These are my notes on setting up internet access and environmental monitoring for the workshop.
Motivation - I urgently want to monitor humidity in the workshop because I have found the accuracy of humidistat on the Sears dehumidifiers to be very poor. Beyond just monitoring, I'd like to control the dehumidifiers remotely. As long as I'm at it, I wish to add a security system and video cameras. All of this requires internet access, which the shop currently does not have.
# Internet Access
My tentative solution is to cobble together M2M internet access for the shop using a wireless router and a GSM USB dongle in conjunction with Ting internet service.
I chose Ting for data after a very small amount of research. Their prices were low enough that I wasn't motivated to look further. One number/line with 100MB of data is $9/month; seems very reasonable to me. Additional data is available at $10/GB, but I'll never need that amount of data, at least not for this purpose. Ting is a MVNO which uses T-Mobile's network. Therefore, my GSM modem choice was based around this.
I found a new unlocked 4G LTE USB modem, the Huawei E397u-53, specifically described as working on T-Mobile for $30. I ordered it and a $10 Ting SIM card on amazon.com.
This modem appears to work with a number of the TP-Link routers. My first choice was the TP-Link N150 3G/4G router (TL-MR3020) at $40. However, delivery was a couple of weeks, so I chose its battery powered cousin, the TL-MR3040. It seems that they are probably the same device +/- the battery.
People on Amazon claim that the router and modem work together perfectly. I am hoping that's the case. The compatibility list on the TP-Link site (http://www.tp-link.com/us/support/3g-comp-list.html?model=TL-MR3040) shows the E368, but not the E397. This is a little worrisome.
The TP-Link 3G modem bin file center lists many other Huawei modems, including an E398, but the 397 isn't shown. http://www.tp-link.com/en/support/3g/
I ran across this site https://ofmodemsandmen.com/index.html It is software called ROOTer that is used in conjunction with OpenWRT or Lede to add support for USB modems to routers. This site shows support for both the 3040 and the E397. This gave me the confidence to go ahead and order the pair. Worst case, I'll have to install OpenWRT + this extra software, but things should work. However, I'm going to keep my fingers crossed and hope that the stock devices play well with each other.
After thinking about it more, I'll, at some point, want to allow incoming access to at least part of the network. Dynamic DNS and openVPN will be handy for that.
Hmmm. Looking back at the specs for the 3040, I see it has 4MB flash and 8MB RAM. This configuration only supports the stripped down version of OpenWRT / ROOTer, which, you guessed it, does not include ddns or OpenVPN. Back to Amazon.
I see that ROOTer supports the GL.inet GL-AR150 and GL-AR300. The 150 is $25 on Amazon and has 16MB flash and 64MB RAM. More than enough to support my desired features. Order placed. Will likely return the 3040. The 150 should be more than sufficient for my long-term internet needs.
# Network Configuration
Why get a router when I could just plug the 397 into the pi, get it online, and let the other devices in the shop connect to the pi over wifi? Primarily because I want the extra layer of security afforded by the router software. I'd much prefer to use the router software to control outside access to the pi, rather than having to configure and run everything on the pi to serve the same purpose. Using just the pi and omitting the router is certainly possible, but, for me, I think it would be more work and more prone to error.
Thinking ahead, I transferred DNS management for east.fm to Cloudflare's free system. Cloudflare supports the ddns client, which works with OpenWRT/Lede/ROOTer to configure dynamic DNS. I'll use something like shop.east.fm to access this system.
# Configuring the GL.iNet AR150 Router
GL.iNet AR150 Router -- 400MHz, 16MB flash, 64MB RAM.
Rooter software ofmodemsandmen.com Classifies the AR150 as an 8MB router, therefore the software is based on Lede (lede-project.org).
Rooter 4MB buys me: - support for USB cellular modem Rooter 8MB buys me: - dynamic DNS - VPN via OpenVPN and OpenSSL
Download original copy of AR150 software from http://www.gl-inet.com/firmware/ar150/v1/ openwrt-ar150-2.25.bin (2017-01-11)
Download AR150 8MB rooter firmware from: http://www.ofmodemsandmen.com/downloadsp.html On 6/1/17, "Golden Orb" was the current release, thus the "GO" in the following files. I ended up with gl-ar150-GO2017-04-15.zip which unzipped to lede-gl-ar150-GO2017-04-15.bin
Note that the default WiFi password is 'rooter2017'.
Plug enet cable in between PC and router. Apply power to router via USB.
Browse to 192.168.8.1 to get admin screen. There is no password. Initial setup will force you to create password: ftg0bust!! Under 'settings', click 'firmware', then 'upload firmware'. Select 'lede-gl-ar150-GO2017-04-15.bin'. When successfully uploaded, remove checkmark from 'keep settings', then click 'upgrade'. Wait for upgrade to complete and for router to reboot.
Mine took about 7-8 minutes. Prior to the new firmware, just the green LED was lit. After the new firmware, both the green and red/orange were lit.
Go to 192.168.1.1. You'll see a warning about your password not being set. Enter 'rooter2017' as the password and click 'login'. Then click 'go to password configuration...' and set your password. 'ftg0bust!!' Then click 'save & apply'.
My AR150 appeared with a SSID of 'ROOter'.
- click 'sync with browser' to set time set 'hostname': shopnet set TZ
- ESSID=shopnet save
- Encryption=WPA2-PSK Key=718WestSallierStreet save&apply
I have the AR150 connected to a Netgear router, which is connected to the cable modem. Both the Netgear and the AR150, by default, want to hand out addresses on the 192.168.1.xxx subnet. Configure the AR150 to use a different subnet.
- IPv4 address = 192.168.100.1
This changes the IP addresses handed out by the AR150. I was using a WiFi connection to the AR150 to configure, so this hosed the connection. I had to turn off WiFi, 'sudo arp -a -d' to flush the arp cache, turn on WiFi, and restart my browser to get a valid connection to the AR150. Now, of course, it is accessed via http://192.168.100.1.
- enable root login with password on lan interface Save&Apply
Test to ensure it works.
configure ssh to use keys only