Difference between revisions of "XM-WR1200"

From XMission Wiki
Jump to: navigation, search
Line 3: Line 3:
 
At the time of the last update to this page, the latest XMission firmware was 2.0.1 as released by ReadyNet.
 
At the time of the last update to this page, the latest XMission firmware was 2.0.1 as released by ReadyNet.
  
Do NOT use the firmware on the ReadyNet download site here. It has a number of issues:
+
Do NOT use the firmware on the ReadyNet download site. It has a number of issues:
  
 
* ssh only implements the deprecated ssh-rsa for key algorithms and pub keys
 
* ssh only implements the deprecated ssh-rsa for key algorithms and pub keys

Revision as of 12:51, 21 October 2022

The XM-WR1200 is included as part of the 1G XMission service on UTOPIA.

At the time of the last update to this page, the latest XMission firmware was 2.0.1 as released by ReadyNet.

Do NOT use the firmware on the ReadyNet download site. It has a number of issues:

  • ssh only implements the deprecated ssh-rsa for key algorithms and pub keys
  • creating a new interface does not seem to work

If you don't have a static block of addresses, there should not be any setup work required. Plug an ethernet cable into the WAN port and then into G1 or LAN1 on your fiber gateway. This will use the default 2.4G and 5G networks preconfigured by XMission. You should have received the password for the wifi with your router. If you would like to change the wifi name (SSID), contact XMission support.

Advanced setup

If you have a static IP block you should change the interface over to PPPoE. Do this by going to:

  • Network -> Interfaces -> WAN -> Edit
  • Set protocol to PPPoE and hit "Switch protocol", then enter your xmission username and password in the PAP/CHAP username and password fields.
  • Hit Save
  • Back on the Interfaces screen, hit "Save & Apply" or choose the "Unsaved Changes: x" in the upper right.

This should switch you over to PPPoE and wireless or wired clients should be natted and able to connect. To route your static IPs, use:

  • on the Interfaces page use "Add new interface..."
    • Name: something like "dmz".
    • Protocol: "Static Address"
    • Device: "br-lan" for the bridged lan interface covering Ethernet and Wireless clients
  • Choose "Create interface" then on the General Settings tab:
    • fill in your IPv4 Address to match the one on the PPPoE address. The router address for your block.
    • IPv4 netmask to the CIDR equivelent of your CIDR block. ie: a cidr /29 would be 255.255.255.248 in this field. Contact support if you don't know your IPv4 network mask
    • you should not need to fill in IPv6 data (yet?) or a IPv4 gateway.
  • on the "DHCP Server" -> "General Setup" tab:
    • "Start" to the last octet of your static network. If your network were 1.2.3.4 then 4 would be the value.
    • "Limit" to the number of usable addresses in your block. For a /29 this would be 5.
    • "Lease time" the default of 12h is fine, you may want to lower this while testing and moving machines.
  • in the "DHCP Server" -> "Advanced Settings"
    • Set "Dynamic DHCP" to unchecked. This is Very Important so that new machines only get public static IPs if you manually assign them.
  • "Save & Apply" to get the new interface setup.
  • "Network" -> "Firewall" -> "General Settings" -> "Zones"
    • I set input/output/forward all to "accept". There should be a more secure method Tim Riker (talk) 12:49, 21 October 2022 (MDT)
    • Edit the "wan" line with "Masquerading" set
      • "Advanced Settings" -> "Restrict Masquerading to given source subnets" to 192.168.0.0/16 which will then only masq clients in the default dymanic dhcp address pool of 192.168.12.0/24
  • "Network" -> "DHCP and DNS" -> "Static Leases" -> "Add" once you have a host connected either on Ethernet or WiFi
    • "Hostname" something to identify the machine
    • "MAC address" pick the mac from the list
    • "IPv4 address" should default to the one assigned in your dynamic block. Update it to "-- custom --" and enter one of your public IPs there.


OLD BROKEN FIRMWARE - DO NOT USE