Setting the wifi regulatory domain on Linux and OpenWRT

The list of available wifi channels is slightly different from country to country. To ensure access to the right channels and transmit power settings, one needs to set the right regulatory domain in the wifi stack.

Linux

For most Linux-based computers, you can look and change the current regulatory domain using these commands:

iw reg get
iw reg set CA

where CA is the two-letter country code when the device is located.

On Debian and Ubuntu, you can make this setting permanent by putting the country code in /etc/default/crda.

Finally, to see the list of channels that are available in the current config, use:

iwlist wlan0 frequency

OpenWRT

On OpenWRT-based routers (including derivatives like Gargoyle), looking and setting the regulatory domain temporarily works the same way (i.e. the iw commands above).

In order to persist your changes though, you need to use the uci command:

uci set wireless.radio0.country=CA
uci set wireless.radio1.country=CA
uci commit wireless

where wireless.radio0 and wireless.radio1 are the wireless devices specific to your router. You can look them up using:

uci show wireless

To test that it worked, simply reboot the router and then look at the selected regulatory domain:

iw reg get

Scanning the local wifi environment

Once your devices are set to the right country, you should scan the local environment to pick the least congested wifi channel. You can use the Kismet spectools if you have the hardware, otherwise WiFi Analyzer is a good choice on Android.

Watching (some) Bluray movies on Ubuntu 14.04 using VLC

While the Bluray digital restrictions management system is a lot more crippling than the one preventing users from watching their legally purchased DVDs, it is possible to decode some Bluray discs on Linux using vlc.

First of all, install the required packages as root:

apt install vlc libaacs0 libbluray-bdj libbluray1
mkdir /usr/share/libbluray/
ln -s /usr/share/java/libbluray-0.5.0.jar /usr/share/libbluray/libbluray.jar

The last two lines are there to fix an error you might see on the console when opening a Bluray disc with vlc:

libbluray/bdj/bdj.c:249: libbluray.jar not found.
libbluray/bdj/bdj.c:349: BD-J check: Failed to load libbluray.jar

and is apparently due to a bug in libbluray.

Then, as a user, you must install some AACS decryption keys. The most interesting source at the moment seems to be labDV.com:

mkdir ~/.config/aacs
cd ~/.config/aacs
wget http://www.labdv.com/aacs/KEYDB.cfg

but it is still limited in the range of discs it can decode.

Letting someone ssh into your laptop using Pagekite

In order to investigate a bug I was running into, I recently had to give my colleague ssh access to my laptop behind a firewall. The easiest way I found to do this was to create an account for him on my laptop, and setup a pagekite frontend on my personal server and a pagekite backend on my laptop.

Frontend setup

Setting up my server in order to make the ssh service accessible and proxy the traffic to my laptop was fairly straightforward.

First, I had to install the pagekite package (already in Debian and Ubuntu) and open up a port on my firewall by adding the following to both /etc/network/iptables.up.rules and /etc/network/ip6tables.up.rules:

-A INPUT -p tcp --dport 10022 -j ACCEPT

Then I created a new CNAME for my server in DNS:

pagekite.fmarier.org.   3600    IN  CNAME   fmarier.org.

With that in place, I started the pagekite frontend using this command:

pagekite --clean --isfrontend --rawports=virtual --ports=10022 --domain=raw:pagekite.fmarier.org:Password1

Backend setup

After installing the pagekite and openssh-server packages on my laptop and creating a new user account:

adduser roc

I used this command to connect my laptop to the pagekite frontend:

pagekite --clean --frontend=pagekite.fmarier.org:10022 --service_on=raw/22:pagekite.fmarier.org:localhost:22:Password1

Client setup

Finally, my colleague needed to add the folowing entry to ~/.ssh/config:

Host pagekite.fmarier.org
  CheckHostIP no
  ProxyCommand /bin/nc -X connect -x %h:10022 %h %p

and install the netcat-openbsd package since other versions of netcat don't work.

On Fedora, we used netcat-openbsd-1.89 successfully, but this newer package may also work.

He was then able to ssh into my laptop via ssh [email protected].

Making settings permanent

I was initially quite happy settings things up temporarily on the command-line, but it's also possible to persist these settings and to make both the pagekite frontend and backend start up automatically) at boot.

I ended up putting the following in /etc/pagekite.d/20_frontends.rc on my server:

#defaults

isfrontend
rawports=virtual
ports=10022
domain=raw:pagekite.fmarier.org:Password1

as well as removing the following lines from /etc/pagekite.d/10_account.rc:

# Delete this line!
abort_not_configured

before restarting the pagekite daemon using:

systemctl restart pagekite

Using mosh and pagekite

Mosh is a nice way to interface with ssh over high-latency netowrks. However, it's not possible to tunnel mosh directly through pagekited since pagekite only supports TCP.

I ended up with a hybrid setup where I don't have to expose the ssh service to the local network (and therefore remember to disable it when I'm done) but I do have to open a UDP port on my firewall for mosh.

First, I assigned a stable IP to my laptop on my router, based on its MAC address. I also had to disable MAC address spoofing in Network Manager (setting it to permanent).

This is what my /etc/NetworkManager/system-connections/Ethernet automatique config looks like:

[ethernet]
cloned-mac-address=preserve

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
ip6-privacy=2
method=auto

Then I forwarded port 9000 (UDP) traffic to the static IP address above.