0c47bdb902
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.
Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
in the top row, 2nd column from the right.
Label MAC address: eth0
FCC ID: TVE-220102
Serial port pinout:
3 - TxD
4 - GND
6 - RxD
Installation: The same methods apply as for already supported FAP-221-B.
For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.
(a) Using factory image:
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
Enter them appropriately.
The defaults are:
Server IP: 192.168.1.1 # Update accordingly
Device IP: 192.168.1.2 # Update accordingly
Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
verification passes, press "D" to continue installation. The device
will reboot on completion.
(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:
> setenv serverip 192.168.1.1 # Your PC IP
> setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
> tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
> bootm 81000000
10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
partitions, to allow restoring factory firmware in future:
# cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
# cat /dev/mtd2 > /tmp/mtd2_loader.bin
# cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin
and then SCP them over to safety at your PC.
11. When the device boots, copy over the sysupgrade image, and execute
normal upgrade:
# sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin
Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:
# mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
# mtd write /tmp/mtd2_loader.bin loader
# mtd write /tmp/mtd3_fwconcat1.bin fwconcat1
4. Erase the reserved partition:
# mtd erase reserved
5. Reboot the device
Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
to very slow serial console, which prints a lot during boot compared
to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
stored in U-boot partition, because it expects the colons as delimiters,
which this address lacks. Addresses found in ART partition are used
instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
The same is true for serial console, both drop straight to the Busybox
shell.
- The web interface drops to the login page again, after successfull
login.
- Whole image authentication boils down to comparing a device ID against
one stored in U-boot.
- And this device is apparently made by a security company.
Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|
||
|---|---|---|
| .devcontainer/ci-env | ||
| .github | ||
| config | ||
| include | ||
| LICENSES | ||
| package | ||
| scripts | ||
| target | ||
| toolchain | ||
| tools | ||
| .gitattributes | ||
| .gitignore | ||
| BSDmakefile | ||
| Config.in | ||
| COPYING | ||
| feeds.conf.default | ||
| Makefile | ||
| README.md | ||
| rules.mk | ||
OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
Sunshine!
Download
Built firmware images are available for many architectures and come with a package selection to be used as WiFi home router. To quickly find a factory image usable to migrate from a vendor stock firmware to OpenWrt, try the Firmware Selector.
If your device is supported, please follow the Info link to see install instructions or consult the support resources listed below.
An advanced user may require additional or specific package. (Toolchain, SDK, ...) For everything else than simple firmware download, try the wiki download page:
Development
To build your own firmware you need a GNU/Linux, BSD or MacOSX system (case sensitive filesystem required). Cygwin is unsupported because of the lack of a case sensitive file system.
Requirements
You need the following tools to compile OpenWrt, the package names vary between distributions. A complete list with distribution specific packages is found in the Build System Setup documentation.
binutils bzip2 diff find flex gawk gcc-6+ getopt grep install libc-dev libz-dev
make4.1+ perl python3.7+ rsync subversion unzip which
Quickstart
-
Run
./scripts/feeds update -ato obtain all the latest package definitions defined in feeds.conf / feeds.conf.default -
Run
./scripts/feeds install -ato install symlinks for all obtained packages into package/feeds/ -
Run
make menuconfigto select your preferred configuration for the toolchain, target system & firmware packages. -
Run
maketo build your firmware. This will download all sources, build the cross-compile toolchain and then cross-compile the GNU/Linux kernel & all chosen applications for your target system.
Related Repositories
The main repository uses multiple sub-repositories to manage packages of
different categories. All packages are installed via the OpenWrt package
manager called opkg. If you're looking to develop the web interface or port
packages to OpenWrt, please find the fitting repository below.
-
LuCI Web Interface: Modern and modular interface to control the device via a web browser.
-
OpenWrt Packages: Community repository of ported packages.
-
OpenWrt Routing: Packages specifically focused on (mesh) routing.
-
OpenWrt Video: Packages specifically focused on display servers and clients (Xorg and Wayland).
Support Information
For a list of supported devices see the OpenWrt Hardware Database
Documentation
Support Community
- Forum: For usage, projects, discussions and hardware advise.
- Support Chat: Channel
#openwrton oftc.net.
Developer Community
- Bug Reports: Report bugs in OpenWrt
- Dev Mailing List: Send patches
- Dev Chat: Channel
#openwrt-develon oftc.net.
License
OpenWrt is licensed under GPL-2.0