hi there folks ,
On monday 2 October I received the fonera.
After 3 days of tests , I want to write a small review.
Package and first sight.
The unit comes in a decent carton box . The quality of the carton is not so good ,but this seems to be a trend in chinese production as , this year I also encountered many problems with carton box coming from china for my shoes. Maybe the carton suppliers in china rised up prices and the only choice to reduce the price of a carton box to 0.25 us$ is to reduce the quality of carton.
Inside the box you will find:
La Fonera
the power supply
the ethernet cable
a printed booklet with quick install guide
a warning paper for PPPoE connections
a cdrom with documentation
La Fonera is a cute white box , very attractive , neat and compact. There’s some similarity to apple products , expecially airport or macbook power supply. There are no sharp edges , nor screws or protuberances . The device is very light and portable. We found three connections , the dc-in jack , the rj45 plug and a reverse sma connector with a small white antenna plugged in.
The power supply is a wall socket type one , black coloured (this is a lack of taste , could have been white to match main unit colour ) with a mainland europe type plug. I don’t know if there are other versions shipped to america , UK or asia , as they have different power plug. Anyway this is common to many other even more expensive devices. To buy a multi plug adapter can do the trick if you need to carry the fonera with you on your trips.
The ethernet patch is a non standard one . It is a flat straight cable without shield , so maybe some problem with interference may occour.
The printed booklet is very nice , with pictures and colour photos . It’s written in four languages , the italian is missing , and this is once more a proof that my country is loosing appeal in the international business. Perhaps the foneras for the asian market will have japanese , mandarin and korean languages .
The orange warning paper was inserted to alert people that with PPPoE connection to dsl modem the firmware flashed in the unit may not work. It advise you to download the latest firmware . In the fonera I received the latest firmware was already in.
The Cdrom I didn’t check it so I don’t have anything to say about.
The Fonera @ work
I tried to connect the fonera as described in the quick installation guide. I plugged the ethernet cable into my network switch , which release ip addresses with DHCP and connection to the internet. Then I switched on my macbook , open up the airport and the survey showed two wlan’s one named my place and another named FON_AP .
As explained in the booklet , I connected to FON_AP wlan , opened up the browser and I have been redirected to the fon login page . After entered my login , I proceeded to register the new hot spot and everithing went as smooth as silk.
When I tried to connect to the private LAN my place , I followed the instructions , but entering the serial number of the fonera as WPA passphrase , cannoct get access . The macbook say that the code entered wasn’t correct.
I then tried to access with a notebook with windows XP , and had success , but cannot get the ip address by the DHCP server of the fonera.
So i tried to connect my macbook to the wan port via ethernet wired. This time , cannot get ip address , but , pointing the browser to address 192.168.10.1 let me get inside the control panel.
In there , I changed the configuration of the private wlan to WPA2 instead of WPA/WPA2 mixed , I set the cypher to DEFAULT instead of MIXED and changed the WPA passphrase to a 10 charecters log exadecimal.
I rebooted , unplugging the DC and now the private network works like a charm.
This lead me to a consideration : Why FON decided to encrypt by default in a so complicated way? As suggested by Giorgio Zarrelli , would have been much better to set the private wifi in WEP flavour , and let then the user change accordingly to his hardware.
This is a suggestion FON people , and according to me it will keep you apart from a storm of support requests.
Security.
I tested with the nmap the fonera , and the firewall is very well designed . Permit what is to be permitted , deny what is to be denied. I dare to say that you can sleep safely with your network behind the fonera.
Radio coverage.
A made a simple test , the fonera and the linksys side by side and move away from them with the kismet working in passive mode , monitoring constatly the signal strenght. The result is that the fonera has good radio coverage maybe a little bit better than linksys.
Hacking the Fonera.
Fonera has been designed not to be hacked. There are no administration port , the only tcp ports opened are 80 (http) 8080 (http-alt) and 53 (domain). There is a 10 pin serial port , and probably , using a serial cable with a max323 converter , same as ipod keyboard hack , and redboot bootloader you can reflash la fonera , but this hacking is not for the masses.
In the web gui there’s an upgrade firmware menu , but don’t try to reflash the unit with a standard openwrt or another firmware built for wrt54g or other hardware platforms.
In the dd-wrt forum anyway , there’s a thread which speeks about porting dd-wrt on la fonera. We all know that if he wants , Brainslayer can port the dd-wrt on the device in a couple of weeks , the problem is that la fonera has been designed to accept only signed and encrypted firmware. Though reflashing via serial console might be possible , are we acting against FON willings ?
Final considerations.
I found la fonera an overall good device , and extremely easy to use . The wlan performance are better than linksys , a dual essid has been implemented and the radio coverage is slightly better.
The bad is the private wlan encrypted with a too much hardened WPA encryption , which can cause some troubles to unexperienced users as I explained before.
I think that this device can help fon to spread his business or “movimiento” and to reach their targets very quickly.
In three words : Good Job guys !
17 Comments
“The result is that the fonera has good radio coverage maybe a little bit better than linksys.”
These are great news!
ma perchè col mio macbook riesco in wireless ad entrare nel pannello di controllo della fonera ma non riesco ad andare in internet? devop cambiare qualcosa in particolare?
The cable supplied with Fonera is a crossover one, and since is UTP (unshielded twisted pair) does not have shielding, which would be required only in presence of strong magnetic fields - industry machinery nearby the classical example.
The outer flat appearance does not necessarily means there will be interference problems: infact there are none. The UTP-cat5 cable specs state that the wires are to be twisted 2 by 2 to prevent interferences *between* the 4 pairs.
my 2 cents
@mic
thanks for the comment and for the correction about the ethernet patch of la fonera; and for reading the post .
Bye
It was hacked yet
http://www.art-xtreme.com/blog/20061017/activar-ssh-en-la-fonera/
@kampa Yep already reported
I mentioned the english post from hu just because I founded before the spanish post.
See ya.
The private SSID was unaccesible to my MacBook Pro as well. This was so freakin’ frustrating, I almost threw the device into the wall after a gazillion tries, resets, password resets, connections with three different Macs, … I was so turned off by the idiocy of the default device setting that I was about to send it back, when I found out that you can admin it through ethernet,
Nevy. I was working around la fonera for the same problem.. The most simple solution for the problem is leave untouch the wpa configuration that comes whit the fonera. Your wpa key is the serial number of the fonera. The only configuration that works with MAC os X if you change it in the web administration panel is change the encription to WEP. But in that moment most windows users.. can use it.. (funny isn´t it) X-D. Triying to change the ip configuration in the fonera to static ip address it was dangerous for me too, desactivating the dhcp server of the fonera.
Best regards comunity
@ Jorge
this is what I wrote in the article :
This lead me to a consideration : Why FON decided to encrypt by default in a so complicated way? As suggested by Giorgio Zarrelli , would have been much better to set the private wifi in WEP flavour , and let then the user change accordingly to his hardware.This is a suggestion FON people , and according to me it will keep you apart from a storm of support requests.Even if this blog is read by fon people ( know it ) they didn’t make anything to change this , and as I guess , the forum is full of people complaining about Mac OSX and wpa encryption. By the way WPA2 is working with macbook intel even with default serial number key.
It’s funny as I can connect no problems with my iBook to the private SSID but can’t see the FON_ one. My PDA does both just fine. Well, anyways, I use the private one.
@ ray
Unfortunately the extremely vaste flavour of wifi around do not permit a standard “out of the box” configuration. Manual tweaking is always needed IMO.
Activate SSH for accesing La fonera:
http://pobletewireless.blogspot.com/2006/11/consigue-acceso-ssh-la-fonera.html
We managed to enable SSH without any hardware modification. However, since I am still waiting for the delivery of my own La Fonera, I am not yet ready to release this hack to the public (it comes with a convienient perl script). It will be available at http://stefans.datenbruch.de/lafonera/, so stay tuned - it is possible wo use SSH without soldering
Tomanek’s discoverd flaw in the web interface was FIXED by FON on the 8th of November 2006. Stefan’s hack is NOT working anymore ! Too bad, waiting for a NEW one…
“I tested with the nmap the fonera , and the firewall is very well designed . Permit what is to be permitted , deny what is to be denied. I dare to say that you can sleep safely with your network behind the fonera.”
Testing the La Fonera with nmap does not guarantee that it is safe! It merely means that the firewall rules are sane. Finding security issues would require more thorough wireless hacking, checking how the device handles various malicious packets sent via the wireless interface and so forth. Also it’s abvious by now that the web interface is pretty much flawed. At present the owner of the device can easily gain root access (which isn’t a serious security threat as such) but it’s only a matter of time before more serious bugs are found. La Fonera’s web server is ran as root, so any successfull attempt at injecting shell code will be catastrofic.
One more thing, Fredrick Björk outlines many plausible Fon security scenarios here:
http://bjorck.com/fon-security-scenarios.htm
These are only scenarios, but I certainly hope that Fon has addressed these. No need to get super paranoid, but you shouldn’t be naive and think that the La Fonera is totally safe either.
Thanks for the WPA/WP2 tip!
2 Trackbacks/Pingbacks
[...] Un autre article (en anglais) sur la fonera est visible ici [...]
[...] I received a comment in this blog by Stefan Tomanek today. He claim that wiht some perl script , without the famous serial cable hack , it would be possible to gain the root shell over la fonera , and from there , execute , obviously , any arbitrary code on it.The link Stefen provide , is still .htaccess password protected , as probably not yet finished. Well if this is true , I’m a little proud , that this blog has been selected to spread this news over the blogosphere.I’m expecting some other hacks in the forthcoming days , after the source code has been released. Furthermore , another thing is happening on la fonera , and this seems to be hardware related. Both in the spanish and english board , many people are complaining about an instable wireless link. It seems that it’s hardware related , mostly due to overheat at the cpu. Infact , as soon as I received la fonera , i realized that the heat of the device was considerable , and also Andrea Beggi, in a podcast with Giorgio Zarrelli , suggested to turn la fonera upside down to allow a better heat dissipation. [...]
Post a Comment