync.sh

#!/bin/bash

# run as root

   APPDIR="${BASH_SOURCE%/*}"
   LOGFMT="%t %i %b %n%L"

# remove following comment if testing 

   DRYRUN=""
   #DRYRUN=-n

   SKIPDIRS="$APPDIR/skipdirs"    

   SSH=/usr/bin/ssh
   KEY=/root/.keys/storage/id_dsa
   RUSER=john
   RHOST=storage.lan

   function run_rsync {
      /usr/bin/rsync $DRYRUN -axHv --exclude-from=$SKIPDIRS --delete-during --out-format="$LOGFMT" -e "$SSH -i $KEY" $2 $RUSER@$RHOST:$1
   }

   echo -e "\n========================================="
   echo "RSYNC push : Started `date`"

   run_rsync /c/backup/rpi /

   echo "RSYNC push : Finished `date`"

4. Save following as skipdirs

# directories to exclude from backup

# skip in-memory interfaces to the kernal
/proc/*
/sys/*

# skip dev, same reason
/dev/*

# skip hard links / mount points
/boot/*
/tmp/*
/run/*
/mnt/*
/media/*

# skip application generated stuff
/var/www/mrtg/*

# skip logs & temp files
/var/log/*
/var/swap

5. Save following as rsync in /etc/cron.d

0 */8 * * * root /home/user/rsync.sh 2>&1 >> /var/log/cron/rsync/rsync.log

Adding persistant access to smb share hosted elsewhere

1. sudo apt-get install cifs-utils
2. As root, create mount point directory in /mnt, e.g. /mnt/elsewhere/share
3. add following tab delimited single line to end of /etc/fstab

//elsewhere/share    /mnt/elsewhere/share    cifs    credentials=/home/user/.creds,iocharset=utf8,sec=ntlm 0 0

4. (optional) add following options to overlay with local ownerships and permissions
uid=john,gid=users,dir_mode=0755,file_mode=0755
5. Create file /home/user/.creds similar to following

username=johnlewis
password=KnowinglyOverSold

6. chmod 600 /home/user/.creds
7. If RPi, do 'sudo raspi-config' and make sure 'wait for network' is enabled for boot.
8. If no contents found at /mnt/elsewhere/share then do 'sudo mount -a' and diagnose issue.... Does 'elsewhere' resolve to an IP address?

CRT TV Setup

1. Ensure that the set has been switched on for at least twenty minutes.
2. Set all the 'fancy' picture options to 'Off' or 'Neutral'.
3. Reduce 'Colour', 'Contrast' and 'Brightness' to zero. This should give a blank, black screen.
4. Slowly increase 'Brightness' until there is a just perceptible lightening of the screen.
5. Slowly increase 'Contrast' until you have an acceptable black and white picture. Some further small adjustment of 'Brightness' may be necessary to achieve this.
6. If you have a 'Gamma' control slowly increase 'Gamma' until you have sufficient amount of detail in the 'blacks'.
7. Make further small adjustments of 'Brightness' and 'Contrast' to optimize the black and white picture.
8. Increase 'Colour' to achieve realistic flesh tones.

Repeat until happy.

The important thing is to concentrate firstly on getting a decent black and white picture while viewing a good programme source.

Colour can come later.

Hint: Do All OS updates AFTER the Ubuntu CD install

When installing Ubuntu, you know that option to download updates while installing?

Just Say NO!!!

Do the software updates later after you get the OS running.

Or you'll be soon debugging weird stuff ...

(especially relevant if a non-current release)

Errors mounting filesystems in Ubuntu?

Issue: Mounting CIFS shares in ubuntu, get dmesg warning about "CIFS VFS: No username specified", also manual attempt at mount fails, mount: wrong fs type, bad option, bad superblock on //kissbox/share, missing codepage or helper program, or some other error (which applies for several filesystems (e.g. nfs, cifs))

Solution: you might need a /sbin/mount helper program.

In some cases useful info is found in syslog - try looking further in dmesg

For CIFS (samba) apt-get install cifs-utils

Ubuntu, Inaccessible LVM drive root?

Issue: In the process of data recovery or migration, an LVM formatted ubuntu system drive is added (usbSATA cable) to another similarly LVM built system. It's not possible to access the root partition of the added drive.

Solution: use lvdisplay to find the UUID of the inaccesible partition, then use 'vgrename ' to change the volume name of that to something other than 'ubuntu'

Reason: The volume name is clashing with the running OS!

Simple SAMBA user and public (password-less) share on debian

1. Install Samba

# apt-get install samba
# cd /etc/samba
# mv smb.conf smb.conf.old

2.Create following as smb.conf

[global]
workgroup = CALIFORNIA
server string = %h server
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
panic action = /usr/share/samba/panic-action %d
map to guest = bad user
[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[public]
comment = public
path = /home/public
read only = No
public = yes
force user = nobody
force group = users
force create mode = 0664
create mask = 0664
force directory mode = 0775
directory mask = 0775

3. Create public folders

# md /home/public
# chown nobody:users /home/public
# chmod 775 /home/public

4. Force files created in the public folder to have same group membership (users)

# chmod g+s /home/public

5. Add linux desktop user to 'users' group (requires a logout/login to set)

# adduser john users

6. Create windows network user password for only external access to home directories (not required for /home/public)

# smbpasswd -a john

7. Check files can be created, modified and deleted by both the linux desktop user and connected network users.

Windows nslookup DNS timeouts?

In Windows 7 by default the nslookup command does a lookup using both A (IPv4) and AAAA (IPv6) query records.
Together that is -type=A+AAAA

Looking at them separately ...

> nslookup -type=A fiddle.nonline.lan 10.16.1.41
Server: meserver.lan
Address: 10.16.1.41

Name: fiddle.nonline.lan
Address: 10.16.1.42

> nslookup -type=AAAA fiddle.nonline.lan 10.16.1.41
Server: meserver.lan
Address: 10.16.1.41

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to meserver.lan timed-out

So that is where your spurious "DNS timed out error" is coming from!